Banks and financial institutions are mandated by authorities to adhere to strict compliance protocols to combat financial crimes. Standards-setting groups like the Financial Action Task Force (FATF) and regulatory bodies like the Financial Crimes Enforcement Network (FinCEN) have established anti-financial crime frameworks for continuous monitoring, risk assessment, and thorough customer due diligence (CDD).
Adverse media screening serves as a critical tool in this fight, not only helping to identify criminal activity and create accurate risk profiles associated with individuals and entities, but also by continuously monitoring a wide range of media for relevant negative information to help protect Moody’s customers from fines, penalties, and reputational damage.
This criticality is reflected in the alerts provided to Moody’s screening customers. Thousands of confirmed monitoring alerts related to various financial crimes including fraud, money laundering, sanctions, drug and human trafficking, and terrorism are reported to customers every day. These alerts can be used as part of ongoing monitoring and due diligence, they can support enhanced investigations, and help customers determine whether they will do business with a third party or not.
Engaging in business with a risky customer who has been, or could have been, flagged by adverse media can lead to severe repercussions.
Financial institutions have faced staggering fines, reputational damage, and even operational restrictions for non-compliance with anti-financial crime regulations. According to industry statistics, financial institutions worldwide have paid more than $10.6 billion in anti-money laundering (AML)-related fines as of 2023, and over $4 billion in the US alone in 2024, underscoring the serious financial impact of compliance breaches.
Beyond monetary penalties, executives may face personal criminal liability, while institutions risk irrevocable damage to their brand and consumer trust.
The European Union’s Sixth Anti-Money Laundering Directive (AMLD6) came into force on June 3, 2021, significantly increasing the AML accountability of financial institutions across Member States. The AMLD6 expanded the scope of criminal liability, introducing more severe penalties for money laundering offenses, and making company executives directly responsible for lapses in AML controls and measures. It also defined 22 predicate offenses for money laundering, including environmental crimes, cybercrime, and tax offenses, which institutions must monitor and report on to the relevant authorities.
One of the key aspects of AMLD6 is the aggressive expansion of liability to legal entities and company executives who aid and abet money laundering, either through negligence or deliberate actions. Penalties under AMLD6 are severe, and fines can reach into the hundreds of millions of euros. The AMLD6 has set a precedent for stricter AML oversight and amplified penalties, incentivizing financial institutions to tighten controls and increase investments in compliance systems.
FinCEN’s CDD rule
In the U.S., FinCEN enforces AML requirements through its Customer Due Diligence (CDD) Rule. This rule mandates risk-based procedures for verifying customer identities, continuously monitoring for suspicious behavior, and filing Suspicious Activity Reports (SARs). It also requires identifying beneficial owners of legal entities to prevent hidden ownership by criminals. Institutions must understand the “nature and purpose” of their customers’ businesses and continuously update risk profiles based on new information, such as adverse media hits.
FATF’s risk-based approach
The FATF sets international AML standards, advocating for a risk-based approach to financial crime prevention where financial institutions must identify, assess, and mitigate risks associated with their customers. This includes leveraging adverse media screening as part of enhanced due diligence (EDD) for high-risk clients, such as politically exposed persons (PEPs). While FATF guidelines are not legally binding, they serve as the gold standard for AML compliance globally and are incorporated into many national laws.
The Wolfsberg Group
The Wolfsberg Group is an association of 12 global banks that develops frameworks and guidance to help manage financial crime risks, including the use of negative news, or adverse media, screening. The Group recommends that “banks have in place a framework to investigate negative news results in a timely and consistent manner.”
The intersection of data privacy laws and AML requirements is a critical area of focus for entities with AML obligations. Data privacy laws, such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) aim to protect individuals' personal data by imposing comprehensive rules on the collection and use of such data. These laws require organizations to establish a legal basis for collecting and using personal data, implement robust security measures, and provide individuals with transparency and certain rights regarding their personal data. On the other hand, AML requirements mandate the collection, processing, and sharing of personal data to detect and prevent money laundering and terrorist financing activities.
While these two sets of regulations may seem at odds, they are, in fact, complementary and can coexist harmoniously. Entities with AML obligations have a responsibility to recognize and implement data privacy protections as part of their compliance framework. This responsibility stems from the need to balance the objectives of preventing financial crimes while protecting individuals' privacy rights. For instance, the GDPR allows for the processing of personal data when it is necessary for compliance with a legal obligation, such as AML laws. This means organizations can collect and process personal data for AML purposes, provided they adhere to data privacy principles, such as data minimization and data security. By integrating data privacy considerations into their AML programs, organizations can enhance their overall compliance posture and build trust with customers and regulators.
Contrary to the perception that data privacy laws complicate the AML landscape, these laws can support and strengthen AML compliance. Data privacy regulations encourage organizations to adopt best practices for data management, which can lead to more accurate and reliable data for AML purposes. For example, the requirement to maintain up-to-date and accurate records under data privacy laws aligns with the need for accurate customer information in AML programs.
Additionally, data privacy laws promote transparency and accountability, which can help organizations demonstrate their commitment to ethical practices and regulatory compliance. By viewing data privacy laws as complementary to AML requirements, financial institutions can create a more holistic and effective compliance framework that addresses both financial crime prevention and data protection.
The connection between data privacy laws and AML requirements underscores the importance of a holistic, balanced approach to risk management and compliance. Rather than complicating AML efforts, data privacy laws can enhance the effectiveness of AML programs by promoting best practices in data management and fostering a culture of transparency and accountability. By embracing this integrated approach, organizations can achieve their dual objectives of preventing financial crimes and protecting personal data.
AML compliance is non-negotiable for financial institutions, with penalties that can seriously impact financial stability and reputation. Moody’s intelligent screening model is predicated on collecting data on risky individuals and entities—including via adverse media screening—so our customers can comply with strictly enforced, global regulations.
Of course, collecting this data must be implemented in a way that respects evolving data privacy laws, while also balancing proper compliance with AML regulations.
By adhering to regulatory guidelines, investing in advanced screening technologies, and adopting a risk-based, privacy-conscious approach, financial institutions can navigate this complex landscape. Ultimately, robust AML practices that harmonize with data privacy considerations not only fulfill legal requirements but reinforce an institution's role as a responsible global financial steward.
For more information about how Moody’s can help you with AML, customer due diligence, and ongoing screening processes, please get in touch – we would love to hear from you.