In an evolving regulatory landscape, you need to understand how to meet your anti-money laundering compliance responsibilities wherever you do business. Global anti-money laundering (AML) and counter-financing of terrorism (CFT) compliance is a complex challenge that can vary significantly by jurisdiction, risk environment, and emerging fintech innovations.
To help your business overcome its compliance challenges, and understand its regulatory responsibilities read our guide to money laundering regulations around the world.
Global Money Laundering Regulations
The Financial Action Task Force
An intergovernmental organisation comprising 39 member states, the Financial Action Task Force (FATF) works to prevent international money laundering and terrorism financing, and to enhance the global compliance standards. To achieve those objectives, the FATF has developed a set of AML/CFT recommendations which its member-states must implement via domestic legislation. As new criminal trends, regulations, and fintech innovations emerge, the FATF adjusts its recommendations to reflect the global risk environment.
FATF compliance generally requires member-states to implement the following fundamental AML measures and controls:
- Governments must treat money laundering as a criminal offence and establish a national financial intelligence unit (FIU) to manage money laundering reports.
- Domestic businesses should implement a risk-based approach to money laundering, performing risk assessments on their customers and deploying proportionate compliance responses.
- Businesses should implement Know Your Customer (KYC) measures, including customer due diligence (CDD), in order to build out accurate customer risk profiles.
- Businesses should screen and monitor their customers on an ongoing basis in order to detect suspicious activity and capture changes in risk profiles. Customers should be screened against relevant risk indicators, such as politically exposed person (PEP) lists, sanctions lists, and adverse media stories.
- Financial authorities should assist international counterparts in cross-border criminal investigations.
European Money Laundering Regulations
The Anti-Money Laundering Directives
The European Union issues Anti-Money Laundering Directives (AMLD) on a periodic basis in order to standardise AML/CFT regulation across the bloc. EU member-states are required to transpose the regulatory measures set out in the AMLD into domestic legislation – and do so by a predetermined implementation deadline. The latest EU AMLDs are the Fifth Anti-Money Laundering Directive (5AMLD) cand the the Sixth Anti-Money Laundering Directive (6AMLD), which introduced the following key AML/CFT measures:
5AMLD – Implemented 10 January 2020
- Introduced public right of access to beneficial ownership registers and role-based PEP lists.
- Expanded AML/CFT reporting and record-keeping obligations to cryptocurrency service providers.
- Introduced transaction limits of €150 for prepaid card transactions, and €50 for online prepaid card transactions.
- Imposed AML/CFT reporting and record-keeping obligations on high value transactions of €10,000 or more as a way to address financial crime in boutique industries such as the art trade.
- Introduced mandatory enhanced due diligence checks for transactions involving high risk countries.
6AMLD – Implemented on 3 June 2021:
- Set out a harmonised list of 22 money laundering predicate offences, including the two new offences of cyber-crime and environmental crime.
- Added ‘aiding and abetting’ to the definition of the money laundering criminal offence.
- Extended criminal liability for money laundering to legal persons, essentially enabling corporations to be punished for criminal activity perpetrated by employees.
- Introduced harsher punishments for money laundering offences, including minimum 4 year prison terms.
- Introduced requirements for member-states to share information in order to facilitate dual-criminality prosecutions that span international borders.
The UK’s primary AML/CFT regulations are the Money Laundering, Terrorist Financing and Transfer of Funds Act 2017, the Proceed Of Crime Act 2002, and the Terrorism Act 2000. The regulations define the offence of money laundering and set out compliance requirements, which are based on FATF guidance. Although the UK has left the EU, it has committed to implementing aspects of 6AMLD.
Accordingly, under UK AML/CFT rules, financial institutions must conduct risk-based checks on their customers, including performing customer due diligence (CDD) checks, establishing ultimate beneficial ownership (UBO), screening against PEP lists and sanctions lists, and running adverse media checks.
The Financial Conduct Authority (FCA) is the UK’s main financial regulator. Working with the Bank of England and the Prudential Regulatory Authority, the FCA sets out regulatory compliance requirements and provides AML/CFT oversight for UK financial institutions.
Switzerland regulates money laundering and terrorism financing under the Federal Act on Combating Money Laundering and Terrorist Financing in the Financial Sector 1997, also referred to the as the Anti-Money Laundering Act (AMLA). The act imposes AML/CFT reporting and record-keeping regulations on financial institutions in Switzerland, along with sanctions, PEP, and adverse media screening requirements.
The Swiss Financial Market Supervisory Authority (FINMA), or Eidgenössische Finanzmarktaufsicht, is Switzerland’s primary financial regulator. FINMA is responsible for issuing operating licences to Swiss banks and financial institutions and for ensuring compliance with AML/CFT regulations.
