AML (Anti-Money Laundering) Controls: Requirements, Regulation, and Implementation

Controles Anti-Blanqueo pagando con tarjeta de crédito | Anti-Money Laundering controls paying with credit card


    icon newsletter
    Get the latest news right in your inbox

    AML controls and procedures are put in place so that companies can operate in the marketplace under the relevant regulatory standards. This is especially notable, and of great importance, in the banking and financial sectors.

    Today's regulatory environment is constantly changing and it is important that both major financial institutions and any players in this sector and related industries are aware of the restrictions that may arise from potential penalties for malpractice in their processes and systems.

    Regulatory Compliance

    Many companies lack sufficiently mature policies and processes, and the technology to implement them, and are unable to meet Anti-Money Laundering requirements.

    While compliance is already a reality in many companies, not all comply with the specific sets of procedures and best practices that must be implemented to identify and classify legal and operational risks, being money laundering one of the main ones.

    What is AML (Anti-Money Laundering)?

    AML is the acronym for Anti-Money Laundering. This term is commonly used in the areas related to finance and regulatory compliance to define the standardized processes that companies in these sectors use to prevent their customers, when using their products and services, from laundering money. 

    Identifying suspicious behaviour is crucial to mitigate the risk of it becoming an illegitimate activity. Establishing concrete AML policies and controls will prevent potential offenders from ever committing a money laundering-related crime. 

    While this is important in all areas, in the online or remote environment it is of particular importance, as this is the place where companies are most exposed to this type of risk. This has not gone unnoticed by the public authorities, who have regulated accordingly, establishing very specific AML praxis for this scenario.

    Concealing the illicit origin of income is, due to identity fraud, a practice that occurs on more occasions than we imagine. Thus, AML has a great ally, the KYC process, as an essential control in any money laundering prevention strategy.

    AML (Anti Money Laundering), as a concept, is closely related to others that support it or are a fundamental part of the controls carried out:

    KYC (Know Your Customer)

    The main way for criminals to launder money is through identity fraud. KYC and AML, together, came to solve this problem. The KYC (Know Your Customer) process consists of a series of steps to verify a customer's identity.

    Corroborating that a person who wishes to open a bank account, take out insurance or make investments is who he/she says he/she is, and establishing an exhaustive process to verify their identity before allowing the customer to operate, is the AML control par excellence and the one alluded to in all AML regulations. Identity verification makes it possible, today, to open a bank account in minutes instead of days or weeks if the proper standards are met.

    People who have already verified their identity searching on Internet

    Due Diligence

    Due Diligence, or Due Diligence, is the concept used to refer to the set of investigations that are carried out on a natural or legal person before entering into a contractual relationship or carrying out any type of joint operation.

    Although it is a term generally used to refer to a company's purchasing process, it is also used to work with suppliers. It is closely related to KYB (Know Your Business).

    Similarly, and now fully related to AML and KYC, when the term is used as CDD (Client Due Diligence) it does act as a synonym for KYC and AML controls. As part of AML controls, the background check is one of the most common practices within all controls to prevent money laundering and is often associated with CDD.

    How to carry out AML (Anti Money Laundering) checks

    In general, businesses and institutions that are subject to AML regulations and must establish procedures to comply with them have two options available to them for carrying out checks and verifications:

    • In-house: businesses can opt to set up teams that go to official listings to perform, for example, background checks, although this is not very productive. Regarding identity verification, it is costly and takes years of development to create polished tools that work properly and meet the technical standards required by regulation. For these reasons, the number of financial institutions and FinTech companies developing in-house AML tools of their own is testimonial, and with not very encouraging results.
    • By a Trust Services Provider: On the other hand, companies can turn to third parties to establish AML policies, strategies, and techniques. These providers often have technology and tools developed specifically to be implemented in the processes and systems of the organizations that need them and are, for example, able to obtain automated AML scores from users in seconds. In addition, some vendors not only provide tools to perform AML checks but are also able to detect other risks in addition to optimizing all company processes.

    RegTech's contribution to Anti-Money Laundering

    RegTech, Regulation Technology, is the union between cutting-edge technological solutions for the digitization of processes and compliance with the legal and regulatory framework by businesses and organizations.

    Technology has been able to completely eliminate the bureaucracy of having to carry out complex controls to comply with the laws that affect the activity of companies and the frictions that these cause in the processes and operations. 

