In AML, explainable AI is crucial for understanding why certain alerts are generated, the rationale behind blocking or allowing a transaction, or the factors contributing to identifying a high-risk client. This transparency helps financial institutions (FIs) meet regulatory expectations and build trust by allowing clients, auditors, and regulators to see how and why their AI-driven decisions are made, reducing the risk of misrepresentation and improving accountability.

However, in our 2025 State of Financial Crime survey, an interesting contradiction was revealed: while firms expressed confidence in understanding regulatory expectations around AI, 91 percent of respondents still felt comfortable trading off explainability for greater automation and efficiency, which could contradict the transparency increasingly expected by regulators. 

In light of this, compliance leaders need to find ways to ensure their AI tools meet both efficiency goals and regulatory requirements. This article explores:

• What explainable AI (XAI) is and why it matters in financial compliance;
• Regulatory expectations;
• Key benefits of XAI for improving transparency and accountability in AML;
• Challenges and limitations; and
• How ComplyAdvantage approaches explainable AI.

What is explainable AI (XAI)?

Explainable AI (XAI) refers to AI systems that make decisions and articulate the how and why behind those decisions. It is also a subset of responsible AI (RAI). While RAI covers the full spectrum of ethical and trustworthy AI practices, XAI focuses specifically on making AI systems transparent and their decisions understandable. For compliance teams, XAI is essential to ensure AI-driven outcomes are interpretable for stakeholders who need to validate and trust these systems.

To achieve this level of transparency, compliance teams often make use of specific XAI techniques, including:

• Rule-based models: Also known as “white-box machine learning models,” straightforward rule-based models apply predefined rules that make them naturally interpretable. For instance, flagging high-value transactions is a simple rule that compliance professionals can easily audit. However, due to a lack of nuance and flexibility, these models’ false positive rate is estimated at over 98 percent.
• Post-hoc explainability: While white-box models offer more transparency upfront, more complex “black-box models” tend to have higher predictive accuracy. These models often require post-hoc methods to allow compliance staff to trace risk scores back to specific input features like transaction type or customer history. 
• Hybrid approaches: Combining rules-based and AI-driven techniques, hybrid models leverage both static rules and adaptable algorithms to improve detection accuracy while maintaining transparency. This balance helps compliance teams capture more nuanced suspicious activity while keeping explanations clear and accessible.

How can XAI improve AML systems?

One of XAI’s primary benefits is its ability to improve alert quality and reduce false positives. Traditional AML models often generate large volumes of alerts, many of which are benign, overloading compliance teams and diverting resources from genuine risks. XAI provides more nuanced insights into each alert’s underlying factors, allowing FIs to refine their detection models and better prioritize cases that warrant deeper investigation.

XAI also significantly strengthens a firm’s ability to audit and justify decisions. For example, if a model identifies a suspicious transaction, explainable AI can articulate the factors driving the alert – such as transaction patterns or the customer’s historical risk profile. This detailed reasoning behind each alert enhances the institution’s readiness for regulatory scrutiny, as it enables compliance teams to confidently demonstrate why an alert was triggered and how their AML systems mitigate the risk of oversight or error.

One of our most practical uses of XAI is through our Advanced Fraud Detectors. Designed with client-facing transparency, the system goes beyond identifying suspicious behavior; it provides clear explanations for each alert, detailing the factors influencing the decision. This not only helps our clients justify actions but also enhances readiness for audits, as they can transparently address regulatory inquiries about specific alerts.

Iain Armstong, Regulatory Affairs Practice Lead at ComplyAdvantage

Moreover, explainability in AI models can help train and upskill compliance teams. When compliance staff understand the logic behind alerts, they can better analyze patterns and develop a deeper understanding of high-risk indicators. This helps build expertise across the team, enabling a more informed approach to AML beyond simple model outputs.

However, XAI doesn’t just enhance compliance and regulatory functions – it plays a crucial role in building better products. 

The relationship between XAI and product excellence is mutually reinforcing, and it’s difficult to achieve a great product without focusing on these elements. At ComplyAdvantage, our model risk management approach not only helps us control risk and deliver XAI to clients but also plays a key role in building high-quality AI systems that underpin best-in-class products and services.

Chris Elliot, Director of Data Governance at ComplyAdvantage

Regulatory expectations surrounding XAI

The regulatory landscape surrounding AI and machine learning is continually evolving, which can create uncertainty for organizations seeking to adopt XAI. As AI technologies become more integral to AML and broader compliance practices, regulators worldwide are sharpening their focus on transparency, fairness, and accountability in AI-driven systems. FIs adopting these technologies must stay attuned to emerging legal standards and best practices, which increasingly emphasize XAI. 

While jurisdictions like the European Union, United Kingdom, and United States have different regulatory frameworks, they share a common concern: ensuring AI applications are transparent and fair, especially in high-stakes sectors like AML.

European Union

Considered “the world’s first comprehensive AI law.” the EU AI Act establishes expectations for transparency, governance, and accountability in AI-powered AML solutions. Having entered into force in August 2024, the Act requires FIs to ensure transparency in their decision-making processes, including clarifying why certain transactions are flagged as suspicious. Additionally, the Act emphasizes the importance of robust data governance frameworks that mandate high-quality data to minimize inaccuracies and bias.

The EU’s General Data Protection Regulation (GDPR) complements these AI-specific standards by enforcing stringent data privacy controls that intersect with XAI goals. GDPR’s “right to explanation” gives individuals insight into automated decisions that affect them, a standard that dovetails with the transparency requirements of the EU AI Act.

United Kingdom

In the UK, the regulatory approach to AI in financial services has been shaped by institutions like the Financial Conduct Authority (FCA) and the Bank of England, which have jointly addressed the need for responsible AI. While the UK has not yet enacted an AI law on par with the EU’s AI Act (as of November 2024), these regulators have issued guidelines highlighting the importance of explainability, particularly for high-risk applications like AML.

The FCA has emphasized in its guidance that AI and machine learning applications must be interpretable, especially when they affect consumer rights or regulatory compliance. The FCA and Bank of England’s Machine Learning in UK Financial Services report underscores that FIs should implement governance frameworks that oversee AI models, including transparency around decision-making processes. They recommend that larger institutions lead by example in adopting advanced analytics, recognizing that smaller firms may face challenges in implementing these standards due to resource constraints.

