On 13 June 2024, in coordination with other G7 countries, the UK announced a round of new sanctions on Russia, strengthening the economic measures already in place to degrade Vladmir Putin’s war machine in Ukraine. Announced during the G7 Leaders Summit in Italy, these latest sanctions will have far-reaching global effects, which means businesses in the UK and beyond must understand how to achieve compliance, or face costly penalties.
UK Russia Sanctions in 2024
The UK issued a previous round of sanctions against Russia in February 2024, targeting supplies of munitions and military end-use tools, and persons involved in the financing of Putin’s war effort. At the time, the UK also announced that it would be increasing its focus on Russia’s attempts to avoid sanctions, not least by cracking down on corporate compliance, and by addressing the illicit trading of oil via a ‘shadow fleet’ of ships.
The UK’s position on Russia sanctions reflects that of its international partners, and in particular members of the G7 who have also signalled an increased focus on Russia’s attempts to circumvent the economic measures against it.
New Sanctions Targets
The UK has issued 50 new sanctions designations against Russia. Notable amongst the new targets is the ‘shadow fleet’ of ships which the Russian government uses to trade oil in violation of existing sanctions. The oil trade is critical to financing the Ukraine invasion and generated 31% of Russia’s total federal revenues in 2023.
The new UK sanctions also target munitions, machine tools, microelectronics suppliers, and companies providing logistics to the Russian military. That group of targets includes foreign companies based in China, Turkey, Kyrgyzstan, and Israel, and ships supplying military end-use goods to Russia from North Korea.
In conjunction with new US sanctions, the UK sanctions have also increased pressure on Russia’s financial system and, in particular, the Moscow Stock Exchange, with new restrictions for individuals and entities involved in Russian stock trading.
UK Prime Minister Rishi Sunak stressed that the renewed economic pressure would “bear down on Russia’s ability to fund its war machine” and cut off Putin’s ability to prolong the Ukraine conflict. Echoing that sentiment, Foreign Secretary David Cameron said that the UK would continue to work with its International partners to increase that pressure, and would “stand by Ukraine in this fight.”
The UK Government has listed the targets of its new Russia sanctions, which include:
4 ships in Russia’s ‘shadow fleet’
2 ships found to have transported weapons to Russia
1 ship manager
6 entities in the Russian liquefied natural gas (LNG) sector
1 Russian insurance company
2 entities with connections to Russia’s civil nuclear sector
4 entities and 1 individual with connections to the Russian financial system
21 suppliers of goods for Russian military end-use
6 individuals or entities with connections to the Russian state that have benefited from the invasion
2 designation from the UK’s Central African Republic sanctions lists with connections to the Wagner Group
The Future of UK Sanctions on Russia
To date, the UK Government has sanctioned over 2,000 individuals and entities, with restrictions applied to over 90% of the Russian banking sector, and over 130 close associates of Vladmir Putin – with a combined net worth of around £147 billion.
The UK’s latest sanctions, along with those issued by the G7, suggest that the pressure on Russia will continue for the foreseeable future, with a more complex focus on the Russian government’s attempts to circumvent the measures against it, and on efforts to fund its campaign in Ukraine. To that end, the UK recently published the UK Sanctions Strategy, which set out the UK Government’s sanctions position on Russia, and detailed wider diplomatic efforts to address Vladmir Putin’s evasion strategies.
As the UK’s sanctions against Russia evolve and expand, it’s vital that UK firms put adequate sanctions screening measures in place to meet their compliance obligations. Ripjar’s Labyrinth Screening platform is designed to help compliance teams keep pace with new sanctions by providing continuous monitoring and real-time name search capabilities of international sanctions lists, and of thousands of adverse media sources from across the world. Labyrinth Screening includes the cutting-edge AI Risk Profiles and AI Summaries features, which enable compliance teams to identify and extract only the most relevant risk information from vast amounts of unstructured data, and then use advanced generative AI to create a concise summary of that risk, and significantly reduce assessment times.
On 24 April 2024, President Biden signed bill H.R. 815 into law, a legislative package that also includes the 21st Century Peace Through Strength Act. Although H.R. 815 is largely recognised as a $95.3 billion foreign aid package, with financial assistance for Ukraine, Israel, and Taiwan, the Peace Through Strength Act contains significant sanctions provisions, including measures for combatting the US’ fentanyl epidemic, and an extension to the legal statute of limitations for sanctions violations, which will significantly affect sanctions compliance.
The new sanctions regulations add to an already-complex risk landscape, and mean that firms in the US and beyond should review their screening approach. Let’s take a closer look at the contents of H.R. 815 and explore its implications for US sanctions compliance.
What Are The New Sanctions Regulations?
A product of a bipartisan legislative effort, H.R. 815 contains new sanctions laws aimed at a range of foreign threats. Its key sanctions measures include:
Strengthened sanctions against China for transactions involving the purchase of Iranian oil.
New sanctions against Iran targeting the country’s petroleum industry, and missile and drone development capabilities.
New sanctions targeting financial support for terror groups Hamas and Hezbollah.
A mandate for the US Treasury to introduce new sanctions against Mexican cartel members involved in the production and trafficking of fentanyl.
An extension of the US’ statute of limitations, doubling potential investigation time from 5 to 10 years.
10 Year Statute of Limitations
While obligated entities should carefully consider each of the new sanctions measures, the extension of the statute of limitations is likely to have the greatest impact on regulatory compliance.
The regulatory change comes at a time when US firms face a high sanctions compliance burden. The US government has expanded its Russia sanctions programme dramatically since the invasion of Ukraine in 2022, along with the introduction of new sanctions against China and Iran. At the same time, the Office of Foreign Assets Control (OFAC) has increased its focus on enforcement, imposing significant penalties for compliance failures as a way to ensure the effectiveness of new sanctions. That shift has delivered results: in 2023 OFAC issued a record $1.5 billion in sanctions fines.
Coming as a surprise to many industry observers, the new 10 year statute of limitations represents a considerable statutory change for US firms and their compliance teams. Under the previous regime, firms that discovered a sanctions violation on their books often conducted a 5 year retrospective review to uncover further violations and identify potential systemic problems. The new law doubles that burden while, at the same time, reducing pressure on regulators and increasing the opportunity to discover additional violations and impose larger fines.
US Sanctions Law Changes: Key Considerations
The change in the statute of limitations means that US firms and obligated entities should review their sanctions compliance programmes, focusing on a number of key considerations:
Risk adjustment: All firms now have an added 5 years of risk to factor into their approach to sanctions compliance. The change may require firms to adjust internal sanctions policy by, for example, maintaining records for at least 10 years.
Retroactive risk: As of June 2024, it was unclear whether OFAC and the US Department of Justice would retroactively apply the 10 years statute of limitations to violations that remain within the previous 5 year limit.
Russia focus: Given that the new statute of limitations was introduced to support the US’ Russia sanctions programme, it is likely that the US government will maintain a strong focus on the application and enforcement of Russia-related sanctions for the foreseeable future. Obviously this focus should not undermine firms’ treatment of other types of global sanctions risk.
Due diligence: Firms that have not been retaining sanctions compliance data for longer than 5 years should adjust their approach to customer due diligence (CDD) to account for the extended risk period. Business data from the past 5 years should be reviewed as a priority.
Global adjustment: The US’ position as a global sanctions leader suggests that other Western governments may now make similar changes to their own statute of limitations regulations.
Overcoming Sanctions Challenges
The US Justice Department recently hired 25 new prosecutors to support its investigations into Russia sanctions violations. The government’s emphasis on enforcement underlines the need for firms to tighten their sanctions compliance performance by putting the right customer due diligence and sanctions screening solutions in place.
Ripjar’s Labyrinth Screening platform helps firms meet the challenges of a constantly evolving risk landscape. Labyrinth gives compliance teams the ability to screen against thousands of risk data sources including global sanctions lists, in real time, across multiple languages. Now featuring the cutting-edge AI Risk Profiles and AI Summaries tools, Labyrinth Screening supercharges the screening process, harnessing the power of AI to extract only the most relevant customer data and build clear, concise summaries of each customer’s risk.
On 22 April 2024, the Financial Conduct Authority (FCA) published its AI Update, elaborating on its approach to the regulation of AI in UK financial markets, and on its intentions for the future. The 2024 Update follows the UK government’s publication of its “pro innovation” policy proposals for AI regulation, and its principles-based AI guidance for UK regulators. In its introduction to its 2024 paper, the FCA underlined the government’s regulatory objectives, emphasising the importance of balancing new technology implementation, innovation, and competitiveness with the ongoing safety of customers and the UK’s financial system.
As the AI regulatory landscape continues to evolve, firms in the UK and beyond must understand the compliance risks that they face, and how regulator expectations are changing. Stay on top of the latest FCA AI developments with these key takeaways from the 2024 Update.
