The AML Training Academy and Advisory LLC Logo

Our Blog

5 Pillars of a Successful Anti-Money Laundering Program

We are quite familiar with the four pillars of a quality anti-money laundering program. They have been established and should be part of every financial institutions compliance program.

The Four Pillars of an Anti-Money Laundering Program:

  • Designation of a Compliance Officer
  • Written Internal Policies, Procedures and Controls
  • Ongoing Training for Employees
  • Independent Review

What use to be known as the four absolutes for an AML compliance program should be revised to reflect a new absolute.

The Five Pillars of an Anti-Money Laundering Program

That new absolute, or the fifth pillar, is the customer due diligence requirement. FinCEN mandated this fifth pillar of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance be fully in effect in the US as of May 2018.

One of the concerns regarding customer due diligence is that previous procedures did not mandate financial institutions to identify individuals who own or control legal entities. Legal entities are described as a corporation, limited liability company, or other entity that is created by the filing of a public document with a Secretary of State or similar office, a general partnership, and any similar entity formed under the laws of a foreign jurisdiction that opens an account.

The fifth pillar regulates knowing who the person is behind the account. This is commonly referred to as beneficial ownership. The Wolfsberg AML Principles describes beneficial ownership as the person who has ultimate control over the funds in the account.

However, you must realize that the person in whose name an account is opened is not necessarily the person who ultimately controls the funds.

For example, a limited liability corporation may indicate that it is owned by numerous LLC’s who in turn are owned by various other LLC’s, who are owned by still more LLC’s. As you drill down the flowchart it begins to look like a spider web that branches out exponentially. I would classify this as corporation structuring.

The result is a difficult to decipher flowchart often used by bad guys to confuse authorities. There may be legitimate reasons for the cascading entities, however, this process is a golden ticket for tax avoiders, tax evaders, criminal enterprises and terrorist financiers.

Regrettably, a natural/real person’s identity may be hidden and the beneficial owner is not known. From a risk perspective, the lack of transparency surrounding whom a financial institution is dealing with, (the customer), has the potential for considerable danger and substantial risk to the financial institution.

The Straw That Broke The Camel’s Back: The Panama Papers

One of the best examples of why this is important is the incident referred to as “The Panama Papers”. A Panama law firm assisted in the creation of thousands of shell companies in the Republic of Seychelles. Seychelles is an island chain in the Indian Ocean off the east coast of Africa.

The United States Department of State has deemed Seychelles as a jurisdiction of concern. While a shell company in and of itself does not indicate any wrongdoing, and it is perfectly legal, it can provide a method for criminals to hide the proceeds of their crimes from view.

Why is this important? Because this is a loophole in the AML world. All the policies and procedures of the four pillars do not amount to a hill of beans if a criminal can simply hide behind a series of LLC’s that protect the identities of the criminals and/or terrorists.

The world’s most wanted man is not going to stroll into the bank, give his name and try to open an account. He will attempt to shield himself by using strawmen, intermediaries and shell companies to hide his true identity. The transparency of a financial institutions customer is a must if we want to clamp down on money laundering and/or terrorist financing.

Four Core Elements to Customer Due Diligence

According to FinCEN there are four core elements of a customer due diligence program.

    1. Customer identification and verification;
    2. Beneficial ownership identification and verification;
    3. Understanding the nature and purpose of customer relationships to develop a customer risk profile, and;
    4. Ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information.

Let’s review the aforementioned elements: 

  1. Customer ID and verification basics have already been a part of an anti-money laundering program under the CIP rules so there is very little that is new in that aspect.
  2. Beneficial ownership and ID is a new component and is the crux of the new ruling. Financial institutions are mandated to create and execute written policies and procedures to ID and verify the beneficial owner of legal entities at the time a new account is opened. Beneficial ownership consists of two prongs, ownership and control:

    A. Ownership: Directly or indirectly owns 25 percent or more of the equity interest. If no persons meet that 25 percent threshold, then no individuals would need to be identified. These numbers may be lowered due to each institutions’ specific requirements. For example, a high risk business may warrant a deeper dive and therefore the threshold for beneficial ownership may be lower than the required 25% for individual ownership. Hence, this is one of the reasons that solid KYC and CIP is paramount.

