When Russia invaded Ukraine in February 2022, Western countries coordinated to deploy an unprecedented package of economic sanctions against Vladmir Putin’s regime, targeting hundreds of individuals and businesses, and comprising asset freezes and wide-ranging prohibitions on imports and exports.
The Russia sanctions regulations changed the global risk landscape almost overnight and in response, firms moved quickly to review and adjust their sanctions screening solutions to avoid costly compliance penalties. The sanctions challenge became more complex in 2022 and 2023 as global governments issued subsequent rounds of sanctions and enforcement regulations, broadening the scope of existing measures, and increasing penalties for violations.
In 2024, Russia sanctions remain a compliance priority, and firms need to be capable of deploying an effective screening response. To help your organisation navigate the sanctions landscape effectively, let’s take a look at the latest global developments.
Recent Global Sanctions Against Russia
On 22 February 2024, the UK imposed its latest sanctions package against Russia, with 50 new sanctions targeting individuals and entities involved in the manufacture of munitions and tools for Russian military end-use, and in the Russian diamond trade.
On 23 February 2024, the EU and the US also announced new Russia sanctions. Its 13th package against Russia since the invasion began, the EU’s sanctions imposed new restrictions against 106 individuals and 88 entities. The EU measures targeted Russia’s military and defence industries, but extended to companies in China and Turkey which trade in electronic components for Russian end-use. The US imposed 500 new sanctions, targeting some of Russia’s largest financial services, mining, and manufacturing businesses, including the National Payment Card System, the Avangard Joint Stock Bank, and JSC Bank ChelindBank.
On 1 May 2024, the US announced 300 new sanctions against Russia. The sanctions were intended “to limit the Kremlin’s revenue and access to the materiel it needs to prosecute its illegal war against Ukraine”. To that end, the sanctions target the Russian energy, metal, and mining industries, Russia’s ability to develop biological and chemical weapons, and Russian business partners in third countries.
Russia Sanctions Regulations: US, EU and UK Developments
United States
Sanctions Evasion: In September 2023, the US’ Financial Crimes Enforcement Network (FinCEN) published a Financial Trend Analysis (FTA) on Russian sanctions evasion. The FTA was based on suspicious activity report (SAR) data submitted by US financial institutions, amounting to a value of around $1 billion. In the analysis, FinCEN highlighted the following sanctions evasion trends:
The supply of prohibited goods directly from US companies to Russian end-users, or via transhipment through intermediaries in the UK, the Middle East and Asia.
A reliance on businesses in China, Hong Kong, the United Arab Emirates (UAE) and Turkey in sanctions evasion strategies.
The prominence of electronic equipment, including “microelectronic components, imaging technology, electronic filters, and electromechanical instrumentation” in sanctions-violating trading activity.
The emergence of other industries, such as industrial machinery and professional services, in the violation of Russian sanctions.
Secondary Sanctions: In January 2024, President Biden announced that the US would be imposing new secondary sanctions on Russia, targeting non-US banks that provide sanctioned Russian customers with certain services. The secondary sanctions focused primarily on services in support of Russian military end-users.
European Union
Extension of Sanctions: On 12 March 2024, the EU Council voted to extend its existing sanctions against Russia for another six months, to 15 September 2024. The move came 10 days before the EU’s 13th sanctions package (see above). The EU Parliament also announced an increased focus on Russia sanctions compliance with stronger penalties against persons attempting to evade sanctions, including prison terms of up to 5 years for trade with, or provision of, services to Russia.
Targeting Propaganda: Following the extension of existing sanctions and introduction of new sanctions, the EU announced that it would be imposing a 14th round of sanctions on Russia in the coming months. As part of that announcement, the EU indicated it would be targeting Russian propaganda by banning the broadcasting activities of four Russian state media outlets: Voice of Europe, RIA Novosti, Izvestiya, and Rossiyskaya Gazeta.
United Kingdom
Sanctions Strategy: On 22 February 2024, the UK government published the UK Sanctions Strategy in conjunction with the announcement of its latest round of Russia sanctions. The Strategy sets out the UK government’s “approach to using sanctions to address global threats, promote international norms and protect the UK”, including details of measures to “disrupt Russia’s war-machine”.
Sanctions Evasion: Like the EU and the US, the UK Strategy signalled an increased focus on Russia sanctions compliance and attempts by the Russian government to bypass economic sanctions. The Strategy included the following key details:
UK officials are travelling to states in Central Asia, Eastern Europe and the Gulf “to share concerns and build relationships” in the fight against Russia sanctions evasion.
The UK is tackling Russia sanctions evasion in part by targeting illicit finance streams, including complex corporate structures and shell companies that are used “deliberately to obscure the ownership of assets”.
UK efforts include sharing a list of items “critical to Russia’s battlefield capacity” with third parties, and “calling their attention to any spikes in the trade of sanctioned goods – and on how to strengthen enforcement.”
The UK is making a greater effort to identify and designate persons that are involved in “military procurement networks and third country supply and assistance to Russia”.
As part of the Strategy, the UK government announced new restrictions on persons designated on sanctions lists, making it illegal for them to sit on company boards. The Strategy also indicated that the UK would be exploring legal mechanisms to release frozen Russian assets for the specific purpose of rebuilding and reconstruction in Ukraine.
Russia Sanctions Compliance: What’s Next?
With the EU’s 14th package of Russia sanctions on the horizon, sanctions compliance will continue to have a significant impact on financial services for the foreseeable future, and firms must be ready to move quickly as the global risk landscape changes. That challenge means adopting a hyper-vigilant approach to sanctions screening, and emphasising flexibility and accuracy in sanctions screening solutions.
Effective, accurate global sanctions screening involves capturing and analysing vast amounts of data. To that end, firms should find an automated screening solution that meets their business needs and fits the risk environment. Ripjar’s Labyrinth Screening platform is designed to help firms keep pace with the complexity of global sanctions compliance, while streamlining the screening process itself.
Labyrinth Screening offers firms the power to conduct real-time name searches of global sanctions lists and thousands of additional risk data sources from around the world. Powered by cutting-edge AI, Labyrinth includes AI Risk Profiles to help compliance teams extract the most relevant information about customers and build-out comprehensive, useful risk profiles. Labyrinth also includes AI Summaries, a cutting-edge, generative AI feature that adds short, concise prose descriptions of a customer’s AML risk to their profile.
On 15 February 2024, Ripjar hosted its New York Summit, a luxury, invite-only breakfast event in the heart of Manhattan. The New York Summit brought together senior compliance professionals from around North America and the world to network, share knowledge, and explore the future of compliance.
Ripjar Chief Product Officer Gabriel Hopkins hosted the New York Summit, moderating an expert panel discussion into the challenges and opportunities of AI technology in compliance. The panel included Accenture Financial Crime Lead Blair West, Dow Jones Risk & Compliance Director of SaaS Products Kevin Wolf, Amazon Web Services Financial Services Specialist Alvin Huang, and Ripjar CEO Jeremy Annis.
Let’s take a look at some of the panel’s key highlights:
Panel Discussion
What worries customers most about compliance and anti-financial crime challenges?
On the first question, Blair West pointed to several pain points, the first being the need to keep up with periodic compliance reviews particularly in terms of the volume and quality of data available, and of customer service in relation to onboarding. She also mentioned KYC outreach and managing the addition of new services and products, and finally the effectiveness and efficiency of transaction monitoring, particularly for correspondent banking, securities, and capital markets. Alvin Huang also highlighted the volume and quality of compliance alerts, noting the importance of leveraging technology to address false positives, reduce costs and stay ahead of emerging threats.
Bringing a vendor’s perspective, Jeremy Annis suggested that customers’ main concern is managing the cost of compliance, and that customers often look to vendors to help them integrate compliance innovations, reduce costs, and improve efficiency. Extending that perspective, Kevin Wolf said that vendors must consider customer challenges when building compliance products, ensuring that their solutions have the breadth of coverage required as well as the capacity to deal with increased alert volumes, and that they can scale efficiently.
How are non-banks reacting to recent regulatory penalties?
In the wake of the US Department of Justice fining crypto exchange Binance a record $4.3 billion in 2023, the panel discussed how non-banks should think about their evolving compliance responsibilities. Kevin highlighted that “enforcement drives the behaviour”, raising the importance of good quality data within compliance solutions, and the need for vendors to ensure that non-banks have the resources and solutions they need to make the right compliance decisions – especially in novel industries like cryptocurrency. Blair also focused on cryptocurrency industry compliance, pointing out that crypto exchanges need to carefully consider their risk exposure, work more constructively with regulators, and leverage technology where possible to achieve those goals.
Jeremy highlighted the need for CEOs to take a more active role in the compliance process – especially since they may now be held criminally responsible for violations. Referencing the US in particular, he described an “explosion in corporates taking more of an interest in compliance” with examples of travel and accommodation firms needing to effectively screen sanctions lists and watchlists as part of their Know Your Customer (KYC) responsibilities. Jeremy noted that many non-bank entities now have quite complex compliance risks, and that penalties for failures could be “astronomical”, including fines and prison sentences.
What does the advance of AI technology mean for compliance practitioners?
With the rise of Chat GPT in 2023, Blair noted that the public and finance professionals are feeling more comfortable about AI in compliance contexts – and using it more widely. She pointed to the value of generative AI tools in performing KYC and anti-money laundering (AML) tasks including, in particular, data collection and summarisation, suggesting that the application of AI in these contexts will likely broaden in the future.
Alvin emphasised the need for firms to be able to trust the compliance information that AI tools generate. He suggested that as long as AI platforms assure the traceability of the results they generate, industry confidence in them would continue to grow. Echoing that point, Kevin used the term “explainability”, referencing the need for firms to understand how and why AI tools generate the data that they generate – so that the information can be used properly in compliance contexts.
Despite recent dramatic advances, Jeremy pointed out that there is still a gap between what AI technology can do in compliance contexts, and what customers think it can do. While generative AI has exciting potential, Jeremy suggested that there remains “a suite of problems that need to be solved” regarding the speed, cost, and accuracy of the technology.
What are the major challenges in using AI for compliance?