FCA AI Regulation So Far
The AI Update included a summary of the FCA’s work on AI regulation to date, mentioning collaborations with other regulatory bodies, and the publication of the following documents in conjunction with the Bank of England:
The FCA’s work to date has focused on the benefits and risks of AI in relation to its objective to protect customers (and UK market integrity) from financial crime, and on how existing regulatory requirements apply to the use of AI technology in financial services. As the application of AI expands, the FCA intends to “monitor the potential macro effects” on specific areas of financial concern, including cybersecurity and data security.
In setting out its current approach to regulating AI in the UK financial markets, the FCA emphasised the importance of “safe and responsible use” as a foundation for beneficial innovation. According to the Update, that approach has delivered benefits for UK consumers and businesses alike, including better products and services, more protection for consumers, and broader opportunities for start-ups.
The advance of technological capabilities has also helped firms better address financial crime risks. With that in mind, the FCA AI Update included the following key fincrime points.
Risk Mitigation
The FCA pointed out that it does not “mandate or prohibit” specific technologies, but works to “identify and mitigate risk” in its development and application of AI regulations. It aims to apply a principle of proportionality to discharging its functions, considering the impact of new restrictions against their expected benefits. The Update stated that many AI risks “are not necessarily unique to AI Itself” and so can be managed within existing UK regulatory frameworks. The FCA set out the guidance it considers most relevant to mitigating AI risk in the UK in its AI DP publication (see above).
AI as a Fincrime Tool
The 2024 Update sets out the FCA’s intention to become a “digital and data led regulator”. With that in mind, it is actively exploring the development and use of AI-supported tools with fincrime applications, including:
Synthetic data: The FCA has developed an in-house synthetic data tool for use-testing sanctions screening solutions – and which has “transformed” its ability to assess the effectiveness of firms’ internal sanctions screening systems. The FCA describes synthetic data as having the potential to support beneficial innovation and to “address important financial services public policy issues”, including fraud and financial crime. It has set up a Synthetic Data Expert Group to provide insights into the technology.
Machine learning: Advances in AI have facilitated more sophisticated machine learning systems, capable of positively identifying, reviewing, and managing financial criminal activity. The FCA has been actively using machine learning systems to fight scam websites, and has also been deploying the technology as part of advanced analytics strategies to detect other forms of market abuse. Going forward, the regulator wants to support the development of machine learning-enabled surveillance solutions for markets, trained on extensive FCA datasets, and tested on its Digital Sandbox platform.
Complex market abuse: The analytic possibilities of AI are helping the FCA “identify more complex types of market abuse”, including difficult-to-detect methodologies such as cross-market manipulation. In addition to AI-supported detection systems picking up instances of market abuse more accurately, the FCA believes that the development and integration of anomaly detection could fundamentally transform the way the regulator carries out its surveillance.
The Next 12 Months
The FCA intends to maintain its focus on proportionality over the next 12 months, balancing risk with beneficial innovation in the application of new and existing regulations. For that strategy to be successful, the FCA states that it needs to work from a “strong empirical basis”, developing a greater understanding of “how AI is being deployed in UK financial markets” so that it can promote innovation and respond quickly to specific emerging risks. The FCA emphasised the importance of collaboration with regulated firms in achieving that objective, and in creating “consensus on best practice and potential future regulatory work”.
With such a strong emphasis on fincrime, it’s clear that the FCA is actively exploring the impact of AI in compliance contexts – not least screening and monitoring. That being the case, it’s more important than ever for firms to understand the potential of AI-supported compliance and how the technology can be deployed effectively as part of internal screening solutions.
Harness AI Safely with Labyrinth Screening
Ripjar’s Labyrinth Screening platform is designed to help translate AI potential into meaningful compliance results quickly and easily. Built on next-generation machine learning technology, Labyrinth is capable of screening thousands of global data sources in seconds, including sanctions lists, watchlists, PEP lists, and adverse media.
Labyrinth is enhanced by cutting-edge AI innovation, including AI Risk Profiles which extract and review only the most relevant customer risk data, and AI Summaries, which harness the power of generative AI (GenAI) to build-out clear, concise summaries of that data, and dramatically reduce risk assessment times. New Compliance Copilot takes this further by using GenAI to support analysts with handling alerts and assessments, providing fast, unbiased decisions and recommendations.
On 10 January 2024, the UK government amended its money laundering regulations to change the treatment of certain politically exposed persons (PEP). The changes come amidst a wider Financial Conduct Authority (FCA) review of PEP regulations: the review was initiated following a series of incidents in which domestic politicians and public figures were denied banking services, purportedly as a result of the anti-money laundering (AML) risk that they posed.
We examined the UK’s PEP screening controversy in our previous blog. In this update blog, we’re going to look at the reasons behind the regulatory amendment, how UK domestic PEP screening now differs from non-domestic PEP screening, and how the wider PEP review may change the landscape further.
What Has Changed in UK PEP Screening?
Under the UK’s risk-based AML regulations, banks must apply enhanced customer due diligence measures (EDD) to PEPs, and their relatives and close associates (RCA), because of the potential money laundering risk that they pose. Following amendments to the Money Laundering Act, UK PEP screening requirements now differ in their treatment of domestic and non-domestic PEPs.
UK banks must now treat domestic PEPs as “inherently lower risk than non-domestic PEPs” as a “starting point”, and “apply a lower level of enhanced due diligence to domestic PEPs”. The government suggested that the change will mean that domestic PEPs (and RCAs) will now not have to deal with the “potentially disproportionate” demands of PEP screening, unless “other risk factors” mandate further scrutiny.
Why Have the Rules Changed?
In 2023, a number of UK politicians and their family members reported that they had been unfairly denied banking services, or had their accounts closed, as a result of their PEP status. In some cases, the PEPs complained that the action had been taken as a way to penalise their political affiliation: for example, Nigel Farge claimed that Coutts bank (part of the NatWest group) closed his account because of his position as founder of Reform UK. Farage subsequently received an apology from the bank.
The UK government responded to the PEP controversies by passing the Financial Services and Markets Act 2023, which committed the FCA to a review of the treatment of domestic PEPs in the UK. When announcing the amendment in January 2024, the government referenced the “legitimate concerns” of UK PEPs that had “encountered problems accessing financial services due to their status”, and said that the amendments would ensure that firms take “a proportionate and risk-based approach to the treatment of domestic PEPs”.
UK PEP Screening Challenges
The Financial Action Task Force (FATF) defines domestic PEPs as persons that have been entrusted with their functions “domestically”, while “non-domestic” covers “foreign PEPs”, “international organisation PEPs”, and their RCAs (as defined by the FATF).
The UK government does not go into great detail about the differences in screening domestic and non-domestic PEPs. The press release guidance emphasises that a “lower level” of due diligence is now required for domestic PEPs, but doesn’t define that level. The press release is also vague about what constitutes a higher level of due diligence, suggesting only that it “often takes the form of potentially disproportionate or overly frequent requests for information about personal financial matters”. Similarly, the government doesn’t define the “other risk factors” that might entail a higher level of enhanced due diligence for domestic PEPs.
Some observers have pointed to a lack of rationale behind the government’s decision to treat domestic PEPs differently. There is no inherent reason, for example, why a domestic PEP may pose a lower AML risk than a non-domestic PEP, especially since domestic PEPs are themselves always “non-domestic” to foreign jurisdictions.
With those points in mind, the government may issue further guidance on the treatment of domestic PEPs as the FCA review continues.
PEP Screening in the UK: Next Steps
The FCA’s review of UK PEP regulations is scheduled to be complete by the end of June 2024. The review is focusing on whether financial institutions are following its PEP guidance, and on whether that guidance remains appropriate.
Given the change in PEP screening rules, and the ambiguities in the guidance (outlined above) it’s crucial that UK banks and financial institutions build flexibility into their PEP screening solutions. Powered by cutting-edge AI technology, Ripjar’s Labyrinth Screening platform offers exactly that kind of flexibility, with the potential for compliance teams to tailor customer name searches to their risk environment, and generate actionable AML data in seconds from thousands of global sources – including PEP lists, sanctions lists, and adverse media stories.
Labyrinth Screening is built to supercharge customer name searches, making PEP screening faster and easier. For greater customer screening speed and efficiency, Labyrinth’s AI Risk Profiles feature enables compliance teams to build detailed profiles of each target entity, extracting only the most relevant risk information from vast amounts of unstructured data. Similarly, the recently-launched AI Summaries expansion uses generative AI (GenAI) to deliver a clear, concise summary of adverse media risk information, reducing risk assessment time by up to 90%.
Adverse media screening is critical to the global fight against financial crime but in an ever-changing risk landscape, firms should always be prepared for new challenges. With that goal in mind, in 2023, Ripjar conducted research into the adverse media challenges faced by global anti-financial crime professionals, in order to derive statistical data about their concerns and expectations for the future.
News media and other online media sources such as blogs, forums, and social media posts, are particularly useful for anti-money laundering (AML) and counter-financing of terrorism (CFT) strategies because they typically reveal customers’ true risk levels before that information is confirmed by official sources. However, the adverse media landscape is constantly changing, with the pace of breaking news stories forcing firms to adjust their compliance posture quickly to manage new risks.
