AML, CTF & KYC
Overviewโ
AML (Anti-Money Laundering), CTF (Counter-Terrorism Financing), and KYC (Know Your Customer) are the core pillars of financial crime compliance. Together they form a bank's first line of defence against criminals using the financial system to launder money, fund terrorism, or commit financial crime.
| Pillar | Purpose |
|---|---|
| KYC | Verify who your customers are before and during the relationship |
| AML | Detect and report activity that may constitute money laundering |
| CTF | Detect and report activity that may be funding terrorism |
| CDD | Customer Due Diligence โ the ongoing process combining KYC + monitoring |
| EDD | Enhanced Due Diligence โ deeper checks for higher-risk customers |
Key distinction: KYC is about knowing your customer. AML/CTF is about monitoring what they do.
Regulatory Frameworkโ
Australiaโ
| Legislation / Standard | Description |
|---|---|
| AML/CTF Act 2006 | Primary legislation administered by AUSTRAC |
| AML/CTF Rules 2007 (as amended) | Detailed operational requirements |
| Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 | Tranche 2 expansion to lawyers, accountants, real estate agents |
| FATF Recommendations (40 Recommendations) | International AML/CTF standard โ Australia is a FATF member |
| Basel Committee Guidance | Sound management of risks related to money laundering |
| APRA Prudential Standards | APS 001 โ prudential soundness includes financial crime risk |
Key Regulatorsโ
| Regulator | Role |
|---|---|
| AUSTRAC | Australian Transaction Reports and Analysis Centre โ primary AML/CTF regulator and financial intelligence unit |
| APRA | Prudential regulator โ expects boards to govern financial crime risk |
| ASIC | Conduct regulator โ financial services licensing incorporates AML/CTF obligations |
| AFP / ACIC | Law enforcement โ investigate money laundering and terrorism financing |
Internationalโ
| Body | Role |
|---|---|
| FATF (Financial Action Task Force) | Sets the global AML/CTF standards; mutual evaluation of member countries |
| FATF-Style Regional Bodies (FSRBs) | e.g., Asia/Pacific Group (APG) โ FATF's regional equivalent |
| Egmont Group | Network of 166 Financial Intelligence Units (FIUs) globally โ enables intelligence sharing |
| Wolfsberg Group | Association of 13 major global banks; publishes AML guidance |
Money Laundering โ Deep Diveโ
Definitionโ
Money laundering is the process by which proceeds of crime are made to appear legitimate. The underlying predicate offence may be drug trafficking, fraud, corruption, tax evasion, human trafficking, cybercrime, or any other serious crime.
The Three Stagesโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ MONEY LAUNDERING LIFECYCLE โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ STAGE 1: PLACEMENT โ
โ โโโโโโโโโโโโโโโโโโ โ
โ Dirty cash enters the financial system โ
โ โ
โ Methods: โ
โ โข Cash deposits (splitting to avoid reporting thresholds) โ
โ โข Smurfing (using multiple people to deposit smaller amounts) โ
โ โข Cash-intensive businesses (restaurants, carwashes, casinos) โ
โ โข Gambling winnings โ
โ โข Trade-based laundering (over/under-invoice goods) โ
โ โ
โ Bank's exposure: HIGHEST โ cash enters the system here โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ STAGE 2: LAYERING โ
โ โโโโโโโโโโโโโโโโ โ
โ Multiple transactions obscure the audit trail โ
โ โ
โ Methods: โ
โ โข Rapid wire transfers between multiple accounts/countries โ
โ โข Shell company chains (Company A โ B โ C โ D) โ
โ โข Cryptocurrency mixing โ
โ โข Trade-based layering (false invoices across borders) โ
โ โข Loan-back schemes (laundered money "loaned" to criminal) โ
โ โข Foreign exchange conversions โ
โ โข Real estate purchases and sales โ
โ โ
โ Bank's exposure: HIGH โ payment systems used to layer โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ STAGE 3: INTEGRATION โ
โ โโโโโโโโโโโโโโโโโโโโโ โ
โ Funds re-enter the legitimate economy โ
โ โ
โ Methods: โ
โ โข Luxury goods (watches, jewellery, art) โ
โ โข Real estate (buy property with laundered funds) โ
