Last reviewed July 12, 2026 · 8 min read · Written for compliance and risk professionals · By the WhoWiki editorial team
Key takeaway: AML is the laws and controls that stop criminals disguising illegal money, built around customer checks, monitoring, and reporting.
Anti-money laundering (AML) is the set of laws, rules, and checks that stop criminals from disguising illegal money as legitimate funds. Banks and other regulated firms run AML programs to verify customers, monitor transactions, and report suspicious activity to the authorities.
Key takeaways
- AML is the framework of laws and controls that detects and prevents money laundering.
- An AML program covers risk assessment, customer checks, monitoring, reporting, and training.
- AML and KYC are linked: KYC is the customer-identity part of a wider AML program.
- US rules come from the Bank Secrecy Act, FinCEN, and OFAC; the FATF sets the global standard.
- AML failures are expensive: TD Bank paid about $3 billion to US authorities in 2024.
- Core AML checks include sanctions, PEP, and adverse media screening plus customer risk rating.
On this page
What it isAML vs KYCWhat a program includesLaws and regulatorsWhat an AML check involvesWhy it mattersFAQsRead more
1989
Year the FATF was founded to set global AML standards
Source: FATF
$3B
Paid by TD Bank to US authorities over AML failures (2024)
Source: US Department of Justice
$800B to $2T
Laundered globally each year that AML aims to stop
Source: UNODC
What is anti-money laundering (AML)?
Anti-money laundering is everything firms and governments do to stop criminals cleaning dirty money. It combines laws, regulations, and day-to-day checks inside banks, payment firms, and other regulated businesses.
The point is to catch money laundering before or as it happens, then report it. A firm that ignores this risk can face fines, license loss, and criminal liability for its officers.
Read more: see how a real program comes together in how to build an AML program.
AML vs KYC: how they fit together
AML is the wider program. KYC is one part of it. People often use the terms as if they mean the same thing, but they do not.
- KYC confirms who a customer is and how risky they are.
- AML is the whole system: KYC plus monitoring, reporting, training, and governance.
| KYC | AML | |
|---|---|---|
| Scope | Customer identity and risk | The full anti-laundering program |
| When | Mostly at onboarding and review | Continuous, across the customer life |
| Includes | ID checks, risk rating, screening | KYC plus monitoring, reporting, training |
Read more: the practical side of KYC is covered in our KYC onboarding guide.
Check how ready your AML setup is
Get an indicative read on your money laundering exposure across customers, products, channels, and geographies.
What an AML program includes
An AML program has a few standard parts that regulators expect to see. Miss one and the whole control set gets weaker.
- Risk assessment. A written view of where the firm’s laundering risk is highest.
- Customer due diligence. Verifying identity and assigning a customer risk level.
- Transaction monitoring. Flagging unusual activity for review.
- Suspicious activity reporting. Reporting suspicion to the authorities.
- Independent testing. Checking the controls actually work.
A named officer owns the program, and staff get regular training.
Key AML laws and who enforces them
AML rules differ by country, but the shape is similar everywhere. Most trace back to the FATF standard, then get written into national law.
- United States. The Bank Secrecy Act of 1970 and the USA PATRIOT Act, administered by FinCEN, with OFAC running sanctions.
- United Kingdom. The Proceeds of Crime Act 2002 and the Money Laundering Regulations 2017, supervised by the FCA.
- European Union. The AML directives and the 2024 package that created the AMLA supervisor.
- Global standard. The FATF, founded in 1989, with 40 Recommendations used across more than 200 jurisdictions (FATF).
A country that falls short can land on the FATF grey list, which raises costs for its banks. Read more:the FATF 40 Recommendations explained.
Start your AML policy in minutes
Answer a short set of questions and generate a tailored AML policy draft you can adapt and keep for your records.
What an AML check involves
An AML check confirms a customer is who they say they are and is safe to deal with. It runs at onboarding and again when risk changes.
- Verify identity. Confirm the customer with reliable documents or data.
- Screen the name. Check against sanctions lists, PEP data, and adverse media.
- Apply deeper checks. Use enhanced due diligence for higher-risk cases, including source of funds.