Moreover, the UK’s proposed AI regulatory framework, introduced in the government’s National AI Strategy, encourages a “pro-innovation” approach that balances AI’s potential with ethical considerations like fairness and transparency. To do this effectively, the UK government has indicated plans to avoid “over-regulation” but will likely monitor AI developments and may impose stricter controls over time.

United States

No federal law specifically regulates AI in financial services in the United States. However, several agencies, including the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the New York Department of Financial Services (NYDFS), have issued guidance and policy statements that touch on AI transparency and fairness in FIs.

In 2024, the US Treasury Department also introduced a National Strategy for Combatting Terrorist and Other Illicit Financing, highlighting AI technologies’ transformative potential in enhancing AML compliance. This strategy underscores how AI can analyze vast amounts of data to uncover patterns related to illicit financing. Additionally, the Treasury issued a Request for Information (RFI) in June 2024, aimed at gathering insights on the use of AI in the financial sector, particularly concerning compliance with AML regulations. The RFI focuses on the opportunities AI presents and the associated risks, such as bias and data privacy concerns. This proactive stance indicates a commitment to shaping future regulations and guidance that prioritize transparency and fairness in AI applications within financial services​

Benefits of using explainable AI for AML

As FIs look to strengthen their AML capabilities, XAI presents a range of unique benefits that enhance operational efficiency and regulatory compliance, including:

• Reduced operational burden: By improving the quality of alerts and decreasing false positives, XAI helps compliance teams focus their resources on genuine risks rather than sifting through a high volume of alerts that require minimal action. This streamlining can lead to more efficient allocation of human resources.
• Stakeholder engagement: XAI can enhance communication with external stakeholders, such as regulators and clients. Clear explanations of the rationale behind decisions allow FIs to engage more effectively in discussions around compliance practices and risk management strategies.
• Support for continuous improvement: The insights gained from XAI can inform ongoing enhancements to AML strategies. By analyzing the reasons behind alerts and outcomes, organizations can refine their detection models and policies, fostering a culture of continuous improvement in risk management.
• Boosted client trust: FIs can foster greater trust in their AML practices by utilizing XAI. Transparency in decision-making reassures clients that their FI is diligent and fair in its monitoring processes.

Challenges and limitations of XAI

While XAI offers numerous benefits, its implementation is not without challenges. Organizations must navigate a complex landscape of technical, regulatory, and operational hurdles to integrate XAI into their compliance frameworks effectively. Understanding these limitations is essential for FIs as they seek to balance transparency with efficiency and effectiveness. Some primary challenges include:

• Data privacy: Ensuring privacy while maintaining transparency can be a delicate balance. For instance, GDPR regulations in Europe mandate strict data protection measures. Organizations must navigate these regulations while providing sufficient transparency in their XAI outputs, which can be challenging when personal data is involved.
• Bias: If the data used to train XAI models is biased or unrepresentative, the explanations generated may perpetuate existing biases, leading to inaccurate or unfair outcomes. In January 2024, the New York Department of Financial Services (NYDFS) raised concerns about algorithmic bias in financial technologies, emphasizing the need for fairness and accuracy in automated decision-making processes.
• Dependence on quality data: XAI’s effectiveness relies heavily on the quality and accuracy of the data it processes. Poor-quality data can lead to misleading explanations and decisions, undermining the very purpose of using XAI. Organizations need to invest in data governance and management practices to ensure their systems function correctly. 

How does XAI work in an AML system?

In AML, explainability can be integrated in multiple ways to create a transparent and auditable system, including:

1. Data ingestion and entity resolution: By consolidating information from multiple sources, AML systems can provide a comprehensive view of entities. XAI can play a critical role here, clarifying how entities are identified and linked to relevant data points, such as transactions, relationships, or risk indicators. For example, suppose an individual is flagged as high-risk due to adverse media. In that case, XAI systems can clearly break down these triggers, helping compliance teams trace data origins and make informed decisions.
   
   
2. Risk assessment and scoring: Risk assessments are a critical component of every AML program, involving the evaluation of data to determine the potential risk associated with specific entities or transactions. XAI facilitates this process by using explainable models that allow users to trace the factors influencing risk scores. As shown in the image below, these models provide a risk breakdown into how specific attributes contribute to an overall risk assessment. This level of detail is vital for compliance officers, as it empowers them to make decisions based on transparent criteria.
   
   
3. Alert generation with explainability: When an AML system generates alerts for potentially suspicious activities, XAI plays a crucial role in ensuring these alerts are accurate and accompanied by clear explanations. Each alert can include details about the specific risk indicators that triggered the alert, providing compliance teams with context and facilitating efficient follow-up actions. This transparency is essential for regulatory reporting and justifying decisions made in response to alerts.
   
   

Tips on how to tell if an AML vendor uses XAI

By asking the right questions, organizations can better assess the transparency and accountability of the AI solutions they are scrutinizing. The following questions, in particular, can serve as a good starting point for this discussion: 

• What methodologies does your AI system employ for decision-making?
  Understanding the underlying algorithms and models the vendor uses can provide insight into whether their AI is explainable. Ask if they utilize rule-based systems, interpretable models, or hybrid approaches that combine multiple techniques. A commitment to transparency in methodology is a good indicator of XAI practices.
• How do you provide explanations for risk assessments and alerts?
  Vendors should be able to articulate how their system generates explanations for risk scores and alerts. Ask for examples of how these explanations are presented to compliance teams, including the specific factors considered in the decision-making process. 
• Can your system demonstrate audit trails for decisions made by the AI?
  A robust XAI system should offer traceability for its decisions, allowing compliance professionals to review the rationale behind alerts and risk assessments. Inquire whether the vendor maintains detailed logs of the decision-making process, which can be critical during regulatory audits and compliance reviews.
• What measures are in place to ensure the fairness and accuracy of your AI models?
  Understanding how vendors address bias and accuracy in their AI systems is crucial. Ask about the data sources used for training their models, how they ensure data quality, and the steps taken to mitigate bias in decision-making. This is especially relevant in light of regulatory expectations for fairness in automated systems.
• How do you handle model updates and validation?
  Continuous monitoring and validation of AI models are essential to maintain their accuracy and reliability over time. Compliance professionals should ask how the vendor ensures their models are regularly tested and updated and whether they explain model performance changes.