โ โข Business investment โ
โ โข Stock market investment โ
โ โข Professional fees (overpay lawyers/accountants) โ
โ โ
โ Bank's exposure: MODERATE โ funds appear legitimate by this point โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Common Money Laundering Typologiesโ
| Typology | Description | Red Flags |
|---|---|---|
| Structuring / Smurfing | Breaking large amounts into smaller deposits below reporting thresholds | Multiple sub-$10K cash deposits; multiple people depositing for same beneficiary |
| Shell Company Layering | Using multiple corporate entities to move funds | Payments to companies with no apparent business purpose; complex ownership structures |
| Trade-Based Laundering | Over/under-invoicing on trade | Invoice amounts inconsistent with market price; trade with unusual counterparties |
| Money Mule Networks | Using unwitting/recruited individuals to move funds | Young/new account receives large credit and immediately moves it on |
| Professional Money Laundering | Using lawyers, accountants, real estate agents | Third-party payments; commingled client funds |
| Casino / Gambling | Cash in, winnings withdrawn as "clean" money | Large casino transactions; immediate cash-out of winnings |
| Real Estate | Buying property with illicit funds | All-cash purchases; rapid resale |
| Cryptocurrency | Using crypto to obscure fund movement | Large crypto exchange transactions |
Terrorism Financing (CTF) โ Unique Challengesโ
Terrorism financing is fundamentally different from money laundering in one key way:
MONEY LAUNDERING: Large amounts of DIRTY money โ Made to look CLEAN
TERRORISM FINANCING: Small amounts of CLEAN money โ Used for VIOLENT ends
CTF Challengesโ
| Challenge | Detail |
|---|---|
| Small amounts | A terrorist attack may cost only a few hundred to a few thousand dollars |
| Legitimate sources | Funds may come from legitimate employment, donations, or family support |
| No prior crime | Unlike ML, there is no predicate offence to trace |
| Compartmentalisation | Terror cells often deliberately keep transactions small and separate |
| Charities | Some charities (knowingly or unknowingly) channel funds to terrorist organisations |
CTF Red Flagsโ
- Frequent small transfers to high-risk jurisdictions (conflict zones)
- Purchases of weapons-related materials (fertilisers, chemicals, electronics)
- Travel to known terrorism hotspots followed by increased financial activity
- Donations to unregistered or high-risk charities
- Consistent financial support from overseas to a local individual with no apparent income
KYC โ Know Your Customerโ
What KYC Isโ
KYC is the process of verifying that a customer is who they say they are, understanding the nature of their expected business activity, and assessing the financial crime risk they present.
Customer Identification Program (CIP)โ
Individual Customers:
Mandatory Identification:
โโโ Full legal name (as on government document)
โโโ Date of birth
โโโ Residential address
โโโ Tax File Number (TFN) or exemption
โ
Identity Verification (at least ONE of):
โโโ Australian passport
โโโ Australian driver's licence (with photo)
โโโ Medicare card + secondary document
โโโ Foreign passport (+ visa if required)
โโโ Birth certificate + secondary document (e.g., utility bill)
โโโ National identity card
Corporate / Entity Customers:
Mandatory Identification:
โโโ Full legal name of entity
โโโ ABN (Australian Business Number)
โโโ ACN (Australian Company Number) โ if company
โโโ Registered address
โโโ Principal place of business
โโโ Nature of business / industry
โโโ Source of funds (how does the business generate money?)
โ
Entity Structure โ Identify:
โโโ All directors / trustees / partners
โโโ Company secretary
โโโ Authorised signatories
โโโ Ultimate Beneficial Owners (UBOs) โ see below
Ultimate Beneficial Ownership (UBO)โ
The most complex part of corporate KYC. Banks must identify the real human being(s) who ultimately own or control a corporate customer โ not just the direct shareholders.