While AML regulations vary across the region, Nordic states generally mirror their southern and western neighbours in implementing the latest FATF money laundering guidance. As EU member-states, Sweden and Finland are required to transpose the anti-money laundering directives into domestic legislation. Norway is not in the EU and while it is not obliged to implement AMLD, it has, via its Anti-Money Laundering Act (2018), transposed 4AMLD and 5AMLD. In practice, this means that Nordic states impose the same kind of CDD measures, and sanctions, PEP, and adverse media screening processes as other FATF-member states.
Nordic countries have dedicated financial authorities, known as Financial Supervisory Authorities (FSA), that provide AML/CFT supervision, issue operating licences, enforce regulations, and work with governments to develop new legislation. Sweden’s FSA is called Finansinspektionen, while Denmark’s FSA and Norway’s FSA are both called Finanstilsynet.
The Middle East
Middle Eastern AML/CFT regulations are often significantly divergent between states. With that in mind, many Middle Eastern countries present an elevated risk of money laundering and are designated on the FATF’s Jurisdictions under Increased Monitoring list – also known as the FATF ‘greylist’. The greylist currently includes Jordan, Pakistan, Syria, Yemen, and the United Arab Emirates.
The United Arab Emirates, comprising Abu Dhabi, Dubai, Sharjah, Ras Al Khaimah, Ajman, Umm Al Quwain, and Fujairah, was placed on the FATF greylist in 2022. The FATF cited deficiencies in the UAE’s AML/CFT framework, including poor beneficial ownership controls and ongoing failure to address terrorism financing. The UAE’s primary AML/CFT legislation is the Federal Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations. The law requires financial institutions in the UAE to implement AML reporting, record-keeping, and screening measures. In response to FATF concerns, the UAE has extended AML/CFT rules to designated non-financial businesses and professions (DNFBP).
There are four regulatory bodies that provide oversight for the UAE’s AML/CFT framework: the Central Bank of the UAE, the Securities and Commodities Authority (SCA), the Dubai Financial Services Authority (DFSA) and the Financial Services Regulatory Authority (FSRA).
The US regulates money laundering and terrorism financing through the Bank Secrecy Act (BSA) and the Partriot Act. The Bank Secrecy Act was introduced in 1970 and requires US banks and other financial institutions to implement an internal AML program with reporting and record-keeping obligations, and with risk-based CDD measures, and PEP, sanctions, and adverse media screening requirements. The Patriot Act was introduced in 2001 in response to the September 11 terror attacks: it modified the BSA by adding new CDD and screening requirements and increasing noncompliance penalties.
In 2021, the US passed the Anti-Money Laundering Act 2020 (AMLA), the most significant amendment to the BSA since the Patriot Act. AMLA introduced the following AML/CFT measures:
- New requirements for the disclosure of beneficial ownership.
- Increased financial penalties for money laundering offences and compliance violations.
- New protections for corporate AML/CFT whistleblowers.
- Expanded powers for US authorities to investigate foreign banks suspected of money laundering.
- A pilot program to increase information sharing with the foreign branches of US banks.
The US’ primary AML/CFT regulator is the Financial Crimes Enforcement Network (FINCEN), which works at a state and federal level to ensure BSA compliance. In addition to FINCEN, the US’ Office of Foreign Assets Control (OFAC) works to enforce the US’ sanctions regulations.
Hong Kong follows FATF guidance in implementing AML/CFT regulations. Hong Kong’s main anti-money laundering regulations are the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (AMLO) and the Banking Ordinance (BO), which set out the risk-based measures that firms must put in place to achieve compliance.
The Hong Kong Monetary Authority (HKMA) is responsible for supervising banks and financial institutions in Hong Kong.
Singapore is also an FATF member-state and has implemented a risk-based approach to AML/CFT in its domestic legislation. Singapore’s main money laundering regulation is the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act (CDSA) which defines the offence of money laundering and sets out the relevant CDD measures and screening controls required for compliance. In 2020, Singapore implemented the Payment Services Act (PSA) which expanded AML/CFT regulations to payment service providers and fintech services in the city.
The Monetary Authority of Singapore (MAS) provides AML/CFT supervision in Singapore.
As an FATF member-state, Australia requires banks and financial institutions to implement risk-based AML/CFT solutions. Australia’s primary AML/CFT regulations are the Financial Transaction Reports Act 1988 and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, which set out reporting and record-keeping obligations along with other compliance requirements such as CDD measures, and PEP, sanctions, and adverse media screening.
The Australian Transaction Reports and Analysis Centre (AUSTRAC) provides AML/CFT supervision in Australia with the stated goal of ‘preventing, detecting and responding to criminal abuse of the financial system’. Like other financial regulators, AUSTRACs responsibilities include handling licensing applications, enforcing AML/CFT regulations, and cooperating with international financial authorities.