The scope of risk-based AML/CFT regulations means that firms must carefully consider how to implement their adverse media screening solutions, including which technology tools they should integrate, and how their strategies need to change in the short and long term. Ripjar’s State of Adverse Media Screening 2023-2024 report examines that landscape, exploring the contemporary screening challenges that firms face, and how new technology is changing compliance processes.
The report comprised a survey of 205 compliance professionals from different industries and across the EMEA region. In this article, we take a closer look at key insights from the survey, and how automated screening solutions can help firms address these challenges in 2024.
2024’s Key Adverse Media Screening Challenges
Our survey identified the following key challenges faced by respondents looking to implement adverse media screening solutions in 2024:
Resource and Budget Constraints
Effective adverse media screening requires firms to address compliance risk by allocating sufficient budget, resources, and employee focus to the relevant tasks. However, balancing screening costs with AML/CFT compliance obligations can be challenging: manual screening, for example, using internet search engines (such as Google or Bing) to check customer names, may be the cheapest approach but is typically time-consuming, inconsistent, and prone to costly human error. With almost 50% of firms believing that the challenge of keeping in step with regulatory change will increase, automated screening solutions represent a time and cost efficient alternative to outdated manual processes. However, automated tools are not necessarily a one-size-fits-all solution and must be integrated within a wider compliance infrastructure and calibrated to meet individual risk appetites.
False Positives
While adverse media screening should help firms identify risk as comprehensively as possible, the process can generate a high volume of false positive alerts as a result of similar sounding names, ambiguities in search parameters, or linguistic factors (such as non-Western naming conventions). False positive alerts can be costly since they must be remediated in order to address potential risk – a process which takes time and resources, and slows down the wider compliance function. Given that 40% of firms believe that the problem of dealing with false positive alerts will increase in 2024, compliance teams should seek to integrate technology solutions to help reduce that burden – including AI tools capable of making sense of unstructured data, and even using secondary identifiers to help resolve customer identities.
Technology and Data Integration
Adverse media screening is only as good as the technology that supports it. In practice, this means that firms must understand how tech innovations in screening will fit and function within their wider compliance infrastructure in order to meet their AML/CFT compliance obligations. Similarly, compliance employees must ensure that the data they feed into screening solutions is of sufficient quality to generate meaningful financial intelligence, and to enable effective risk decision making.
Regulatory Change
AML/CFT screening solutions are shaped by regulation. However, the global regulatory landscape is in a state of constant change as governments work to keep pace with evolving technology and criminal methodologies. This means that firms must maintain a perspective on incoming regulations, and consider how they will need to adjust their screening solutions to meet new compliance standards. In our survey, 47% of firms believed that the challenge of keeping up with incoming regulations would increase in the future.
Adverse media screening is currently an obligation in a number of jurisdictions – for example, it is included in the EU’s 6th Anti-Money Laundering Directives (6AMLD). Since adverse media screening typically involves the use of customers’ personal data, firms must also be aware of local privacy regulations, such as the EU’s GDPR.
How Will Screening Challenges Change?
In addition to revealing their key adverse media screening challenges, our survey asked firms which adverse media challenges would be most likely to increase in the future. Our respondents identified 3 top challenges:
Keeping up with new regulations: 47%
Managing the complexity of new technology solutions: 41%
Receiving too many irrelevant alerts (false positives) 40%
The challenges identified emphasise the need for firms to maintain perspective on the regulatory and screening technology horizons, reviewing their compliance infrastructure regularly in order to identify potential weak points, or opportunities to strengthen.
Current Screening Strategies Being Used in 2024
The challenges outlined in the 2023-2024 report offer the following insight into the screening strategies that firms currently use to meet their compliance obligations – along with attitudes and expectations about the impact of screening technologies.
Reliance on Manual Screening
While automated screening solutions are available and accessible in 2024, a surprising 84% of firms remain reliant on manual screening processes. As noted above, the slow speed and unreliability of manual searches makes them unsuitable for fighting modern financial criminal threats, and firms using them exclusively may be exposing themselves to unacceptable levels of risk. Similarly, as competitors integrate new screening innovations, firms that rely on manual screening may see customers drop off in favour of more efficient alternatives.
Tech Integration
Given that 90% of firms want to increase their use of screening automation, it’s likely that there will be integration challenges in the coming years. 39% of surveyed firms identified the integration of new screening technology into existing infrastructure as their biggest challenge – which means that compliance teams will need to carefully consider how a given innovation adds value to their organisation. Similarly, firms will need to think about whether new technologies match their budgetary needs and risk appetite, and whether they should be run internally, or by a third party service provider.
Evolving Capabilities
While automated compliance solutions offer enhanced accuracy, efficiency and speed, recent innovations, in particular artificial intelligence and machine learning tools are revolutionising the adverse media screening landscape. Large language models (LLM) and generative AI (GenAI) appear to hold particular promise, with the potential to screen vast amounts of data in seconds and extract the most relevant information. It can be overwhelming to consider how the potential application of AI will impact screening processes since both its regulatory implications and screening capabilities have not been fully tested.
For example, in our survey, 70% of firms were confident that LLMs will be able to identify high-risk individuals. That statistic clashes with many current experiences of LLMs, many of which generate incorrect outputs, or even fabricate responses to certain prompts. What’s clear is that GenAI used in a screening setting must be developed specifically for the task and thoroughly tested to ensure accuracy of output – not all LLM technology will be appropriate for screening use without significant constraints being put in place.
Regardless of industry attitudes, the clear regulatory potential of AI technology, and the current pace of advances, means that industry focus on integration of screening functions will increase in the short to medium term.
How Automation Will Change Adverse Media Screening in 2024
Despite the challenges currently facing tech integration in adverse media screening functions, there are plenty of ways in which automation can have a qualitative impact, and enhance the compliance process. Key areas in which automation is likely to have an impact on adverse media screening in 2024 include:
Skills Shortages
The compliance function can place a significant amount of pressure on employees, in particular in the finance sector, where regulations often carry strict penalties. The ‘Great Resignation’ has seen skilled employees leave finance roles in positions around the world, with firms struggling to make up the shortfall. Automated screening tools can directly address that challenge by bringing speed, accuracy, and efficiency to the process, reducing the potential for human error, and freeing up compliance employees from tedious manual work, such as data entry, for more valuable assignments.
Data Analysis
AI technologies such as LLMs are effective at interpreting unstructured media data in multiple languages, which is essential in adverse media screening. However, they are not suited to identity-matching and other key screening requirements. With the right mix of AI and machine learning techniques, firms can sort through this risk-related data in seconds, summarising and formatting the information in order to enable stronger, faster decision-making.
Risk Profiles
With the benefit of machine learning and natural language processing technology, AI screening tools can be tasked with extracting the most relevant data about subject entities, and then using that data to build unique risk profiles for each customer. Enriched with specific depth and detail, customer data not only helps to identify true risk, but reduces the potential for false positives by helping to distinguish customers with similar or exact-matched names. In the same way, AI tools can help firms account for multilingual screening challenges, including non-Western naming conventions and characters, or the use of nicknames or aliases.
Labyrinth Adverse Media Screening
Ripjar’s Labyrinth Screening platform is a powerful adverse media screening solution built on next generation machine learning technology. Capable of searching thousands of global adverse media sources across multiple languages, including news stories, blog and social media posts, sanctions lists, and watchlists, Labyrinth Screening generates actionable financial intelligence in seconds, helping compliance employees make faster, stronger decisions about customer risk.
Labyrinth also incorporates AI Risk Profile technology, extracting the most relevant risk data about subject entities in order to resolve ambiguities and reduce false positive alerts. Our AI Risk Profiles solution uses intuitive AI to remove noise from customer name searches. The technology addresses the challenge of common and high profile name matches, and of duplicated story subjects, while adding secondary identifiers to each profile so that compliance employees have the information they need to assess risk at their fingertips.
AI Summaries is a new feature available within AI Risk Profiles that uses GenAI to add a clear, concise summary of adverse media risk to each customer profile, resulting in a 90% reduction in customer assessment time.
On 18 January 2024, the EU Parliament and EU Council reached a landmark agreement on the ‘single AML rulebook’, a regulatory proposal intended to strengthen and harmonise anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations across EU member states. Fintech experts commented positively on the announcement, emphasising the importance of effective cross-border AML/CFT measures in addressing the global reach of financial criminals. That criminal threat remains significant, with authorities detecting up to €210 billion in suspicious transactions and activities in the EU alone every year.
The 2024 agreement on the single AML rulebook is part of a wider EU AML/CFT package, which includes an update to the Sixth Anti-Money Laundering Directive (6AMLD) and new compliance rules for businesses. With EU administrators now resolving the final details, organisations across the EU should ensure that they understand the new rules, and their new 6AMLD compliance obligations and, if necessary, prepare to adjust their AML/CFT solutions.
To help your business stay ahead of compliance risk, read our update on the EU’s single AML rulebook – and its key regulatory impacts.
What is the Single AML Rulebook?
