The EU’s legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT) plays an essential part in the global fight against financial crime.

In recent years, numerous changes have been made to the AML/CFT framework to consolidate existing legislation and close regulatory gaps across the EU.

The latest development was the publishing of a new AML/CFT package consisting of four legislative proposals:

  • A Regulation creating a new European Anti-Money Laundering Authority (AMLA) to coordinate national authorities and ensure that AML rules are consistently applied across the EU
  • A Regulation adding crypto-asset services providers to the list of obliged entities, clarifying customer due diligence measures, and introducing more detailed rules regarding the identification of beneficial owners
  • A new Anti-Money Laundering Directive (6th AML Directive)
  • A revised Regulation on Transfer of Funds to ensure the traceability of crypto assets

While increasing requirements and frequent regulatory changes advance global AML/CFT efforts, they also make it more difficult and expensive for obliged entities to comply.

At Penneo, we believe regulatory compliance shouldn’t be a headache. Therefore, we’ve put together this article to help you understand how your business can comply with Anti-Money Laundering rules.

What is Anti-Money Laundering?
Why do we need Anti-Money Laundering rules?
How do criminals launder money?
Why do businesses need to comply with Anti-Money Laundering rules?
How can businesses comply with Anti-Money Laundering rules?
How can Penneo help you achieve AML compliance?


What is Anti-Money Laundering?

Anti-Money Laundering or AML is a set of regulations, directives, and laws designed to prevent criminals from disguising illegal funds as legitimate income.


Why do we need Anti-Money Laundering rules?

Money laundering poses a significant threat to European citizens, companies, and institutions. Not to mention its damaging impact on the European economy.

Bad actors use the financial system to launder money generated by criminal activities such as drugs and human trafficking, excise fraud, cybercrime, migrant smuggling, etc.

Due to its illegal nature, the true extent of money laundering is hard to estimate. However, according to Europol, around 1% of the EU’s annual GDP is laundered every year.

Anti-Money Laundering rules help prevent, detect, and punish money laundering and terrorist financing and protect the integrity of the financial markets.


How do criminals launder money?

Money laundering is a three-step process consisting of placement, layering, and integration.

During placement, illegally acquired money is placed into a legitimate financial system by funnelling money via cash-based businesses or making small deposits to either one or multiple bank accounts.

Next, the criminal carries out multiple financial transactions to make the illegal origin of the money as hard as possible to trace. This step is known as layering.

Integration is the last stage of money laundering. By now, the origin of the funds can no longer be detected as they reenter the economy in the form of apparently legitimate transactions. Integration is done by buying real estate, fine art, jewellery, and other high-value goods.


Why do businesses need to comply with Anti-Money Laundering rules?

Businesses with a higher risk of exposure to money laundering are legally obliged to comply with AML rules. Obliged entities include, but are not limited to:

  • Financial institutions
  • Auditors, accountants, and tax advisors
  • Lawyers and notaries
  • Real estate agents
  • Gambling service providers
  • Trust and company service providers
  • Other entities that sell high-value goods (diamonds, fine art, collectables, etc.) and accept cash payments of €10,000 or more

Such businesses need to set up efficient AML measures to ensure regulatory compliance, avoid hefty fines, and protect them from reputational damage.


How can businesses comply with Anti-Money Laundering rules?

To ensure AML compliance, businesses must:

  • carry out KYC processes
  • report suspicious activities to the FIUs
  • set up policies, procedures, and controls

1. The KYC process

Companies need to conduct KYC processes to ensure that they only do business with legitimate individuals and organizations.

The KYC process helps you verify the identity of your customers, assess their risk level, and establish the intended nature of the business relationship.

As part of their KYC processes, banks and other obliged entities must also monitor the transactions made by their customers. Monitoring transactions helps you identify and analyze suspicious transactions potentially related to money laundering.

Keep in mind that KYC is not a one-time process but an ongoing activity. To ensure that the KYC information is accurate, you need to review and update it periodically.

What’s more, all KYC information needs to be kept for five years after the end of the business relationship.

