How to Build an Effective AML/CFT Compliance Programme When Growing an Online Business in Africa

It is estimated that about US$50 billion in illicit financial funds flows out of West African countries alone annually. This highlights a significant money laundering issue in the West African region, which can provide a perspective on the broader money laundering situation across the African continent.

To succeed as an online financial institution in Africa, you must first acknowledge that your business is a constant target of money launderers. This is why it is critical to create AML/CFT compliance programmes and procedures that adhere to global standards and the regulations of the African country in which you are based. 

This article contains a step-by-step guide that will walk you through the intricate process of building or improving an effective AML compliance programme amidst changing local regulations on the continent. 

What is an AML/CFT compliance programme? 

An AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) compliance programme is a comprehensive set of policies, procedures, and controls designed to prevent, detect, and report instances of money laundering and other financial crimes. 

Such a programme is not only a legal obligation for financial businesses such as banks, credit unions, investment firms and many fintechs but also a crucial element for reinforcing customers' trust and safeguarding the institution's integrity. 

The main objective of an AML compliance programme is to help your business effectively identify and mitigate the risks associated with money laundering and terrorist financing, thereby curtailing the risk of financial and reputational damage.

Recommend: How to detect money laundering in Banks

Here are the 9 steps to establishing or improving AML compliance programmes for your online business

A few key elements of an AML compliance programme are standard across industries and countries. Here’s a practical step-by-step approach for African businesses establishing or looking to build upon their existing AML/CFT compliance programme:

Step 1: Understand the regulations you must comply with
Step 2: Appoint a Compliance Officer
Step 3: Assess your risks
Step 4: Create internal policies and procedures for AML compliance
Step 5: Train your staff on AML procedures and risks 
Step 6: Set up automated screening for AML checks
Step 7: Carry out ongoing monitoring
Step 8: Plan for incidents and reporting
Step 9: Review performance by running audits

Let’s go over each step in detail: 

Step 1: Understand the regulations you must comply with

To create effective AML/CFT compliance for your online business, you must first understand how compliance is regulated in the country where you do business. 48 of the 54 African countries have set up legal frameworks to combat money laundering and terrorist funding, so there is a good chance that the markets in which you operate already have legislation.

For instance, entities such as financial institutions, crypto firms, accountants and others must comply with AML regulations in South Africa. Key regulations include the Financial Intelligence Centre Act 38 of 2001, which mandates measures like customer due diligence, transaction monitoring, record-keeping, and reporting suspicious transactions to the Financial Intelligence Centre.

Similarly, Nigeria's money laundering laws have extraterritorial reach, applying to both natural and legal persons outside of Nigeria as per Section 15(2) of the Money Laundering Act. These AML laws cover criminal enforcement, regulatory and administrative enforcement, and requirements for financial institutions and other designated businesses.

While many laws have overlapping requirements, it’s essential to understand the nuance of the regulations in your jurisdiction rather than assuming you know how to comply from one market to another.

Step 2: Appoint a Compliance Officer

Appointing a compliance officer is pivotal to establishing an effective AML compliance programme for a business. This involves designating an individual or team within the organisation to oversee and manage the company's adherence to AML laws and regulations. 

It’s important to carefully select the right candidate for the role. The Compliance Officer should possess a deep understanding of AML regulations, especially in the country where your business is established, and be well-versed in the company's operations. 

Once appointed, the Compliance Officer takes on various critical responsibilities, such as developing and implementing AML policies and procedures, monitoring financial transactions for signs of suspicious activity, promptly reporting suspicious transactions to relevant authorities, and conducting due diligence on customers and business partners. In some organisations, Compliance Officers also train employees on AML compliance.

Your Compliance Officer will be at the heart of your AML/CFT programme and should regularly communicate with senior management on the status of the AML programme. Having someone responsible for the overall operation of the programme ensures ongoing compliance.

Step 3: Assess your risks

To effectively mitigate risks, you must identify what your specific risks are. You can do this by conducting a thorough risk assessment across your organisation. A risk assessment aims to identify, evaluate, and understand the various points of exposure to money laundering and terrorist financing that your organisation may face. It helps your business allocate resources and implement appropriate AML controls based on the level of risk you are exposed to.

There are three steps to conducting a risk assessment:

1. Clearly define the scope of the risk assessment, including your business activities, products, services, and customer segments within its range.
2. Identify and document the specific risk factors relevant to your business. These risk factors can include customer types, geographic locations, transaction volumes, and the nature of products or services offered.
3. Gather data and relevant information, like past transaction data, customer profiles, and knowledge about the industry, to figure out how dangerous the factors you have found are. This will help identify potential areas of vulnerability and inform risk mitigation strategies.

Once all this is collected, write down the risks identified and the possible mitigation strategies in a comprehensive report.
Risk assessment is the foundation for developing and maintaining an effective AML complaint programme that aligns with your business's specific threats in mind.

Step 4: Create internal policies and procedures for AML compliance

Your organisation's policies and procedures should be based on the risk assessment outcome. They should align with local and international AML regulations and best practices and consider the specific dangers to your organisation.

Generally, your organisation’s policies should cover customer due diligence (CDD) and know-your-customer (KYC) requirements, transaction monitoring, suspicious activity reporting (SAR), and record-keeping obligations. 

Define the internal controls you'll implement to ensure that AML policies and procedures are followed effectively. This might involve assigning responsibility to specific individuals or teams, creating audit trails, and implementing checks and balances.

