The Price of AML Failure

Avatar for John Leahy
By John Leahy Senior Product Manager
September 8th 2022 | 3 minute read

We can’t go on with suspicious fines

Are your anti-money laundering (AML) capabilities really fit-for-purpose? If the steady flow of news reports about institutions’ AML failings are anything to go by, you may not want to rest on your laurels.

Money transfer firm Wise is the latest case. It has just been hit with a $360,000 fine by Abu Dhabi’s Financial Services Regulatory Authority for its failure to “establish and maintain adequate AML systems and controls to ensure full compliance with its AML obligations.”

The Wise fine comes on the heels of a $30 million penalty meted out to Robinhood Crypto (RHC) by the New York State Department of Financial Services (DFS) for “significant violations of the Department’s anti-money laundering and cybersecurity regulations.”

Compliance deficiencies included an understaffed AML programme; insufficient resources devoted to adequately addressing company-specific risks; and failure to transition from a manual transaction monitoring system that was inadequate for Robinhood Crypto’s size, customer profiles and transaction volumes.

Suspicious activity monitoring

While the fine handed to Wise stems in large part from a lack of proper onboarding procedures (including inadequate source of funds/wealth checks), deficiencies in ongoing customer due diligence are behind the RHC case. Suspicious activity monitoring was found to be a particular weak point.

The DFS consent order notes that both federal and New York State law require financial institutions to devise and implement systems “designed to identify and report suspicious activity and block transactions prohibited by law.”

Robinhood Crypto lacked an automated AML transaction monitoring and case management capability, relying instead on a manual system that was inadequate for the job, especially given its staffing shortages. The result was a backlog of thousands of transaction processing alerts, which flag potentially suspicious transactions that need to be investigated to determine whether a suspicious activity report (SAR) should be filed.

“Transaction monitoring is a cornerstone of an effective BSA/AML program,” observed the DFS order. “It must be conducted thoughtfully, efficiently, and in a manner commensurate with institutions’ business profiles.”

In addition, RHC employed “an extremely high and arbitrary threshold amount to generate exception reports,” according to the order. As a result, only two SARs were filed in response to its transaction monitoring alerts. Such a low number is an indicator of the effectiveness of a financial institution’s monitoring programme, and is a red flag for examiners.

Activity monitoring done right

For firms that don’t want to come up short like RHC, automating suspicious activity monitoring is imperative.

By searching for suspicious transactions and changes to customer/static data, real-time activity monitoring capabilities can identify behaviours that breach users’ parameters and expose potential frauds. With the right tools, firms can spot AML risks, trigger automated alerts of suspicious activity, block accounts or transactions when suspicious events occur, and create comprehensive reports of all the suspicious activity that has taken place at a given point in time.

Automation frees staff from mundane monitoring activities so they can deal with alerts promptly. And by pinpointing issues early, monitoring tools help users respond quickly to potential issues before they become an actual breach. Automation can also ensure that suspicious activity reports are sent to the relevant regulatory body where required and within the 30-day stipulated timeframe.

AML is an increasingly complex, multi-step task that is hard to get right and costly when it goes wrong. Manual processes – whether in customer onboarding or ongoing due diligence – lack the rigour, speed and scalability financial institutions need today.

The solution is an automated, customisable AML framework that delivers real-time monitoring and can flex to different scenarios and jurisdictions’ evolving requirements. Only then can firms combat their money laundering risks effectively and stay compliant.

Deep Pool is the #1 investor servicing and compliance solutions supplier, providing cutting-edge software and consulting services to the world’s leading fund administrators and asset managers. Our flexible solution suite, developed by an experienced team of accountants, business analysts and software engineers, supports offshore and onshore hedge funds, partnerships, private equity vehicles, retail funds and regulated financial firms. Deep Pool is a global organisation with offices in Dublin, Ireland, the United States, the Cayman Islands and Slovakia. For more information, visit:



John Leahy
John has been with the Deep Pool Group since 2012. He drives product development, vision, strategy, and execution across a cross-functional team, serving 3 Fintech/Regtech products. John holds a Postgraduate Diploma in Product Management from Technological University Dublin.