AML Basics | KYC | CDD | SAR | Financial Crime Compliance

Why do criminals launder money at all? They already have the cash — so why not just spend it?

In this lesson, we’ll break down the three main goals behind money laundering: benefit, freedom, and persistence.
You’ll see how laundering helps criminals enjoy their profits, move funds freely without raising alarms, and keep those funds usable over time.

By the end, you’ll see that money laundering isn’t just about hiding money — it’s about keeping criminal activity alive.

In this lesson, we’ll uncover why criminals go to great lengths to launder money, focusing on the three core purposes behind it: benefiting from illicit proceeds, bypassing financial restrictions, and ensuring those funds persist undetected.

We’ll see how laundering transforms “dirty” money into usable assets, discuss how it removes barriers that would otherwise block illegal gains, and understand the ongoing process criminals undertake to hide their tracks. By grasping these motives, we can better appreciate why early intervention is so critical in disrupting criminal enterprises.

In this lesson, we uncover where “dirty money” really comes from — the crimes that generate illicit funds before they ever enter the laundering process.

You’ll learn what a predicate offence is and why it forms the foundation of every money laundering case. We’ll look at how different jurisdictions, including the European Union under AMLD6, define these offences — from more obvious crimes such as robbery, theft, or terrorism, to less visible ones like cybercrime, tax evasion, or environmental offences.

You’ll also see a real-life case example that shows how something as ordinary as a family bank transfer can actually hide a serious crime — and trigger an immediate compliance response.

By the end of this lesson, you’ll understand how identifying the predicate offence helps AML professionals trace the origin of illegal funds and recognize the true purpose behind laundering activities.

Source: https://eur-lex.europa.eu/eli/dir/2018/1673/oj/eng

In this lesson, we break down the three classic stages of money laundering - placement, layering, and integration - and explore how each step helps criminals disguise the origin of illicit funds.

You’ll learn how dirty money is first introduced into the system, then moved through complex webs of transactions, and finally reintegrated into the economy as seemingly legitimate wealth.

To make it practical, we’ll walk through a real-world example showing how cash from a nightclub can turn into legitimate rental income - a simple illustration of how money changes its appearance at every stage.

By the end of this lesson, you’ll be able to recognize the logic behind each stage and start identifying laundering patterns as they unfold - a crucial skill for every AML investigator.

In this lesson, we’ll explore the first stage of money laundering - Placement. This is where dirty cash first enters the financial system.

You’ll see how criminals use cash-heavy businesses, deposit splitting, remittance services, casinos, and even corrupt insiders to disguise the origin of illicit funds.

Through short examples and a practical mini-case, you’ll learn how early-stage laundering works and what red flags analysts should look for, from unusual deposit patterns to inconsistent documentation.

By the end, you’ll understand why detection at this stage is so powerful: stopping the money here can prevent the entire laundering chain from unfolding.

In this lesson, we move to the second stage of money laundering — Layering — where the trail begins to disappear.

You’ll learn how criminals create distance between illicit money and its source by moving it through complex transactions, international transfers, fake loans, shell companies, offshore accounts, and crypto tools.

We’ll break down how these methods build layers of confusion that make tracing funds nearly impossible, and how investigators can still spot the patterns beneath the noise.

By the end, you’ll understand why layering is the most complex stage — and why recognizing unusual transaction chains, missing documents, or commercial inconsistencies can make all the difference.

In this lesson, we reach the final stage of money laundering — Integration, where dirty money finally enters the legitimate economy.

You’ll see how criminals disguise illicit funds as lawful income by investing in businesses, real estate, luxury goods, financial markets, and even cryptocurrency.We’ll break down how each method helps illegal money “blend in,” making it look like normal profit, rent, or investment gain.

Through short examples and a realistic mini-case, you’ll learn how to recognize red flags in large purchases, sudden investments, and unexplained wealth.