Jeremy noted that some of the new generation of AI tools are still “tremendously slow” and in some circumstances not useful in providing actionable data. This may especially be the case in name matching contexts where users are searching across tens of millions of data points – such as anti-money laundering (AML) customer name searches. Given that most firms don’t have the resources or budgets to build their own generative AI models to address their specific challenges, Jeremy suggested that the way forward should be to carefully select new AI models that can be customised for a firm’s risk environment, or to work with an appropriate vendor. Firms should then apply those tailored models in ways that eliminate the tedious manual work of compliance while increasing its speed and efficiency.
Alvin agreed that generative AI models are not ideal tools for establishing customer identities. Instead, they are better applied in combination with statistical machine learning in order to analyse and summarise large amounts of unstructured data. Alvin also brought up the tendency for generative AI to generate different answers to the same prompt, or to ‘hallucinate’ answers to prompts – outputs that damage user trust in the technology, and that represent important obstacles to overcome as the technology progresses. With that in mind, Alvin stated that rather than being at the cutting edge of generative AI, it may be prudent for some firms to take a more cautious “follower” approach.
How do regulators view AI compliance technologies?
Blair suggested that, since they have been pushing innovation over the last few years, regulators seem positive about the integration of AI compliance technology “in a controlled and transparent manner”. She stressed the importance of open communication with regulatory agencies (who will also be exploring the technology) as a way to enhance the effectiveness of AI tools in compliance and to shape future guidance and legislation.
Gabriel Hopkins pointed to the example of the US’ Financial Crimes Enforcement Network (FinCEN) that has encouraged firms to use AI as long as they can “prove statistically” that they’re getting better results than their previous non-AI-enabled, rules-based system.
How should we think about model governance in a world of generative AI?
Alvin and Kevin repeated the crucial need for explainability in the integration of AI compliance technology – a need complicated by the increasing complexity of AI models. With that in mind, Gabriel noted that as AI technology has advanced, it has become more difficult to explain to regulators – with model governance becoming a key factor.
Elaborating on that point, Jeremy suggested that effective validation of AI models comes down to some meaningful expectation about what a firm will get out of their system after feeding in certain data – rather than an in-depth understanding of the algorithmic process involved or “how it actually operates in the middle”. That being the case, Alvin stressed the need to re-validate generative AI models constantly, with a focus on the accuracy of the outputs, as a way to maintain confidence. Looking to the future, Blair suggested there might soon be scope for vendors to offer AI model validation as a third party service.
How is AI affecting the adverse media screening landscape?
Kevin emphasised the importance of combining technology and data to derive early warning signals about risk. He pointed out that firms in Europe have had a headstart in the integration of adverse media screening technology into compliance infrastructure, but that its utility and significance is also growing in the US. Alvin noted that the value of adverse media screening has expanded beyond AML risk, with many firms now using it to establish broader customer risk, including environmental, social, and governance (ESG) risk.
Jeremy talked about how AI technology has helped firms carry out adverse media screening at scale, reducing the time the process takes, and its cost. With the benefit of AI, firms are now able to screen thousands, if not millions of customers across global adverse media sources, with a level of noise “not much worse that it would be for any other kind of screening”.
What are your predictions for the application of AI technology in 2024?
With AI technology “not going anywhere”, Kevin reiterated the need for firms to stay at the forefront of discussions about it, in order to maintain their understanding of what it can do, and ensure its explainability within their compliance solution. He pointed out that customer compliance challenges will also continue to grow, and that the development of AI technology will help firms continue on the path to compliance.
Jeremy felt that, after a lack of progress in 2023, the following 12 months will see an increase in AI innovation, with wider mainstream application of the technology. Alvin supported that notion, suggesting that generative AI will increasingly fit into customers’ overall data strategies, with compliance teams able to curate very specific parts of their data. That approach should see AI start to influence general data governance and data strategy.
Blair mentioned the specific application of generative AI to KYC, and to the suspicious activity report (SAR) filing process – with financial institutions leveraging their own internal compliance systems to train the technology. KYC is such a good candidate for AI support because of the number of manual processes it involves – all of which can represent administrative pain points. She suggested that many institutions are already experimenting with the integration of generative AI in KYC AML use cases.
Presentation: Innovations in AI for Compliance
Following the panel discussion, Ripjar CTO Joe Whitfield-Seed hosted a presentation on Ripjar’s next generation Labyrinth Screening platform, complete with its AI Risk Profiles, and recently-launched AI Summaries expansion.
What’s the correct way to apply AI in compliance?
Opening the presentation, Joe looked back over the last century to chart the progression of AI models – from the primitive computers of the 1960s and the very first chatbot, to the development of neural networks in the 1990s and the deployment of the first statistical machine learning systems in the financial services industry. Only in the past few years have generative AI models accelerated, emerging as an extremely sophisticated iteration of the technology that can pass exams, create photorealistic art, and even mimic humans.
However, generative AI often introduces false information in its otherwise-impressive outputs, including factual errors in text responses, extra fingers on images of humans, or incomprehensible characters in images of text. These issues are all symptoms of highly sophisticated AI models failing to properly understand and contextualise their inputs, and so generating inaccurate or misleading responses – issues that would be problematic in compliance contexts.
Adverse media screening challenges
Adverse media screening involves an incredible amount of data collection and analysis. The process requires searches to be conducted across many years of accumulated news content, and across millions of new articles, produced by various global media platforms every day. The screening process must also be able to distinguish irrelevant non-risk-related content, and duplicate articles.
With that in mind, effective adverse media screening solutions must be able to discern risk information that will be key to enabling good compliance decision making. However, even with a solution capable of doing that, firms still face significant screening challenges, including being able to distinguish between search targets with the same or similar names.
Joe gave the example of how a search for a customer with the name “Elizabeth Holmes” would likely be inundated with thousands of articles about the disgraced CEO of Theranos who was jailed for fraud in 2022. Conversely, searches for other customers with the same name would be hampered by the sheer volume of articles about the more famous identity, and subsequently miss tangible risk information. Firms with similarly high profile customers would find it difficult to continuously monitor their target’s true risk level, because they would actively need to sort through thousands of potentially relevant articles about them on a daily basis.
Labyrinth Screening
Joe explained how Ripjar’s Labyrinth Screening platform is designed to address adverse media challenges by facilitating searches that not only account for all available information about a customer, but that are aware of identity, not just risk.
Drawing on around 6 billion news articles from premium providers, Labyrinth Screening identifies relevant news articles in seconds, with searches that take in global news articles, sanctions lists, and watchlists – in 26 languages. Labyrinth Screening is enhanced by Ripjar’s AI Risk Profiles technology which helps compliance teams extract only the most relevant risk data about their search target, and then assign it to a customer risk profile.
In a demonstration, the presentation gave the example of New York mayor Eric Adams. Powered by AI, the Labyrinth search aggregated all available information about the mayor, even from foreign language sources, as part of his risk profile. Labyrinth automatically matched the collected data against watchlist information to indicate that Eric Adams is a politically exposed person (PEP). Meanwhile, AI Risk Profiles collated profiles for other people called “Eric Adams” – reducing the potential for a false positive alert and ensuring Mayor Eric Adams’ profile was accurate and trustworthy. The AI Risk Profiles technology also allowed for navigation between Mayor Adams and his networks and relationships.
By structuring adverse media searches around identity rather than just risk data, Labyrinth Screening reduces potentially billions of input records to tens of millions – and offers compliance teams incredible efficiency savings.
AI Summaries
Joe highlighted how Labyrinth Screening’s value is enhanced further by the addition of the recently-launched AI Summaries expansion. Building on the high quality, trusted information included in a customer AI Risk Profile, AI Summaries integrates generative AI to generate a clear, concise summary of the customer’s adverse media risk – with the potential to reduce assessment times by up to 90%.
The Labyrinth Screening platform demonstrates the compliance possibilities of AI-powered adverse media screening, funnelling a field of billions of documents down to a few paragraphs of meaningful, unstructured text via a high quality validation model.
On 18 January 2024, the EU Parliament and EU Council reached a landmark agreement on the ‘single AML rulebook’, a regulatory proposal intended to strengthen and harmonise anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations across EU member states. Fintech experts commented positively on the announcement, emphasising the importance of effective cross-border AML/CFT measures in addressing the global reach of financial criminals. That criminal threat remains significant, with authorities detecting up to €210 billion in suspicious transactions and activities in the EU alone every year.
The 2024 agreement on the single AML rulebook is part of a wider EU AML/CFT package, which includes an update to the Sixth Anti-Money Laundering Directive (6AMLD) and new compliance rules for businesses. With EU administrators now resolving the final details, organisations across the EU should ensure that they understand the new rules, and their new 6AMLD compliance obligations and, if necessary, prepare to adjust their AML/CFT solutions.
To help your business stay ahead of compliance risk, read our update on the EU’s single AML rulebook – and its key regulatory impacts.
What is the Single AML Rulebook?
The single AML rulebook was originally proposed in a European Commission (EC) action plan in 2020, and has gone through several stages of development. The January 2024 agreement signalled political consensus for the regulatory provisions that the rulebook will introduce, supporting the EU’s ultimate goal of harmonising its AML/CFT environment for its 27 members. These provisions include new and expanded AML/CFT rules, and reforms to existing rules that address weaknesses and loopholes.
Supporting the Updated 6AMLD
The single AML rulebook codifies rules and obligations included in the updated 6AMLD, which places a strong focus on boosting powers to detect and address money laundering methodologies. As part of the update, 6AMLD now guarantees access to national beneficial ownership registries for parties with ‘legitimate interest’ – such as journalists and academics. Similarly, the updated 6AMLD will give financial intelligence units (FIUs) expanded powers to suspend suspicious transactions.
The Single AML Rulebook: Key Highlights
The key regulatory provisions of the single AML rulebook include:
Expanded AML Rules
The single rulebook expands AML/CFT rules to apply to a wider range of organisations, including professional football clubs, football agents, traders in cultural goods (such as artwork), luxury car dealers, yacht dealers, and private jet dealers. Under the expanded rules, these entities will need to perform customer due diligence (CDD) on customers and clients, monitor their transactions for suspicious activity, and report such activity to the relevant authorities.
