AML Explained
What Anti-Money Laundering Actually Is & How It Works
Money laundering moves an estimated 2–5% of global GDP through the financial system every year. AML is the framework built to detect and prevent that flow. This guide covers the 3 stages of laundering, the complete AML programme, typologies regulators test for, and how AML relates to — but is distinct from — KYC.
The United Nations Office on Drugs and Crime estimates that between 2% and 5% of global GDP — roughly USD 800 billion to USD 2 trillion annually — is laundered through the financial system each year. That flow funds drug trafficking, human trafficking, terrorism, corruption, tax evasion, and organised fraud. Anti-Money Laundering (AML) is the framework the global financial industry is required to operate to detect, disrupt, and report that flow.
If you work in KYC, AML is the framework your work feeds into. The CDD you collect, the UBO you identify, the screening alerts you disposition, the EDD files you build — all of it produces the customer profile, the expected transaction baseline, and the red-flag inventory that transaction monitoring, investigations, and SAR/STR filing depend on. This guide explains what AML actually is, how it’s structured at tier-1 banks like Goldman Sachs, JPMorgan, Morgan Stanley, Barclays, BofA, Citi, HSBC, BNY, State Street, and Emirates NBD, and why the AML-KYC relationship matters for your career.
What AML Is — The Working Definition
Anti-Money Laundering (AML) is the set of laws, regulations, policies, controls, and investigative processes designed to prevent criminals from disguising illegally obtained funds as legitimate income. It covers the full lifecycle: knowing your customer (KYC), monitoring transactions for suspicious activity (transaction monitoring), investigating alerts (AML investigations), filing Suspicious Activity / Transaction Reports (SAR/STR), and cooperating with law enforcement.
KYC is the onboarding and ongoing customer-identification discipline — identity, ownership, risk rating, documentation. AML is the broader programme that uses KYC outputs plus transaction monitoring, investigations, and reporting to detect and disrupt laundering. CFT (Countering Financing of Terrorism) is a parallel framework targeting terrorism funding specifically; AML and CFT are operated as a combined AML/CFT programme at most banks. KYC feeds AML and CFT both.
The 3 Stages of Money Laundering
The FATF-standard model for how laundering works describes three stages. Every major AML investigator, every transaction monitoring analyst, and every senior KYC reviewer is expected to know these cold.
Placement
The introduction of illicit funds into the financial system. This is the stage where criminal proceeds — typically in cash — are deposited into banks, used to buy assets, or converted into other stores of value. Placement is the most physically visible stage and the stage most vulnerable to detection.
Typical placement patterns: cash deposits split below reporting thresholds (structuring / smurfing), use of money service businesses (MSBs) and exchange houses, cash purchases of high-value assets (property, cars, art, precious metals), bulk-cash smuggling, use of casinos to buy chips with cash and cash out as gaming winnings.
Layering
The most sophisticated stage. Once funds are inside the financial system, layering obscures the audit trail through multiple transactions designed to distance the funds from their illicit origin. This is where shell companies, offshore structures, correspondent banking, trade-based money laundering, and crypto mixing all live.
Typical layering patterns: multi-hop wire transfers through correspondent banks, use of shell companies in secrecy jurisdictions, trade-based laundering (over- or under-invoicing, phantom shipments), crypto asset conversion and mixing, cycling through regulated financial products (insurance, investment funds), use of professional enablers (lawyers, accountants, trust and corporate service providers).
Integration
The funds re-enter the legitimate economy as apparently clean wealth. Criminals can now spend, invest, or declare these funds openly without raising suspicion. Integration is the endgame; once funds are successfully integrated, they are indistinguishable from lawful income.
Typical integration patterns: purchase of legitimate businesses, real estate investment, investment in regulated financial products, luxury goods and lifestyle spending, dividends from holdings funded by laundered capital, fictitious business-consulting income, inflated invoice payments.
Digital-first laundering has blurred the boundaries — a single crypto mixing operation can compress placement, layering, and integration into a few transactions. But regulators, investigators, and KYC analysts still map typologies to the 3-stage framework because it forces you to identify where in the lifecycle you’re seeing the risk signal — and that changes what control responds.
