AML Compliance Manual: create an effective strategy against money laundering

What is anti-money laundering?

Amanda Khatri

Amanda Khatri

Editorial Manager

AML Compliance Manual: create an effective strategy against money laundering

Keep up with emerging regulatory change anti-money laundering with CUBE.


An anti-money laundering compliance manual (AML) is a procedural document for financial institutions. Its purpose is to prevent financial crime and money laundering through guidance and systematic processes. Whilst each location has its own money laundering regulations, there are some common features of AML compliance which precede locational differences.

What is anti-money laundering?

The anti-money laundering movement’s objective is to prevent transactions that obscure ‘dirty’ money and make it appear to be from a legitimate source. ‘Dirty’ money refers to funds earned through illegal activities, or for the purpose of committing crimes, such as terrorist financing.

Governments and regulatory organisations all over the world have put measures in place to prevent instances of money laundering. For example, the latest iteration of the anti-money laundering directive (5AMLD) continues to build protection against criminal activities through four key focuses:  

  • Focus on online identification
  • Enhanced due diligence on potential customers
  • Ultimate Beneficial Ownership (UBO) verification
  • Adding to Politically Exposed Persons (PEP) lists

Moreover, each jurisdiction has put together its own panel to help prevent cases of money laundering. In June 2022, the European Banking Authority (EBA) increased its presence by publishing new guidelines for anti-money laundering compliance officers. 

This EBA guidance spells out seven categories of responsibility, including a huge focus on risk and reporting.  

Purpose of AML compliance manuals

Diving into the specificities, AML compliance manuals form part of the solution for regulatory bodies over the globe. However, two different branches of the same company could be subject to different AML regulations, if they are located in separate areas of the world.

In the US, the Financial Regulation Authority (FINRA) requires financial institutions and firms to develop their own AML compliance manual. The purpose of these manuals is to establish a way for firms to detect and report suspicious activity and transactions. 

Moreover, AML compliance manuals are a useful tool for setting out the exact risk assessment and reporting framework processes. When each financial institution measures risk in the same way, investors and the public can better compare products to understand which route is right for them. 

The FINRA legislation applies to financial institutions, broker-dealers, capital acquisitions brokers and funding portals, both those located in the US and external companies whose reach extends to the United States. However, it’s not just the US companies who must comply. AML compliance manuals are part of the solution for regulatory bodies all over the globe, each with its own jurisdiction and specifications. 

What should an AML compliance manual include?

Generally, there are five major pillars for an anti-money laundering compliance manual: 

  1. Internal Policies
  2. Procedures and Controls
  3. AML Officer
  4. Employee Training
  5. Customer Due Diligence

Internal Policies

The first pillar of an AML compliance manual ensures that all activities are monitored and any data that is collected, can be verified. With such high-risk activities taking place inside financial institutions, internal policies allow companies to implement controls that conform to regulations. Every employee has their own specific role within the process and must follow the actions set out by risk assessments and their associated frameworks.

Audits and procedures

This second pillar of the AML compliance manual should mean that it meets compliance standards when tested. Taking a risk-based approach, AML compliance manuals must implement measures that stand up to external examiners and independent auditors.

For high-risk organisations, procedural tests must be performed more frequently.

AML Officer

The designated anti-money laundering officer is generally responsible for compliance. Their purpose in an organisation is to have the experience and authority to make policy suggestions and changes, as well as to ensure that their colleagues are following correct procedures. Moreover, the AML compliance officer should have the resources to perform investigations when necessary. For example, European regulators ask for suspicious transactions and order reports for seven types of behaviours that tend to signify criminal behaviour. Most often a senior member of staff, this AML officer should be in regular contact with regulatory bodies and auditors.

Employee Training

To meet this pillar, employee training programs should be regular and customised. Usually run by the compliance officer or an external team, employees should be trained on the general procedures, as well as how to handle new situations when they occur in the market. This reactive part of employee training may be the most overlooked component of the entire AML compliance manual. 

To meet regulatory requirements, strict records need to be maintained for who attended training, on which date, and what was covered. This will be important for later auditing.

Customer Due Diligence

Before AML measures were put in place, it was fairly easy for criminals to access and open accounts with financial institutions. However, the focus on customer due diligence through detailed screening aims to prevent this. 

More than just a risk assessment, due diligence refers to comprehensive verification measures to prove that customers are who they say they are and aren’t hiding financial information. In Europe, the Know Your Customer (KYC) framework enables financial institutions to build the risk profiles of each customer by collecting the appropriate identifiable data. 

Importantly, customer due diligence is not a one-time task. As part of AML compliance requirements, this is a continuous process requiring ongoing monitoring to identify when a client profile changes.

How to make AML compliance easier

The five pillars of AML compliance manuals are a conclusive framework to prevent the funding of criminal activity. However, it’s fair to say that the general framework is directed more towards managing the fallout, than overall prevention. 

However, balancing the attention more towards the prevention of money laundering may make AML compliance easier. Firms can focus on risk prevention by ditching manual processes and enhancing their automated operational activities. 

For example, the utilisation of horizon scanning technology aims to close the regulatory gap. With a constant stream of updates to older regulations and the frequent introduction of new ones, it can be near impossible for financial institutions to keep up with the ever-changing landscape. But horizon scanning uses AI to deliver only the relevant amendments- meaning that compliance departments don’t waste their time sorting through the noise. 

Test out horizon scanning technology with CUBE’s RegPlatform and begin your journey to a completely automated regulatory change process. 


If you’re struggling to keep up with the pace of regulatory change for cryptocurrency, we’d love to hear from you.


Related resources

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

What is Executive Order 14028 and who must comply with the US regulation? And will it affect the cyb...

What is the US’ Community Reinvestment Act?

What is the US’ Community Reinvestment Act?

Are you aware of the latest updates to the Community Reinvestment Act in the US? Learn more about fi...

What regulations are there for the payment services industry?

What regulations are there for the payment services industry?

Discover the regulations shaping payment services, from PSD2 to AMLD6. Stay compliant with CUBE's in...

What is the CISO (Chief Information Security Officer) responsible for?

What is the CISO (Chief Information Security Officer) responsible for?

CISO's face a number of challenges with regulations constantly changing. Learn more about some of th...

View More