5 Pillars of a Successful Anti-Money Laundering Program

In Anti-Money Laundering Program by Kevin Sullivan

We are quite familiar with the four pillars of a quality anti-money laundering program. They have been established and should be part of every financial institutions compliance program.

The Four Pillars of an Anti-Money Laundering Program:

  • Designation of a Compliance Officer
  • Written Internal Policies, Procedures and Controls
  • Ongoing Training for Employees
  • Independent Review

What use to be known as the four absolutes for a financial institutions compliance program should be revised to reflect a new absolute. That new absolute, or the fifth pillar, is the customer due diligence requirement. Fortunately, there is plenty of time to get your ducks in a row as FinCEN states implementation goes into effect in the U.S. as of May of 2018.

One of the concerns regarding customer due diligence is that current procedures do not mandate financial institutions to identify individuals who own or control legal entities.

A legal entity is described as a corporation, limited liability company or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account.

Knowing who the person is behind the account is commonly referred to as beneficial ownership. The Wolfsberg AML Principles describes beneficial ownership as the person who has ultimate control over the funds in the account.

However, you must realize that the person in whose name an account is opened is not necessarily the person who ultimately controls the funds.

For example, a limited liability corporation may indicate that it is owned by numerous LLC’s who in turn are owned by various other LLC’s, who are owned by still more LLC’s.  As you drill down the flowchart it begins to looks like a spider web that branches out exponentially.  I would classify this as corporation structuring.

The result is a difficult to decipher flowchart most likely done just to confuse the authorities. Perhaps there is a legitimate reason for the cascading entities, however, that process is a golden ticket for tax avoiders, tax evaders, criminal enterprises and terrorist financiers.

Regrettably, a natural/real person’s identity may be hidden and the beneficial owner is not known. From a risk perspective, the lack of transparency surrounding whom a financial institution is dealing with, (the customer), has the potential for substantial risk and considerable danger.

The Straw That Broke The Camels Back: The Panama Papers

One of the best examples of why this is important is the incident referred to as “The Panama Papers”. A Panama law firm assisted in the creation of thousands of shell companies in the Republic of Seychelles. Seychelles is an island chain in the Indian Ocean off the east coast of Africa.

The United States Department of State has deemed Seychelles as a jurisdiction of concern. While a shell company in and of itself does not indicate any wrongdoing, and it is perfectly legal, it can provide a method for criminals to hide the proceeds of their crimes from view.

Why is this important? Because this is a loophole in the AML world. All the policies and procedures of the four pillars does not amount to a hill of beans if a criminal can simply hide behind a series of LLC’s that protect the identities of the criminals and/or terrorists.

The worlds most wanted man is not going to stroll into the bank, give his name and try to open an account. He will attempt to shield himself by using strawmen, intermediaries and shell companies to hide his true identity. The transparency of a financial institutions customer is a must if we want to clamp down on money laundering and/or terrorist financing.

Four Core Elements to Customer Due Diligence

According to FinCEN there are four core elements of a customer due diligence program.

  1. Customer identification and verification;
  2. Beneficial ownership identification and verification;
  3. Understanding the nature and purpose of customer relationships to develop a customer risk profile, and;
  4. Ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information.

Let’s review the aforementioned elements: 

  1. Customer ID and verification basics have already been a part of an anti-money laundering program under the CIP rules, so, there is very little that is new in that aspect.
  2. Beneficial ownership and ID is new component and is the crux of the new ruling. The Financial institution will be mandated to create and execute written policies and procedures to ID and verify the beneficial owner of legal entities at the time a new account is opened. Beneficial ownership consists of two prongs, ownership and control:

A. Ownership: Directly or indirectly own 25 percent or more of the equity interest.  If no persons meet that 25 percent threshold, then no individuals would need to be identified. These numbers may be lowered due to each institutions specific requirements.  Further, there will usually be a different percentage depending upon the risk rating of the customer.

B. Control: An individual that exercises control over a legal entity such as, executive officer, senior manager or trustee.

  1. Understanding the nature of the relationship is also something that has already been added to a quality anti-money laundering program in the form of a risk-based approach. Most all institutions have implemented some type of risk matrix to establish a risk rating of the customer. Similar to customer ID and verification, little is new here.
  2. Ongoing monitoring for suspicious activities is the basis of a SAR/STR format and should have previously been implemented. (Note: For a list of exceptions please refer to FinCEN.gov website).

When conducting due diligence, it is acceptable for a financial institution to rely on another financial institution, including an affiliate, to ascertain the beneficial ownership information.

The financial institutions process should be that at the time an account is opened, they would have to obtain a standard certification form completed by the individual opening the account on behalf of a legal entity customer.

The institution would be required to verify the identity of beneficial owners consistent with current CIP practices. The institution would record the beneficial owner’s name, date of birth, address, and government-issued identification number (a Social Security number for U.S. persons, or a passport number with country of issuance or similar identification number for non-U.S. persons).

The forms, as well as descriptions of supporting documentation and verification, would have to be retained for five years after any account is closed.

When conducting due diligence, and assuming that you can make headway into making heads or tails out of the elaborate series of shell companies, it still may be quite difficult to track down the actual beneficial owner.

A potential solution that is gaining traction and could be a piece of proposed legislation in the near future, is the development of a central beneficial ownership database or central registry.

The Elements Required for a Central Registry

While the details of exactly how this registry would operate is still under consideration, basically, the central registry would consist of the following:

  1. A federal registry is designated to obtain identification documents of the beneficial owner of a company, the registered agent, and all third parties including all trusts and foundations.
  2. Due diligence and monitoring is performed to verify the information provided.
  3. The information would be publically available (some info could withheld from public access).

The subsequent transparency would make it easier to peal back the onion and reveal all the layers that help hide the ownership of a legal entity.  The registry would have to be international in its operation. The cooperation of many countries would be paramount to its success.


The fifth pillar, like most new regulations, will present a challenge to financial institutions to put into operation the additional measures required to reveal the transparency of legal entities. In the end, it will allow authorities the luxury of knowing who is behind the veil of the corporate structure and increase anti-money laundering efforts.

It will be necessary going forward to ensure this part of your anti-money laundering program.

I work with financial institutions large and small, if you need a customized and quality anti-money laundering program I invite you to contact me to learn how I can help you with AML compliance.