Crypto AML
The rulebook also expands the scope of EU AML/CFT rules to apply to crypto asset service providers (CASP) and virtual asset service providers (VASP). The rules must be applied to customers that engage in transactions involving €1,000 or more.
Very Wealthy Customers
The updated AML rules include an obligation for financial institutions to conduct enhanced due diligence (EDD) on “very wealthy (high net-worth) individuals”, when the business relationship involves “the handling of a large amount of assets”.
Cash Payment Rules
The rulebook sets a limit of €10,000 for cash payments. As an added rule, firms will need to apply CDD measures to verify the identities of persons that carry out occasional transactions between €3,000 and €10,000.
Beneficial Ownership Rules
The rulebook sets the EU threshold for establishing beneficial ownership. Under the rules, a person may be considered a beneficial owner if they own 25% or more of an entity. The 2024 agreement emphasises that the beneficial ownership assessment process must take into account both “ownership and control”, and clarifies certain rules to prevent persons from hiding their status “behind multiple layers of ownership”.
A proposal to lower the beneficial ownership threshold to 15% was not implemented in the single AML rulebook.
Implementation Timeline: What Next?
While the 2024 agreement was an important step forward in achieving the EU’s vision of consistent, region-wide application of AML rules and sanctions, the updated 6AMLD’s rules, and the corresponding single AML rulebook, will not be implemented immediately. The text of the rulebook agreement must now be reviewed by member-state representatives, before it is formally adopted by the EU Council and EU Parliament.
Given the current rate of progress (notwithstanding unexpected delays), businesses may expect the 2024 agreement to be formally adopted by late 2025, with rules coming into effect in early 2026. Some of the new rules have clearer implementation schedules: the expansion of AML rules to professional football clubs, for example, are slated to come into effect in 2029.
Prepare Your Business for Regulatory Change
The EU’s primary objective with the single AML rulebook has always been to increase regulatory harmony, facilitating a stronger and more efficient collective response to global financial crime. However, regulatory disparity across jurisdictions means that many firms will be exposed to new compliance risks, and will need to review their existing AML procedures to meet 6AMLD standards.
Keeping up with EU AML standards can be daunting, especially in periods of regulatory change when firms must quickly adjust to new data collection obligations in order to establish risk accurately. Ripjar developed Labyrinth Screening to meet that challenge: an automated, AI-powered screening solution, Labyrinth Screening enables firms to customise their screening process to their risk environment, performing customer name searches in seconds, in 25+ languages, across thousands of global news sources, sanctions lists, and watchlists.
AI-Powered AML Name Screening
Labyrinth Screening keeps the AML compliance process fast and simple. Integrating Ripjar’s cutting-edge AI Risk Profiles feature, Labyrinth is capable of identifying and extracting the most relevant risk information from vast amounts of data, in order to build easy-to-read customer profiles, reduce time-consuming duplications and false positive alerts, and enable strong, speedy compliance decision-making that saves customers and compliance teams time.
The recently-launched AI Summaries extension, has made Labyrinth Screening even more effective. Adding a concise narrative overview to each customer risk profile, AI Summaries supercharges individual name searches – with up to a 90% reduction in risk assessment time for both new and existing customers. Combined with AI Risk Profiles, AI Summaries ensures that companies in the EU and beyond stay ready for regulatory change, and are able to react to unexpected compliance challenges in an evolving risk landscape.
Italy is a wealthy Mediterranean nation with one of the largest economies in Europe and a historically-strong manufacturing industry. A busy trade hub, Italy’s international businesses export products, including cars, furniture, food, clothing, and luxury goods, around the world.
While Italy’s economic development created prosperity, it has also attracted criminals who exploit the country’s financial system to launder money and commit other crimes. That criminal threat is ongoing: in a 2023 Europol investigation, Italian authorities discovered criminal gangs perpetrating trade-based money laundering across Europe, with around €18.5 million traced back to Italy alone. Later, Italian authorities uncovered a money laundering network between Italy and China, with prosecutors seizing €292 million in illegal funds.
Italy’s government has responded to the money laundering threat by implementing strict anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations, in keeping with its EU and global obligations. With money laundering still a serious threat, it’s important that firms understand Italy’s AML regulations, and how to achieve compliance.
Italy’s AML Regulator: The Bank of Italy
The Bank of Italy is Italy’s primary AML regulator and provides supervision for all banks and financial institutions in the country, including asset management companies, intermediaries, and trusts. Headquartered in Rome, the bank functions to “ensure the monetary stability and financial stability” of the Italian economy, and has the following duties and responsibilities:
Preparing and developing AML/CFT regulations in coordination with the Italian parliament and government.
Developing methods to assess and analyse AML/CFT compliance in supervised banks and financial institutions.
Implementing penalties and sanctions on entities found to be violating AML/CFT compliance rules.
Conducting periodic analysis of AML/CFT risks across the financial sector.
Publishing and disseminating documentation pertaining to AML/CFT regulation.
Participating in international AML/CFT efforts with foreign regulatory counterparts, including strengthening cross-border AML/CFT supervision.
There are other regulatory bodies that are tasked with supervising Italy’s financial institutions. These are:
Italy is also a member of the Financial Action Task Force (FATF), the intergovernmental organisation that sets global AML policy. The FATF issues AML recommendations that must be implemented as part of domestic law.
Italy’s Key AML Regulations
Italy’s main AML regulation is Legislative Decree No.231 2007, which sets out the definition of the crime of money laundering in Italy, and the need for cooperation between financial institutions and authorities in ensuring compliance. The Decree requires firms in Italy to take a risk-based approach to AML/CFT compliance (as prescribed by the FATF), which means that they must assess the criminal risk that their customers pose, and then implement a proportionate compliance response.
Anti-Money Laundering Directives: As a member of the EU, Italy must implement the EU Parliament’s Anti-Money Laundering Directives (AMLD) in domestic law. Accordingly, Italy periodically updates Legislative Decree No.231/2007 in order to meet the EU’s new AML standards. The latest EU AMLD was the Sixth Anti Money Laundering Directive (6AMLD) which came into effect on 3 June 2021.
How to Comply with Italy’s AML Regulations
In order to meet the requirements of risk-based AML regulations, firms in Italy must implement the following measures and controls:
Customer due diligence: Firms should seek to establish and verify the identities of their customers in order to perform accurate risk assessments. The customer due diligence (CDD) process may involve the submission of names, addresses, and other information, including biometric identifiers.
Beneficial ownership checks: Firms in Italy should also carry out beneficial ownership checks on customer entities in order to prevent criminals hiding their identities with shell companies or behind corporate infrastructure.
Transaction screening: Firms must be able to screen their customers’ transactions for money laundering risk indicators such as unusual transaction patterns, or transactions with high risk counter-parties.
In a risk-based compliance system, it is vital that firms capture and understand the level of risk that individual customers present. One of the most effective ways of doing this is to screen for adverse media that involves their customers, since news stories often contain valuable information about AML risk before it is confirmed by official sources such as government or police departments.
Adverse media screening (or negative news screening) requires searches of domestic Italian and global news stories in multiple languages. Searches should cover screen and print media, along with new media formats, such as blogs, social media posts, and forums. The screening process can be complex, and must account for factors such as language differences, content duplication, platform credibility, linguistic idiosyncrasies, nicknames, and aliases.
Recent AML Initiatives in Italy
The Bank of Italy has a dedicated ‘Notices and communications’ page on which it publishes the latest news, events, and developments pertaining to AML regulation in Italy. In April 2023, the Bank of Italy held its “New AML scenarios” workshop, in which it facilitated a discussion with trade representatives on “the main challenges that developments in policies, risks, and anti-money laundering supervision pose to the Authorities and intermediaries”.
Strategic Plan: The Bank of Italy also recently released its Strategic Plan 2023-2025. The Plan included several significant AML provisions, including the establishment of a new Anti-Money Laundering Supervision and Regulatory Unit (SNA), and a commitment to reorganise and strengthen Italy’s Financial Intelligence Unit (FIU).
AMLA: In March 2023, the EU revealed that it would be establishing a new European Anti-Money Laundering Authority (AMLA) to help enforce and standardise AML/CFT regulations across member states. In October 2023, the Italian government announced that it would be bidding to host the AMLA headquarters in Rome.
Next Generation AML Screening in Italy
Building an effective AML solution in Italy requires firms to not only collect and understand the risk data they collect, but to use it to act decisively. Screening processes, especially adverse media screening, often generate vast amounts of data, which can, in turn, create high volumes of false positive alerts, slowing down the compliance process and placing significant pressure on employees. To meet this challenge, firms need efficient, agile, automated screening solutions that can adapt to changing risk landscapes without compromising performance.
Ripjar’s Labyrinth Screening platform is designed for exactly this purpose. Powered by cutting-edge machine learning algorithms, Labyrinth Screening offers customisable adverse screening tools and powerful adverse media name search capabilities in over 25 languages. Labyrinth screens against thousands of global news sources, watchlists, and sanctions lists, and puts actionable financial intelligence at your fingertips in seconds.
The Labyrinth platform also adds valuable depth and detail to your screening process with the integration AI Risk Profiles technology. Automatically identifying and extracting only the most relevant data on subject entities, AI Risk Profiles enables firms to build out individual profiles for subject entities, eliminating duplicate content, similar names, and other data that typically increase the chance of a false positive alert, and ensuring your compliance team is in the best position to make strong risk decisions.
We’re proud to have been placed as a category leader in the Chartis RiskTech Quadrant for KYC Solutions, 2023.
Chartis Research is the leading provider of research and analysis on the global risk technology market, providing in-depth analysis and advice on all aspects of risk and compliance technology. As part of this, Chartis produces reports on risk management solutions for financial crime, including Know Your Customer (KYC) solutions.
Currently, the global KYC and anti-money laundering (AML) landscape is shifting, with increasing sanctions and regulations affecting all sectors, and particularly the global supply chain. This is leading to organisations implementing more rigorous screening methods to improve due diligence processes.