    Automated AML systems

    USB security key with automated AML

    Process automation has come to AML in full force, both to eliminate mechanical and bureaucratic tasks and to create new ways of performing previously unthinkable AML controls. Here are just a few examples out of hundreds that could be cited:

    • IT security: cybersecurity is another key point to work on when establishing AML policies. Processes must be secure and encrypted so that those attempting to launder money cannot find loopholes through which to circumvent controls.
    • Document verification: Automated verification of documentation, and its digitized processing, including identity documents has completely changed one of the most tedious procedures within money laundering prevention.
    • Digital onboarding: The onboarding process in banking, finance, and related fields is the crucial moment in preventing fraud, especially online. Automated identity verification solutions based on artificial intelligence and machine learning turn this complex process from weeks to minutes if they meet the standards defined by regulation.
    • AML scoring: Automating the management of AML per customer, in an individualized, segmented, and cross-referenced way would be impractical if it were not for the RegTech solutions developed for this purpose. 

    Digitizing the fraud prevention strategy and anti-money laundering controls is, today, an imperative that the financial sector is aware of. As a result, and thanks to the rise of RegTech and Fintech, the sector can grow while offering the best frictionless experience to its customers.

    A tour of the most relevant AML regulations

    AML4, AML5 and AML6

    AML4 (or 4AMLD, Fourth Anti-Money Laundering Directive), passed in 2015, started the way by establishing very concrete assessment guidelines for risks in the legal, banking, financial and related industries, addressing guidelines for conducting AML processes internationally. In other words, thanks to AML4 a company from one particular country can operate in another if it complies with the relevant standards.

    However, it was not until AML5 came into force (2018), and with effective enforcement from 2020, that a single space was created, together with eIDAS (electronic IDentification, Authentication and trust Services) in which companies can operate securely, confidently and fully digitally and remotely. These standards regulate identity verification and the onboarding process in many sectors, with very specific technical standards that must be met.

    AML5, or 5AMLD, introduces the obligation of secure and certified identification of account holders in companies in the financial, banking, insurance, investment and related sectors. Thus, it expands the subjects obliged to comply with AML and incorporates e-wallet services, art dealers or cryptocurrency trading platforms. Not adapting to AML was no longer an option.

    Just a few months later, at the end of October 2018, AML6 was approved, an update to the AML rules contained in 5AMLD and to which companies must have adapted by June 3, 2021. Otherwise, they are at serious risk of being sanctioned and is that one of the major introductions of the new AML6 directive focuses on the corporate responsibility of companies

    This latest amendment makes legal entities liable for the possible "lack of supervision or control" since they are in a leading position. Because of this, companies must have a decided AML strategy and their own tools in place to execute it in order to operate in the market safely. In all states, the laws clearly indicate how to proceed and what controls must be in place regarding AML.

    Adapt to AML with Tecalis in a simple, agile and accessible way.

    In any case, Anti-Money Laundering regulations should not be seen as a blockage or difficulty, but as an opportunity. Thanks, for example, to AML6, any company can offer its products and services without additional investment to 508 million consumers in an agile and secure way. The standardization of customer onboarding is driving the growth of hundreds of businesses and facilitating their expansion into other markets where they would otherwise not have been able to operate.

    Other regulations

     Lawyers talking about other AML regulations

    Leaving aside laws that affect several countries (such as the views that affect the entire European Union), each state regulates on its own by creating laws for the prevention of money laundering and terrorist financing. In EU member states, these laws are linked to AML5, although some even legislate further. 

    Leaving aside the European continent, as we have been saying, each country has its own laws in this area and it is usually the central banks that set the guidelines to be followed. It is important to have a RegTech partner to advise the legal and compliance departments of companies on how to comply with AML regulations in the country in which the business operates and establish processes to adapt to them.

    We help to comply with AML regulations around the world

    Newsletter icon

    Get the latest news right in your inbox


    Trust, identity and automation services

    Tecalis creates disruptive digital product to make the most innovative companies grow and evolve. We drive growth and digital transformation processes to bring the future to businesses today.

    KYC (Know Your Customer) Video Identity Verification, Digital Onboarding and Authentication (MFA/2FA) solutions and services enable our customers to provide their users with an agile and secure experience.

    Our RPA (Robot Process Automation) software enables the creation of sustainable, scalable, productive and efficient business models through BPM (Business Process Management), allowing unlimited growth.


    Advanced and Qualified Electronic Signature and Certified Communication services (Electronic Burofax) allow customer acquisition, contracting and acceptance processes that used to take days or weeks to be completed and approved in minutes or seconds.

    Customer Onboarding (eKYC), Digital Signature (eSignature) services and Automated Fraud Prevention are making it possible for companies to operate online and without borders.


    As an EU-certified Trust Services Provider and an established RegTech partner, we help organizations comply with the most demanding regulatory standards in their sector and region, including AML (Anti-Money Laundering), eIDAS (Electronic IDentification, Authentication and etrust Services), GDPR (General Data Protection Regulation), SCA (Strong Customer Authentication) or PSD2 (Payment Services Directive) regulations thanks to Tecalis Anti-Fraud Controls and Document Verification.