The single AML rulebook was originally proposed in a European Commission (EC) action plan in 2020, and has gone through several stages of development. The January 2024 agreement signalled political consensus for the regulatory provisions that the rulebook will introduce, supporting the EU’s ultimate goal of harmonising its AML/CFT environment for its 27 members. These provisions include new and expanded AML/CFT rules, and reforms to existing rules that address weaknesses and loopholes.
Supporting the Updated 6AMLD
The single AML rulebook codifies rules and obligations included in the updated 6AMLD, which places a strong focus on boosting powers to detect and address money laundering methodologies. As part of the update, 6AMLD now guarantees access to national beneficial ownership registries for parties with ‘legitimate interest’ – such as journalists and academics. Similarly, the updated 6AMLD will give financial intelligence units (FIUs) expanded powers to suspend suspicious transactions.
The Single AML Rulebook: Key Highlights
The key regulatory provisions of the single AML rulebook include:
Expanded AML Rules
The single rulebook expands AML/CFT rules to apply to a wider range of organisations, including professional football clubs, football agents, traders in cultural goods (such as artwork), luxury car dealers, yacht dealers, and private jet dealers. Under the expanded rules, these entities will need to perform customer due diligence (CDD) on customers and clients, monitor their transactions for suspicious activity, and report such activity to the relevant authorities.
Crypto AML
The rulebook also expands the scope of EU AML/CFT rules to apply to crypto asset service providers (CASP) and virtual asset service providers (VASP). The rules must be applied to customers that engage in transactions involving €1,000 or more.
Very Wealthy Customers
The updated AML rules include an obligation for financial institutions to conduct enhanced due diligence (EDD) on “very wealthy (high net-worth) individuals”, when the business relationship involves “the handling of a large amount of assets”.
Cash Payment Rules
The rulebook sets a limit of €10,000 for cash payments. As an added rule, firms will need to apply CDD measures to verify the identities of persons that carry out occasional transactions between €3,000 and €10,000.
Beneficial Ownership Rules
The rulebook sets the EU threshold for establishing beneficial ownership. Under the rules, a person may be considered a beneficial owner if they own 25% or more of an entity. The 2024 agreement emphasises that the beneficial ownership assessment process must take into account both “ownership and control”, and clarifies certain rules to prevent persons from hiding their status “behind multiple layers of ownership”.
A proposal to lower the beneficial ownership threshold to 15% was not implemented in the single AML rulebook.
Implementation Timeline: What Next?
While the 2024 agreement was an important step forward in achieving the EU’s vision of consistent, region-wide application of AML rules and sanctions, the updated 6AMLD’s rules, and the corresponding single AML rulebook, will not be implemented immediately. The text of the rulebook agreement must now be reviewed by member-state representatives, before it is formally adopted by the EU Council and EU Parliament.
Given the current rate of progress (notwithstanding unexpected delays), businesses may expect the 2024 agreement to be formally adopted by late 2025, with rules coming into effect in early 2026. Some of the new rules have clearer implementation schedules: the expansion of AML rules to professional football clubs, for example, are slated to come into effect in 2029.
Prepare Your Business for Regulatory Change
The EU’s primary objective with the single AML rulebook has always been to increase regulatory harmony, facilitating a stronger and more efficient collective response to global financial crime. However, regulatory disparity across jurisdictions means that many firms will be exposed to new compliance risks, and will need to review their existing AML procedures to meet 6AMLD standards.
Keeping up with EU AML standards can be daunting, especially in periods of regulatory change when firms must quickly adjust to new data collection obligations in order to establish risk accurately. Ripjar developed Labyrinth Screening to meet that challenge: an automated, AI-powered screening solution, Labyrinth Screening enables firms to customise their screening process to their risk environment, performing customer name searches in seconds, in 25+ languages, across thousands of global news sources, sanctions lists, and watchlists.
AI-Powered AML Name Screening
Labyrinth Screening keeps the AML compliance process fast and simple. Integrating Ripjar’s cutting-edge AI Risk Profiles feature, Labyrinth is capable of identifying and extracting the most relevant risk information from vast amounts of data, in order to build easy-to-read customer profiles, reduce time-consuming duplications and false positive alerts, and enable strong, speedy compliance decision-making that saves customers and compliance teams time.
The recently-launched AI Summaries extension, has made Labyrinth Screening even more effective. Adding a concise narrative overview to each customer risk profile, AI Summaries supercharges individual name searches – with up to a 90% reduction in risk assessment time for both new and existing customers. Combined with AI Risk Profiles, AI Summaries ensures that companies in the EU and beyond stay ready for regulatory change, and are able to react to unexpected compliance challenges in an evolving risk landscape.
Italy is a wealthy Mediterranean nation with one of the largest economies in Europe and a historically-strong manufacturing industry. A busy trade hub, Italy’s international businesses export products, including cars, furniture, food, clothing, and luxury goods, around the world.
While Italy’s economic development created prosperity, it has also attracted criminals who exploit the country’s financial system to launder money and commit other crimes. That criminal threat is ongoing: in a 2023 Europol investigation, Italian authorities discovered criminal gangs perpetrating trade-based money laundering across Europe, with around €18.5 million traced back to Italy alone. Later, Italian authorities uncovered a money laundering network between Italy and China, with prosecutors seizing €292 million in illegal funds.
Italy’s government has responded to the money laundering threat by implementing strict anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations, in keeping with its EU and global obligations. With money laundering still a serious threat, it’s important that firms understand Italy’s AML regulations, and how to achieve compliance.
Italy’s AML Regulator: The Bank of Italy
The Bank of Italy is Italy’s primary AML regulator and provides supervision for all banks and financial institutions in the country, including asset management companies, intermediaries, and trusts. Headquartered in Rome, the bank functions to “ensure the monetary stability and financial stability” of the Italian economy, and has the following duties and responsibilities:
Preparing and developing AML/CFT regulations in coordination with the Italian parliament and government.
Developing methods to assess and analyse AML/CFT compliance in supervised banks and financial institutions.
Implementing penalties and sanctions on entities found to be violating AML/CFT compliance rules.
Conducting periodic analysis of AML/CFT risks across the financial sector.
Publishing and disseminating documentation pertaining to AML/CFT regulation.
Participating in international AML/CFT efforts with foreign regulatory counterparts, including strengthening cross-border AML/CFT supervision.
There are other regulatory bodies that are tasked with supervising Italy’s financial institutions. These are:
Italy is also a member of the Financial Action Task Force (FATF), the intergovernmental organisation that sets global AML policy. The FATF issues AML recommendations that must be implemented as part of domestic law.
Italy’s Key AML Regulations
Italy’s main AML regulation is Legislative Decree No.231 2007, which sets out the definition of the crime of money laundering in Italy, and the need for cooperation between financial institutions and authorities in ensuring compliance. The Decree requires firms in Italy to take a risk-based approach to AML/CFT compliance (as prescribed by the FATF), which means that they must assess the criminal risk that their customers pose, and then implement a proportionate compliance response.
Anti-Money Laundering Directives: As a member of the EU, Italy must implement the EU Parliament’s Anti-Money Laundering Directives (AMLD) in domestic law. Accordingly, Italy periodically updates Legislative Decree No.231/2007 in order to meet the EU’s new AML standards. The latest EU AMLD was the Sixth Anti Money Laundering Directive (6AMLD) which came into effect on 3 June 2021.
How to Comply with Italy’s AML Regulations
In order to meet the requirements of risk-based AML regulations, firms in Italy must implement the following measures and controls:
Customer due diligence: Firms should seek to establish and verify the identities of their customers in order to perform accurate risk assessments. The customer due diligence (CDD) process may involve the submission of names, addresses, and other information, including biometric identifiers.
Beneficial ownership checks: Firms in Italy should also carry out beneficial ownership checks on customer entities in order to prevent criminals hiding their identities with shell companies or behind corporate infrastructure.
Transaction screening: Firms must be able to screen their customers’ transactions for money laundering risk indicators such as unusual transaction patterns, or transactions with high risk counter-parties.
In a risk-based compliance system, it is vital that firms capture and understand the level of risk that individual customers present. One of the most effective ways of doing this is to screen for adverse media that involves their customers, since news stories often contain valuable information about AML risk before it is confirmed by official sources such as government or police departments.
Adverse media screening (or negative news screening) requires searches of domestic Italian and global news stories in multiple languages. Searches should cover screen and print media, along with new media formats, such as blogs, social media posts, and forums. The screening process can be complex, and must account for factors such as language differences, content duplication, platform credibility, linguistic idiosyncrasies, nicknames, and aliases.
Recent AML Initiatives in Italy
The Bank of Italy has a dedicated ‘Notices and communications’ page on which it publishes the latest news, events, and developments pertaining to AML regulation in Italy. In April 2023, the Bank of Italy held its “New AML scenarios” workshop, in which it facilitated a discussion with trade representatives on “the main challenges that developments in policies, risks, and anti-money laundering supervision pose to the Authorities and intermediaries”.
Strategic Plan: The Bank of Italy also recently released its Strategic Plan 2023-2025. The Plan included several significant AML provisions, including the establishment of a new Anti-Money Laundering Supervision and Regulatory Unit (SNA), and a commitment to reorganise and strengthen Italy’s Financial Intelligence Unit (FIU).