In the US, for example, recent regulation changes – such as new sanctions relating to the Russia/Ukraine war, FinCEN’s final rule on beneficial ownership information, and the US Treasury’s National Strategy for Combating Terrorist and Other Illicit Financing – have had a significant impact on due diligence requirements. When combined with increasingly complex supply chains and transactions, the number of companies needing to implement more robust KYC solutions is increasing.
The Chartis KYC Solutions quadrant assesses against capabilities such as customer onboarding, reporting and dashboarding, and customer profile enrichment with additional data – an area in which Ripjar’s industry-leading AI Risk Profiles excels.
With solutions assessed on the completeness of their offering and their market potential, Ripjar’s high score in both areas has placed us as a category leader.
Chartis RiskTech100 2024
Also announced this week, Ripjar has once again been included in the Chartis RiskTech100 – a ranking of the world’s 100 most important players in risk and compliance technology. In the 2024 rankings, we’re proud to have risen a further 10 places from last year, demonstrating our ongoing commitment to innovation and helping our customers stay ahead of the threat.
Discover how Labyrinth Screening can help ensure your AML Compliance
Ireland is a prosperous, northwestern European nation with a highly developed economy, including successful international technology, science, and financial service industries. Ireland’s global business profile has also led to financial crime risks: in 2021, Irish police revealed that they had recorded over 500 money laundering crimes in 2020, more than double the amount in 2019, and a sixfold increase in two years. To address that threat, the Irish government has committed to bolstering the powers and resources of authorities to fight financial crime and in particular to address offences such as money laundering and terrorism financing.
The increased focus on anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations means that organisations in Ireland must understand the risk landscape, and be capable of achieving compliance with the relevant regulations. Prepare your organisation for criminal threats, and stay ahead of your compliance obligations with our guide to Ireland’s AML regulations.
Ireland’s AML Regulator: The Central Bank of Ireland
Founded in 1943, and headquartered in Dublin, the Central Bank of Ireland (CBI) is Ireland’s primary anti-money laundering regulator and is responsible for “effectively monitoring credit and financial institutions’ compliance with their AML and CFT obligations”. The CBI’s duties and responsibilities include:
Providing oversight for Ireland’s financial institutions to ensure compliance with AML/CFT regulations.
Conducting on-site inspections to verify that financial institutions are meeting their regulatory compliance obligations.
Monitoring adoption and implementation of risk-based AML/CFT compliance procedures.
Ensuring that financial institutions keep AML/CFT compliance policies and procedures up to date and available for inspection, and that senior management are aware of their own compliance responsibilities.
Enforcing administrative sanctions against financial institutions that fail to comply with their compliance obligations.
As a national regulatory body, the CBI plays a role in the development of new financial regulations with the Irish government. Similarly, the CBI works with other European Supervisory Authorities (ESA) in order to foster a consistent approach to anti-money laundering regulations across the EU. Ireland is also a member of the international intergovernmental AML organisation, the Financial Action Task Force (FATF).
The CJA 2010 defines the offence of money laundering in Ireland and requires all financial institutions in Ireland to implement a risk-based AML/CFT solution. Key CJA 2010 compliance measures include customer due diligence (CDD), customer screening processes, suspicious activity reporting (SAR) mechanisms, the appointment of a competent compliance officer, and the implementation of employee training.
In addition to the CJA 2010, Ireland has passed several additional articles of AML/CFT-relevant legislation, these include:
The Criminal Justice (Terrorist Offences) Act 2005
The European Union (Anti-Money Laundering: Beneficial Ownership of Corporate Entities) Regulations 2019
The European Union (Anti-Money Laundering: Beneficial Ownership of Trusts) Regulations 2019
The European Union (Information Accompanying Transfers of Funds) Regulations 2017
The CJA 2010 requires that firms in Ireland implement a risk-based AML/CFT compliance solution. In this context, risk-based compliance means that firms must conduct a risk assessment of customers at onboarding to establish the level of individual AML risk that they present, and then deploy proportionate compliance measures.
A CJA 2010 compliance programme should include the following measures and controls:
Customer due diligence: Firms in Ireland must identify their customers by collecting identifying information, including names, addresses, and dates of birth. Firms must also identify ultimate beneficial owners (UBO) in order to prevent the misuse of shell companies.
Transaction screening: Firms must screen customer transactions in order to detect suspicious activity, such as unusual transaction patterns, transactions with high risk counter-parties, or transactions involving high risk jurisdictions.
Watchlist screening: Firms should screen customers against relevant watchlists, including PEP lists.
Adverse media screening: In order to understand customer risk levels as comprehensively as possible, and fulfil the CJA 2010’s risk-based obligations, firms in Ireland should implement an adverse media screening solution. Adverse media is valuable to AML because risk-relevant information is often revealed by media sources before it is confirmed officially, meaning that firms can perform more accurate risk assessments and deliver better compliance outcomes.
Accordingly, adverse media screening solutions should take in sources from Ireland and around the world, including foreign language media, and cover everything from stories by established news outlets to blog posts, forum entries, and social media posts. Adverse media solutions should be capable of multi-language searches, account for regional variations in spelling, non-Western characters and conventions, and factor in the credibility of the sources.
Recent AML Initiatives in Ireland
In addition to the TFR, Ireland will also implement another EU virtual asset regulation: Markets in Crypto Assets (MiCA). A landmark, EU-wide regulation, MiCA will address the AML risks posed by certain crypto-assets, and introduce new licensing and registration requirements for crypto-asset service providers. MiCA is expected to come into effect across the EU in 2024.
In 2023, Ireland announced that it would be bidding to host the new EU Anti-Money Laundering Authority (AMLA). The bid reflects Ireland’s desire to increase its profile as a European financial centre, and international AML leader.
Next Generation AML Screening
As Ireland’s AML landscape evolves, financial institutions will need to work harder to keep up with new regulatory obligations and to address new criminal methodologies. In this environment, automated screening solutions are critical: firms must be able to collect and analyse vast amounts of customer data, while minimising false positives and making decisions quickly.
Ripjar’s Labyrinth Screening platform is designed to meet those challenges – in Ireland and jurisdictions around the world. Labyrinth Screening enables firms to search customer names against thousands of global media sources, including PEP lists and sanctions lists, in real time, and generate actionable financial intelligence in seconds. Built with next generation machine learning technology, Ripjar has also implemented AI Risk Profiles as part of Labyrinth searches: using AI Risk Profiles, firms can quickly identify and extract only the most relevant risk information about their customers, speeding up the screening process, enhancing accuracy, and ultimately enabling faster, stronger compliance decision-making.
On 20 September 2023, Ripjar held an AI in Compliance webinar, welcoming financial crime compliance experts to discuss the impact of emerging trends and technologies on the industry. The exclusive, live-only event was hosted by Ripjar’s Chief Product Product Officer, Gabriel Hopkins, with Michael Heller, Head of Financial Crime Compliance Proposition at Dow Jones, and guest speaker Andras Cser, VP Principal Analyst at Forrester.
With awareness of artificial intelligence in financial crime applications higher than ever, firms around the world are exploring the technology’s potential and its limitations. Focusing on that dynamic, the AI in Compliance webinar involved a guest speaker presentation and a panel discussion, with opportunities for audience members to submit questions to the expert speakers.
Let’s take a closer look at the key insights and discussion points from the webinar:
Introductory Presentation
Guest speaker Andras Cser opened the panel with an introductory presentation offering an industry perspective on the current role of Artificial Intelligence (AI) in compliance.
The Role of AI
The presentation explored uses of AI in the compliance ecosystem and how the technology may help with a range of critical compliance processes – from addressing financial crimes such as money laundering and fraud, to helping enhance regulatory scrutiny, minimising customer friction, and increasing operational efficiency.
AI and machine learning (ML) tools have recently demonstrated “unprecedented improvements” in compliance contexts. These improvements include:
More standardised, FATE-compliant vendor-developed models.
Models with fewer re-training requirements that can learn autonomously from analyst and investigator decisions.
More preventative models that can identify attempts to commit fraud or launder money before they take place.
Models with better governance and explainability out of the box – simplifying audit requirements
More cloud/SaaS-delivered fraud management and AML models.
Those advancing capabilities have clear potential for AI-powered Know Your Customer (KYC) and Watchlist Management (WLM) solutions in the following areas:
Predictive methodologies
Adverse media and politically exposed person (PEP) screening
Natural language processing (NLP) and link analysis between entities
Information processing, discarding irrelevant data points in large quantities of data
Shortening investigation times
Filtering and managing watchlists
Supported by AI, these applications promise a wider range of compliance benefits, such as a reduction in false positive alerts, enhanced contextual analysis and risk scoring, and a reduction in the need for employee focus.
AI Best Practices
In order to capitalise on the promise of AI, it’s important that firms understand the best practices for its integration:
AI model governance needs to be able to prove that challenger models perform better than current models.
Firms need to use statistical measurements and high quality SDLC processes for building AI models. This may be easier with supervised AI models which are trained and continuously tested against a set of truth data, as opposed to unsupervised models where deductions are made without that reference point.
Firms must work with regulators, such as FINCEN and FINRA, in the development and application of AI models.
AI models should be designed for explainability in investigative contexts.
Firms should keep partial retrainings in sight in order to reduce the need to retrain models from scratch.
The Future of AI
Casting an eye to the horizon, firms may expect the following AI compliance developments:
Increased adoption of cloud-based analytics and cloud-based delivery methods for watchlist management, and adoption of new transaction monitoring tools for addressing money laundering.
Increased use of AI in addressing risks in peer-to-peer payments and in cryptocurrency payments.
Increasing use of NLP to analyse the textual content surrounding transactions and in adverse media stories.
Advanced link analysis to determine connections between transactions and other data points, such as telephone numbers or addresses.
Predictive investigation of potential financial activity that exhibits criminal ‘red flags’.
Panel Discussion
Following the presentation, Gabriel Hopkins framed the panel discussion by referencing the renewed “wave of excitement” about AI and machine learning tools in compliance and screening contexts. The discussion went on to cover the recent rise in popularity of generative AI and large language models, and the challenges that firms should expect as they seek to integrate the new technology.