UBO Rules (Australia)โ
Beneficial Owner Threshold: โฅ 25% ownership OR effective control
Simple Structure:
Company ABC โ 100% owned by John Smith
UBO: John Smith (100% โ above 25%)
Complex Structure:
Company ABC
โโโ 40% owned by Trust XYZ
โ โโโ Trustee: Jane Brown
โ Beneficiaries: Brown Family
โโโ 35% owned by Overseas Co Ltd
โ โโโ 80% owned by Ali Hassan
โ (so Ali = 28% effective โ above 25%)
โโโ 25% owned by VC Fund (no individual > 25%)
UBOs to identify:
โโโ Jane Brown (trustee = effective control of Trust XYZ)
โโโ Ali Hassan (28% effective ownership via Overseas Co)
โโโ VC Fund general partner (if individual has control)
UBO Challengesโ
| Challenge | Example |
|---|---|
| Multi-layer structures | 10+ layers of holding companies |
| Nominee shareholders | Person holds shares on behalf of another |
| Bearer shares | Ownership transfers physically โ identity unclear |
| Trust structures | Discretionary trusts; beneficiaries not fixed |
| Overseas entities | Foreign company registries may not be public |
| Orphaned structures | Beneficial owner deceased; no clear successor |
KYC Levels โ Risk-Based Approachโ
Not all customers carry the same risk. The regulatory framework requires a risk-based approach:
Simplified Due Diligence (SDD)โ
For very low-risk customers where ML/TF risk is demonstrably low.
Eligible for SDD:
โโโ Listed public companies (ASX, NYSE, etc.)
โโโ Government entities
โโโ Regulated financial institutions
โโโ Low-value products (e.g., prepaid cards up to $250)
What's reduced:
โโโ Less documentation required
โโโ Beneficial ownership threshold may be relaxed
โโโ Less frequent refresh required
Standard Due Diligence (CDD)โ
The baseline for most retail and SME customers.
Required:
โโโ Full CIP (identity verification)
โโโ Understanding purpose of account
โโโ Expected transaction types and volumes
โโโ Source of funds (how they earn money)
โโโ Ongoing transaction monitoring
Enhanced Due Diligence (EDD)โ
For high-risk customers โ significantly more documentation and scrutiny.
Who requires EDD:
โโโ PEPs (Politically Exposed Persons) โ see below
โโโ Customers in high-risk jurisdictions (FATF grey/black list)
โโโ Cash-intensive businesses (e.g., carwashes, casinos)
โโโ Non-face-to-face (remote) onboarding in some cases
โโโ Customers whose beneficial ownership is unusually complex
โโโ Charities operating in high-risk jurisdictions
โโโ Any customer whose risk assessment is HIGH
EDD requires:
โโโ Senior management approval to onboard
โโโ Source of WEALTH (not just funds โ how they accumulated their assets)
โโโ Source of FUNDS for specific transactions
โโโ Enhanced ongoing monitoring (more frequent, lower thresholds)
โโโ Annual or biennial review (vs 3โ5 years for standard)
โโโ Enhanced documentation of business relationships
Politically Exposed Persons (PEPs)โ
A PEP is a person entrusted with a prominent public function โ they are at higher risk of bribery and corruption.
PEP Categoriesโ
| Category | Examples |
|---|---|
| Domestic PEP | Prime Minister, Cabinet Ministers, Senators, Federal Court judges, senior military officers, chiefs of state-owned enterprises |
| Foreign PEP | Heads of state, ministers, ambassadors, senior judges of foreign governments |
Interview Questions (Senior Level)โ
- How do you balance false positives and missed detection risk in AML transaction monitoring?
- What governance model should own KYC refresh quality across business and compliance teams?
- How do you operationalize EDD for complex ownership structures without onboarding paralysis?
- Which data-quality failures most commonly undermine AML/CTF controls?
Short answer guide:
- Tune scenarios by typology, risk segment, and investigator feedback loops.
- Define clear ownership, SLAs, and escalation paths for KYC lifecycle tasks.
- Apply risk-based evidence tiers and senior approvals for high-risk cases.
- Incomplete customer data and weak entity resolution are frequent root causes.
Interview Focus
Differentiate onboarding KYC controls from ongoing AML monitoring and escalation operations.
Interview Trap
Applying uniform due diligence depth to all customer risk segments.
| International Organisation PEP | Senior officials of UN, IMF, World Bank, Olympic Committee | | Family Members | Spouse, children, parents, siblings of any PEP | | Close Associates | Business partners and close personal associates of PEPs |
PEP Risk Profileโ
Why PEPs are high risk:
โโโ Access to public funds
โโโ Ability to direct state resources
โโโ Potential to accept bribes
โโโ May use financial system to conceal corruption proceeds
โโโ Politically connected entities may be used for state-sponsored crime
PEP โ Criminal:
Being a PEP does NOT mean a person is corrupt โ it means ENHANCED monitoring
is required because the risk is objectively higher.
PEP Screening in Practiceโ
@Service
public class PepScreeningService {
public PepResult screen(Customer customer) {
// Screen against PEP databases
// (World-Check, Dow Jones Risk & Compliance, ACAMS, etc.)
