Getting AML Right: What a Fit-For-Purpose Framework Looks Like

Avatar for John Leahy
By John Leahy Senior Product Manager
January 18th 2022 | 4 minute read

Given the potential fines and reputational risk from anti-money laundering lapses, it’s vital that institutions have sophisticated and robust AML capabilities in place. But what does such a framework entail in practice?

AML When onboarding a client

AML compliance demands complete and accurate information, so it needs to be right from the get-go. That starts with client onboarding.

Risk profiling helps institutions perform the initial due diligence on client accounts. By collating and weighting data such as an investor’s occupation, country of domicile or industry an organisation belongs to, firms can build up a risk-based picture of prospective clients.

Screening – to check no sanctions are in force against a prospect, that they aren’t a politically exposed person (PEP) or have been flagged for any criminal behaviour – is an essential step in the onboarding process. Systems able to integrate with third-party watchlists such as LexisNexis can check for matches against the database and pull that data in to strengthen the risk profiling.

Identifying underlying beneficial owners is another priority. As noted in our previous blog, beneficial owner disclosure rules are tightening up. Tools that can capture and track complex, multi-level ownership structures, identify and verify customer and beneficial ownership identities, and flag high-risk relationships save a lot of potential pain down the line.

Checking the source of a client’s funds/wealth is vital. As is getting the right documentary support. Each jurisdiction has its own KYC document checklist that clients need to meet, and those requirements will vary by client type and sector. Managing the process manually account by account is laborious and error-prone, especially when multiplied across thousands of clients.

An automated solution able to look across all the accounts, see what documentary evidence is missing against a document checklist, and send automated email chasers requesting the missing documents can save a huge amount of time and work – allowing staff to focus on less mundane, more value-adding activities.

Ongoing client due diligence

Stringent client onboarding processes are essential to a best practice AML framework. But by themselves are no longer sufficient. Client due diligence instead has become a never-ending requirement, with zero tolerance for error.

Firms must periodically check each client’s profile and documentation to ensure everything is current and in order. The frequency of checks depends on the assessed risk level. For high-risk clients, the refresh process is typically an annual undertaking. For medium-risk clients, it is usually every three years, and for low risk every five.

Ongoing PEP and sanctions screening provide a further check. The status of people and institutions change, and screening needs to reflect that. A change of circumstance such as a name or address update, or any information modification – e.g. revising the name on a bank instruction – can be a red flag. Automating ongoing screening and risk profiling processes frees end-users to manage by exception.

Monitoring for suspicious transactions and changes to customer/static data is another priority. Real-time activity monitoring capabilities can identify behaviours that breach certain user-defined parameters. They can spot AML risks, trigger automated alerts of suspicious activity, block accounts or transactions when suspicious events occur, and create comprehensive reports of all the suspicious activity that’s taken place at a given point in time.

Monitoring tools can help users deal with potential issues before they become an actual breach and, where required, ensure a suspicious activity report (SAR) is sent to the relevant regulatory body within the stipulated time.

Automation is the only solution

Proper AML control depends on multi-step processes integrated at each stage of the client journey. Nuances based on circumstance and jurisdiction add to the complication. Carrying out the necessary checks for an individual is one thing. Monitoring numerous corporations with complex entity structures, a legion of directors and investments in multiple vehicles in a range of jurisdictions takes the challenge to a whole new level.

Without an automated, scalable and customisable AML framework able to flex to different scenarios and evolving jurisdictional requirements, firms will struggle to combat money laundering risks effectively and maintain compliance.

To read more about Deep Pools KURE solutions: Click Here


At Deep Pool, we are dedicated to helping clients maximise their success. Deep Pool provides the industry-leading compliance software and deep consulting expertise financial institutions need to automate their end-to-end AML/KYC and FATCA/CRS reporting processes. Our team combines compliance experts, business analysts and software engineers to create a unique blend of industry know-how and experience, producing efficiencies, scalability and client servicing benefits that transform users’ businesses.

KURE, our flexible AML/KYC and FATCA/CRS reporting solution suite, supports all types of regulated financial firms, including banks, asset managers and service providers. Deep Pool is headquartered in Dublin, Ireland, with offices in the United States, the Cayman Islands and Slovakia. For more information, visit:

John Leahy
John has been with the Deep Pool Group since 2012. He drives product development, vision, strategy, and execution across a cross-functional team, serving 3 Fintech/Regtech products. John holds a Postgraduate Diploma in Product Management from Technological University Dublin.