How does ComplyAdvantage approach explainable AI?

At ComplyAdvantage, our approach to responsible AI, and by extension XAI, is based on and aligned with the Organisation for Economic Co-operation and Development (OECD)’s AI Principles and the UK’s “A pro-innovation approach to AI regulation: government response” whitepaper. Of the five core themes that lie at the heart of our understanding and implementation of responsible AI, two relate explicitly to XAI: 

• Transparency and explainability: This means we record and make information available about our use of AI systems, including purpose and methodologies.
• Safety, security, and robustness: This means decisions made by our AI systems are explainable, and explanations can be accessed and understood by relevant stakeholders (e.g., users or regulators).

This approach underpins the development of solutions that not only meet regulatory expectations but also deliver meaningful insights.

ComplyAdvantage believes that responsibly developing and managing AI is not only the right thing to do but also leads to better products that engage AI. Responsible AI is best when viewed as part of a best practice and thereby improves outcomes for our clients and their customers. In this way, it is aligned with business needs and not an external force acting on existing processes and competing with priorities.

Chris Elliot, Director of Data Governance at ComplyAdvantage

For more information on ComplyAdvantage’s approach to model risk management, read the full statement here. 

The post Enhancing AML efforts with explainable AI appeared first on ComplyAdvantage.

In light of these developments, this article will shed light on the evolving EU payments landscape by exploring:

• What is SEPA, what are the benefits it offers, and what are the countries within the SEPA zone?
• The SEPA legal framework and the regulations that support it.
• How SEPA is connected to the EU’s instant payments regulatory reform.

What is SEPA?

SEPA is a framework established by the EU that harmonizes euro-denominated payments across participating countries. The framework’s main objective is to create a more efficient market for payments across Europe by allowing for seamless euro transactions, eliminating the distinctions between domestic and cross-border payments.

How do SEPA payments work?

SEPA payments are any euro-denominated payments made between accounts in the SEPA zone using standardized procedures and formats, including:

• Credit transfers.
• Direct debits.
• ATM withdrawals.
• Payments by debit and credit cards.
• Money remittance.

What is a SEPA mandate?

A SEPA mandate is a foundational element of SEPA payments, serving as the payer’s permission for their bank account to be debited. Initially, SEPA mandates had to be signed on paper. However, in 2012, the European Council wanted to harmonize payment systems in euros. As a result, Regulation (EU) 260/2012 was passed into law, which promoted the transition to digital mandates. 

The electronic mandate is essentially evidence for billers to justify debits and protect against any claims that unauthorized transactions have taken place. If such transactions do occur, payers can request refunds within 13 months.

The benefits of using SEPA payments

SEPA payments offer financial institutions numerous advantages, including:

• SEPA payments typically involve lower fees than traditional cross-border payments, resulting in greater cost efficiency.
• Transactions within the SEPA network are processed quickly, often within one business day, ensuring timely payments and efficient cash flow management.
• SEPA enhances convenience and simplifies payments by standardizing procedures across all participating countries. 
• SEPA payments come with clear pricing and fewer hidden costs, making it easier for users to understand the fees involved. 
• Enhanced security measures and robust regulatory protections are integral to SEPA payments, ensuring transactions are secure and mitigating the risk of fraud.
• SEPA establishes uniform payment formats and procedures. This standardization facilitates smoother and more efficient transactions, reducing errors and processing times.
• SEPA covers all 27 EU member states and several non-EU countries, making it easier for businesses to expand their operations across Europe.

What are the SEPA countries?

The SEPA zone encompasses 36 countries, including EU member states and additional countries that have opted to participate in the initiative. The countries in SEPA are:

SEPA legal framework and regulations

A robust legal framework underpins the SEPA initiative to ensure smooth operations and compliance across all member states. The foundation of SEPA lies in several key regulations and directives:

1. Regulation (EU) No 260/2012 sets the technical and business requirements for credit transfers and direct debits in euros.
2. Payment Services Directive (PSD2) enhances consumer protection, promotes innovation, and improves the security of payment services. 
3. E-money Directive (EMD2) governs the issuance of electronic money and the establishment of e-money institutions, ensuring they operate under a harmonized regulatory framework.

What are the five SEPA payment processing schemes?

Building on this legal foundation, the European Payments Council (EPC) developed five distinct SEPA payment processing schemes, each designed to cater to different types of transactions.

1. The SEPA Credit Transfer (SCT) scheme enables the transfer of funds in euros between accounts in the SEPA zone – ideal for one-off payments such as salary payments, supplier invoices, or any general payment where a paper-based process can be eliminated.
2. The SEPA ICT scheme provides for near-instant euro transfers between accounts within the SEPA zone – suitable for urgent or time-sensitive transactions, such as emergency funds transfers or real-time payment needs. 
3. The SEPA Direct Debit Core (SDD Core) scheme allows payees to collect funds from a payer’s account, given that the payer has granted prior authorization – commonly used for recurring payments such as utility bills or subscriptions. 
4. The SEPA Direct Debit Business-to-Business (SDD B2B) scheme is similar to the Core scheme but requires both the payer and the payee to be registered as businesses and offers a shorter refund period. 
5. The one-leg out instant credit transfer (OCT Inst) scheme is designed to facilitate instant credit transfers where one participating financial institution is outside SEPA. This scheme enables cross-border payments to or from non-SEPA countries, ensuring fast and efficient transactions.

EU instant payments regulatory reform 

Despite three of these five schemes focusing on instant payments, the market remains fragmented. In fact, in 2023, only about one in ten euro credit transfers in the European Union were processed as instant payments. 