Also, translate your policies into practical procedures. Procedures provide a step-by-step guide on how to implement the policies. For example, procedures might explain how to verify the identity of customers or how to conduct ongoing transaction monitoring.

Step 5: Train your staff on AML procedures and risks

Maintaining an effective AML compliance culture in your organisation requires regular training and education. From top-level management to front-line staff, your employees should receive comprehensive training on AML regulations, common red flags, and possible suspicious activities related to your business.

The primary objective of such training is to equip employees with the knowledge and skills necessary to prevent, detect, and report activities associated with money laundering and the financing of terrorism. 

An effective anti-money laundering training programme should include: 

1. The legal and regulatory framework governing AML compliance in your region
2. Your company's AML policies and procedures, including identifying and reporting suspicious activities, conducting customer due diligence, and maintaining required records.
3. Recognising red flags for potential money laundering acts 
4. How to report and the importance of filing suspicious activity reports (SARs)

Your staff are your organisation's frontline defence against money laundering. With the right training, they can be your most helpful tool for catching and reporting dangers.

Step 6: Set up automated screening for AML compliance

An automated screening solution can help speed up customer due diligence (CDD) and detect risks that may miss the human eye. Smile ID's AML Check enables you to automate your company's anti-money laundering (AML) compliance processes by screening users against thousands of watchlists to detect known bad actors and verifying the true identity of your users against reliable records.

Automated solutions can streamline your CDD processes in a few ways: 

1. Easily screen users to weed out known bad actors: AML Check enables you to screen new and existing users against over 1100 Global and African sanctions, politically exposed persons (PEP), and adverse media watchlists, aiding in identifying potentially risky individuals or entities​.
2. Check Global and African watchlists: Access various African and global watchlists, including those from the Office of Foreign Assets Control (OFAC), South African Financial Intelligence Centre (FIC), and Nigeria Economic and Financial Crimes Commission (EFCC), among others​.
3. Verify user identity against reliable sources: Remotely verify user identity against official government databases or by matching selfies to official government photo ID to ensure you are onboarding the right people. 

This solution streamlines the AML compliance process, making it quicker and ensuring your business can easily meet its AML obligations.

Step 7: Carry out ongoing monitoring

Once customers have been thoroughly checked and onboarded, it’s important to continuously monitor all financial transactions and customer activities within your business. This includes reviewing customer account information, wire transfers, deposits, withdrawals, and other financial transactions. The goal is to spot any unusual or suspicious patterns.

A good CDD practice is regularly updating and re-verifying customer information, especially for high-risk clients. This could involve periodic authentication of a user's identity information at login or when conducting transactions of a certain volume. It is wise to establish thresholds for various transactions and customer behaviours. When these thresholds are exceeded, it can trigger an authentication and potentially the filing of SARs with regulatory authorities. 

Ongoing monitoring for AML compliance also includes continuous sanctions screening, where your organisation re-checks customer names and transactions against government-sanctioned individuals or entities. Further investigation is warranted if a customer or transaction matches someone on a sanctions list.

Monitoring customers after onboarding allows you to continually assess the risk associated with each customer and adjust monitoring processes accordingly.

Step 8: Plan for incidents and reporting

It’s always wise to include specific guidelines for incident management in your AML compliance programme. 

Once an incident is identified, employees should have a clear and efficient process for reporting it to the designated individuals or departments responsible for AML compliance. This often involves setting up reporting channels and mechanisms.

In cases where an incident is deemed serious or requires immediate attention, there should be a protocol for escalating the issue to higher levels of management or the appropriate regulatory authorities, if necessary.

Clear guidelines for security breaches and other suspicious activity help the risk and compliance teams react quickly and agilely while ensuring all regulations are followed. 

Step 9: Review performance by running audits

No matter how effective an AML compliance programme seems in an organisation, there is an area that needs improvement. Running internal audits to review the performance of an anti-money laundering (AML) programme within a business is vital to maintaining effective AML compliance. This process involves thoroughly examining the programme's operations, controls, and outcomes for your business.

When conducting an audit, defining the scope, objectives and criteria for evaluation is important to ensure you achieve thorough results. Specific areas of the AML programme, such as customer due diligence, transaction monitoring, and employee training, are to be assessed. Evaluate the latest AML/CFT laws and regulations, ensuring alignment with government agencies and industry standards.

Most importantly, your organisation should implement corrective actions based on the audit recommendations, such as policy revisions and improved training. 

The importance of AML compliance for online businesses

Compliance with AML/CFT regulations is crucial for online businesses to maintain the integrity of financial systems and to avoid punitive fines, which can be significant.

Over 50 AML penalties were issued globally in 2019, totalling approximately $8 billion, with more than 20 financial institutions from African countries like Kenya, Uganda, Tanzania, Nigeria, and South Africa paying hefty penalties to regulators in recent years.

Government officials know that effective AML/CFT measures help trace and stop financial flows linked to serious crime and terrorism and check up on companies to ensure they do their part.

Wrapping up 

While AML compliance has been thrown into the limelight in the last few years, it remains a complex and convoluted process for many African startups. 

From comprehending local AML regulations to filing and storing information, many organisation leaders find it somewhat overwhelming. Still, it remains crucial to have a clear, understandable, and accessible AML compliance programme that your organisation can follow. 

Smile ID provides the best Africa-focused solutions for real-time digital Know Your Customer  (KYC), identity verification, AML checks, and fraud prevention across Africa. Our platform includes SDKs and APIs to help automate your AML compliance and streamline user onboarding.
Learn more about Smile ID’s AML check solution online or talk to one of our experts to help advise on your AML compliance.