List<PepMatch> matches = pepDatabase.findMatches(
customer.getFullName(),
customer.getDateOfBirth(),
customer.getNationality()
);
if (matches.isEmpty()) {
return PepResult.notPep();
}
// PEP found โ determine category
PepMatch bestMatch = matches.get(0);
return PepResult.builder()
.isPep(true)
.category(bestMatch.getCategory()) // DOMESTIC / FOREIGN / INTERNATIONAL
.pepRole(bestMatch.getRole()) // "Minister of Finance"
.requiresEdd(true)
.requiresSeniorApproval(true)
.monitoringFrequency(MonitoringFrequency.HIGH)
.build();
}
}
KYC Refresh and Ongoing Monitoringโ
KYC is not a one-time event โ it must be refreshed periodically:
| Customer Risk Level | KYC Refresh Frequency |
|---|---|
| LOW | Every 5 years |
| MEDIUM | Every 3 years |
| HIGH | Annually |
| PEP | Annually or on change of status |
| EDD customer | At least annually |
Triggers for Immediate Refreshโ
- Change in beneficial ownership
- Customer moves to high-risk jurisdiction
- Unusual transaction patterns detected by TM
- Customer becomes a PEP (newly elected/appointed)
- Regulatory alert about the customer
- Media adverse news about the customer
Transaction Monitoring (TM)โ
Transaction monitoring is the engine room of AML โ automated analysis of every transaction to detect suspicious patterns.
TM Rule Examplesโ
Structuring / Smurfingโ
Rule: Customer deposits cash multiple times in a short period,
each amount just below AUD $10,000 (the TTR threshold)
Logic: SUM(cash deposits) in rolling 24h by Customer_ID > 9,000
AND max(single deposit) < 10,000
AND count(deposits) >= 3
Alert: Possible structuring to avoid Threshold Transaction Report
Example:
9:00 AM โ Cash deposit $4,900
2:00 PM โ Cash deposit $4,800
Total: $9,700 โ below threshold but pattern is suspicious
Money Mule (Rapid Pass-Through)โ
Rule: Account receives a large credit and moves most of it
within a very short window (1โ24 hours)
Logic: Credit received > $5,000
AND Debit within 24h > 80% of credit amount
AND Debit payee != own account
Alert: Possible money mule account
Example:
T+0h: Receive $12,000 from unknown party
T+2h: Send $11,500 to 3 different accounts
Remaining balance: $500
Velocity Anomalyโ
Rule: Customer's transaction volume spikes dramatically
compared to their historical baseline
Logic: Count(transactions last 7 days) > 3 * avg(transactions per week, last 6 months)
OR Sum(amount last 7 days) > 3 * avg(weekly amount, last 6 months)
Alert: Unusual transaction frequency/volume
Example:
Historical: 5 transactions/week, $2,000/week average
This week: 45 transactions, $28,000
โ Alert triggered
Round-Trip / Circular Transfersโ
Rule: Funds leave and return in similar amounts within a short period
Logic: Outbound payment to Party A on Day 1
AND Inbound payment from Party A (or related) on Day 1โ3
AND Return amount >= 85% of outbound amount
Alert: Possible layering
Example:
Day 1: Transfer $50,000 to offshore company
Day 3: Receive $48,500 from same offshore company
โ Circular transaction โ possible layering
High-Risk Jurisdictionโ
Rule: Payment to/from a country on FATF high-risk list
or DFAT-listed country
Logic: Creditor or Debtor bank country_code IN (fatf_high_risk_countries)
Alert: Enhanced due diligence required
Countries on FATF Black/Grey lists (periodic changes):
Black: Iran, DPRK
Grey: Changes frequently โ includes countries with AML deficiencies
Threshold Just-Below Reporting (TTR Avoidance)โ
Rule: Multiple transactions just below $10,000 over time
Logic: Count(transactions between $9,000 and $9,999) in rolling 30 days
by same Customer_ID >= 3
Alert: Deliberate structuring below TTR threshold
Dormant Account Sudden Activityโ
Rule: Account with no activity for 6+ months suddenly
receives/sends large amounts
Logic: Last transaction date > 180 days ago
AND New transaction > $10,000 OR > 5x largest historical transaction
Alert: Dormant account reactivated โ investigate purpose
AML/CTF Reporting Obligations (Australia)โ
1. Threshold Transaction Report (TTR)โ
What: Any cash transaction (physical currency) of AUD $10,000 or more.
