Browse Skills

AML Program Manual

    AML FATF 6AMLD Compliance Finance KYC Sanctions Transaction Monitoring
    Get Started with This Skill

    Overview

    Building a compliant AML program manual from scratch is a complex, detail-heavy task — cross-referencing FATF Recommendations, 6AMLD provisions, and firm-specific risk factors while making sure nothing falls through the cracks. This skill structures the entire process: from scoping the firm’s risk appetite and drafting every required chapter, to populating industry-specific red flags and validating that screening frequencies actually match the firm’s posture.

    What It Covers

    • KYC / CDD / EDD procedures — Tiered due diligence (simplified, standard, enhanced) calibrated to customer, geography, and product risk
    • Transaction monitoring — Rules, scenarios, and a built-in library of red-flag indicators for 8 industries
    • Sanctions screening — List sources, frequency expectations by risk appetite, match handling
    • SAR / STR filing — Internal escalation, filing timelines, tipping-off obligations
    • Governance & training — MLRO appointment, three lines of defence, role-based training
    • Record keeping & audit — Retention policies and independent review

    Example Conversation

    You: We’re a mid-size European bank operating in Germany and the Netherlands. We also have a crypto custody subsidiary. Our board has set a medium risk appetite. Draft our AML Program Manual from scratch — we need it ready for our 6AMLD compliance review.

    Agent: I’ll structure the manual with all chapters required by FATF and 6AMLD. Since you operate in banking and crypto, I’ll need red flags for both industries. Let me start by reading the regulatory framework, then build out the manual chapter by chapter. First question: who is your appointed MLRO, and do you have a three-lines-of-defence structure in place?

    You: Our MLRO is Sarah Keller, Head of Compliance. We have the three lines: first line is the business, second line is compliance and risk, third line is internal audit. The board AML committee meets quarterly.

    Agent: Good — I’ll document that governance structure in Chapter 2. I’ve created aml-program-manual.md and started with the policy statement and governance. Now let me work through the KYC/CDD/EDD chapter. Given your medium risk appetite, I’ll use three tiers: simplified CDD for low-risk regulated entities, standard CDD as the default, and enhanced due diligence for PEPs, high-risk jurisdictions, and your crypto custody clients. For beneficial ownership, I’ll set the threshold at 25% per FATF R.10 — does Germany or the Netherlands require a lower threshold?

    You: Germany recently lowered it to 25% with the new Transparency Register rules, and the Netherlands is also at 25%. So 25% is correct for both.

    Agent: Confirmed — 25% UBO threshold for both jurisdictions. KYC chapter is drafted. Now for transaction monitoring, let me pull the red flags for your two business lines.

    Agent: Running red_flag_library with ["banking", "crypto"]

    Agent: I’ve got 16 red-flag indicators across both industries. Here’s what I’m inserting into the transaction monitoring chapter:

    Banking (10 indicators): structuring below reporting thresholds, round-amount wire transfers, sudden activity spikes, fund transfers to jurisdictions with no business connection, shell company transactions, missing beneficial ownership documentation, PEP transactions without EDD, unexplained third-party payments, pass-through accounts, and high-risk jurisdiction volumes.

    Crypto (6 indicators): mixing/tumbling services and privacy coins, fiat-crypto conversions below thresholds, frequent transfers to unhosted wallets, darknet-associated wallet addresses, immediate conversion to fiat and withdrawal, and rapid cross-chain movement.

    I’ve organised them by category in the monitoring chapter with IDs (BK-01 through BK-10, CR-01 through CR-06) so your compliance team can reference them in alert investigations. Each indicator includes the FATF recommendation reference where applicable.

    You: Perfect. For sanctions screening, we use a third-party provider that screens in real-time against EU consolidated lists, OFAC SDN, and UN sanctions. PEP rescreening is done semi-annually, and adverse media checks are quarterly.

    Agent: I’ve documented those frequencies and list sources in Chapter 7. Let me now validate them against your medium risk appetite.

    Agent: Running sanctions_list_frequency_check on aml-program-manual.md with risk appetite medium

    Agent: Results:

    — Sanctions list screening — Expected minimum: real-time / intra-day [OK] Screening frequency meets or exceeds minimum.

    — PEP rescreening — Expected minimum: semi-annually [OK] PEP rescreening frequency meets or exceeds minimum.

    — Adverse media monitoring — Expected minimum: quarterly [OK] Adverse media monitoring frequency meets or exceeds minimum.

    RESULT: All screening frequencies meet or exceed expectations for medium risk appetite.

    All three checks pass. I’ll now finish the remaining chapters — SAR/STR procedures (Chapter 8), record keeping (Chapter 9), training (Chapter 10), and independent audit (Chapter 11). For SAR filing, should internal escalation go to the MLRO with a 24-hour SLA, and then she files with the FIU?

    You: Yes, 24-hour internal SLA. Sarah files with the German FIU (FIU Deutschland) and the Dutch FIU. We need to cover both jurisdictions.

