Money laundering and terrorist financing are constant and growing concerns on a global scale as they pose  a serious threat against the financial system and its institutions, and by extension also against the economy and public security. It is estimated that 2-5% of the global GDP is laundered on an annual basis, which is equivalent to Germany's GDP. 

Combating money laundering and terrorist financing is a question of sustainability, as expressed in UN’s Sustainable Development Goal 16.4: “By 2030 significantly reduce illicit financial and arms flows, strengthen recovery and return of stolen assets, and combat all forms of organised crime.”

Law enforcement authorities shouldn't be left alone fighting against money laundering. Business and civil society have both responsibility and the opportunity to be part of the solution.

Financial institutions, online gaming companies and cash-intensive businesses are particularly exposed to the risk of money laundering or terrorist financing. These company types are examples of obliged entities under AML (Anti-Money Laundering) rules and regulations, with legal obligations to implement measures to prevent themselves from being used for criminal activities.

The basis of effective AML work begins with a good understanding - understanding of one's risks, threats and vulnerabilities, with the general risk assessment being of the utmost importance. The general risk assessment is the most important component of a company’s AML Program, and at the same time, quite often the most misunderstood document in an organisation’s  AML Program. 

The purpose of the general risk assessment is for companies to identify and assess their money laundering and terrorist financing risks for customers, countries or geographic areas; and products, services, transactions or delivery channels.

One of the most challenging aspects of creating an efficient and effective AML Program is to connect the risks identified in the general risk assessment to all relevant business processes, not only once but on an ongoing basis. 

Thus, a thorough understanding is a prerequisite for good ability and efficiency. A common thread from the risk assessment out into the business is a good indicator that understanding and ability meet each other. In this context, ability means how to set one’s understanding into practice, it can be compared to a sports team's game plan and line-up. 

When it comes to ability, how one decides to organise is an important part of that equation and every company has different opportunities and challenges as well as desires when it comes to it. 

In light of the risk that the general risk assessment remains as a paper product or that there is no common thread from the general risk assessment throughout the AML Program, it is of importance to organise in a way that integrates AML expertise across all areas of a company and ensure that risk factors are identified and the relevant risk mitigation steps are made/taken immediately. 

It is common in AML programs to focus on centralising on front office or back office as different relevant game plans or line-ups, all with their advantages and disadvantages, but all with the common denominator that AML expertise to some extent is isolated, which can be of detriment to the business as a whole. Rather, it is beneficial to interconnect front- and back offices with the rest of the rest of the organisation. 

Jonathan Hjelmåker, Head of Operations and Anti-Money Laundering at Zimpler.Jonathan Hjelmåker, Head of Operations and Anti-Money Laundering at Zimpler.

With such an approach, one is able to cut across organisational silos and establish accountability and ownership lines to ensure a common thread from the general risk assessment and sound risk management and governance. It also means that no one can say that AML is someone else's responsibility, rather that it is everyone’s responsibility and one way to set up a game plan to get the most out of one’s ability.

Here, one can take inspiration from the principle of privacy by design that was first expressed in the 1970s and now governed by article 25 of GDPR. Privacy by design means that technical and organisational measures are taken already at the time of planning a processing system to protect data safety. Behind this is the thought that data protection in data processing procedures is best adhered to when it is already integrated in the technology when created.

To effectively manage and mitigate one’s risk of being used for money laundering or terrorist financing, companies must invest focus, time and resources on understanding and ability.

Jonathan Hjelmåker is Head of Operations and Anti-Money Laundering at Zimpler, a next-generation fintech company with offices in Sweden, Malta and Brazil.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.