Triggers:
โโโ Cash deposit โฅ AUD $10,000
โโโ Cash withdrawal โฅ AUD $10,000
โโโ Foreign currency conversion โฅ AUD $10,000 in cash
โโโ Buying/selling physical precious metals for cash โฅ AUD $10,000
Filing requirement:
โโโ Report to AUSTRAC within 10 business days
โโโ Include: customer details, amount, date, facility
โโโ Keep records for 7 years
Note: Suspicion of structuring (multiple transactions to avoid TTR)
should be reported as an SMR, not a TTR
2. International Funds Transfer Instruction (IFTI)โ
What: Every international funds transfer โ regardless of amount.
Triggers:
โโโ ALL outbound SWIFT payments (any amount, including $1)
โโโ ALL inbound SWIFT payments received
โโโ NPP payments with international nexus
โโโ Foreign currency conversions involving international transfer
Filing requirement:
โโโ Report to AUSTRAC within 10 business days of sending/receiving
โโโ Include: ordering party, beneficiary, amounts, correspondent banks
โโโ Approximately 40 million IFTIs filed with AUSTRAC per year
Note: IFTI is a reporting obligation, not a red flag. It's automated
batch reporting, not manual alert review.
3. Suspicious Matter Report (SMR)โ
What: Any matter where the reporting entity suspects (or should have suspected) that information may be relevant to the investigation of a tax or Commonwealth offence, including money laundering or terrorism financing.
Low threshold โ "suspects" means reasonable grounds to suspect,
not certainty. When in doubt, file.
Triggers (non-exhaustive):
โโโ Transaction patterns consistent with money laundering typologies
โโโ Customer provides false or inconsistent information
โโโ Unusual interest in avoiding reporting thresholds
โโโ Customer identity cannot be satisfactorily verified
โโโ Sudden unexplained wealth inconsistent with known occupation
โโโ Transaction linked to known criminal investigation
โโโ Terrorism financing suspicion (ANY suspicion โ immediate report)
Filing requirement:
โโโ "As soon as practicable" after forming the suspicion
โโโ For terrorism financing: within 24 hours
โโโ Include: complete customer details, transaction details,
โ nature of suspicion, basis for suspicion
โโโ NEVER tip off the customer (criminal offence)
Note: Failure to file an SMR when required is a criminal offence
for both the institution and individual officers
Tipping-Off Prohibitionโ
This is one of the most important rules in AML/CTF compliance:
โ
You MAY:
โโโ Discuss the SMR with colleagues on a need-to-know basis
โโโ Share the SMR with AUSTRAC
โโโ Share with law enforcement (on request)
โ You MUST NOT:
โโโ Tell the customer you have filed or are filing an SMR
โโโ Hint to the customer that their account is under investigation
โโโ Tell third parties that you have filed an SMR about someone
โโโ Provide information that would allow the customer to identify
โ the existence of the SMR
โโโ Delay or structure your response in a way that tips off the subject
Penalty: Up to 2 years imprisonment + fines for individuals
AML/CTF Program Componentsโ
Every reporting entity must have a written AML/CTF Program comprising two parts:
Part A โ AUSTRAC Compliance Programโ
Required elements:
โโโ 1. ML/TF Risk Assessment
โ Identify and assess ML/TF risks for:
โ โโโ Customer types
โ โโโ Products and services
โ โโโ Delivery channels
โ โโโ Jurisdictions
โ
โโโ 2. Customer Due Diligence Procedures
โ โโโ Standard CDD
โ โโโ Simplified CDD (when eligible)
โ โโโ Enhanced CDD (EDD)
โ โโโ Ongoing CDD
โ โโโ Beneficial ownership rules
โ
โโโ 3. Transaction Monitoring Program
โ โโโ Automated monitoring rules
โ โโโ Review and alert process
โ โโโ Escalation and SMR filing
โ
โโโ 4. Employee Due Diligence
โ โโโ Staff background checks
โ โโโ AML training (at least annually)
โ โโโ Culture of compliance
โ
โโโ 5. AML/CTF Compliance Officer
โ โโโ Designated officer (often called the MLRO)
โ โโโ Senior management appointment
โ โโโ Responsible for filing SMRs
โ
โโโ 6. Independent Review
โโโ Internal or external audit
โโโ At least every 2 years (more frequently for high-risk)
Part B โ Know Your Customer (KYC) Programโ
Required elements:
โโโ Customer identification procedures
โโโ Beneficial ownership identification
โโโ Ongoing customer due diligence
โโโ Enhanced due diligence for high-risk
โโโ Record-keeping obligations
The Travel Rule (FATF Recommendation 16)โ
The Travel Rule requires that certain information about the originator and beneficiary "travel" with a wire transfer โ it must be transmitted to the next institution in the payment chain.