    Agent: Documented — dual-jurisdiction SAR filing with both FIU Deutschland and FIU-NL. The full manual is now complete with all 11 chapters. I’ve also added the 6AMLD-specific provisions: expanded predicate offences (including tax crimes and cybercrime), corporate criminal liability, and the aiding/abetting/attempting provisions. The manual is ready for your compliance review.

    Output Excerpt

    After the agent completes all chapters and validates the manual, the output is a structured document covering the full AML program. Here is a representative excerpt showing the policy statement, part of the KYC procedures, and the transaction monitoring red flags:

    # Anti-Money Laundering Program Manual

**Organisation**: Europäische Handelsbank AG
**Effective Date**: 1 April 2025
**Version**: 1.0
**Approved by**: Board AML Committee, 28 March 2025
**Classification**: Confidential — Internal Use Only

---

## 1. AML/CTF Policy Statement

Europäische Handelsbank AG ("the Bank") is committed to the prevention of money
laundering and terrorist financing in accordance with the FATF Recommendations,
the EU Sixth Anti-Money Laundering Directive (6AMLD — Directive (EU) 2018/1673),
and national implementing legislation in Germany and the Netherlands.

This manual sets out the Bank's risk-based approach to AML/CTF compliance. It
applies to all business lines, including the crypto custody subsidiary (EHB
Digital Custody GmbH). All employees, contractors, and agents acting on behalf
of the Bank must comply with the procedures described herein.

**Risk Appetite**: The Board has set a **medium** risk appetite for ML/TF risk.
The Bank will not engage in business where residual ML/TF risk exceeds this
appetite without explicit Board approval and enhanced controls.

## 2. Governance and Roles

### 2.1 Money Laundering Reporting Officer (MLRO)

| Role | Name | Reporting Line |
|------|------|---------------|
| MLRO / Head of Compliance | Sarah Keller | Reports to Board AML Committee |
| Deputy MLRO | Thomas Brauer | Reports to MLRO |

The MLRO is responsible for: receiving and assessing internal suspicious activity
reports, filing SARs/STRs with the relevant Financial Intelligence Unit(s),
maintaining the AML risk assessment, overseeing CDD and transaction monitoring
programs, and reporting to the Board AML Committee quarterly.

### 2.2 Three Lines of Defence

| Line | Function | AML Responsibility |
|------|----------|-------------------|
| 1st | Business units, Relationship Managers | Customer onboarding, CDD collection, first-line alert triage |
| 2nd | Compliance & Risk (MLRO) | AML policy, monitoring oversight, SAR filing, training |
| 3rd | Internal Audit | Independent testing of AML controls, annual program review |

## 4. Customer Due Diligence (KYC)

### 4.1 CDD Tiers

| Tier | Criteria | Procedures |
|------|----------|-----------|
| Simplified (SDD) | Regulated financial institutions, listed companies, government entities in low-risk jurisdictions | Verify legal existence, confirm regulatory status, reduced ongoing monitoring |
| Standard (CDD) | All other customers (default) | Identify and verify identity, identify beneficial owners (≥ 25%), determine purpose and nature of relationship, ongoing monitoring |
| Enhanced (EDD) | PEPs, high-risk jurisdictions (FATF grey/black list), complex structures, crypto custody clients, correspondent banking | All CDD plus: source of funds and wealth, senior management approval, enhanced ongoing monitoring, more frequent reviews |

### 4.2 Beneficial Ownership

Identify all natural persons who directly or indirectly own or control ≥ 25% of
the customer entity. Where no natural person meets the threshold, identify the
senior managing official(s). For crypto custody clients, apply a look-through
approach to identify the ultimate beneficial owner of the assets under custody.

Beneficial ownership must be verified against an independent source (e.g.
Transparency Register, Chamber of Commerce extract, notarised shareholder
register). Reverify at each periodic review or on trigger event.

## 6. Transaction Monitoring

### 6.1 Red-Flag Indicators — Banking

The following indicators are to be used by the transaction monitoring team when
investigating alerts. A single indicator does not necessarily confirm suspicion,
but clusters of indicators should trigger escalation to the MLRO.

| ID | Category | Indicator | FATF Ref |
|----|----------|-----------|----------|
| BK-01 | Structuring | Multiple cash deposits just below reporting thresholds within a short period | FATF R.20 |
| BK-02 | Structuring | Frequent round-amount wire transfers with no apparent business rationale | — |
| BK-03 | Unusual activity | Sudden spike in account activity inconsistent with the customer's profile or stated business | — |
| BK-04 | Unusual activity | Fund transfers to or from jurisdictions with no apparent business connection | — |
| BK-05 | Shell / front companies | Transactions involving companies with nominee shareholders, bearer shares, or opaque ownership structures | — |
| BK-06 | Shell / front companies | Legal entity customer unable to provide beneficial ownership documentation | — |
| BK-07 | PEP / sanctions | Transactions involving politically exposed persons without enhanced due diligence documentation | — |
| BK-08 | Third-party payments | Frequent third-party payments with no logical explanation or documentation | — |
| BK-09 | Rapid movement | Funds deposited and immediately wired out with no holding period (pass-through accounts) | — |
| BK-10 | Geographic risk | Significant volume of transactions with FATF high-risk or non-cooperative jurisdictions | — |

