How Can We Help?
Table of Contents
< Back
You are here:

What is an AML Programme

AMLCFT Programme


An AML programme represents the policies, procedures and controls that a business will apply in order to meet their commitments of managing money laundering compliance obligations.

The AML programme is required to be developed once the AML risk assessment has been completed.  This order of priority ensures that the programme addresses the risks that the assessment has identified.  Therefore if the risk assessment is inadequate then the business that is operating under that risk assessment has failed to meet its regulatory expectations.  This is why it is crucial that a business adopts the right practice for establishing their assessment.

As the AML programme represents policies, procedures and controls, it can be expected to be a comprehensive document.  Some businesses elect to have the procedures set out in a separate document.


A programme should have a contents index. This will assist staff to quickly decipher the chapter or page that they need to refer to.  It also allows an auditor and AML supervisor to gauge, at a high level, the content of the programme.  

The programme should set out what money laundering and financing of terrorism is.  Brief information will be suitable.  

An introductory paragraph of the nature, size and complexity of your business, including the products / services distributed, the number of branches and staff numbers is useful to third parties and any new employee who has taken on an AML/CFT role.  You should then set out, in summary detail, the risks that your business presents to unwittingly facilitating money laundering or financing of terrorism.  You will gain this knowledge from your AML risk assessment.


Throughout the programme you should set out the principles that your business will apply for mitigating and managing money laundering risks.  It should be made clear that your business takes its obligations seriously and that any AML compliance breaches must be reported.  

Your AML compliance officer is responsible for the ongoing maintenance of the programme.  Senior managers are also obligated to have oversight. This includes Board members.  


For every policy principle that your programme stipulates, you need to describe how this will be applied in practice.  Therefore for customer due diligence you should set out the principles as being the need verify that the customer is who they claim to be and obtaining knowledge of the nature and purpose of the customer’s relationship with your business. The procedures will set out how you achieve this objective. Examples of procedures for Know Your Customer (KYC) would include obtaining copies of relevant identity documents, such as a passport, national identity and driver licence, then independently verifying the document is valid and represents a true likeness to the customer.  You are likely to also include KYC profiling.

Customer profiling will allow your business to know the extent of risk that the customer presents and the expected volume and value of transactions / activity that customer is likely to carry out.  


The third aspect of your programme is to set out the controls that you will apply in order to meet both the policy and procedures.  An example of controls for AML training includes keeping a record of each employee that has a role linked to AML/CFT and noting when their training was last undertaken and when it is due next.  A further control for AML training may include a calendar reminder to prompt the training to commence.


A compliance obligation often overlooked is ensuring that your programme remains adequate and effective.  This can be achieved by measuring the strengths and weaknesses of each control.  AML360 has an 80 point compliance review toolkit which will ensure your business can evidence ongoing monitoring of AML compliance obligations.  It includes case management and heat maps, with easy updates.


AML risk assessments