Where do you think we are in the cycle of industry attitudes to AI?
Mike Heller suggested that AI was at a ‘midpoint’ – in the sense that, while there is excitement about its advancing capabilities, there is also concern about its risks, and a push from governments to regulate, as the technology is integrated into business functions. In the financial industry, that trend has given rise to a focus on ‘compliance-ready’ AI – meaning the introduction of tools that are explainable, auditable, and can be tested against the relevant metrics. Compliance-ready AI obviously requires a “significant amount of technical expertise” which will, in turn, require coordination with the regulatory community.
Andras Cser raised the issue of data protection and privacy, and the need for developers to be very careful about how AI tools handle personal data. Generative AI may pose unique new compliance challenges: Cser pointed to the EU’s recent regulatory focus on the unacceptable risks of generative AI, including its potential to manipulate certain groups of people with deep fakes and voice synthesis. Essentially, Cser explained, with the benefit of generative AI, criminals may be able to automate their deception of customers, significantly increasing the scope and effectiveness of their illegal activities.
Where do you see AI having the greatest impact in compliance?
Andras Cser pointed out that AI has been used for a long time in compliance (for example, in risk scoring models), and described its impact as “evolutionary” rather than revolutionary in these contexts. However, he suggested that generative AI might have the greatest impact in the investigative side of compliance. While investigators currently need to have an extensive understanding of the details of a particular case, generative AI has the potential to reduce that administrative burden, and provide guidance, and even assistance, to compliance teams. This trend might include AI systems answering questions or providing resources to help employees work with data and effectively remediate alerts.
The predictive potential of AI will also be important for investigations. AI-enabled systems could be used to automatically identify patterns of behaviour indicative of money laundering or fraud – and alert investigators before the crime takes place.
How will AI continue to improve established compliance processes?
Mike Heller highlighted the strength of AI tools in facilitating compliance screening at scale, including processing information, and analysing data from structured and unstructured sources. Heller re-emphasised the value of compliance-ready AI solutions, referencing Dow Jones’ partnership with Ripjar as a way to harness best-in-class technology for the purpose of screening vast amounts of customer risk data. He also mentioned feature engineering for existing models, with AI enhancing the explainability of certain processes in order to make them more accessible for auditors, regulators, and customers.
How should organisations select their AI vendors and technology?
Andras Cser stressed the need for organisations to view AI models as “starting points”, seeking those with a combination of rules-based decision-making and machine learning features. He also suggested that firms should seek vendors that can provide a comparison of model efficiencies (between current champion and challenger models) in order to understand how a product will ultimately integrate within existing compliance infrastructure.
Are there any AI tools that are white-listed by regulators?
Mike Heller pointed out that while there isn’t a current white-list of AI tools, organisations should survey their surroundings to find out which tools competitors use, how those tools have been tested, and how the systems have fared under review. Gabriel Hopkins noted that regulators have also been pushing organisations towards the integration of AI and machine learning tools as a way to enhance their screening processes. He added that while regulators “don’t want to give people carte blanche” they are nonetheless opening up to the wider use of these solutions.
Andras Cser pointed to the limitations of entirely heuristic compliance, which is particularly vulnerable to criminals that know how to exploit the rules. He characterised AI as the only known long-term strategy for dealing with evolving criminal methodologies, suggesting that regulators and institutions would need to work through initial challenges in order to optimise its use.
How is guidance from organisations like the Wolfsberg Group helpful?
Following advances in AI and machine learning, Mike Heller noted that the Wolfsberg Group’s 2022 Negative News FAQs advised the use of technology as a means to screen against unstructured adverse media data. The move reflects a shift in the expectations of financial regulators towards firms integrating tools capable of matching the increasing sophistication of criminal methodologies – and effectively implies the use of machine learning-enabled technology.
How should institutions approach the issue of explainability in AI models?
Mike Heller stressed the importance of AI providers being able to present documentation on how their model surfaces risk-relevant documentation. Organisations should then take that documentation through an internal review process with their compliance and legal departments to ensure alignment with their policies and risk-appetite. Andras Cser added the notion of feature extraction to that process – essentially as a means to ensure that the vendor is able to deliver an explanation for decisions taken in the AI risk scoring process. Cser went on to mention the benefit of having the vendor help with the operationality of the AI model, splitting responsibility for its management.
Referencing the regulatory strictness of compliance and transaction monitoring requirements, Cser also suggested that AI offers a way to improve on existing models, including developing tools that boost the accuracy and efficiency of risk scoring.
How would you recommend firms prepare for the ‘new wave’ of AI?
Looking back on years of industry experience, Mike Heller, noted a shift in the type of skills needed to manage compliance. Where once legal and regulatory expertise was required, today teams require individuals with project management, engineering, and technical backgrounds who can also be involved in the operational design and development of the tools. The next step may be to hire internal data scientists and AI experts to help bridge the gap between the regulatory and technical functions.
Andras Cser emphasised the need for firms to move slowly in the implementation of new tools, and in understanding what exactly is being integrated. He highlighted the value of data scientists in the new AI landscape, who can assess the compatibility of vendors’ models, and provide a way of governing the development of the technology to ensure challenger models are better than champions. Ultimately, firms should seek to ensure that the basics of their models function as intended, and that their integration aligns with an organisation’s risk appetite.
How are firms handling AI governance?
From a vendor’s perspective, Gabriel Hopkins noted the introduction of centralised model management committees, especially in global banks, as a way for firms to keep boards updated on the implementation of AI models. Expanding on that point, Mike Heller suggested that boards have been scrambling to understand how generative AI tools, such as ChatGPT, will impact their business operations, particularly in terms of compliance. He suggested that institutions that appoint compliance experts at the highest level will be better placed to handle AI integration and to address the challenges that may emerge in the future.
Do you think regulators will expect a level of human input in the regulation of AI?
Taking a vendor’s perspective once again, Gabriel Hopkins suggested that regulators would “absolutely” expect human involvement in the implementation and execution of AI technology, and recommended that firms frame the integration of new AI tools as supporting the efforts of analysts in making compliance decisions.
Echoing that point, Mike Heller remarked that the integration of AI technology will not make compliance easier, but rather make the process faster. The most important, critical decisions will continue to be made by analysts, who will, with the benefit of AI, be empowered to keep pace with criminal methodologies. Heller compared the evolution of AI tools with the history of sanctions compliance, where new technologies previously allowed financial institutions to scale-up their compliance response significantly.
What’s the ‘number one’ takeaway that you’d share about the use of AI in compliance?
Stressing the importance of careful adoption, Mike Heller emphasised the need to keep pace with competitors while bridging the gap between technical and data expertise, and regulatory expectation. Andras Cser returned to the question of explainability, stressing that “explainable AI is always better than inexplicable AI”.
To learn more about Ripjar’s AI compliance and screening technology, get in touch today
Luxembourg is a small western European country with a global reputation for banking services and favourable tax laws. That reputation draws investment to the country, but also makes it a target for those who seek to use its financial system to launder money and commit other crimes. In 2021, a joint investigation by German and French journalists found that Luxembourg was being used to conceal funds linked to organised crime gangs from around the world. The report characterised Luxembourg as part of an “axis of tax avoidance” in Europe.
Luxembourg’s government has pushed back strongly against the notion that it is not doing enough to address financial crime, and has made significant recent efforts to bolster the country’s anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations. Those efforts have led to increased regulatory scrutiny, and a need for firms operating within Luxembourg to ensure they understand their risk environment, and achieve regulatory compliance.
Luxembourg’s primary AML regulator is the Commission de Surveillance du Secteur Financier (CSSF). Established in 1998, the CSSF is responsible for “ensuring that all the persons subject to its supervision, authorisation or registration comply with the professional AML/CFT obligations”. In this capacity, the CSSF provides oversight for all banks, investment firms, and other types of financial institutions operating in Luxembourg.
The CSSF’s duties and responsibilities include:
Supervising and investigating financial institutions to ensure compliance with Luxembourg’s AML/CFT laws.
Obtaining documents and other financial intelligence from persons under its supervision.
Issuing sanctions against firms that do not comply with AML/CFT regulations. Sanctions may include warnings, fines, or occupational prohibitions.
Luxembourg is a member of the Financial Action Task Force (FATF), the Wolfsberg Group, and the EU, and so the CSSF actively participates in international efforts to combat financial crime. The CSSF shares information with international counterparts and participates in the European System of Financial Supervision (ESFS) with the objective of enhancing and harmonising AML/CFT standards across the EU.
Key Luxembourg AML Regulations
Luxembourg’s primary AML/CFT law is the Law of 12 November 2004 on the fight against money laundering and terrorist financing, also known as the AML/CFT Law. The law defines the offence of money laundering in Luxembourg and gives the CSSF its supervisory powers.
In alignment with FATF recommendations and EU objectives, the AML/CFT Law requires that firms in Luxembourg take a risk-based approach to compliance. In practice, this means that firms must conduct risk assessments to gauge the level of criminal risk that their customers present, and then deploy proportionate compliance measures, with higher risk customers subject to a greater degree of AML/CFT scrutiny.
EU AMLD: The EU issues periodic updates to its AML/CFT regulations, known as Anti-Money Laundering Directives (AMLD), which members must implement in domestic legislation.
Accordingly, Luxembourg amends its AML/CFT Law to incorporate details of new AMLDs. The Sixth Anti-Money Laundering Directive (6AMLD) came into effect across the EU on 3 June 2021, introducing a range of new AML/CFT compliance obligations including new AML predicate offences, expanded criminal liability for money laundering, and increased minimum penalties.
How to Comply with Luxembourg’s AML Regulations
Firms in Luxembourg must implement a risk-based compliance programme to meet their obligations under the AML/CFT Law. Effective AML compliance programmes in Luxembourg should include the following measures and controls:
Customer due diligence: In order to assess risk accurately, firms in Luxembourg must perform suitable customer due diligence (CDD) to identify their customers. The CDD process should involve the collection and verification of names, addresses, dates of birth, and other identifying information. Higher risk customers should be subject to enhanced due diligence (EDD) measures.