By the end, you’ll understand how integration completes the laundering cycle — and why stopping it earlier is always easier than tracing it after the money looks clean.

In this lesson, we’ll walk through a realistic case study that illustrates how a cross-border money laundering operation can unfold.

We’ll break down each stage of the scheme, highlighting how criminals exploit weak controls, manipulate unsuspecting individuals, and disguise illicit funds using seemingly ordinary transactions.

We’ll also explore red flags that compliance professionals should watch for - such as inconsistent customer behavior, unexplained cross-border flows, and previously weak due diligence files.

In this lesson, we explore what terrorist financing really means and how it operates through four key stages.

You’ll learn how legitimate-looking money can be used for illegal purposes and explore the key stages that make this process possible.

By the end, you’ll understand why identifying the purpose behind transactions is just as important as tracking their origin.

In this lesson, we’ll dive into the diverse sources that fund terrorist activities. We’ll explore how terrorist groups obtain financing through donations and contributions - often disguised as charitable giving or humanitarian aid - as well as through state sponsorship that covertly supports their operations.

We’ll examine fraudulent fundraising efforts, including the misuse of nonprofit organizations and front companies, which blend illicit funds with legitimate income. Additionally, we’ll discuss how proceeds from criminal activities and money laundering, along with informal networks like hawala, virtual currencies, and trade-based schemes, create a complex web that obscures the true origin of these funds.

By understanding these channels, we can better appreciate the challenges in tracking and disrupting terrorist financing.

In this lesson, we’ll compare two concepts that often look alike but serve opposite purposes — Money Laundering and Terrorist Financing.

You’ll learn how both use the same financial tools — shell companies, offshore accounts, crypto, or cash transfers — yet differ in their goals, beneficiaries, and sources of funds.

We’ll explore how terrorist financing can start with perfectly legal money, and how identical transaction patterns may signal entirely different risks.

Through examples and a short comparison scenario, you’ll learn how to spot the difference between “cleaning dirty money” and “using clean money for crime.”

By the end, you’ll know what red flags overlap, where the key differences lie, and why understanding both helps you investigate smarter and escalate faster.

In this lesson, we’ll introduce the three core pillars of an effective AML and CFT system and show how they work together.

First, the Compliance Framework—our “master plan” combining strategic oversight, risk management, policies, and controls for screening, monitoring, and reporting. Then, Governance, which defines clear roles, reporting lines, and escalation paths to ensure accountability at every level. Finally, the AML Program translates strategy into daily action with risk-based policies and monitoring routines, tightening controls around high-risk areas and easing off where risks are minor.

By the end, you’ll see how these elements unite into a nimble, robust defense against money laundering and terrorist financing.

In this lesson, we’ll explore the Three Lines of Defense model - a structured framework that clarifies roles and responsibilities for managing risks, including those related to anti-money laundering. We’ll see how frontline employees implement AML policies and monitor transactions, while the compliance function develops and oversees risk management measures.

Finally, internal audit teams independently evaluate the effectiveness of these controls. Together, these layers work cohesively to detect, prevent, and respond to potential financial crimes, ensuring robust risk management and continuous improvement.

In this lesson, you’ll scale the three tiers of our AML compliance pyramid. At the summit sits the Global AML Policy, a high-level document that defines core pillars like KYC, transaction monitoring, SAR filing, and sanctions screening with clear ownership.

The middle tier, Topic-Specific Policies, takes those broad mandates and fills in the “how,” detailing exactly what triggers enhanced due diligence, scenario rules for monitoring, and escalation paths for alerts.

At the base, our Standard Operating Procedures translate policy into action with step-by-step instructions—whether it’s verifying a passport, conducting a liveness check, or running batch transaction reviews.

Together, these layers ensure you know what must be done, why it matters, and precisely how to do it, creating an agile, resilient AML defense that stands up to audit.

In this lesson, we’ll look at the key controls that keep an AML program effective and compliant.