AMLA: In March 2023, the EU revealed that it would be establishing a new European Anti-Money Laundering Authority (AMLA) to help enforce and standardise AML/CFT regulations across member states. In October 2023, the Italian government announced that it would be bidding to host the AMLA headquarters in Rome.
Next Generation AML Screening in Italy
Building an effective AML solution in Italy requires firms to not only collect and understand the risk data they collect, but to use it to act decisively. Screening processes, especially adverse media screening, often generate vast amounts of data, which can, in turn, create high volumes of false positive alerts, slowing down the compliance process and placing significant pressure on employees. To meet this challenge, firms need efficient, agile, automated screening solutions that can adapt to changing risk landscapes without compromising performance.
Ripjar’s Labyrinth Screening platform is designed for exactly this purpose. Powered by cutting-edge machine learning algorithms, Labyrinth Screening offers customisable adverse screening tools and powerful adverse media name search capabilities in over 25 languages. Labyrinth screens against thousands of global news sources, watchlists, and sanctions lists, and puts actionable financial intelligence at your fingertips in seconds.
The Labyrinth platform also adds valuable depth and detail to your screening process with the integration AI Risk Profiles technology. Automatically identifying and extracting only the most relevant data on subject entities, AI Risk Profiles enables firms to build out individual profiles for subject entities, eliminating duplicate content, similar names, and other data that typically increase the chance of a false positive alert, and ensuring your compliance team is in the best position to make strong risk decisions.
Ireland is a prosperous, northwestern European nation with a highly developed economy, including successful international technology, science, and financial service industries. Ireland’s global business profile has also led to financial crime risks: in 2021, Irish police revealed that they had recorded over 500 money laundering crimes in 2020, more than double the amount in 2019, and a sixfold increase in two years. To address that threat, the Irish government has committed to bolstering the powers and resources of authorities to fight financial crime and in particular to address offences such as money laundering and terrorism financing.
The increased focus on anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations means that organisations in Ireland must understand the risk landscape, and be capable of achieving compliance with the relevant regulations. Prepare your organisation for criminal threats, and stay ahead of your compliance obligations with our guide to Ireland’s AML regulations.
Ireland’s AML Regulator: The Central Bank of Ireland
Founded in 1943, and headquartered in Dublin, the Central Bank of Ireland (CBI) is Ireland’s primary anti-money laundering regulator and is responsible for “effectively monitoring credit and financial institutions’ compliance with their AML and CFT obligations”. The CBI’s duties and responsibilities include:
Providing oversight for Ireland’s financial institutions to ensure compliance with AML/CFT regulations.
Conducting on-site inspections to verify that financial institutions are meeting their regulatory compliance obligations.
Monitoring adoption and implementation of risk-based AML/CFT compliance procedures.
Ensuring that financial institutions keep AML/CFT compliance policies and procedures up to date and available for inspection, and that senior management are aware of their own compliance responsibilities.
Enforcing administrative sanctions against financial institutions that fail to comply with their compliance obligations.
As a national regulatory body, the CBI plays a role in the development of new financial regulations with the Irish government. Similarly, the CBI works with other European Supervisory Authorities (ESA) in order to foster a consistent approach to anti-money laundering regulations across the EU. Ireland is also a member of the international intergovernmental AML organisation, the Financial Action Task Force (FATF).
The CJA 2010 defines the offence of money laundering in Ireland and requires all financial institutions in Ireland to implement a risk-based AML/CFT solution. Key CJA 2010 compliance measures include customer due diligence (CDD), customer screening processes, suspicious activity reporting (SAR) mechanisms, the appointment of a competent compliance officer, and the implementation of employee training.
In addition to the CJA 2010, Ireland has passed several additional articles of AML/CFT-relevant legislation, these include:
The Criminal Justice (Terrorist Offences) Act 2005
The European Union (Anti-Money Laundering: Beneficial Ownership of Corporate Entities) Regulations 2019
The European Union (Anti-Money Laundering: Beneficial Ownership of Trusts) Regulations 2019
The European Union (Information Accompanying Transfers of Funds) Regulations 2017
The CJA 2010 requires that firms in Ireland implement a risk-based AML/CFT compliance solution. In this context, risk-based compliance means that firms must conduct a risk assessment of customers at onboarding to establish the level of individual AML risk that they present, and then deploy proportionate compliance measures.
A CJA 2010 compliance programme should include the following measures and controls:
Customer due diligence: Firms in Ireland must identify their customers by collecting identifying information, including names, addresses, and dates of birth. Firms must also identify ultimate beneficial owners (UBO) in order to prevent the misuse of shell companies.
Transaction screening: Firms must screen customer transactions in order to detect suspicious activity, such as unusual transaction patterns, transactions with high risk counter-parties, or transactions involving high risk jurisdictions.
Watchlist screening: Firms should screen customers against relevant watchlists, including PEP lists.
Adverse media screening: In order to understand customer risk levels as comprehensively as possible, and fulfil the CJA 2010’s risk-based obligations, firms in Ireland should implement an adverse media screening solution. Adverse media is valuable to AML because risk-relevant information is often revealed by media sources before it is confirmed officially, meaning that firms can perform more accurate risk assessments and deliver better compliance outcomes.
Accordingly, adverse media screening solutions should take in sources from Ireland and around the world, including foreign language media, and cover everything from stories by established news outlets to blog posts, forum entries, and social media posts. Adverse media solutions should be capable of multi-language searches, account for regional variations in spelling, non-Western characters and conventions, and factor in the credibility of the sources.
Recent AML Initiatives in Ireland
In addition to the TFR, Ireland will also implement another EU virtual asset regulation: Markets in Crypto Assets (MiCA). A landmark, EU-wide regulation, MiCA will address the AML risks posed by certain crypto-assets, and introduce new licensing and registration requirements for crypto-asset service providers. MiCA is expected to come into effect across the EU in 2024.
In 2023, Ireland announced that it would be bidding to host the new EU Anti-Money Laundering Authority (AMLA). The bid reflects Ireland’s desire to increase its profile as a European financial centre, and international AML leader.
Next Generation AML Screening
As Ireland’s AML landscape evolves, financial institutions will need to work harder to keep up with new regulatory obligations and to address new criminal methodologies. In this environment, automated screening solutions are critical: firms must be able to collect and analyse vast amounts of customer data, while minimising false positives and making decisions quickly.
Ripjar’s Labyrinth Screening platform is designed to meet those challenges – in Ireland and jurisdictions around the world. Labyrinth Screening enables firms to search customer names against thousands of global media sources, including PEP lists and sanctions lists, in real time, and generate actionable financial intelligence in seconds. Built with next generation machine learning technology, Ripjar has also implemented AI Risk Profiles as part of Labyrinth searches: using AI Risk Profiles, firms can quickly identify and extract only the most relevant risk information about their customers, speeding up the screening process, enhancing accuracy, and ultimately enabling faster, stronger compliance decision-making.
Luxembourg is a small western European country with a global reputation for banking services and favourable tax laws. That reputation draws investment to the country, but also makes it a target for those who seek to use its financial system to launder money and commit other crimes. In 2021, a joint investigation by German and French journalists found that Luxembourg was being used to conceal funds linked to organised crime gangs from around the world. The report characterised Luxembourg as part of an “axis of tax avoidance” in Europe.
Luxembourg’s government has pushed back strongly against the notion that it is not doing enough to address financial crime, and has made significant recent efforts to bolster the country’s anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations. Those efforts have led to increased regulatory scrutiny, and a need for firms operating within Luxembourg to ensure they understand their risk environment, and achieve regulatory compliance.
Luxembourg’s primary AML regulator is the Commission de Surveillance du Secteur Financier (CSSF). Established in 1998, the CSSF is responsible for “ensuring that all the persons subject to its supervision, authorisation or registration comply with the professional AML/CFT obligations”. In this capacity, the CSSF provides oversight for all banks, investment firms, and other types of financial institutions operating in Luxembourg.
The CSSF’s duties and responsibilities include:
Supervising and investigating financial institutions to ensure compliance with Luxembourg’s AML/CFT laws.
Obtaining documents and other financial intelligence from persons under its supervision.
Issuing sanctions against firms that do not comply with AML/CFT regulations. Sanctions may include warnings, fines, or occupational prohibitions.
Luxembourg is a member of the Financial Action Task Force (FATF), the Wolfsberg Group, and the EU, and so the CSSF actively participates in international efforts to combat financial crime. The CSSF shares information with international counterparts and participates in the European System of Financial Supervision (ESFS) with the objective of enhancing and harmonising AML/CFT standards across the EU.
Key Luxembourg AML Regulations
Luxembourg’s primary AML/CFT law is the Law of 12 November 2004 on the fight against money laundering and terrorist financing, also known as the AML/CFT Law. The law defines the offence of money laundering in Luxembourg and gives the CSSF its supervisory powers.