Beneficial Ownership: To prevent financial criminals concealing their identities with shell companies or corporate infrastructure, firms should also establish the ultimate beneficial ownership (UBO) of customer entities with which they do business.
Transaction screening: Firms in Luxembourg should screen customer transactions for signs of money laundering. These might include unusually high transaction amounts, transactions with high risk counter-parties, or transactions that involve jurisdictions with inadequate AML controls.
Watchlist screening: Firms should identify high risk customers, such as politically exposed persons (PEPs), by screening them against the relevant international watchlists.
Sanctions screening: Customers that are subject to international sanctions pose a high AML/CFT risk. With that in mind, firms in Luxembourg should implement a sanctions screening solution to capture designations on the relevant lists, such as the EU’s Consolidated sanctions list.
Adverse media screening: News stories, and other media, often reveal changes in customer risk before any confirmation by official sources. Given the potential for news media (and other forms of media) to capture that information, firms in Luxembourg should integrate adverse media screening as part of their AML/CFT solution.
Adverse media screening (or negative news screening) requires firms to search for customer names across a range of domestic and international media sources, including traditional news outlets, blogs, social media platforms, and forum posts. Adverse media solutions should be capable of searching in multiple languages, and account for regional variations in spelling, non-Western characters, and other complicating language factors.
Recent AML Initiatives in Luxembourg
In 2022, Luxembourg made a series of amendments to the AML/CFT Law in order to clarify certain regulatory details. The amendments, introduced under the Act of July 2022, clarified:
The limits of applying customer due diligence under the risk-based approach.
The obligation to retain documents collected as part of the CDD process – rather than just listing references to those documents.
The obligation to apply enhanced CDD measures for persons acting behalf of a client, or for PEPs.
The obligation to compare collected beneficial ownership data to available beneficial ownership registers.
As an EU member, Luxembourg will also implement the upcoming Markets in Crypto Assets (MiCA) regulation. MiCA is a landmark regulation that will introduce new AML measures for the treatment of virtual assets, in particular stablecoins, and will introduce new licensing and registration requirements for cryptocurrency service providers. MiCA will be introduced across the EU in 2024.
Next Generation Screening in Luxembourg
To keep pace with Luxembourg’s AML regulations and manage emerging threats, firms must implement an agile, flexible screening solution capable of managing vast amounts of structured and unstructured data. The increasing complexity of AML regulations, and the sophistication of criminal methodologies, mean that manual AML solutions are no longer adequate – and risk not only negative customer experiences, but human error and costly compliance penalties.
Ripjar’s Labyrinth Screening platform is built to address modern screening challenges, with fast, flexible, accurate screening tools tailored to individual companies’ needs. Labyrinth Screening gives firms the power to search customer names against thousands of adverse media sources, watchlists, and sanctions lists in real time, in over 21 langues, and delivers actionable financial intelligence in seconds.
Powered by next generation machine learning technology, Ripjar has also deployed AI Risk Profiles as part of the Labyrinth Screening platform. AI Risk Profiles enable compliance teams to identify and extract the most relevant risk data on their customers, minimising false positive alerts while building detailed risk profiles for stronger, more accurate decision making.
The United Arab Emirates (UAE) is a global business hub, and one of the most important economies in the Middle East and the world. While the UAE attracts investment from around the world, its wealth also makes it a target for criminals seeking to exploit its financial system. In 2022, the Financial Action Task Force (FATF) placed the UAE on its list of Jurisdictions under Increased Monitoring, also known as the FATF grey list, as a result of deficiencies in its anti-money laundering (AML) and counter-financing of terrorism (CFT) controls, including international sanctions violations. Following the listing, the UAE government committed to meeting the requirements of its FATF’s action plan by improving its AML/CFT framework, and clamping down on organisations that fail to meet their compliance obligations.
That increased level of regulatory scrutiny means that firms operating in the UAE must understand the country’s AML/CFT environment, how to deal with risks, and how to adjust their internal procedures to achieve compliance.
The UAE’s AML Regulator: The Central Bank of the UAE
The Central Bank of the UAE (CBUAE) is the country’s primary financial regulator and provides AML/CFT supervision through its specialised Anti-Money Laundering and Combatting the Financing of Terrorism Supervision Department (AMLD). Established in 2020, AMLD took over AML/CFT responsibilities from the CBUAE’s Banking Supervision Department, and now acts “as the interface between the the CBUAE and domestic stakeholders”, focusing on regulatory compliance, and working with law enforcement authorities and the UAE’s Financial Intelligence Unit (FIU). The AMLD has three stated objectives:
Examine licensed financial institutions (LFIs) operating in the UAE
Ensure compliance with the UAE’s AML/CFT regulatory and legal framework
Identify AML/CFT threats and emerging risks, and weaknesses in the UAE’s financial system
In support of those objectives, the AMLD coordinates with both the CBUAE’s Banking Supervision Department and the Enforcement Division to carry out investigations of potential regulatory violations, and to impose penalties on firms found to be in violation. It also works with the UAE cabinet to develop AML/CFT legislation, issues periodic compliance guidance to firms operating within the UAE, and works with international counterparts in the global fight against financial crime.
The UAE’s main articles of AML/CFT legislation are:
Federal Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations
Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
Known as the AML/CFT Law and the AML/CFT Decision respectively, the articles collectively require firms in the UAE to develop and implement a risk-based AML/CFT programme, including know your customer (KYC) checks, risk screening solutions, reporting and record-keeping processes, and suitable compliance governance. The requirements include the appointment of an AML Compliance Officer responsible for overseeing their firm’s compliance solution.
Recent AML initiatives: The UAE government has made explicit political commitments to addressing the FATF’s UAE action plan in order to facilitate its removal from the grey list, and has been able to demonstrate recent progress. At an FATF Plenary in February 2023, the FATF stated that the UAE had made “significant progress” in strengthening its AML/CFT regime and urged the UAE government to maintain focus on “demonstrating a sustained increase in effective investigations and prosecutions of different types of money laundering cases”.
To that end, in January 2023, the CBUAE released new guidance on the use of digital identification systems in AML/CFT compliance solutions. The guidance suggests that firms should integrate digital tools for customer onboarding and for verification, and use digital data to help identify suspicious activity such as transactions that involve high risk jurisdictions.
UAE AML Regulations: How to Comply
Following FATF guidance, the UAE requires firms to implement a risk-based AML/CFT solution, which means they must perform risk assessments in order to identify the level of risk that individual customers present, and then deploy proportionate compliance measures. With that in mind, UAE compliance solutions should include:
Customer identification: Firms must establish and verify the identity of their customers by conducting suitable customer due diligence (CDD), collecting enough information to perform an effective AML/CFT risk assessment. Similarly, firms should establish ultimate beneficial ownership (UBO) of customer-entities in order to prevent the use of shell companies and corporate structures to conceal customer identities.
Enhanced due diligence: Where customers are identified as presenting a high AML risk, firms should perform enhanced due diligence (EDD), applying a greater level of scrutiny which might include collecting copies of official documents, or even a third party audit.
Transaction screening: Firms must screen customer transactions for AML risk on an ongoing basis, including screening for transactions with high risk counterparties or with high risk jurisdictions.
Sanctions and watchlists: Firms in the UAE face a higher level of sanctions risk, so must implement an effective sanctions screening solution to identify designated customers on international sanctions lists. Firms should similarly seek to identify politically exposed persons (PEPs) by screening against PEP lists.
Adverse Media Screening in the UAE
Adverse media often reveals customers’ true AML risk before that information is confirmed by official sources. Given the level of ambient risk in the UAE, firms should implement an adverse media screening solution capable of searching domestic and global news sources, and covering not just news outlets, but websites, blogs, forums, and social media platforms.
Effective adverse media searches involve the collection and analysis of vast amounts of data. For firms in the UAE, adverse media solutions should integrate multi-language search functionality in order to capture stories in a range of languages and scripts, including Arabic, and account for regional variations in spelling or the use of nicknames or aliases. Adverse media solutions should also minimise false positive alerts in order to address potential threats as quickly and efficiently as possible.
Next Generation Screening for UAE AML Compliance
The UAE is modernising its AML/CFT regulatory framework, with a focus on introducing digital identification and verification, and expanding firms’ capabilities to detect financial crime. To keep pace with the country’s changing regulatory requirements, firms must develop and integrate suitable technology solutions and, in particular, ensure that they have effective AML screening software.
Ripjar’s Labyrinth Screening platform gives you the power to meet AML compliance challenges in evolving regulatory environments like the UAE. Built with next-generation machine learning technology, Labyrinth is capable of multi-language searches that take in thousands of adverse media sources, international sanctions lists and watchlists, and that deliver actionable AML data in seconds. Searching thousands of data sources in real time, Labyrinth Screening is designed to extract the most relevant, up-to-date information in order to build detailed customer risk profiles that help you make confident compliance decisions and react to emerging threats immediately.
Denmark is a wealthy Nordic country with a strong and diverse business landscape. In recent years, Denmark’s economic reputation has been damaged by high profile money laundering incidents, including a banking scandal which involved suspicious transactions amounting to around €200 billion flowing through some of the eastern European branches of a Danish bank. The scandal led to criminal charges, prosecutions, and financial penalties of over $2 billion.
In the wake of the incident, Danish authorities are placing a greater focus on AML compliance, which means that firms operating in Denmark must understand how to meet their anti-money laundering (AML) and counter-financing of terrorism (CFT) obligations in the ongoing fight against global financial crime. Given the prospect of significant fines and reputational damage, let’s take a closer look at Denmark’s AML landscape, and how firms should approach regulatory compliance.
Denmark’s AML Regulator: Finanstilsynet
Denmark’s financial regulator is the Financial Supervisory Authority (FSA), known in Danish as Finanstilsynet. The Danish government established the FSA in 1988, merging the Danish Supervisory Authority for Banks and Savings Banks and the Insurance Supervisory Authority. The FSA’s stated mission is to provide “financial stability and confidence in financial undertakings” in Denmark, and as such it is responsible for supervising banks and financial institutions, including insurance companies, pension funds, investment funds, and securities brokers.