What Must Travel With Every Paymentโ
Originator (Debtor) Information:
โโโ Full name
โโโ Account number (or unique transaction reference if no account)
โโโ Address, or date/place of birth, or national ID number
Beneficiary (Creditor) Information:
โโโ Full name
โโโ Account number (or unique reference)
Thresholdsโ
| Jurisdiction | Threshold |
|---|---|
| FATF standard | USD/EUR 1,000 or above |
| Australia (AUSTRAC) | All international transfers (any amount per IFTI) |
| US (FinCEN) | USD 3,000 or above (bank-to-bank) |
| EU (AMLD / TFR) | EUR 1,000 or above |
Travel Rule in ISO 20022โ
The pacs.008 message naturally carries all Travel Rule information in structured fields:
<!-- Originator info โ satisfies Travel Rule -->
<Dbtr>
<Nm>John Smith</Nm>
<PstlAdr><AdrLine>123 Main St, Sydney NSW 2000</AdrLine></PstlAdr>
</Dbtr>
<DbtrAcct><Id><Othr><Id>12345678</Id></Othr></Id></DbtrAcct>
<!-- Beneficiary info โ satisfies Travel Rule -->
<Cdtr>
<Nm>Jane Doe</Nm>
</Cdtr>
<CdtrAcct><Id><Othr><Id>87654321</Id></Othr></Id></CdtrAcct>
This is one reason why ISO 20022 migration is so important for compliance โ legacy MT formats often failed to carry all required fields.
Risk-Based Customer Segmentationโ
Banks assign each customer a risk rating that drives CDD intensity and monitoring sensitivity:
Risk Scoring Model:
Customer Risk Score = f(
customer_type, // Individual, company, charity, PEP, etc.
geography, // Home country, transaction countries
industry, // Cash-intensive, high-risk sectors
product_usage, // International wires, cash, crypto
relationship_tenure, // New customer = higher risk
historical_alerts, // Previous TM alerts, SMRs
negative_news // Adverse media screening
)
Risk Buckets:
LOW (Score < 30) โ SDD / Standard CDD, 5-year refresh
MEDIUM (Score 30-70) โ Standard CDD, 3-year refresh
HIGH (Score 70-90) โ EDD, annual refresh
VERY HIGH (Score > 90) โ EDD + senior approval, 6-month review
Adverse Media Screeningโ
Beyond sanctions lists and PEP databases, banks screen for negative news:
What is screened:
โโโ News articles linking customer to crime, corruption, fraud
โโโ Court records and judgements
โโโ Regulatory enforcement actions
โโโ Company insolvency and bankruptcy records
โโโ Social media (in some cases)
Sources:
โโโ Commercial providers: World-Check, Dow Jones Risk & Compliance,
โ LexisNexis, Refinitiv
โโโ AUSTRAC alerts
โโโ ACIC (Australian Criminal Intelligence Commission) records
โโโ Open source internet search
Frequency:
โโโ At onboarding
โโโ Ongoing automated monitoring (many providers offer alerts)
โโโ On trigger events (e.g., new transaction from high-risk country)
FATF Mutual Evaluation and Country Riskโ
FATF periodically evaluates every member country's AML/CTF regime:
FATF Evaluation Outcomes:
COMPLIANT:
Country has effective AML/CTF regime
Standard due diligence applies
GREY LIST (Increased Monitoring):
Jurisdiction with strategic deficiencies
Committed to work with FATF to address
โ Bank should apply enhanced due diligence for customers/payments
involving this country
BLACK LIST (Call for Action):
High-risk jurisdictions โ Iran, DPRK
FATF calls for countermeasures
โ Banks should apply the most stringent EDD or avoid entirely
โ Overlaps heavily with OFAC/UN sanctions
Current status at: www.fatf-gafi.org (updated regularly)
AML in the Payment Processing Pipelineโ
Payment Instruction Received
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ STEP 1: CUSTOMER RISK CHECK โ
โ โโโ KYC status: VERIFIED? EXPIRED? PENDING? โ
โ โโโ Customer risk rating: LOW / MEDIUM / HIGH? โ
โ โโโ Is customer a PEP? โ EDD monitoring active? โ