In alignment with FATF recommendations and EU objectives, the AML/CFT Law requires that firms in Luxembourg take a risk-based approach to compliance. In practice, this means that firms must conduct risk assessments to gauge the level of criminal risk that their customers present, and then deploy proportionate compliance measures, with higher risk customers subject to a greater degree of AML/CFT scrutiny.
EU AMLD: The EU issues periodic updates to its AML/CFT regulations, known as Anti-Money Laundering Directives (AMLD), which members must implement in domestic legislation.
Accordingly, Luxembourg amends its AML/CFT Law to incorporate details of new AMLDs. The Sixth Anti-Money Laundering Directive (6AMLD) came into effect across the EU on 3 June 2021, introducing a range of new AML/CFT compliance obligations including new AML predicate offences, expanded criminal liability for money laundering, and increased minimum penalties.
How to Comply with Luxembourg’s AML Regulations
Firms in Luxembourg must implement a risk-based compliance programme to meet their obligations under the AML/CFT Law. Effective AML compliance programmes in Luxembourg should include the following measures and controls:
Customer due diligence: In order to assess risk accurately, firms in Luxembourg must perform suitable customer due diligence (CDD) to identify their customers. The CDD process should involve the collection and verification of names, addresses, dates of birth, and other identifying information. Higher risk customers should be subject to enhanced due diligence (EDD) measures.
Beneficial Ownership: To prevent financial criminals concealing their identities with shell companies or corporate infrastructure, firms should also establish the ultimate beneficial ownership (UBO) of customer entities with which they do business.
Transaction screening: Firms in Luxembourg should screen customer transactions for signs of money laundering. These might include unusually high transaction amounts, transactions with high risk counter-parties, or transactions that involve jurisdictions with inadequate AML controls.
Watchlist screening: Firms should identify high risk customers, such as politically exposed persons (PEPs), by screening them against the relevant international watchlists.
Sanctions screening: Customers that are subject to international sanctions pose a high AML/CFT risk. With that in mind, firms in Luxembourg should implement a sanctions screening solution to capture designations on the relevant lists, such as the EU’s Consolidated sanctions list.
Adverse media screening: News stories, and other media, often reveal changes in customer risk before any confirmation by official sources. Given the potential for news media (and other forms of media) to capture that information, firms in Luxembourg should integrate adverse media screening as part of their AML/CFT solution.
Adverse media screening (or negative news screening) requires firms to search for customer names across a range of domestic and international media sources, including traditional news outlets, blogs, social media platforms, and forum posts. Adverse media solutions should be capable of searching in multiple languages, and account for regional variations in spelling, non-Western characters, and other complicating language factors.
Recent AML Initiatives in Luxembourg
In 2022, Luxembourg made a series of amendments to the AML/CFT Law in order to clarify certain regulatory details. The amendments, introduced under the Act of July 2022, clarified:
The limits of applying customer due diligence under the risk-based approach.
The obligation to retain documents collected as part of the CDD process – rather than just listing references to those documents.
The obligation to apply enhanced CDD measures for persons acting behalf of a client, or for PEPs.
The obligation to compare collected beneficial ownership data to available beneficial ownership registers.
As an EU member, Luxembourg will also implement the upcoming Markets in Crypto Assets (MiCA) regulation. MiCA is a landmark regulation that will introduce new AML measures for the treatment of virtual assets, in particular stablecoins, and will introduce new licensing and registration requirements for cryptocurrency service providers. MiCA will be introduced across the EU in 2024.
Next Generation Screening in Luxembourg
To keep pace with Luxembourg’s AML regulations and manage emerging threats, firms must implement an agile, flexible screening solution capable of managing vast amounts of structured and unstructured data. The increasing complexity of AML regulations, and the sophistication of criminal methodologies, mean that manual AML solutions are no longer adequate – and risk not only negative customer experiences, but human error and costly compliance penalties.
Ripjar’s Labyrinth Screening platform is built to address modern screening challenges, with fast, flexible, accurate screening tools tailored to individual companies’ needs. Labyrinth Screening gives firms the power to search customer names against thousands of adverse media sources, watchlists, and sanctions lists in real time, in over 21 langues, and delivers actionable financial intelligence in seconds.
Powered by next generation machine learning technology, Ripjar has also deployed AI Risk Profiles as part of the Labyrinth Screening platform. AI Risk Profiles enable compliance teams to identify and extract the most relevant risk data on their customers, minimising false positive alerts while building detailed risk profiles for stronger, more accurate decision making.
The United Arab Emirates (UAE) is a global business hub, and one of the most important economies in the Middle East and the world. While the UAE attracts investment from around the world, its wealth also makes it a target for criminals seeking to exploit its financial system. In 2022, the Financial Action Task Force (FATF) placed the UAE on its list of Jurisdictions under Increased Monitoring, also known as the FATF grey list, as a result of deficiencies in its anti-money laundering (AML) and counter-financing of terrorism (CFT) controls, including international sanctions violations. Following the listing, the UAE government committed to meeting the requirements of its FATF’s action plan by improving its AML/CFT framework, and clamping down on organisations that fail to meet their compliance obligations.
That increased level of regulatory scrutiny means that firms operating in the UAE must understand the country’s AML/CFT environment, how to deal with risks, and how to adjust their internal procedures to achieve compliance.
The UAE’s AML Regulator: The Central Bank of the UAE
The Central Bank of the UAE (CBUAE) is the country’s primary financial regulator and provides AML/CFT supervision through its specialised Anti-Money Laundering and Combatting the Financing of Terrorism Supervision Department (AMLD). Established in 2020, AMLD took over AML/CFT responsibilities from the CBUAE’s Banking Supervision Department, and now acts “as the interface between the the CBUAE and domestic stakeholders”, focusing on regulatory compliance, and working with law enforcement authorities and the UAE’s Financial Intelligence Unit (FIU). The AMLD has three stated objectives:
Examine licensed financial institutions (LFIs) operating in the UAE
Ensure compliance with the UAE’s AML/CFT regulatory and legal framework
Identify AML/CFT threats and emerging risks, and weaknesses in the UAE’s financial system
In support of those objectives, the AMLD coordinates with both the CBUAE’s Banking Supervision Department and the Enforcement Division to carry out investigations of potential regulatory violations, and to impose penalties on firms found to be in violation. It also works with the UAE cabinet to develop AML/CFT legislation, issues periodic compliance guidance to firms operating within the UAE, and works with international counterparts in the global fight against financial crime.
The UAE’s main articles of AML/CFT legislation are:
Federal Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations
Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
Known as the AML/CFT Law and the AML/CFT Decision respectively, the articles collectively require firms in the UAE to develop and implement a risk-based AML/CFT programme, including know your customer (KYC) checks, risk screening solutions, reporting and record-keeping processes, and suitable compliance governance. The requirements include the appointment of an AML Compliance Officer responsible for overseeing their firm’s compliance solution.
Recent AML initiatives: The UAE government has made explicit political commitments to addressing the FATF’s UAE action plan in order to facilitate its removal from the grey list, and has been able to demonstrate recent progress. At an FATF Plenary in February 2023, the FATF stated that the UAE had made “significant progress” in strengthening its AML/CFT regime and urged the UAE government to maintain focus on “demonstrating a sustained increase in effective investigations and prosecutions of different types of money laundering cases”.
To that end, in January 2023, the CBUAE released new guidance on the use of digital identification systems in AML/CFT compliance solutions. The guidance suggests that firms should integrate digital tools for customer onboarding and for verification, and use digital data to help identify suspicious activity such as transactions that involve high risk jurisdictions.
UAE AML Regulations: How to Comply
Following FATF guidance, the UAE requires firms to implement a risk-based AML/CFT solution, which means they must perform risk assessments in order to identify the level of risk that individual customers present, and then deploy proportionate compliance measures. With that in mind, UAE compliance solutions should include:
Customer identification: Firms must establish and verify the identity of their customers by conducting suitable customer due diligence (CDD), collecting enough information to perform an effective AML/CFT risk assessment. Similarly, firms should establish ultimate beneficial ownership (UBO) of customer-entities in order to prevent the use of shell companies and corporate structures to conceal customer identities.
Enhanced due diligence: Where customers are identified as presenting a high AML risk, firms should perform enhanced due diligence (EDD), applying a greater level of scrutiny which might include collecting copies of official documents, or even a third party audit.
Transaction screening: Firms must screen customer transactions for AML risk on an ongoing basis, including screening for transactions with high risk counterparties or with high risk jurisdictions.
Sanctions and watchlists: Firms in the UAE face a higher level of sanctions risk, so must implement an effective sanctions screening solution to identify designated customers on international sanctions lists. Firms should similarly seek to identify politically exposed persons (PEPs) by screening against PEP lists.
Adverse Media Screening in the UAE
Adverse media often reveals customers’ true AML risk before that information is confirmed by official sources. Given the level of ambient risk in the UAE, firms should implement an adverse media screening solution capable of searching domestic and global news sources, and covering not just news outlets, but websites, blogs, forums, and social media platforms.