The 5 Pillars of an AML Programme
Every major regulator expects a bank’s AML programme to cover five mandatory pillars. The language varies — FinCEN calls them “the four pillars plus CDD,” the FCA expresses them through MLR 2017 Regulation 19–21, the DFSA AML Module sets them out explicitly — but the substance is the same.
Internal Policies, Procedures & Controls
Written AML policies covering the full customer lifecycle, transaction monitoring, sanctions screening, record keeping, and escalation. Policies must be regularly reviewed (at least annually) and approved at Board or senior-committee level. Controls must be documented, tested, and demonstrably effective. This is the foundational pillar — regulators start every exam with a review of the written programme.
Designated Compliance Officer / MLRO
A named senior individual with day-to-day responsibility for the AML programme — Chief Compliance Officer in the US, Money Laundering Reporting Officer (MLRO) in the UK and UAE, AML Compliance Officer in Singapore and Hong Kong. Under regimes like UK SMCR, DFSA’s senior-executive framework, and Singapore’s IAC, the named officer carries personal regulatory liability.
Ongoing Training
AML training for all relevant staff at onboarding and at least annually. Training must be tailored — tellers get different content than trade-finance officers than KYC analysts than Board members. Attendance, completion, and testing outcomes must be tracked and reported.
Independent Audit / Testing
Independent review of the AML programme at least annually, conducted by parties outside the first-line business and ideally outside the compliance function itself (Internal Audit, or external audit for smaller firms). Testing covers policy adequacy, control effectiveness, case-file quality, and management-information accuracy. Findings and remediation are tracked to closure.
Customer Due Diligence (CDD) & Risk-Based Approach
Formally added to the US framework by FinCEN’s 2016 CDD Rule and always present in FATF-aligned regimes. Identification of the customer and UBOs, risk rating under the Risk-Based Approach, ongoing monitoring, and periodic review. This is the KYC pillar — and the pillar that most directly overlaps with the work you do every day as a KYC analyst.
The Global AML Regulatory Framework
| Regime | Role & Scope |
|---|---|
| FATF | Global standard-setter; 40 Recommendations plus 9 on terrorist financing; grey-list and black-list drive national responses |
| FinCEN (US) | Primary US AML regulator under the Bank Secrecy Act (BSA); CDD Rule, SAR filing, FBAR, Corporate Transparency Act BOI |
| OFAC (US) | US sanctions regulator; Specially Designated Nationals (SDN) list; 50% Rule for beneficial-ownership |
| FCA (UK) | Supervises AML for banks and investment firms; MLR 2017; SMCR personal accountability |
| OFSI (UK) | UK sanctions regulator under HM Treasury; Consolidated List |
| EU 6AMLD & AMLA | 6th AML Directive harmonises criminal liability; AMLA (Anti-Money Laundering Authority) enforcing across EU from 2026 |
| DFSA & ADGM (UAE) | Free-zone regulators for DIFC and Abu Dhabi Global Market; DFSA AML Module mandatory |
| MAS (Singapore) | Monetary Authority of Singapore; Notice 626; STR filing via STRO |
| HKMA (Hong Kong) | Hong Kong Monetary Authority; AMLO; STR filing via JFIU |
| FINTRAC (Canada) | Financial Transactions and Reports Analysis Centre of Canada; PCMLTFA; STR filing |
| RBI & FIU-IND (India) | PMLA; Master Direction on KYC; STR filing to FIU-IND |
Where KYC Fits Inside AML — The Operating Model
At a tier-1 bank, AML and KYC sit inside a larger Financial Crime Compliance (FCC) organisation. KYC is one of several first-line and second-line controls; it feeds every downstream AML process.
1. KYC captures customer identity, UBOs, NOB, expected transaction profile.
2. Risk-Based Approach sets the customer risk rating.
3. Expected profile becomes the baseline for transaction monitoring thresholds.
4. Actual transactions are monitored against expected; deviations produce alerts.
5. AML investigators review alerts; where suspicious, a SAR/STR is filed.
6. Customer risk rating, EDD status, and adverse media refresh feed back into KYC files.
7. Periodic review refreshes the KYC profile and resets the baseline.
Transaction Monitoring — The Core AML Detection Control
Transaction monitoring (TM) is the daily work of checking customer activity against expected profile and against known typologies. At a tier-1 bank, TM typically runs against thousands of rules covering velocity, volume, geography, counterparty risk, cash-intensity, transaction structuring, round-number patterns, and behavioural anomalies.