### 6.2 Red-Flag Indicators — Crypto Custody

| ID | Category | Indicator |
|----|----------|-----------|
| CR-01 | Mixing / tumbling | Transactions routed through mixing services, tumblers, or privacy coins to obscure origin |
| CR-02 | Structuring | Multiple conversions between fiat and virtual assets just below reporting thresholds |
| CR-03 | Peer-to-peer | Frequent transfers to and from unhosted (self-custody) wallets with no business explanation |
| CR-04 | Darknet | Wallet addresses associated with darknet marketplaces or ransomware |
| CR-05 | Rapid conversion | Immediate conversion of deposited virtual assets to fiat currency and withdrawal |
| CR-06 | Chain-hopping | Rapid movement of funds across multiple blockchains to obfuscate trail |

## 7. Sanctions Screening

### 7.1 List Sources

The Bank screens against the following consolidated sanctions lists:
- EU Consolidated Financial Sanctions List
- OFAC Specially Designated Nationals (SDN) List
- UN Security Council Consolidated List

### 7.2 Screening Frequency

| Screening Type | Frequency | Method |
|---------------|-----------|--------|
| Sanctions list screening | Real-time (at onboarding and on every transaction) | Automated via third-party provider |
| PEP rescreening | Semi-annually | Batch rescreening of full customer base |
| Adverse media monitoring | Quarterly | Automated alerts plus manual review |

These frequencies are calibrated to the Bank's **medium** risk appetite and will
be reviewed annually or upon a change in risk appetite.

## 8. Suspicious Activity Reporting (SAR / STR)

### 8.1 Internal Escalation

1. Any employee who identifies a potential suspicious transaction must report it
   to the MLRO within **24 hours** using the internal SAR form.
2. The MLRO assesses the report, requests additional information if needed, and
   decides whether to file with the FIU.
3. **Do not inform the customer** that a report has been or may be filed
   (tipping-off prohibition per FATF R.21 and 6AMLD).

### 8.2 Filing

| Jurisdiction | FIU | Filing deadline |
|-------------|-----|----------------|
| Germany | FIU Deutschland (Zollkriminalamt) | Without delay; terrorism financing immediately |
| Netherlands | FIU-Nederland | Within 14 days of suspicion confirmation |

    All screening frequencies in the output are validated by sanctions_list_frequency_check — the tool confirmed that real-time sanctions screening, semi-annual PEP rescreening, and quarterly adverse media monitoring all meet or exceed the minimum expectations for medium risk appetite. The red-flag tables were populated by red_flag_library with industry-specific indicators for both banking and crypto.

    Extension Tools

    The skill includes two extension tools that automate the most error-prone parts of the manual — populating industry-specific monitoring indicators and validating screening cadences.

    red_flag_library returns categorised red-flag indicators for one or more industries:

    • 8 supported industries: banking, insurance, securities, real estate, gaming, crypto, money services, professional services
    • Structured output: each indicator has a unique ID (e.g. BK-01, CR-03), a category (e.g. Structuring, Mixing/tumbling), a plain-language description, and an optional FATF recommendation reference
    • Grouped by category: indicators are organised by typology category within each industry so the transaction monitoring team can reference them during alert investigations
    • Run when drafting or updating the transaction monitoring chapter — the output is designed to be inserted directly into the manual

    sanctions_list_frequency_check validates screening frequencies against the firm’s risk appetite:

    • Three screening types checked: sanctions list screening, PEP rescreening, and adverse media monitoring
    • Three risk appetite levels: low (daily / annual / annual), medium (real-time or intra-day / semi-annual / quarterly), high (real-time / quarterly / monthly)
    • Section detection: locates the sanctions screening and ongoing monitoring sections in the document automatically
    • Gap detection: flags missing screening sections (ERROR), frequencies that don’t meet minimums (ERROR), PEP or adverse media gaps (WARNING), and missing PEP sections entirely (ERROR per FATF R.12)
    • Run after drafting the sanctions screening and ongoing monitoring sections, and re-run after any edits to confirm compliance

    Getting Started

    Add any existing policies, risk assessments, or compliance documentation to the project workspace, then activate the AML Program Manual skill. The agent will ask for your industry, jurisdictions, and risk appetite, then guide you through drafting and validating the complete manual.

    Ready to let your expertise drive the workflow?

    Stop wrestling with rigid templates and complex tooling. Write your process in markdown, let the agent handle the rest.

    Get Started