Effective adverse media searches involve the collection and analysis of vast amounts of data. For firms in the UAE, adverse media solutions should integrate multi-language search functionality in order to capture stories in a range of languages and scripts, including Arabic, and account for regional variations in spelling or the use of nicknames or aliases. Adverse media solutions should also minimise false positive alerts in order to address potential threats as quickly and efficiently as possible.
Next Generation Screening for UAE AML Compliance
The UAE is modernising its AML/CFT regulatory framework, with a focus on introducing digital identification and verification, and expanding firms’ capabilities to detect financial crime. To keep pace with the country’s changing regulatory requirements, firms must develop and integrate suitable technology solutions and, in particular, ensure that they have effective AML screening software.
Ripjar’s Labyrinth Screening platform gives you the power to meet AML compliance challenges in evolving regulatory environments like the UAE. Built with next-generation machine learning technology, Labyrinth is capable of multi-language searches that take in thousands of adverse media sources, international sanctions lists and watchlists, and that deliver actionable AML data in seconds. Searching thousands of data sources in real time, Labyrinth Screening is designed to extract the most relevant, up-to-date information in order to build detailed customer risk profiles that help you make confident compliance decisions and react to emerging threats immediately.
Open banking is a set of regulatory standards that govern the sharing of financial data between banks and third parties, enabling customers to pay online for products and services.
Revolutionising the commercial payment landscape, open banking has led to an explosion in the popularity of online apps and services. In the EU alone, the value of the payment services market has risen dramatically in the past few years, from $184.2 trillion in 2017 to $240 trillion in 2021. However, the rise of open banking has also led to concerns about the safety of customers’ financial and personal data. To allay those concerns, governments around the world have moved to regulate open banking to ensure that customer data remains safe and secure without stifling the potential of fintech innovation.
The most significant open banking regulatory framework in the EU is the Payment Services Directive (PSD), which originally came into effect in 2007, and its update, the Payment Services Directive 2 (PSD2), which came into effect in late 2020. Other examples of global open banking regulations that facilitate financial data sharing with third parties include the UK’s Open Banking Regulatory Technical Standards (which transposed PSD2 into UK law), Australia’s Consumer Data Right (CDR), the Hong Kong Open API Framework, and Singapore’s proposed Open Finance Framework.
The Next Phase of Open Banking: UK Regulations
PSD2 is the backbone of the EU’s internal electronic payments infrastructure, but the fintech landscape moves fast, and as innovations emerge, so do new risks. In June 2023, the EU set out its proposal for PSD3, which will “further improve consumer protection and competition in electronic payments” while maintaining the safety and security of customers in the digital landscape.
The next phase of open banking has seen proposals for new regulation around the world. To keep pace with the evolving payments landscape, the UK government’s Joint Regulatory Oversight Committee (JROC), part of the Financial Conduct Authority (FCA), has also published its vision for the next phase of open banking. The report sets out a range of challenges and opportunities for firms managing current and emerging financial crime risks associated with online payments – not least the need for effective anti-money laundering (AML) measures such as customer and transaction screening technology.
JROC characterised its vision as a plan for developing UK open banking regulations in a “safe, scalable, and economically sustainable way”, and focused part of its report on “mitigating the risks of financial crime”.
With new UK open banking regulations on the horizon, along with PSD3 and other global regulatory efforts, let’s take a look at some of the challenges (and potential opportunities) that firms can expect as open banking evolves over the next decade.
Regulatory Challenges for Open Banking
Data Sharing
JROC research suggests that there is currently only partial information on the levels of financial crime in open banking. The issue is made more complex by the frequency and footprint of online payments, which take in multiple independent service providers, across different jurisdictions. The next phase of open banking must focus on enhancing data-sharing between financial institutions and third-party service providers.
As the amount of data transiting open banking infrastructure will increase, it is possible that banks and payment providers could harness that data’s potential. Combined with strong cyber-security measures, open banking data-sharing protocols could improve protections for customers and broaden institutional understanding of criminal methodologies, without degrading the quality of the products and services.
Risk Indicators
As open banking changes the payments landscape, new criminal risks will emerge, and institutions must be ready to adapt their compliance response to keep pace. However, financial compliance should be a proactive, rather than reactive, effort. Institutions must find ways of detecting AML/CFT threats before they cause damage, which means developing new risk indicators.
Open banking has the potential to improve responses to financial crime with tools that address specific risks (such as money laundering, terrorism financing, and fraud). Practically, this means automating data-heavy processes like customer due diligence (CDD), and customer screening, and leaning in to innovations such as artificial intelligence and machine learning software as a way to improve risk detection.
Regulatory Disparity
Open banking has expanded the commercial landscape for businesses around the world, but cross-border payments carry higher levels of criminal risk and make it harder to establish the identities, and to track, parties involved in transactions.
New open banking regulations will increase the CDD compliance burden on service providers, along with the need for firms to maintain suitable records of transactions. The regulatory disparity between different jurisdictions may also create problems – the EU, for example, is focusing strongly on harmonising its AML/CFT regulatory ecosystem and will likely emphasise this in the next iteration of the PSD.
Data Privacy
The more data collection requirements that open banking regulations mandate, the more likely it is that firms will encounter data privacy challenges. Jurisdictional disparity may play a part in the data privacy challenge: some third party firms may employ ‘screen scraping’ tools as a way of harvesting data – a practice which is restricted in a lot of jurisdictions, including the EU.
As open banking regulations meet existing data privacy regulations, banks and third party providers will need to increase their focus on ongoing compliance, and consistently review their cyber-security protections to ensure customer data remains protected.
Know Your Customer
The anonymity and speed associated with online payments means that financial institutions must improve the quality of their know your customer (KYC) processes, so that they can understand the true risk that certain payments present.
To tackle the specific KYC challenges of open banking, firms must enhance the application of CDD, and screen for criminal risks more intensively. Those factors inevitably slow down onboarding, lead to an increase in the cost of products and services, and create negative experiences for customers. To address this challenge, firms should lean in to KYC innovations, including the use of biometric and dual factor authentication, or the integration of advanced screening strategies such as global adverse media searches.
Next Generation Screening Solutions
The open banking landscape will evolve dramatically in the coming years, and firms will need to be proactive in their approach to compliance, staying ahead of potential penalties by understanding their risk environment as completely as possible. Customer screening will be critical to that challenge: firms that understand the true risks that they face will be able to make faster, stronger decisions that help them address threats and capitalise on opportunities.
With that goal in mind, firms must integrate screening solutions that match the speed and demands of the open banking risk landscape. This means they must be able to screen with global scope, across multiple languages, and capture up-to-date information as quickly as possible.
Powered by next-generation machine learning technology, Ripjar’s Labyrinth Screening platform offers the flexibility, efficiency, and accuracy that firms need to meet open banking screening challenges. Labyrinth Screening enables customer name searches in over 25 foreign languages, taking in thousands of adverse media sources, government watchlists, and sanctions lists.
Labyrinth also offers a new screening advantage in the form of AI Risk Profiles, which allows firms to identify and pull the most relevant risk data from their searches, and build out in-depth profiles for each entity they deal with. AI Risk Profiles can help firms take on the data-intensive demands of new open banking regulations, resolving risk factors quickly and clearly, and facilitating effective decision making.
Denmark is a wealthy Nordic country with a strong and diverse business landscape. In recent years, Denmark’s economic reputation has been damaged by high profile money laundering incidents, including a banking scandal which involved suspicious transactions amounting to around €200 billion flowing through some of the eastern European branches of a Danish bank. The scandal led to criminal charges, prosecutions, and financial penalties of over $2 billion.
In the wake of the incident, Danish authorities are placing a greater focus on AML compliance, which means that firms operating in Denmark must understand how to meet their anti-money laundering (AML) and counter-financing of terrorism (CFT) obligations in the ongoing fight against global financial crime. Given the prospect of significant fines and reputational damage, let’s take a closer look at Denmark’s AML landscape, and how firms should approach regulatory compliance.
Denmark’s AML Regulator: Finanstilsynet
Denmark’s financial regulator is the Financial Supervisory Authority (FSA), known in Danish as Finanstilsynet. The Danish government established the FSA in 1988, merging the Danish Supervisory Authority for Banks and Savings Banks and the Insurance Supervisory Authority. The FSA’s stated mission is to provide “financial stability and confidence in financial undertakings” in Denmark, and as such it is responsible for supervising banks and financial institutions, including insurance companies, pension funds, investment funds, and securities brokers.
The Danish FSA works to ensure that Danish firms comply with the country’s AML/CFT regulations, setting out rules and best practices, assisting the Danish government in developing new AML/CFT legislation, and issuing periodic guidance and best practice information. As Denmark’s national regulator, the FSA also works with international counterparts to assist in cross-border AML/CFT investigations and contribute to the global fight against money laundering. Banks and other financial service providers that wish to operate in Denmark must register with the FSA.
Denmark AML Regulations
The main article of AML legislation in Denmark is the Act on Preventive Measures Against Money Laundering and the Financing of Terrorism, also known as the Money Laundering Act. Applicable to all financial institutions in Denmark, the Money Laundering Act requires financial institutions to develop and implement a risk-based AML/CFT compliance solution, including appropriate customer due diligence (CDD) and screening measures. Firms must also appoint an AML Officer who is responsible for overseeing their organisation’s compliance solution.