Rules-based TM
Deterministic thresholds — e.g., “alert any cash deposit over $10,000,” “alert any wire to a FATF grey-list jurisdiction,” “alert any >50% increase in monthly volume compared to prior 6-month average.” Rules are transparent, auditable, and easy to tune — but produce high false-positive volumes.
Behavioural / ML-based TM
Models trained on historical customer behaviour and typology patterns. Produces more nuanced alerts (“this customer’s transaction profile has diverged materially from cluster peers”) but requires model governance, periodic backtesting, and regulatory transparency. FCA, DFSA, and MAS all expect auditable model outputs.
Case management & investigation
Alerts route to AML investigators who review customer profile, transaction history, KYC file, and any adverse media. Disposition: dismiss with rationale, escalate for further review, or file a SAR/STR. QA samples investigator output regularly.
Typologies — The Patterns AML Actually Hunts For
A “typology” is a recognised pattern of how laundering actually happens. FATF publishes typology studies; national FIUs (FinCEN, FIU-IND, STRO, JFIU, NCA) publish typology alerts; every AML investigator is expected to know the major ones.
- Structuring / smurfing: multiple sub-threshold deposits or wires to evade reporting limits.
- Trade-based laundering: over- or under-invoiced imports/exports moving value across borders under the cover of legitimate trade.
- Shell-company layering: wire transfers through multiple shell entities in secrecy jurisdictions with no commercial substance.
- Third-party payments: customer receives payments from parties unrelated to their declared business counterparties.
- Funnel accounts: multiple geographic inputs consolidated into a single account with rapid outbound movement.
- Cash-intensive business layering: use of casinos, MSBs, car washes, gold dealers to convert cash into banked funds.
- Crypto-to-fiat cycling: funds moved through crypto mixers, chain-hopping, peel chains, then cashed out via compliant or non-compliant exchanges.
- Correspondent banking abuse: nested correspondent relationships providing indirect access for sanctioned or under-supervised institutions.
- Real estate: cash purchases of high-value property, often through shell companies, in high-demand jurisdictions.
- Professional enablers: use of lawyers, accountants, trust & corporate service providers to structure and execute the laundering.
Real-World AML Scenarios
Scenario 1 — Classic structuring at Barclays GCC Mumbai
A small-business customer at Barclays GCC Mumbai has a declared expected monthly cash deposit volume of ₹3–5 lakh. Over two months, the customer makes 47 separate cash deposits — each between ₹48,000 and ₹49,500 — totalling ₹23 lakh.
Workflow: Transaction monitoring alert fires on pattern (multiple sub-limit deposits). AML investigator reviews KYC file, expected profile, and cash-deposit history. Finds no commercial rationale consistent with declared NOB. Files STR with FIU-IND. Internal escalation: customer risk re-rated to high, EDD refresh triggered, enhanced monitoring applied.
Scenario 2 — Trade-based laundering at JPMorgan New York
A trade-finance customer at JPMorgan New York imports “industrial components” from a Hong Kong supplier at unit prices 3–4x market rate. The same customer ships “finished goods” to a UAE buyer at unit prices 40% below market. Trade volume is consistent; pricing is not.
Workflow: TM alert on pricing anomaly vs market benchmarks. Trade-finance AML team reviews Bills of Lading, invoices, port-of-loading and discharge. Investigation suggests classic over-invoicing / under-invoicing pattern. Relationship-decline decision; SAR filed with FinCEN; named-individual exposure assessed for senior-management reporting.
Scenario 3 — Funnel-account pattern at BNY
A fund-administrator customer at BNY operates a single USD operating account receiving inbound wires from 38 separate jurisdictions in a 30-day window, with same-day outbound wires to a single beneficiary account. Declared business model: corporate services.
Workflow: TM alert on geographic concentration + same-day out pattern. AML investigator confirms no commercial rationale consistent with declared model. KYC file re-examined; UBO trace reveals a nominee structure with an onward beneficial owner not previously identified. SAR filed. Customer relationship terminated.