To promote real-time payments in Europe, the European Council has prioritized establishing a fully integrated instant payments market. As mentioned previously, a new regulation (Regulation (EU) 2024/886) was introduced in early 2024 to achieve this, amending the SEPA ICT rulebook and setting out the following requirements for firms:

• PSPs must offer instant payments – completed within 10 seconds – through the same channels used for initiating other credit transfers.
• The payer’s PSP must verify the payee’s details before clearing payments. If discrepancies are found, the payer must be notified and given the choice to cancel the transaction or proceed despite the discrepancies.
• Firms must screen payees against sanctions lists whenever new announcements or updates to existing sanctions are made. These screenings must occur before payment authorization and should not interrupt the execution of instant payments.
• Firms are obligated to report specific details related to the charges associated with credit transfers, ICTs, and payment account activities. 
• Firms must disclose the volume of national and cross-border transactions that were rejected due to sanctions screening.

A Guide to Financial Crime and SEPA Instant Payments

The drive for innovation is changing the payments landscape in Europe. This report is an essential guide for European compliance officers operating in the SEPA region.

Download now

Challenges of new instant payments regulations in Europe

The introduction of new instant payment regulations in Europe presents several compliance challenges for FIs across the SEPA zone. These include:

1. Upgrading payment infrastructures

By January 9, 2025, all PSPs in the EU must be able to receive instant payments. By October 9, 2025, PSPs must also offer the facility to send instant payments at an affordable rate. Many firms may find their current payment infrastructures need significant upgrades to keep pace with these deadlines.

2. Integrating financial crime controls

Integrating refined financial crime controls may be challenging as firms transition to SEPA ICT. Compliance processes – such as know your customer (KYC), name screening, payment screening, and fraud detection – each involve distinct applications that must be integrated to ensure effective compliance. The primary challenge here lies in synchronizing these various applications within the incredibly fast-paced environment of instant payments. Each process needs to function efficiently with the others to avoid delays that could negatively impact the speed of transactions. 

3. Enhancing sanctions screening

Under the new regulations, banks and PSPs must verify whether their users are subject to targeted financial restrictive measures (on a daily basis at minimum). The challenge here lies in balancing the need for thorough sanctions screening with the demands of processing payments quickly. 

How to comply with the EU’s evolving instant payments regulations

As the EU continues to update its regulations to standardize cross-border instant payments, firms will be faced with new requirements under a tiered implementation schedule. Some top tips for firms to ensure compliance include:

• Continue to enhance existing AML/CFT practices by updating risk assessment protocols, employee training programs, and transaction monitoring systems to detect and report suspicious activities promptly.
• Verify payee information thoroughly before payment authorization, including cross-referencing payee details with official identification documents and maintaining records of verification processes.
• Regularly update sanctions screening processes to reflect the latest EU and international sanctions lists. Screen payment service users (PSUs) against these lists upon any updates rather than during payment execution to avoid delays and ensure compliance.
• Set up robust monitoring and reporting systems capable of generating detailed compliance reports. These systems should track all transactions, flag anomalies, and ensure the timely submission of mandatory reports to regulatory bodies in accordance with EU standards.
• Utilize advanced technology solutions to efficiently manage compliance, scalability, and screening processes. 

The post What is the Single Euro Payments Area (SEPA)? | A detailed guide appeared first on ComplyAdvantage.

The main difference between the DTA and the CDSA is that the CDSA regime adopts a “predicate offense approach,” which specifies that the laundering of proceeds from all drug trafficking offenses and 182 other serious crimes constitutes a money laundering offense. By contrast, according to the CDSA, laundering proceeds from criminal activities outside these categories is not considered “money laundering,” although it is still punishable under other laws.

This article provides financial institutions (FIs) with an overview of the CDSA to help ensure compliance with its regulations.

What is the Corruption, Drug Trafficking and Other Serious Crimes Act (CDSA) in Singapore?

The CDSA is a crucial piece of legislation in Singapore’s ongoing efforts to combat financial crime. The act provides a comprehensive legislative framework to combat corruption, drug trafficking, and other serious criminal activities in Singapore. It empowers authorized officers to confiscate benefits derived from illicit activities, enforce reporting obligations, and collaborate with international agencies for investigations and asset recovery. Key entities subject to compliance include:

• Financial institutions (FIs.)
• Legal counsels.
• Individuals involved in asset management or transactions.
• Law enforcement agencies and authorized officers.

Key requirements of the CDSA

While the CDSA contains anti-money laundering (AML) rules, its primary objective is not focused on money laundering. Instead, the it aims to deprive criminals of any financial gains obtained through criminal activities by establishing a confiscation regime. The CDSA’s AML rules support this confiscation regime by preventing illegally acquired assets from being laundered into other property to evade detection and confiscation by law enforcement agencies.

Key AML requirements set out by the CDSA include:

• Covered entities must create detailed policies and procedures to ensure compliance and effective AML monitoring. These should be based on a risk-based approach (RBA), considering the specific risks faced by the organization.
• Senior compliance staff are required to ensure that all policies are clearly communicated to new employees at onboarding. Additionally, regular updates must be provided at least annually to keep them informed of any changes or updates in AML policies and procedures.
• Firms must implement a robust training program for all staff members to equip them with the necessary skills to identify and handle suspicious activities effectively. This program should also emphasize the importance of AML compliance and the potential consequences of failing to adhere to regulations or adequately monitor risks.
• FIs are required to organize a thorough business assessment to identify their exposure to money laundering and terrorist financing risks. This assessment should consider various risk factors relevant to the business’ operations and market context.
• The CDSA requires the designation of a compliance officer, and their specific roles and responsibilities within the AML compliance program must be clearly outlined. This individual should be empowered to oversee the establishment, implementation, and ongoing management of the AML framework.

Establish protocols for promptly reporting suspicious transactions to regulatory authorities. This includes identifying the types of transactions that should be considered suspicious and the process for reporting them in compliance with legal and regulatory requirements.

Who enforces the CDSA?