    B. Control: An individual that exercises control over a legal entity such as, executive officer, senior manager or trustee. If there is no ownership identified above the threshold, then there must be a controlling person.

  3. Understanding the nature of the relationship is also something that has already been added to a quality anti-money laundering program in the form of a risk-based approach. Most all institutions have implemented some type of risk matrix to establish a risk rating of the customer. Similar to customer ID and verification, little is new here.
  4. Ongoing monitoring for suspicious activities is the basis of a SAR/STR format and should have previously been implemented. (Note: For a list of exceptions please refer to website).

When conducting due diligence, it is acceptable for a financial institution to rely on another financial institution, including an affiliate, to ascertain the beneficial ownership information.

The financial institutions process should be that at the time an account is opened, they should obtain a standard certification form completed by the individual opening the account on behalf of a legal entity customer.

The institution is required to verify the identity of beneficial owners consistent with current CIP practices. The institution would record the beneficial owner’s name, date of birth, address, and government-issued identification number (a Social Security number for U.S. persons, or a passport number with country of issuance or similar identification number for non-U.S. persons).

The forms, as well as descriptions of supporting documentation and verification, would have to be retained for five years after any account is closed.

When conducting due diligence, and assuming that you can make headway into making heads or tails out of the elaborate series of shell companies, it still may be quite difficult to track down the actual beneficial owner.

A potential solution that is gaining traction and could be a piece of proposed legislation in the near future, is the development of a central beneficial ownership database or central registry. (It is already mandated as per the EU 5th AMLD, however, the EU has placed a temporary hold on implementation as of this writing.)

The subsequent transparency would make it easier to peel back the onion and reveal all the layers that help hide the ownership of a legal entity. The registry would have to be international in its operation. The cooperation of many countries would be paramount to its succes


The fifth pillar, like most new regulations, will present a challenge to financial institutions to put into operation the additional measures required to reveal the transparency of legal entities. In the end, it will allow authorities the luxury of knowing who is behind the veil of the corporate structure and increase anti-money laundering efforts.

It is necessary that the fifth pillar of your anti-money laundering program is in effect.

Additional Articles That May Interest You

The Biggest Dangers of Money Laundering by Kevin Sulllivan, CAMS The AML Training Academy President

I work with AML programs large and small, if you need a customized and quality anti-money laundering program, training, or advise I invite you to contact me to learn how I can help with your AML compliance. – Kevin Sullivan, CAMS, President of The Anti-Money Laundering (AML) Training Academy.

About the Author

Kevin Sullivan, CAMS, CCI is a retired New York State Police Investigator and Federal Agent who dedicated his career to AML and continues that work through his company, The AML Training Academy and Advisory LLC. Kevin coordinated AML investigations for the state of New York while being detailed to one of the worlds largest AML task forces, the NY High Intensity Financial Crime Area (HIFCA) El Dorado Task Force. He has helped develop and implement global AML guidelines and trained and advised all industries and government agencies requiring AML around the globe. He helped to write various certification programs for the Association of Certified Anti-Money Laundering Specialists’ (ACAMS) and was the co-founder and former chair of their inaugural chapter which was in NY. Follow Kevin or reserve a seat in one of his live webinars. Space is limited!

Upcoming Live Streaming AML/BSA/AFC/CTF Webinars


Join Kevin’s live streaming beginner and advanced AML/BSA/AFC/CTF compliance webinar courses at  Reserve your seat today.  Space is limited!

For more info or to arrange Custom Compliance Training Classes and Advisory Services contact The AML Training Academy and Advisory LLC at: ☎ (855) 265-7700 | 📧