Scenario 4 — Crypto-to-fiat cycling at Revolut
A retail customer at Revolut with declared income $60K/year receives five inbound wires totalling $180K over 60 days, each preceded by crypto-asset conversion through a third-party exchange. The customer’s crypto exposure was not captured at onboarding.
Workflow: TM alert on volume-vs-profile mismatch. Investigation identifies crypto-conversion pattern; KYC refresh captures the crypto activity. Enhanced customer risk rating, EDD including crypto-wallet verification and on-chain analysis. SAR filed where the on-chain trace reveals exposure to flagged wallets.
Common AML Programme Failures
Thresholds tuned to reduce alert volume rather than to match customer risk profile. Fix: calibration under the Risk-Based Approach, documented rationale, backtested against historical true positives.
Alerts dismissed without written reasoning sufficient to support the decision. Fix: every dismissal has a rationale memo; QA samples reviewed at a defined percentage.
Customer risk rating, expected profile, and counterparty data are incomplete or stale. TM cannot alert on pattern deviation from an absent baseline. Fix: KYC refresh cadence aligned to TM needs; data-quality metrics tracked jointly by KYC and AML.
Investigators file SARs reflexively to avoid being blamed later, regardless of whether the underlying facts warrant one. Fix: SAR filing quality is itself a KPI; regulators notice defensive-filing patterns.
Interview Question: What Is the Relationship Between KYC and AML?
“What is the relationship between KYC and AML, and how do they work together in a compliance programme?”
“KYC is a foundational control within the broader AML programme. KYC captures customer identity, beneficial ownership, nature of business, expected transaction profile, and risk rating. Those outputs become the baseline that transaction monitoring and AML investigations operate against — if a customer’s expected volume is $50K a month and TM sees $5M, that deviation only has meaning because the KYC baseline exists. AML is the wider framework: policies, MLRO, training, independent audit, plus CDD, transaction monitoring, investigations, SAR/STR filing, and sanctions controls. KYC feeds AML continuously — every refresh updates the baseline, every adverse-media hit retriggers review, every new UBO adds to screening coverage. Strong KYC makes the AML programme effective; weak KYC makes it blind.”
How AML Knowledge Shapes Your KYC Career
Understanding AML gives KYC analysts two career advantages. First, every senior KYC interview at tier-1 banks tests AML knowledge — you cannot credibly claim senior-level KYC capability without knowing how your work feeds the broader AML programme. Second, KYC analysts who understand AML are the candidates who get moved across into AML investigations, Financial Crime Compliance, and senior FCC roles — a clear career path if you want to move beyond pure KYC execution.
This is where a lot of professionals make a costly mistake. If your role is AML — transaction monitoring, alert investigation, SAR/STR filing, typology work, financial-crime programme — then AML-focused credentials like CAMS fit. But if your role is pure KYC — onboarding, CDD, EDD, UBO tracing, screening disposition, periodic review — a KYC-specific credential converts faster into interviews. Most KYC candidates default to CAMS because it’s the name they’ve heard of; but CAMS is designed for AML investigators, not KYC execution. For KYC roles: GO-AKS (Globally Certified KYC Specialist), IKYCA (Internationally Certified KYC Specialist), and IR-KAM (Internationally Certified KYC Manager) are the role-specific credentials. For crypto KYC: C2KO (Certified Crypto KYC Officer) and C3O (Certified Crypto Compliance Officer). Pick the credential that matches the role you actually want.
Related Reading
- KYC vs AML vs CFT: The Real Difference
- UBO Identification & Complex Structures
- False Positives in KYC Screening
- Enhanced Due Diligence (EDD) Guide
- The Risk-Based Approach (RBA) in KYC
- Top 100 KYC Interview Questions & Model Answers
Turn AML Fluency Into Senior KYC Interviews
AML knowledge is tested in every senior KYC interview at Goldman Sachs, JPMorgan, Barclays, HSBC, and Emirates NBD. Practise the AML-KYC relationship scenarios out loud on AGZIT’s voice-based AI Mock Interview — with a 10-dimension Scorecard after every session.
ATS Resume Builder
Voice-based
10-dimension
Coaching
Elevator pitch
DPR-based
30-day roadmap
Silver/Gold/Platinum
Trusted by KYC candidates targeting roles in Mumbai · Dubai · London · New York · Toronto · Singapore