The CDSA is enforced throughout Singapore by a network of agencies. These include:

• Central Narcotics Bureau (CNB): Responsible for combating drug-related crimes and enforcing laws related to drug trafficking and abuse.
• Corrupt Practices Investigation Bureau (CPIB): Tasked with investigating and prosecuting corruption offenses involving public officials and bribery.
• Commercial Affairs Department (CAD): Oversees investigations into financial crimes, such as money laundering and fraud, including those related to the proceeds of drug trafficking and other serious crimes.
• Singapore Police Force (SPF): The SPF plays a crucial role in investigating a wide range of criminal offenses, including drug trafficking, corruption, and other serious crimes covered under the CDSA.

Penalties for non-compliance with the CDSA

Non-compliance with the CDSA can result in severe penalties, including fines and imprisonment. Some of the key penalties outlined in the CDSA include:

• Rash money laundering was introduced as a new offense in February 2024, entities that proceed with transactions despite having some suspicion while also failing to make further inquiries may be charged with rash money laundering. The maximum penalty is a fine of up to $250,000, imprisonment of up to five years, or both.
• Individuals who continue with a transaction despite the presence of red flags that would be noticeable to a reasonable person may be charged with negligent money laundering. The maximum penalty is a fine of up to $150,000, a prison sentence of up to three years, or both.
• Individuals who disclose their Singpass passwords or access codes, knowing or having reasonable grounds to believe that the purpose is to commit or facilitate the commission of an offense, may be charged. The maximum penalty is a fine of up to $10,000 or imprisonment of up to three years, or both.

How can firms comply with the CDSA?

As Singapore continues strengthening its regulatory framework to combat financial crimes and uphold its economic system, compliance professionals face increasingly complex challenges in meeting their obligations under the CDSA. Luckily, advanced AML software options are available to help address these challenges effectively.

Sophisticated transaction monitoring software can help detect and flag suspicious activities that may indicate money laundering or other illicit financial behaviors as defined under the CDSA. With advanced machine learning algorithms, transaction monitoring platforms can analyze vast amounts of transactional data in real-time to identify patterns, anomalies, and red flags indicative of potential illicit activities. Furthermore, with the right solution, compliance teams can create transaction thresholds and rule sets based on their firm’s risk exposure by choosing from a library of red flags and suspicious activity scenarios.

Award-winning FinTech BigPay, which operates out of Singapore and Malaysia, experienced the benefits of these capabilities when it needed to quickly implement a more efficient screening process to meet its regulatory obligations. With ComplyAdvantage, BigPay could custom-build a single proprietary interface connecting multiple tools, trackers, and databases via a single API. The financial services firm also set up unique screening profiles for its markets, providing proportional controls for different products and transaction types – such as remittance and e-money. Accessible search profile configuration and fuzziness fine-tuning streamlined the process of aligning with new regulations, like updates to the CDSA and PSN02.

The post The CDSA in Singapore: Everything you need to know appeared first on ComplyAdvantage.

We’ve summarized the key developments:

• Changes to the grey list.
• Increasing beneficial ownership transparency globally.
• Leveraging digital transformation: Virtual assets.
• Payment transparency.
• Protecting non-profit organizations from abuse for terrorist financing.
• New FATF presidency.
• Expanded statement on the Russian Federation.

#1: Kenya and Namibia added to the grey list

Kenya

Despite making progress on some recommended actions since September 2022, the FATF has added Kenya to the grey list in light of the country’s need to improve supervision, enhance preventive measures, designate an authority for regulation, and improve the use of financial intelligence.

Since being subject to increased monitoring, Kenya’s national treasury has stated it is fully committed to implementing the action plan of the FATF, stating the move will have only minimal effects on its financial stability. According to a FATF report published in 2022, Kenya is primarily at risk of terrorism financing through money flows from both within and outside its borders. Additionally, the report highlights that cryptocurrencies introduce further risks to the country.

Namibia

Namibia also committed to strengthening its AML/CFT regime with the help of the FATF and Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG). Since September 2022, the FATF noted Namibia’s progress in ensuring a common understanding of money laundering, terrorist financing, and proliferation financing risks among key stakeholders. However, the watchdog noted several key areas that required improvement, including: 

• Risk-based supervision.
• Preventive measures.
• Beneficial ownership information filing.
• Financial intelligence unit (FIU) resources.
• Operational capabilities of authorities involved in money laundering and terrorist financing investigations and prosecutions.

In contrast with Kenya’s addition to the grey list, Namibia’s Financial Intelligence Centre said that putting Namibia on the grey list could negatively impact the country’s foreign direct investment.

#2: Barbados, Gibraltar, Uganda, and the United Arab Emirates removed from the grey list

Barbados

In 2020, Barbados was added to the grey list due to a series of weak AML/CFT measures it had in place, including a lack of risk-based supervision for financial institutions (FIs) and designated non-financial businesses and professions (DNFBPs). After being satisfied with the country’s progress alongside its agreed strategic plan, the FATF removed it from the grey list in February 2024. In particular, the FATF noted Barbados’ improved measures to prevent legal persons and arrangements from being misused for criminal purposes.

Gibraltar

The FATF also welcomed Gibraltar’s significant progress in improving its AML/CFT regime, ultimately removing the country from the grey list. While Gibraltar should continue to work with MONEYVAL to sustain its improvements in its AML/CFT system, the FATF specifically highlighted two improvements:

• The country’s application of effective, proportionate, and dissuasive sanctions for AML/CFT breaches in non-bank FIs and DNFBPs sectors. 
• Pursuing final confiscation judgments commensurate with the risk and context of Gibraltar. 

Uganda

In February 2020, the FATF placed Uganda on its increased monitoring list, which prompted a series of AML reforms, including:

• The adoption of a national AML/CFT and countering the proliferation financing (CPF) strategy.
• Enhancing the use of mutual legal assistance.
• Maintaining robust reporting methods and statistics.
• Implementing risk-based supervision of the financial and DNFBP sectors and establishing procedures to trace and seize proceeds of crime. 

As a result of these reforms, the FATF removed Uganda from the grey list.

The United Arab Emirates (UAE)

Kumar also acknowledged the UAE’s significant progress in enhancing its AML/CFT regime to meet the commitments in its action plan to address the strategic deficiencies identified by the FATF in February 2022. 