2. Transaction monitoring

Banks and other obliged entities must monitor the transactions made by their customers.

Monitoring transactions helps you identify and analyze suspicious transactions potentially related to money laundering.

3. Reporting suspicious activities to FIUs

If you suspect any money laundering activities, you must file a report to inform Financial Intelligence Units (FIUs). Do not let the customer know that you filed the report and an investigation is underway.

Additionally, refrain from carrying out unusual transactions with or on behalf of the suspected customer.

4. AML compliance program

The AML compliance program consists of AML/CFT policies, procedures, and internal controls to conform with Anti-Money Laundering regulations.

In case of an audit, you will be required to provide your policies, procedures, and controls to demonstrate your organization’s compliance with Anti-Money Laundering rules.

The policies, procedures, and control measures you need to implement vary based on the company’s risk of being exploited in connection with money laundering.

Therefore, you need to first conduct an internal AML risk assessment to determine the risk level of your business. Some of the factors that impact the risk level are:

  • the sector in which the company operates
  • the nature and complexity of the business
  • the size of the company
  • the countries where the company does business
  • the customer base of the company
  • the distribution channels used

However, since risks evolve over time, you need to periodically review and update your internal risk assessment.

Naturally, the higher the risk of money laundering for your business, the more comprehensive your policies, procedures, and controls have to be.

AML/CFT policies

An AML/CFT policy is a written document that should include:

  • a description of money laundering and terrorist financing risks to which the business is exposed
  • the principles to be followed in terms of risk assessment
  • the maximum level of risk that the company will tolerate
  • a description of how the institution plans to manage the risks
  • the principles on which the internal control measures will be built
  • details on how the organization assesses customer risk levels

AML/CFT procedures

AML/CFT procedures are based on the AML/CFT policy and must be written down.

Such procedures should cover:

  • how to perform the overall risk assessment and conduct customer due diligence and KYC
  • how to identify and analyze suspicious transactions and report them to FIUs
  • how to report AML violations to the AML Compliance Officer
  • which information should be retained and for how long
  • how to ensure the protection of said information


Businesses need to set up internal control measures to ensure compliance with AML/CFT policies and procedures.

Internal controls should check:

  • operational activities
  • the activities and role of the AML Compliance Officer
  • third-party agents such as companies who refer new customers to your businesses and subcontractors

You must distribute AML policies, procedures, and controls and provide AML/CFT training to all responsible employees and agents.

If your company faces a high risk of money laundering, you need to appoint an AML Compliance Officer. Additionally, you need to screen your employees and carry out independent audits to check the efficiency of internal policies, procedures, and controls.


How can Penneo help you achieve AML compliance?

Digital solutions can help you save time and simplify the different steps in the AML compliance process.

Penneo KYC, for example, automates the entire KYC process – from document collection and guided risk assessment to secure data storage.

All you have to do is enter the customer’s name, and Penneo will automatically screen them against PEP and sanctions lists.

If the customer is a company, the system will check it against business registers and retrieve all relevant information, such as registration number, legal form, and beneficial owners.

Next, our solution will ask you a series of predefined questions to help you determine the customer’s risk level.

After completing the risk assessment, Penneo will provide you with a list of KYC documents. Select the documents you need and send the request to your customer.

The customer can use their phone, laptop, or tablet to open the request and upload the documents within minutes.

Once you get the documents and approve them, the KYC process is complete.

With Penneo, customer data and documents are encrypted and protected from prying eyes. Moreover, all information is stored in the cloud in full compliance with both GDPR and AML requirements.

After a business relationship ends, Penneo stores the documents for five years then automatically deletes them.

Streamline regulatory compliance and make time for the work that matters!

Book a demo of Penneo KYC

If you're looking to learn more, we have a few suggestions for you

9 expert tips for picking the perfect KYC solution

9 expert tips for picking the perfect KYC solution

eIDAS 2.0

eIDAS 2.0 and its impact on digital transactions and identity verification

EU unveils ambitious AML package

EU unveils ambitious AML package