The Danish FSA works to ensure that Danish firms comply with the country’s AML/CFT regulations, setting out rules and best practices, assisting the Danish government in developing new AML/CFT legislation, and issuing periodic guidance and best practice information. As Denmark’s national regulator, the FSA also works with international counterparts to assist in cross-border AML/CFT investigations and contribute to the global fight against money laundering. Banks and other financial service providers that wish to operate in Denmark must register with the FSA.
Denmark AML Regulations
The main article of AML legislation in Denmark is the Act on Preventive Measures Against Money Laundering and the Financing of Terrorism, also known as the Money Laundering Act. Applicable to all financial institutions in Denmark, the Money Laundering Act requires financial institutions to develop and implement a risk-based AML/CFT compliance solution, including appropriate customer due diligence (CDD) and screening measures. Firms must also appoint an AML Officer who is responsible for overseeing their organisation’s compliance solution.
EU Anti-Money Laundering Directives: Denmark is a member of the European Union and so must transcribe the EU’s anti-money laundering directives (AMLD) in domestic legislation. Accordingly, the Danish government updates the Money Laundering Act to meet AMLD requirements, and has done so most recently for the Fourth and Fifth Anti-Money Laundering Directives (4AMLD and 5AMLD).
Due to its constitutional agreements with the EU, as of May 2023, Denmark has not implemented the EU’s Sixth Anti-Money Laundering Directive (6AMLD). The directive came into effect across the rest of the EU on 3 June 2021.
Recent AML initiatives: Denmark’s government has announced a nationwide crackdown on money laundering, and released a 5 pillar AML/CFT strategy that will run until 2025. The strategy focuses on areas of particularly high AML risk, including high value goods, money transfer companies, cryptocurrencies, and the gambling industry. As part of the strategy, the Danish police has established a new unit dedicated to tackling money laundering.
While Denmark has not yet committed to any regulatory steps, the FSA has indicated that it will consider AML/CFT measures for virtual assets in the future. The EU has proposed a landmark regulation known as Markets in Crypto Assets (MiCA) which will come into effect in 2024 and introduce new AML/CFT compliance obligations for certain types of virtual asset.The Danish government has not indicated that it will implement MiCA but may do so as part of its regulatory efforts to address virtual asset money laundering risks.
Denmark AML Regulations: How to Comply
Following EU and Financial Action Task Force (FATF) guidance, firms in Denmark must implement risk-based AML/CFT solutions that reflect the level of criminal risk that they face. An effective risk-based solution should include the following measures:
Customer due diligence: Firms must identify their customers in order to build accurate risk profiles. Higher risk customers should be subject to enhanced due diligence, and corporate entities should be subject to ultimate beneficial ownership (UBO) checks.
Transaction screening: Firms must screen customer transactions for signs of money laundering and other financial crimes. Red flag characteristics may include transactions that involve high risk counterparties or accounts in high risk jurisdictions.
Sanctions and watchlists: Firms must identify high risk customers by screening them, on an ongoing basis against the relevant international sanctions and watchlists.
Adverse media screening in Denmark: One of the most effective ways to establish true AML risk is to screen against adverse media or negative news, which may reveal a customer’s involvement in financial crime, or designation on a watchlist, before that information is confirmed officially.
Finanstilsynet’s risk management guidelines state, “It is essential that financial institutions include media screening of customers and beneficial owners in customer due diligence.”
Firms should implement adverse media screening technology capable of searching for customer names in Denmark and around the world, gathering as much data as possible while minimising false positives and administrative noise. Adverse media searches should include established news platforms, websites, blogs, forums, and social media posts.
The Importance of Screening Technology
Ripjar’s Labyrinth Screening platform is designed to help firms meet their compliance obligations in crowded and complex regulatory environments. Powered by cutting-edge AI and machine learning software, Labyrinth enables global customer screening of thousands of news sources, sanctions lists, and watch lists, and delivers accurate, actionable data in real time. The Labyrinth search algorithm is capable of extracting the most relevant information from structured and unstructured data, enabling firms to build effective customer risk profiles in seconds, and react to emerging risks as soon as possible.
Finland is a wealthy northern European nation with one of the largest economies in the world, and an industrial landscape backed by strong global trade connections. While international investment has contributed to Finland’s prosperity, it has also attracted criminals who seek to exploit the country’s financial system to commit crimes such as money laundering and terrorism financing. In 2022, Finnish authorities investigated almost 4,000 cases of financial crime, up 10% on 2021 and with costs estimated in excess of €197 million.
The Finnish government has implemented strict regulations to help detect and prevent money laundering, terrorism financing, fraud, and other financial crimes – and firms operating in the country must be able to achieve compliance in order to avoid significant penalties and fines. To help your organisation meet its compliance obligations, read our quick guide to Finland’s anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations.
Finland’s Financial Supervisory Authority: The FSA
Finland’s financial regulator is known as the Financial Supervisory Authority (FSA) or Finanssivalvonta (Fiva). Headquartered in Helsinki and operating in conjunction with the Bank of Finland, the FSA’s stated mission is to ensure “the stable operation of credit, insurance, and pension institutions and other supervised entities” that operate in the country, in order to protect “the stability of the financial markets”.
In that supervisory role, the FSA ensures that organisations comply with Finland’s AML regulations. The FSA has the power to collect and analyse customer and transaction data from financial institutions, perform inspections of supervised entities, and issue penalties and fines in the event of compliance violations. The FSA may also work with the Finnish police as part of financial crime investigations.
Finland is a member of the EU and of numerous international economic organisations, including the Financial Action Task Force (FATF). Accordingly, the Finnish FSA also adopts the AML standards and best practices set out by those entities, and participates actively in the global fight against financial crime.
Key Finland AML Regulations
Firms in Finland must comply with the country’s main anti-money laundering legislation: the Act on Preventing Money Laundering and Terrorist Financing, often referred to as the Anti-Money Laundering Act (AMLA). The Act aligns Finland with international AML/CFT compliance standards, and sets out AML/CFT legal requirements with the following objectives:
Preventing money laundering and terrorist financing
Facilitating the detection of money laundering and terrorist financing
Tracing and recovering the of proceeds of crime
Following FATF recommendations, AMLA mandates a risk-based approach to money laundering, which means that firms in Finland must perform risk assessments to establish the level of money laundering risk that individual customers present, and then deploy compliance measures proportionate to that risk.
Finland’s AMLA is supported by a number of additional financial regulations, including:
Anti-Money Laundering Directives: As a member of the EU, Finland must implement the EU Parliament’s Anti-Money Laundering Directives (AMLD) in domestic law. Issued periodically, the AMLD set out new AML/CFT standards, often relating to emerging criminal threats or advances in technology. The latest directive, the Sixth Anti-Money Laundering Directive (6AMLD), came into effect across the EU on 3 June 2021.
How to Comply with Finland’s AML Regulations
Under the risk-based approach, firms in Finland must implement certain key measures and controls as part of their AMLA compliance solution. These include:
Customer due diligence: Firms in Finland must establish and verify their customers’ identities via suitable customer due diligence (CDD) in order to perform accurate risk assessments and build effective customer risk profiles.
Beneficial ownership: To prevent the misuse of shell companies and corporate infrastructure, firms must establish the ultimate beneficial ownership (UBO) of customer entities.
Transaction screening: In order to detect criminal activity, firms in Finland must screen customer transactions for red flag indicators of money laundering, such as transactions involving high risk jurisdictions or counter-parties.
In order to establish true risk, firms must build an understanding of the AML risk that their customers pose as quickly and comprehensively as possible. This means conducting adverse media screening to reveal unknown risks or to capture changes in risk, quickly and accurately.
Adverse, or negative news, screening requires firms to screen customers against media sources from Finland and around the world. The screening process should include news articles, websites, social media posts, forum posts, and more, in a range of languages. Accordingly, an effective adverse media solution should incorporate multi-language screening, and account for anomalous factors such as regional variations in spelling, non-Western characters and naming conventions, nicknames, and the use of aliases.
Recent AML Initiatives in Finland
Under EU directives, Finland will implement the upcoming Markets in Crypto Assets (MiCA) and Transfer of Funds (TFR) regulations. Both regulations introduce new AML/CFT compliance obligations for financial institutions that handle virtual assets, including reporting and record-keeping requirements. Finnish authorities have recently increased their focus on virtual asset money laundering; in late 2022, the FSA revealed that it was conducting an investigation into Finnish virtual currency providers’ links with international service providers that had encountered operational problems.
Finland is also enforcing EU sanctions against Russia in response to the invasion of Ukraine in 2022. While the EU has issued several rounds of sanctions against Vladimir Putin’s regime, the situation remains fluid, and it is likely that further sanctions will be imposed in the future. Firms operating in Finland should be prepared to adjust their sanctions screening processes to account for new risks.
Next Generation Technology for AML Screening in Finland
As Finland adapts to changing EU AML regulations, and manages new criminal threats, financial institutions must stay ahead of their compliance obligations. In practice, this means collecting and analysing vast amounts of structured and unstructured financial data, and making important compliance decisions quickly. In an environment where accuracy and speed are critical, effective AML screening represents a significant administrative challenge.
Ripjar’s Labyrinth Screening platform is a fast, flexible screening solution designed to help firms navigate AML compliance in Finland and around the world. Labyrinth Screening enables firms to screen customer names against thousands of global media sources, including news sites, sanctions lists, and watchlists, and generate meaningful, up-to-date, financial intelligence in seconds. Powered by next-generation machine learning technology, Labyrinth Screening also allows compliance teams to build extensive AI Risk Profiles for customers, identifying and collating only the most relevant risk data in order to minimise false positive alerts, save time and money, and help facilitate strong decision-making.
Canada is a prosperous, developed nation with one of the largest economies in the world. An influential trading hub, Canada attracts a huge range of global investment interests to a marketplace worth around $2 trillion. Unfortunately, Canada’s profile also makes it a target for money launderers: federal authorities estimate that up to $113 billion dollars are laundered in Canada each year, with significant amounts of illicit funds entering the country from foreign sources such as China and Russia.