The UAE achieved this by:

• Increasing outbound mutual legal assistance (MLA) requests.
• Enhancing its understanding of money laundering and terrorist financing risks.
• Developing a better understanding of the risk of legal persons being abused.
• Providing additional resources to its FIU.
• Increasing investigations and prosecution of money laundering
• Ensuring effective implementation of targeted financial sanctions (TFS).

As a result of these improvements, the UAE is no longer subject to the FATF’s increased monitoring process. However, the FATF noted that the UAE should continue to collaborate with the Middle East and North Africa Financial Action Task Force (MENAFATF) to maintain its progress in its AML/CFT system.

#3: Strategic initiatives

Echoing Kumar’s objectives presented at the first plenary under his presidency in June 2022, the FATF discussed multiple strategic initiatives, including improving beneficial ownership transparency and countering illicit finance related to cyber-enabled crime. 

Increasing beneficial ownership transparency globally

The FATF has updated its guidelines on beneficial ownership and transparency of legal arrangements following revisions to recommendation 25, which were adopted in February 2023. The updated guidance aims to help stakeholders assess and mitigate money laundering and terrorist financing risks and complements existing guidance on legal persons. 

The FATF’s strengthened standards will aid in identifying corrupt individuals, sanctions evaders, money launderers, and tax evaders who conceal their criminal activities. The guidance will be published at the end of February 2024.

Leveraging digital transformation: Virtual assets

Closing the plenary, Kumar highlighted that many countries have not fully implemented the FATF’s revised recommendation 15. As a result, there are significant loopholes that are being exploited by criminals and terrorists due to the borderless nature of virtual asset activity. 

In February 2023, the FATF agreed on a roadmap to strengthen the implementation of the FATF standards on virtual assets and virtual asset service providers. The FATF conducted a stocktake of current implementation levels across the global network and agreed to publish an overview of the steps taken by FATF and FATF-style regional bodies (FSRB) member jurisdictions. 

This overview will include the most significant virtual asset activity regarding trading volume and user base, as well as the regulatory and supervisory measures taken to address AML/CFT concerns for virtual asset service providers (VASPs). Kumar explained that this exercise aims to help the FATF network regulate and supervise VASPs for AML/CFT purposes and encourage jurisdictions to implement recommendation 15 fully.

Payment transparency

The FATF also proposed amendments to recommendation 16 – which aims to improve the transparency and traceability of transactions – to keep up with the fast development of cross-border payment systems and changing industry standards. These revisions aim to make cross-border payments quicker, cheaper, transparent, and inclusive while ensuring AML/CFT compliance. 

Kumar noted that the revisions, which will be released for public consultation, will also ensure that FATF recommendation 16 remains technology-neutral. 

Protecting non-profit organizations from abuse for terrorist financing

In October 2023, the FATF changed recommendation eight to safeguard non-profit organizations (NPOs) from potential terrorist financing abuse. The revisions clarified that the recommendation only applies to NPOs that fall within the FATF definition. At the same time, the FATF updated its best practices to help countries, FIs, and the non-profit sector understand how to protect vulnerable NPOs from abuse for terrorist financing while still allowing legitimate NPO activities to continue.

Following this plenary session, the FATF has agreed to update its assessment methodology for the upcoming round of mutual evaluations. This update will further clarify the obligations to apply risk-based measures to protect NPOs most vulnerable to potential terrorist financing abuse. 

#4: New FATF presidency

Ms. Elisa de Anda Madrazo of Mexico was also appointed as the next President of the FATF for a two-year term. Ms de Anda Madrazo, who served as FATF Vice President from July 2020 to June 2023, will assume her duties on July 1, 2024, a day after the two-year Presidency of Mr. T. Raja Kumar ends.

#5: Expanded statement on the Russian Federation 

Following Russia’s invasion of Ukraine in 2022, the FATF issued a statement expanding their previous statement from February 2023. The watchdog noted continued concern over the risks posed by the Russian Federation, including growing economic connectivity with countries subject to FATF countermeasures, proliferation financing, and malicious cyber activities. Due to the severity of these risks, the FATF urged members to continue taking proactive measures to safeguard themselves and the global financial system. 

Next Steps

Compliance staff should ensure they are familiar with the outcomes of the February plenary – particularly relating to any upcoming MERs in countries they operate in. Regarding the changes to the grey list, firms must update the risk scores of relevant countries, with appropriate levels of due diligence being administered as required going forward. 

Dates related to forthcoming guidance issued by the FATF should also be noted. Such guidance will help shape and inform the future regulatory approach national bodies take.

The next FATF plenary is due to take place in June 2024.

Previous plenary coverage from ComplyAdvantage can be found here:

• FATF plenary October 2023
• FATF plenary June 2023
• FATF plenary February 2023
• FATF plenary October 2022
• FATF plenary June 2022
• FATF plenary March 2022

The post FATF plenary February 2024: Key takeaways and initiatives appeared first on ComplyAdvantage.

What is the AML/CTF Act?

The AML/CTF Act establishes a robust framework that mandates financial institutions (FIs) and other designated entities to implement preventative measures to detect and deter activities that could facilitate money laundering or fund terrorist acts. It achieves this through a multifaceted approach that includes customer due diligence (CDD), suspicious transaction reporting, and ongoing monitoring. By requiring entities to implement stringent compliance measures, the act aims to create a resilient financial system that is less susceptible to exploitation by criminal enterprises. 

The act has undergone multiple updates since its introduction in 2006 as regulators strive to keep up with emerging threats and vulnerabilities. Regulatory bodies, such as the Australian Transaction Reports and Analysis Centre (AUSTRAC), play a critical role in supervising and enforcing compliance. 

For example, in April 2023, the Australian government announced a formal public consultation into proposed AML/CFT Act reforms. The reforms aim to extend the act to cover other high-risk entities, including lawyers, trust and company service providers, accountants, real estate agents, and precious metals and stones dealers – also known as designated non-financial businesses and professions (DNFBPs). The government plans to hold roundtable discussions with key stakeholders and sectoral-specific discussions alongside the public consultation.

As financial crime trends and compliance technology evolve, the AML/CTF Act will remain a dynamic instrument to align with the country’s wider Tranche 2 reforms.