- Rate and monitor. Assign a risk level, then re-screen as lists and circumstances change.
Use the tool:Combined AML Screening runs sanctions, PEP, and adverse media in one search and shows the source and date.
Why AML matters
AML matters because the cost of getting it wrong is high, and it is rising. Fines, remediation, and lost banking relationships add up fast.
In 2024, TD Bank agreed to pay about $3 billion to US authorities, including a record $1.3 billion FinCEN penalty, over Bank Secrecy Act failures (US Department of Justice, 2024). Beyond fines, weak AML lets the money behind trafficking, fraud, and corruption move freely.
Screen a customer before you onboard
Run one search across sanctions, PEP, and adverse media sources and see the result with its data source and date.
Frequently asked questions
What is AML in simple terms?
AML, or anti-money laundering, is the set of laws and checks that stop criminals turning dirty money into clean-looking funds. Banks and other regulated firms verify customers, watch transactions, and report anything suspicious. The aim is to catch money laundering early and keep criminal money out of the financial system.
What is the difference between AML and KYC?
KYC is part of AML. Know your customer covers verifying a customer’s identity and risk level. AML is the wider program that also includes transaction monitoring, suspicious activity reporting, staff training, and governance. KYC answers who the customer is, while AML manages the whole laundering risk around them.
What are the pillars of an AML program?
A standard AML program has five parts: a risk assessment, customer due diligence, transaction monitoring, suspicious activity reporting, and independent testing. A named compliance officer owns the program and staff receive regular training. Regulators expect all of these to work together, not in isolation.
Who regulates AML in the United States?
FinCEN, part of the US Treasury, administers the Bank Secrecy Act and receives suspicious activity reports. OFAC runs sanctions programs. Banking regulators such as the OCC and the Federal Reserve examine banks for AML compliance. The FATF sets the international standard that US rules follow.
What is an AML check?
An AML check confirms a customer’s identity and screens them for risk. It usually verifies ID documents, then checks the name against sanctions lists, politically exposed person data, and adverse media. The result is a risk rating that decides how closely the firm monitors that customer over time.
What does an AML analyst do?
An AML analyst reviews alerts from monitoring systems, investigates unusual transactions, and decides whether to escalate or file a report. They gather evidence, document decisions, and support the money laundering reporting officer. The role sits at the front line of spotting suspicious activity inside a regulated firm.
Is AML the same as KYC?
No. KYC is the customer-identity part of a broader AML program. A firm can complete KYC and still lack proper monitoring, reporting, or governance. Treating the two as identical is a common mistake that leaves gaps regulators look for during an examination.
What are AML red flags?
AML red flags are warning signs of possible laundering, such as cash deposits just under reporting limits, rapid movement of funds with no clear purpose, reluctance to provide identity documents, or wealth that does not match a customer’s profile. A single flag is not proof, but it prompts a closer look.
What laws govern AML in the United States?
The main laws are the Bank Secrecy Act of 1970 and the USA PATRIOT Act of 2001, with money laundering offenses at 18 U.S.C. 1956 and 1957. FinCEN administers reporting and OFAC enforces sanctions. Together they set the customer, monitoring, and reporting duties for regulated firms.
Why is AML important?
AML keeps criminal money out of the financial system and protects firms from fines and license loss. Weak AML lets the profits of trafficking, fraud, and corruption move freely. The cost of failure is large: TD Bank paid about $3 billion to US authorities in 2024 (US Department of Justice, 2024).
What is an MLRO?
An MLRO, or money laundering reporting officer, is the person responsible for a firm’s AML compliance. They receive internal reports of suspicion, decide whether to file with the authorities, and answer to the regulator. The role is required for regulated firms in the UK and has equivalents in other countries.
How do AML checks work?
AML checks start by verifying a customer’s identity, then screen the name against sanctions, PEP, and adverse media data. The firm assigns a risk rating and applies deeper checks for higher-risk customers. Ongoing monitoring then watches transactions and re-screens customers as lists and circumstances change.
Read more: our ultimate guides, whitepapers and templates
Related guides and resources to help you act on what you just read.