โ โโโ Customer on internal watchlist? โ
โ โโโ AML/CTF program hold on account? โ
โโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ STEP 2: TRANSACTION MONITORING RULES โ
โ โโโ Structuring rule โ
โ โโโ Money mule (rapid pass-through) rule โ
โ โโโ Velocity anomaly rule โ
โ โโโ Round-trip / circular transaction rule โ
โ โโโ High-risk jurisdiction rule โ
โ โโโ Dormant account sudden activity rule โ
โ โโโ Custom bank-specific rules โ
โโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโดโโโโโโโโโโโ
โ โ
CLEAR ALERT RAISED
โ โ
โผ โผ
Continue Hold Payment
Processing Queue to AML Analyst
โ
โโโโโโโโโโโดโโโโโโโโโโโ
โ โ
FALSE POSITIVE TRUE SUSPICIOUS
โ โ
Document Continue Investigation
Release File SMR with AUSTRAC
Tune Rule Possible account closure
Report to AFP if terrorism
Java Spring โ Full AML/KYC Implementationโ
// Customer KYC model
@Entity
@Table(name = "customer_kyc")
public class CustomerKyc {
@Id
private String customerId;
@Enumerated(EnumType.STRING)
private KycStatus status; // PENDING, VERIFIED, EXPIRED, SUSPENDED
@Enumerated(EnumType.STRING)
private RiskRating riskRating; // LOW, MEDIUM, HIGH, VERY_HIGH
@Enumerated(EnumType.STRING)
private DueDiligenceLevel ddLevel; // SDD, STANDARD, EDD
private boolean isPep;
private String pepRole; // "Minister of Finance"
private boolean isUbo; // Is this person a UBO of another entity?
private boolean adverseMediaFlag;
private LocalDate kycVerifiedDate;
private LocalDate kycExpiryDate; // When next refresh is due
private LocalDate lastReviewDate;
@OneToMany(mappedBy = "customerId", cascade = CascadeType.ALL)
private List<UltimateBeneficialOwner> ubos;
@OneToMany(mappedBy = "customerId", cascade = CascadeType.ALL)
private List<CustomerDocument> identityDocuments;
}
// Transaction Monitoring Service
@Service
@Slf4j
public class TransactionMonitoringService {
private final List<TmRule> rules; // injected rules (Spring beans)
private final TmAlertRepository alertRepository;
private final ComplianceQueueService complianceQueue;
private final SmrService smrService;
private final AuditService auditService;
public TmResult evaluate(PaymentInstruction instruction, Customer customer) {
List<TmAlert> alerts = new ArrayList<>();
TmContext context = TmContext.builder()
.instruction(instruction)
.customer(customer)
.customerHistory(transactionHistoryService.get(customer.getId(), 180))
.build();
for (TmRule rule : rules) {
if (rule.isApplicable(context)) {
RuleResult result = rule.evaluate(context);
if (result.isAlert()) {
alerts.add(TmAlert.builder()
.ruleId(rule.getId())
.ruleName(rule.getName())
.severity(result.getSeverity())
.description(result.getDescription())
.paymentId(instruction.getId())
.customerId(customer.getId())
.raisedAt(Instant.now())
.status(TmAlertStatus.OPEN)
.build());
}
}
}
if (!alerts.isEmpty()) {
alertRepository.saveAll(alerts);
complianceQueue.submit(alerts);
auditService.logTmAlerts(instruction.getId(), alerts);
log.warn("TM alerts raised for payment {}: {} alerts",
instruction.getId(), alerts.size());
return TmResult.hold(alerts);
}
// Check IFTI obligation (international transfers)
if (instruction.isInternational()) {
iftiScheduler.schedule(instruction);
}
return TmResult.clear();
}
}
// Structuring Rule implementation
@Component
public class StructuringRule implements TmRule {
private static final BigDecimal TTR_THRESHOLD = new BigDecimal("10000.00");
private static final BigDecimal LOWER_BOUND = new BigDecimal("9000.00");
private static final int MIN_COUNT = 3;
private static final int WINDOW_HOURS = 24;
@Override
public String getId() { return "TM-001-STRUCTURING"; }