With some experts characterising money laundering in Canada as a “crisis”, the Canadian government is taking steps to bolster its anti-money laundering (AML) regulatory response. To keep pace with an evolving regulatory landscape, it’s critical that firms understand Canada’s AML regulations, and how incoming changes might affect compliance needs.
Canada’s AML Regulator: FINTRAC
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) serves as Canada’s financial intelligence unit (FIU) and anti-money laundering and counter-financing of terrorism (CFT) supervisor. Established in 2000, and headquartered in the capital city of Ottawa, FINTRAC has a mandate to “facilitate the detection, prevention, and deterrence of money laundering and the financing of terrorist activities” in Canada. It achieves this objective by ensuring that firms comply with Canada’s AML/CFT regulations and by generating financial intelligence for law enforcement investigations.
FINTRAC’s duties and responsibilities also include:
Processing suspicious transaction reports from Canadian firms
Protecting the personal information of Canadian persons
Maintaining a registry of licensed money services businesses in Canada
Researching and analysing financial data to establish patterns in AML/CFT activities
Enhancing public understanding and awareness of AML/CFT risks
To detect and deter money laundering and terrorism financing activities in Canada, and facilitate the investigation of offences. As part of that objective, the PCMLTFA imposes record keeping and reporting obligations on firms in Canada.
To provide law enforcement agencies with the intelligence they need to investigate money laundering and terrorism financing offences.
To fulfil Canada’s commitments to the global fight against financial crime.
How to Comply with the PCMLTFA
The PCMLTFA requires firms to implement a risk-based compliance solution, which means that they must assess their customers to determine the level of risk they present, and then deploy proportionate AML measures. The key components of a PCMLTFA compliance solution include:
Customer due diligence: Firms must establish the identities of their customers by performing customer due diligence (CDD), and collecting identifying information including names, addresses, dates of birth, company incorporation details, and so on. Higher risk customers should be subject to enhanced due diligence (EDD) checks.
Beneficial ownership: Firms must also establish the ultimate beneficial ownership (UBO) of customer entities that they do business with, in order to prevent money launderers concealing their identities with shell companies or corporate infrastructure.
Suspicious transaction screening: Firms should screen customer transactions for AML risk, which may include transactions involving high risk jurisdictions and counterparties.
Sanctions and watchlist screening: Firms should establish whether customers are designated on Canada’s sanctions lists (or other international sanctions lists), or are politically exposed persons (PEPs).
Adverse media screening in Canada: Since news media stories often reveal true AML risk before that information is confirmed by official sources, firms in Canada should also implement an adverse media screening solution.
Your adverse media (or negative news) screening solution should be capable of capturing data from Canadian news sources, and sources from around the world, and cover websites, blogs, forum entries, and social media posts. The solution should also integrate multi-language search functionality in order to account for regional variations in spelling, use of non-Western characters, similar sounding names, nicknames, and aliases.
Recent AML Initiatives in Canada
Canadian authorities are increasing regulatory focus on money laundering, and in particular the risks posed by virtual assets and sanctions evasion. The 2023 Federal Budget included proposals for amendments to the PCMLTFA which will broadly strengthen the country’s AML regime. The proposed changes include:
Increased powers for law enforcement to freeze virtual assets with suspected criminal links.
Enhanced information sharing between FINTRAC and the Canada Revenue Agency (CRA).
A new criminal offence relating to the structuring of transactions in order to avoid AML reporting, and the criminalisation of unregistered money services businesses.
Enhanced registration requirements for currency dealers (and other money services businesses), including criminal record checks.
New whistleblowing protections for employees disclosing information to FINTRAC.
New sanctions reporting requirements for businesses in the financial sector.
Russia sanctions: Canada has joined the US, UK, EU, and other Western countries in imposing economic sanctions on Russia in response to the invasion of Ukraine in February 2022. Canada’s Russia sanctions are set out in the Special Economic Measures (Russia) Regulations. In May 2023, the Canadian government issued a fresh round of sanctions against Russia, targeting 17 individuals and 18 entities linked to Vladimir Putin’s regime. With the conflict in Ukraine ongoing, Canada’s Russia sanctions are fluid and the government is likely to impose further sanctions in the future.
As the Canadian government strengthens its AML/CFT regime, compliance obligations will continue to change for firms across the country. To meet new regulatory requirements, firms will need to implement AML/CFT solutions capable of not only collecting and analysing large volumes of financial data, but adapting quickly as new risks emerge.
Ripjar’s Labyrinth Screening solution gives firms the power to achieve regulatory compliance in Canada’s changing AML environment. Labyrinth Screening is capable of multi-language searches of thousands of sanctions lists, watchlists, and adverse media sources, and delivers actionable financial intelligence in seconds. Powered by next-generation machine learning technology, Labyrinth enables compliance teams to extract the most relevant risk data from search results in order to build in-depth customer risk profiles, minimise false positives and facilitate stronger, faster decision making.
Norway is a highly developed Scandinavian country and, supported by abundant natural resources, one of the wealthiest economies in the world. Norway’s prosperity also makes it a target for financial criminals, who seek to exploit its financial system to commit crimes such as fraud, money laundering, and terrorism financing. Recent financial scandals have drawn attention to Norway’s anti-money laundering (AML) and counter-financing of terrorism (CFT) regulatory requirements. In 2020, for example, DNB ASA, Norway’s largest financial services group, was fined a record-breaking NOK 400 million (around $48.1 million) for systematic AML compliance violations.
Norway’s increased focus on combatting financial crime means that businesses operating in the country must be familiar with its AML/CFT landscape, including how to work with its financial authorities, and how to implement a suitable regulatory compliance programme.
Norway’s AML Regulator: Finanstilsynet
Norway’s primary AML regulator is the Financial Supervisory Authority of Norway (FSA), also known as Finanstilsynet. Established in 1986 as a merger of the Norwegian Insurance Council, the Bank Inspection Agency, and the Broker Control Agency, Finanstilsynet functions to “promote financial stability and well-functioning markets” in Norway, by ensuring that “supervised institutions comply with the anti-money laundering legislation”.
In that capacity, Finanstilsynet supervises Norway’s banks and financial institutions, including insurance and credit companies, pension funds, accountants, and real estate agencies. Its duties include developing and implementing financial legislation in conjunction with the Norwegian government, implementing risk-based AML/CFT in Norway’s financial institutions, and conducting on-site compliance inspections. Financial institutions that wish to operate in Norway must demonstrate that they meet a set of competency criteria and then obtain a licence from Finanstilsynet.
As a signatory to the EU’s Memorandum of Understanding on Cooperation, Finanstilsynet also works with other national supervisory authorities across the European Economic Area (EEA), and with other regulatory bodies across the world, in the global fight against money laundering.
Norway AML Regulations
Norway’s main AML/CFT law is the Act Relating to Measures to Combat Money Laundering and Terrorist Financing, also known as the Anti-Money Laundering Act. Passed in 2018, the Anti-Money Laundering Act imposes risk-based record-keeping and reporting regulations on financial institutions in Norway, including the need to apply customer due diligence (CDD) and ultimate beneficial ownership (UBO) checks to new customers, and to perform ongoing monitoring of customer financial activity in order to identify suspicious behaviour.
As part of the EEA, Norway implements the EU’s anti-money laundering directives (AMLD) in its domestic AML/CFT legislation. Accordingly, Norway has updated the Anti-Money Laundering Act with the relevant regulatory detail, including measures set out in the latest AMLD, the Sixth Anti-Money Laundering Act (6AMLD), which came into effect on 3 June 2021.
Recent AML initiatives: Norway is likely to implement the EU’s landmark Markets in Crypto Assets (MiCA) regulation, which will manage the emerging risks posed by unbacked crypto-assets and stablecoins. Norway will also implement the Transfer of Funds Regulation (TFR), extending AML/CFT regulations to virtual asset service providers. Both regulations are set to come into effect in 2024.
How to Comply with AML Regulations in Norway
Following Financial Action Task Force (FATF) guidance, and AMLD requirements, Norway imposes risk-based AML/CFT regulations on its financial institutions. This means that they must conduct risk assessments in order to establish customer risk profiles, and then deploy a proportionate compliance response, depending on the level of risk. With that in mind, Norway AML compliance solutions should include:
Customer due diligence: In order to build accurate risk profiles, firms in Norway must establish the identities of their customers by applying effective customer due diligence. In addition to collecting names, addresses, birthdates, and other identifying information, firms should seek to establish the ultimate beneficial ownership of corporate customers.
Transaction screening: Firms should screen customer transactions for signs of money laundering, including transactions with high risk counterparties or transactions that involve high risk jurisdictions.
Sanctions and watchlists: Sanctions targets and politically exposed persons (PEPs) represent a high level of AML risk. Accordingly, firms in Norway must screen their customers against the relevant sanctions and watchlists during onboarding and throughout the relationship.
Adverse media: News stories and other forms of media are particularly effective at revealing criminal risk. Stories about sanctions designations, criminal investigations, or professional connections, for example, may be broken online, by news organisations or other entities long before they are confirmed by government or law enforcement sources. Accordingly, adverse media represents a valuable AML resource, and one of the most effective ways to inform risk-based compliance decisions about individual customers.
In practice, firms should screen their customers against adverse media sources on an ongoing basis. Adverse media screening should have a global scope, and take in as broad a range of sources as possible, including established news outlets, websites, blogs, forums, and social media posts. Effective adverse media screening requires firms to integrate software with multi-language search capabilities that is capable of searching in real time in order to deliver the most recent risk data.
Next Generation Screening Technology
Norway’s AML regulations are evolving to match the demands of the global risk landscape. To stay ahead of your compliance obligations in Norway and beyond, it’s critical that you implement a screening solution capable of capturing a vast amount of risk data, while minimising false positive alerts.
Ripjar’s Labyrinth Screening platform has been designed to meet AML compliance challenges in jurisdictions around the world, and ensure your firm stays ahead of both regulatory changes and criminal threats. Powered by next generation machine learning technology, Labyrinth enables real-time searches of thousands of global media sources, including news articles, and sanctions and watchlists, in over 20 languages. Labyrinth focuses on extracting the most relevant risk data, helping you build accurate, effective risk profiles in seconds and identify new risks as soon as they emerge.