The key requirements of the AML/CTF Act

Obligations under Australia’s AML/CTF Act include:

• Enroll with AUSTRAC as a reporting entity, a remittance service provider, or a digital currency exchange provider (as applicable).
• Develop and maintain an AML/CTF compliance program that is independently reviewed.
• Appoint an AML/CTF officer and carry out appropriate training.
• Carry out ongoing money laundering risk assessments.
• Conduct employee due diligence, know your customer (KYC), and enhanced due diligence (EDD), where applicable.
• Carry out ongoing transaction monitoring and report suspicious transactions to AUSTRAC; transactions of $10,000 or more must be reported. 
• Identify ultimate beneficial ownership (UBO) and monitor politically exposed persons (PEPs).
• Keep customer AML records for at least seven years.
• Report annually to AUSTRAC – this is “vital in understanding and stopping the flow of illicit funds into, out of, and within Australia.”

Who must comply with the AML/CTF Act?

An entity offering services listed in section 6 of the AML/CTF Act must comply with the act. These include: 

• Banks.
• Building societies.
• Credit unions.
• Buying or selling bullion.
• Casinos.

A Guide to AML for Australian FinTechs

Uncover the core compliance responsibilities that arise from Australia’s AML/CTF regime and how FinTechs should respond using a risk-based approach.

Download now

The penalties for non-compliance with the AML/CTF Act

Obligated entities failing to meet their compliance obligations may face monetary penalties, which can be substantial. Civil penalties for breaches range from hundreds of thousands to millions of dollars, depending on the severity of the violation. As of January 2024, civil penalty orders of up to 20,000 penalty units can be issued, with each unit worth $313. 

In cases of serious non-compliance or repeated offenses, regulatory authorities may take enforcement actions beyond monetary fines. This can include injunctions, suspension, or revocation of licenses, which can significantly impact an entity’s ability to operate.

Furthermore, the reputational damage associated with AML/CTF violations can be severe, affecting customer trust and relationships. AUSTRAC and other regulators in the country – the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA) – urge firms to establish robust compliance frameworks to avoid these penalties and contribute to the broader effort of combating money laundering and terrorism financing. The penalties aim not only to punish non-compliance but also to serve as a deterrent, reinforcing the importance of maintaining strong AML measures.

How can Australian firms comply with the AML/CTF Act?

Australian firms can ensure compliance with the AML/CTF Act by implementing comprehensive measures to detect and prevent illicit financial activities. Key steps for compliance include:

• Conducting a thorough risk sssessment to identify and understand the specific money laundering and terrorism financing risks associated with the business.
• Develop and implement a risk-based AML/CTF program tailored to the firm’s risk profile. This should include policies, procedures, and controls to address identified risks.
• Perform due diligence on customers to verify their identity and assess the risk they pose. This involves understanding the nature of the customer’s business, monitoring transactions, and updating customer information as necessary.
• Provide ongoing training to employees to ensure they are aware of AML/CTF obligations and can effectively implement the established policies and procedures.

Appoint a designated AML/CTF Compliance Officer responsible for overseeing the firm’s compliance efforts and liaising with regulatory authorities.

Firms should also familiarize themselves with AUSTRAC’s 2024 regulatory priorities. Firms should be aware of the following areas that may influence future legislative changes, which are split into “enduring priorities” and “areas of increased regulatory focus”:

• Enduring priorities:
  • Mitigating and managing money laundering and terrorist financing risk.
  • Ensuring reporting entities have effective AML/CTF programs that set out how they will comply with the AML/CTF Act and AML/CTF Rules.
  • Ensuring relevant matters are reported to AUSTRAC, including international funds transfer instructions, threshold transaction reports, and suspicious matter reports.
  • Closely monitoring high-risk sectors, namely banking, gambling, and remittance.

• Areas of increased regulatory focus:
  • Digital currency exchanges.
  • Payment platforms.
  • Bullion.
  • Non-bank lenders and financiers.

The post The AML/CTF Act in Australia appeared first on ComplyAdvantage.

To deter such activity, Congress deemed federal legislation necessary to collect beneficial ownership information (BOI) for entities formed under US state laws. Known as the Corporate Transparency Act, this legislation was passed by Congress in January 2021 and came into effect on January 1, 2024.

What is the Corporate Transparency Act?

The Corporate Transparency Act (CTA) is a US federal law aimed at increasing transparency in corporate ownership. The regulation requires certain individuals who establish a company in the United States to provide the Financial Crimes Enforcement Network (FinCEN) with specific information relating to the company’s beneficial owner(s), including:

• Full name.
• Date of birth.
• Current address.
• A distinctive identification number, such as from a passport or driver’s license.

Those subject to the law, known as “reporting companies”, must also update FinCEN with any changes to previously reported information. 

The CTA falls under the scope of the Anti-Money Laundering Act of 2020 (AMLA) and is part of the National Defense Authorization Act 2021 (NDAA), which required FinCEN to create a beneficial ownership registry that would oblige over 32 million businesses to file details of their beneficial owner with the US government.

How did the CTA come about?

Prior to the CTA, multiple legislative proposals were introduced to Congress to address the lack of transparency in corporate ownership. These proposals, including the 2008 Incorporation Transparency and Law Enforcement Assistance Act (ITLEA), aimed to require companies to disclose information about their beneficial owners to government agencies. However, ITLEA and the similar bills that followed were not passed into law as some argued that regulation of business entity formation within the US should remain a state matter. 

To help close the gap in US AML legislation that remained, FinCEN introduced the Customer Due Diligence (CDD) Final Rule in 2016 as an amendment to the Bank Secrecy Act. This set out an extended range of CDD obligations for certain financial institutions (FIs), including a new requirement of establishing ultimate beneficial ownership. 

However, since the CDD Final Rule did not require the establishment of a centralized corporate registry, the US Congress began holding more hearings to address the persisting corporate transparency issue. Combined, these hearings helped provide the necessary momentum for the CTA’s passage. 

What are the objectives of the CTA?