@Override
public boolean isApplicable(TmContext ctx) {
return ctx.getInstruction().isCash();
}
@Override
public RuleResult evaluate(TmContext ctx) {
String customerId = ctx.getCustomer().getId();
LocalDateTime windowStart = LocalDateTime.now().minusHours(WINDOW_HOURS);
List<Transaction> recentCash = ctx.getCustomerHistory().stream()
.filter(t -> t.isCash())
.filter(t -> t.getTimestamp().isAfter(windowStart))
.collect(toList());
BigDecimal totalCash = recentCash.stream()
.map(Transaction::getAmount)
.reduce(BigDecimal.ZERO, BigDecimal::add);
boolean allBelowThreshold = recentCash.stream()
.allMatch(t -> t.getAmount().compareTo(TTR_THRESHOLD) < 0);
boolean sumNearThreshold = totalCash.compareTo(LOWER_BOUND) >= 0
&& totalCash.compareTo(TTR_THRESHOLD) < 0;
if (allBelowThreshold && sumNearThreshold
&& recentCash.size() >= MIN_COUNT) {
return RuleResult.alert(
AlertSeverity.HIGH,
String.format(
"Structuring: %d cash transactions totalling $%.2f in 24h, "
+ "all below TTR threshold",
recentCash.size(), totalCash)
);
}
return RuleResult.clear();
}
}
// AML screening orchestrator
@Service
public class AmlComplianceService {
public AmlDecision assess(PaymentInstruction instruction, Customer customer) {
// 1. KYC status
CustomerKyc kyc = kycRepository.findById(customer.getId())
.orElseThrow();
if (kyc.getStatus() == KycStatus.EXPIRED) {
return AmlDecision.hold(HoldReason.KYC_EXPIRED,
"KYC expired on " + kyc.getKycExpiryDate());
}
if (kyc.getStatus() == KycStatus.SUSPENDED) {
return AmlDecision.block(BlockReason.KYC_SUSPENDED);
}
// 2. PEP โ apply EDD monitoring
if (kyc.isPep()) {
eddMonitor.record(instruction, customer);
}
// 3. Transaction monitoring
TmResult tmResult = transactionMonitoringService
.evaluate(instruction, customer);
if (tmResult.isHold()) {
return AmlDecision.hold(HoldReason.TM_ALERT,
tmResult.getAlerts().size() + " TM alerts");
}
// 4. IFTI reporting (does not block payment)
if (instruction.isInternational()) {
iftiScheduler.schedule(instruction);
}
return AmlDecision.clear();
}
}
AML vs CTF vs Sanctions vs Fraudโ
| Dimension | AML | CTF | Sanctions | Fraud |
|---|---|---|---|---|
| Goal | Detect laundering of crime proceeds | Prevent funding of terrorism | Block prohibited persons/countries | Prevent monetary loss |
| Money flow | Large amounts, dirty โ clean | Small amounts, clean โ violence | Any amount, prohibited parties | Unauthorised transactions |
| Threshold | Risk-based | Zero tolerance โ any amount | Zero tolerance | Risk-based |
| Lists used | FATF guidance, internal TM rules | FATF guidance, terror lists | OFAC, UN, DFAT, EU | Internal blacklists |
| Report to | AUSTRAC (SMR, TTR, IFTI) | AUSTRAC (SMR) + AFP | AUSTRAC + DFAT + foreign regulators | Internal only |
| Tip-off allowed? | โ Criminal offence | โ Criminal offence | โ Criminal offence | โ Yes |
| Who investigates | AML analyst โ MLRO | AML analyst โ MLRO โ AFP | Sanctions officer โ Legal | Fraud analyst |
| Customer relationship | May continue with monitoring | Terminate if confirmed | Terminate and freeze | Review + restrict |
Related Conceptsโ
- sanction.md โ Sanctions runs alongside AML; different lists and purpose
- fraud.md โ Third pillar of compliance; different reporting chain
- fis.md โ FI-level AML obligations and correspondent banking
- payment_exceptions.md โ AML holds as payment exceptions
- outbound.md โ AML checkpoint on outbound payments
- inbound.md โ AML checkpoint on inbound payments
- open_banking.md โ CDR data-sharing and AML/privacy balance
- core_banking.md โ KYC data stored in customer information file (CIF)