EU Anti-Money Laundering Directives: Denmark is a member of the European Union and so must transcribe the EU’s anti-money laundering directives (AMLD) in domestic legislation. Accordingly, the Danish government updates the Money Laundering Act to meet AMLD requirements, and has done so most recently for the Fourth and Fifth Anti-Money Laundering Directives (4AMLD and 5AMLD).
Due to its constitutional agreements with the EU, as of May 2023, Denmark has not implemented the EU’s Sixth Anti-Money Laundering Directive (6AMLD). The directive came into effect across the rest of the EU on 3 June 2021.
Recent AML initiatives: Denmark’s government has announced a nationwide crackdown on money laundering, and released a 5 pillar AML/CFT strategy that will run until 2025. The strategy focuses on areas of particularly high AML risk, including high value goods, money transfer companies, cryptocurrencies, and the gambling industry. As part of the strategy, the Danish police has established a new unit dedicated to tackling money laundering.
While Denmark has not yet committed to any regulatory steps, the FSA has indicated that it will consider AML/CFT measures for virtual assets in the future. The EU has proposed a landmark regulation known as Markets in Crypto Assets (MiCA) which will come into effect in 2024 and introduce new AML/CFT compliance obligations for certain types of virtual asset.The Danish government has not indicated that it will implement MiCA but may do so as part of its regulatory efforts to address virtual asset money laundering risks.
Denmark AML Regulations: How to Comply
Following EU and Financial Action Task Force (FATF) guidance, firms in Denmark must implement risk-based AML/CFT solutions that reflect the level of criminal risk that they face. An effective risk-based solution should include the following measures:
Customer due diligence: Firms must identify their customers in order to build accurate risk profiles. Higher risk customers should be subject to enhanced due diligence, and corporate entities should be subject to ultimate beneficial ownership (UBO) checks.
Transaction screening: Firms must screen customer transactions for signs of money laundering and other financial crimes. Red flag characteristics may include transactions that involve high risk counterparties or accounts in high risk jurisdictions.
Sanctions and watchlists: Firms must identify high risk customers by screening them, on an ongoing basis against the relevant international sanctions and watchlists.
Adverse media screening in Denmark: One of the most effective ways to establish true AML risk is to screen against adverse media or negative news, which may reveal a customer’s involvement in financial crime, or designation on a watchlist, before that information is confirmed officially.
Finanstilsynet’s risk management guidelines state, “It is essential that financial institutions include media screening of customers and beneficial owners in customer due diligence.”
Firms should implement adverse media screening technology capable of searching for customer names in Denmark and around the world, gathering as much data as possible while minimising false positives and administrative noise. Adverse media searches should include established news platforms, websites, blogs, forums, and social media posts.
The Importance of Screening Technology
Ripjar’s Labyrinth Screening platform is designed to help firms meet their compliance obligations in crowded and complex regulatory environments. Powered by cutting-edge AI and machine learning software, Labyrinth enables global customer screening of thousands of news sources, sanctions lists, and watch lists, and delivers accurate, actionable data in real time. The Labyrinth search algorithm is capable of extracting the most relevant information from structured and unstructured data, enabling firms to build effective customer risk profiles in seconds, and react to emerging risks as soon as possible.
Finland is a wealthy northern European nation with one of the largest economies in the world, and an industrial landscape backed by strong global trade connections. While international investment has contributed to Finland’s prosperity, it has also attracted criminals who seek to exploit the country’s financial system to commit crimes such as money laundering and terrorism financing. In 2022, Finnish authorities investigated almost 4,000 cases of financial crime, up 10% on 2021 and with costs estimated in excess of €197 million.
The Finnish government has implemented strict regulations to help detect and prevent money laundering, terrorism financing, fraud, and other financial crimes – and firms operating in the country must be able to achieve compliance in order to avoid significant penalties and fines. To help your organisation meet its compliance obligations, read our quick guide to Finland’s anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations.
Finland’s Financial Supervisory Authority: The FSA
Finland’s financial regulator is known as the Financial Supervisory Authority (FSA) or Finanssivalvonta (Fiva). Headquartered in Helsinki and operating in conjunction with the Bank of Finland, the FSA’s stated mission is to ensure “the stable operation of credit, insurance, and pension institutions and other supervised entities” that operate in the country, in order to protect “the stability of the financial markets”.
In that supervisory role, the FSA ensures that organisations comply with Finland’s AML regulations. The FSA has the power to collect and analyse customer and transaction data from financial institutions, perform inspections of supervised entities, and issue penalties and fines in the event of compliance violations. The FSA may also work with the Finnish police as part of financial crime investigations.
Finland is a member of the EU and of numerous international economic organisations, including the Financial Action Task Force (FATF). Accordingly, the Finnish FSA also adopts the AML standards and best practices set out by those entities, and participates actively in the global fight against financial crime.
Key Finland AML Regulations
Firms in Finland must comply with the country’s main anti-money laundering legislation: the Act on Preventing Money Laundering and Terrorist Financing, often referred to as the Anti-Money Laundering Act (AMLA). The Act aligns Finland with international AML/CFT compliance standards, and sets out AML/CFT legal requirements with the following objectives:
Preventing money laundering and terrorist financing
Facilitating the detection of money laundering and terrorist financing
Tracing and recovering the of proceeds of crime
Following FATF recommendations, AMLA mandates a risk-based approach to money laundering, which means that firms in Finland must perform risk assessments to establish the level of money laundering risk that individual customers present, and then deploy compliance measures proportionate to that risk.
Finland’s AMLA is supported by a number of additional financial regulations, including:
Anti-Money Laundering Directives: As a member of the EU, Finland must implement the EU Parliament’s Anti-Money Laundering Directives (AMLD) in domestic law. Issued periodically, the AMLD set out new AML/CFT standards, often relating to emerging criminal threats or advances in technology. The latest directive, the Sixth Anti-Money Laundering Directive (6AMLD), came into effect across the EU on 3 June 2021.
How to Comply with Finland’s AML Regulations
Under the risk-based approach, firms in Finland must implement certain key measures and controls as part of their AMLA compliance solution. These include:
Customer due diligence: Firms in Finland must establish and verify their customers’ identities via suitable customer due diligence (CDD) in order to perform accurate risk assessments and build effective customer risk profiles.
Beneficial ownership: To prevent the misuse of shell companies and corporate infrastructure, firms must establish the ultimate beneficial ownership (UBO) of customer entities.
Transaction screening: In order to detect criminal activity, firms in Finland must screen customer transactions for red flag indicators of money laundering, such as transactions involving high risk jurisdictions or counter-parties.
In order to establish true risk, firms must build an understanding of the AML risk that their customers pose as quickly and comprehensively as possible. This means conducting adverse media screening to reveal unknown risks or to capture changes in risk, quickly and accurately.
Adverse, or negative news, screening requires firms to screen customers against media sources from Finland and around the world. The screening process should include news articles, websites, social media posts, forum posts, and more, in a range of languages. Accordingly, an effective adverse media solution should incorporate multi-language screening, and account for anomalous factors such as regional variations in spelling, non-Western characters and naming conventions, nicknames, and the use of aliases.
Recent AML Initiatives in Finland
Under EU directives, Finland will implement the upcoming Markets in Crypto Assets (MiCA) and Transfer of Funds (TFR) regulations. Both regulations introduce new AML/CFT compliance obligations for financial institutions that handle virtual assets, including reporting and record-keeping requirements. Finnish authorities have recently increased their focus on virtual asset money laundering; in late 2022, the FSA revealed that it was conducting an investigation into Finnish virtual currency providers’ links with international service providers that had encountered operational problems.
Finland is also enforcing EU sanctions against Russia in response to the invasion of Ukraine in 2022. While the EU has issued several rounds of sanctions against Vladimir Putin’s regime, the situation remains fluid, and it is likely that further sanctions will be imposed in the future. Firms operating in Finland should be prepared to adjust their sanctions screening processes to account for new risks.
Next Generation Technology for AML Screening in Finland
As Finland adapts to changing EU AML regulations, and manages new criminal threats, financial institutions must stay ahead of their compliance obligations. In practice, this means collecting and analysing vast amounts of structured and unstructured financial data, and making important compliance decisions quickly. In an environment where accuracy and speed are critical, effective AML screening represents a significant administrative challenge.
Ripjar’s Labyrinth Screening platform is a fast, flexible screening solution designed to help firms navigate AML compliance in Finland and around the world. Labyrinth Screening enables firms to screen customer names against thousands of global media sources, including news sites, sanctions lists, and watchlists, and generate meaningful, up-to-date, financial intelligence in seconds. Powered by next-generation machine learning technology, Labyrinth Screening also allows compliance teams to build extensive AI Risk Profiles for customers, identifying and collating only the most relevant risk data in order to minimise false positive alerts, save time and money, and help facilitate strong decision-making.