The CTA aims to enhance AML efforts by improving transparency and accountability in corporate ownership structures. Its primary objectives include:

• Beneficial ownership disclosure: Require reporting companies to report information about their beneficial owners to FinCEN.
• Prevent illicit activities: Combat money laundering, terrorist financing, tax evasion, and other financial crimes by providing law enforcement with access to BOI.
• Enhanced data collection: Improve the accessibility and accuracy of BOI to facilitate investigations and enforcement efforts.
• Streamlined compliance: Simplify the process for firms to comply with their reporting requirements while maintaining data security and privacy.
• National security: Enhance national security by identifying and tracking entities with opaque ownership structures that may pose a risk. 

Webinar: How to Enhance SMB Onboarding Efficiency with KYB

Uncover the impact of the Corporate Transparency Act on US reporting entities.

Watch on Demand

Who needs to comply with the Corporate Transparency Act?

Reporting companies must comply with the CTA, which, according to the AMLA, refers to any corporation, limited liability company (LLC), or other similar entity that is:

1. Created by filing a document with the secretary of state or similar office in a state or Indian tribe under their respective laws, or;
2. Formed under the law of a foreign country and registered to do business in the US by filing a document with the secretary of state or similar office under the laws of a state or Indian tribe.  

This includes C-corporations, S-corporations, domestic and foreign LLCs, general partnerships, limited partnerships, and business trusts. 

Who is exempt from complying with the CTA?

The CTA outlines 23 exemptions and exceptions to some of these legal entities, including:

• Securities reporting issuers.
• Governmental authorities.
• Banks.
• Credit unions.
• Depository institution holding companies.
• Money services businesses.
• Brokers or dealers in securities.
• Securities exchanges or clearing agencies.
• Other Exchange Act registered entities.
• Investment companies or investment advisers.
• Venture capital fund advisers.
• Insurance companies.
• State-licensed insurance producers.
• Commodity Exchange Act registered entities.
• Accounting firms.
• Public utilities.
• Financial market utilities.
• Pooled investment vehicles.
• Tax-exempt entities.
• Entities assisting tax-exempt entities.
• Large operating companies.
• Subsidiaries of certain exempt entities.
• Inactive entities.
  

What are the benefits and challenges of the Corporate Transparency Act?

Beyond being a moral obligation, there are compelling business reasons to prioritize transparency, particularly with regard to governance and anti-corruption measures. When it comes to the CTA, firms and authorities may experience the following benefits:

• Ease of access to information: Creating a national beneficial ownership database will make it easier for authorities to access and cross-reference corporate ownership information and enhance accountability among US companies.
• Reduced risk of fraudulent activity: The CTA plays an important role in the Biden administration’s strategies for countering corruption and combating terrorist and other illicit financing by making it harder for individuals to use shell companies and anonymous corporations to hide their income and assets. 
• Aiding law enforcement: The CTA helps national security agencies assess potential threats and vulnerabilities by identifying who controls and benefits from corporations.
• Investor confidence: In light of enhanced BOI disclosures, improved due diligence, and additional legal protections – such as penalties for non-compliance – the CTA is expected to boost investor confidence by reducing risks associated with hidden ownership and illicit financial activities. 

However, the CTA can create challenges for some firms, particularly smaller businesses that may not have an existing infrastructure in place to meet the new reporting requirements. Specific challenges may include:

• Data collection: Gathering accurate and up-to-date information about beneficial owners can be challenging, especially when dealing with complex corporate structures or multinational companies.
• Data privacy: Balancing the need for transparency with privacy concerns of beneficial owners can be delicate. Some entities may resist disclosing their ownership stakes for personal or security reasons. 
• Administrative requirements: Compliance with the CTA can impose an administrative burden on firms, particularly smaller businesses or start-ups without dedicated compliance departments.

To address these challenges, firms should seek legal counsel, invest in Know Your Business (KYB) compliance tools and training, and stay informed about updates to the CTA and related regulations. For challenges specific to the US real estate industry, compliance professionals can consult our Guide to AML/CFT Reforms, which discusses the implications of the CTA on the sector in detail. 

KYB is broken: We’re partnering with Detected to fix it

Discover how Detected and ComplyAdvantage are revolutionizing KYB processes to deliver faster, smarter, and more efficient compliance solutions.

Learn more

How can companies comply with the Corporate Transparency Act?

While the new reporting requirements will come into effect in early 2024, new and existing entities will have different reporting deadlines. Companies that are already established had to submit their initial report to FinCEN by January 1, 2025, whereas companies formed after January 1, 2024, have only 30 days to file. 

For those who fail to comply with the reporting requirements or knowingly provide false or fraudulent information, the regulation establishes criminal and civil penalties of $500 per day (up to $10,000) and imprisonment for up to two years.

For additional guidance on how to comply with the CTA, smaller entities can also review FinCEN’s BOI compliance guide.

Maintaining corporate transparency through comprehensive due diligence

In addition to reporting BOI information to FinCEN, firms can help establish their corporate customers’ ownership structure by deploying suitable know your customer (KYC) measures as part of their anti-money laundering and combatting the financing of terrorism (AML/CFT) solutions. In practice, this should include:

• Customer due diligence (CDD): Firms should collect identifying information about their customers, including the names and addresses of company directors and company incorporation details.
• Transaction monitoring: By monitoring transactions, firms can identify shell companies and be vigilant for unusual transaction patterns or transactions involving high-risk countries.
• Adverse media: News stories may indicate that customers are involved in UBO-related money laundering offenses before official sources reveal the same information. Firms should implement negative news screening on an ongoing basis for adverse news stories that involve their customers.
• Sanctions screening: Customers who are subject to international sanctions may use shell companies to access financial services. Therefore, firms should screen high-risk customers against the relevant sanctions lists.
• PEP screening: Politically exposed persons (PEP), such as government officials or politicians, pose an elevated AML risk and may attempt to use shell companies to conceal their identities. Firms should screen their customers to establish their PEP status.
• Corporate screening: Firms must confirm the legitimacy of a company before entering into a business relationship with them. Once the business has been onboarded, ongoing KYB verification checks are performed periodically to ensure any changes in the entity’s risk profile are captured. 

The post What is the Corporate Transparency Act (CTA)? appeared first on ComplyAdvantage.