You’ll learn how safeguards such as Customer due diligence, Transaction Monitoring, Suspicious Activity Reporting, and Sanctions Screening work together to detect risks and prevent financial crime.

We’ll also discuss how management reporting, automated monitoring, and escalation processes ensure that compliance teams respond quickly when red flags arise. Finally, you’ll see how restrictions or even termination of relationships can be applied when risks become unacceptable.

By the end, you’ll understand how these controls serve as the operational backbone of every AML program.

In this lesson, we’ll dive into the critical role of risk assessment in combating money laundering and terrorist financing. We’ll examine how financial institutions evaluate risks by analyzing customer profiles, product offerings, transaction behaviors, and geographic exposures to identify vulnerabilities.

We’ll also discuss how regular reviews and updates to risk assessments help tailor controls and due diligence measures - ensuring that emerging threats, such as those posed by new digital currencies or geopolitical shifts, are effectively managed.

In this lesson, we’ll explore the Risk-Based Approach in AML and CFT compliance - a strategy endorsed by FATF that tailors controls based on the severity of risk.

We’ll see how this approach shifts from a one-size-fits-all model to one where high-risk customers and transactions receive enhanced scrutiny and due diligence, while lower-risk activities are monitored less intensively.

This targeted methodology not only optimizes resource allocation but also enhances the overall efficiency of preventing financial crimes.

In this lesson, we’ll break down how financial institutions design and apply effective AML risk assessments.

You’ll learn about the three main stages: identification of risks, analysis and scoring, and evaluation with continuous monitoring. We’ll explore how institutions assess risk factors and use scoring methods to rate risks as low, medium, or high. Finally, you’ll see how tailored due diligence controls — from simplified to enhanced — keep monitoring proportional to the actual risk.

By the end, you’ll understand how this structured approach helps organizations make informed, risk-based decisions to protect against money laundering and terrorist financing.

In this lesson, we’ll explore how a well-implemented risk-based approach allows financial institutions to tailor their AML/CFT measures to their unique operations and risk profiles. By focusing more resources on higher-risk clients and applying less intensive scrutiny to lower-risk ones, this approach ensures effective and proportionate risk management.

We will also speak about de-risking and how it has been criticized by the FATF for failing to assess risks on a case-by-case basis.

In this lesson, we’ll explore the foundations of customer due diligence. You’ll learn how financial institutions verify who their customers are, assess their risk, and ensure accounts are used for legitimate purposes.

We’ll break down the difference between KYC (Know Your Customer) for individuals and KYB (Know Your Business) for corporate clients. You’ll also see the three guiding questions — Who, What, and Why.

By the end, you’ll understand why CDD is not just a legal requirement but also a key safeguard for protecting trust and reputation.

In this lesson, we’ll break down the critical difference between identifying a customer and verifying their information.

Identification is about collecting the basic facts, while verification ensures those facts are accurate and authentic.

You’ll see how this applies to both individuals and businesses, from passports and utility bills to corporate filings and shareholder registers. We’ll also cover what makes documents reliable, valid, and acceptable, and why translation standards matter in cross-border compliance.

By the end, you’ll understand why strong verification is at the heart of preventing financial crime and ensuring trust.

In this lesson, we’ll compare how Customer Due Diligence works for individuals and for businesses.

For retail customers, KYC focuses on verifying identity and address with reliable documents, supported by onboarding questionnaires and extra security checks.

For businesses, the KYB process is more complex — involving corporate filings, management verification,  and mapping beneficial ownership structures. You’ll also see how questionnaires provide key insights into purpose, products, and source of funds.

By the end, you’ll understand the similarities and differences between KYC and KYB, and why both are essential for reducing fraud, misuse, and regulatory risk.

In this lesson, we’ll walk through a real-life KYC onboarding example — step by step — just like a compliance analyst would handle it in practice.

You’ll review real-looking client documents, spot inconsistencies, and learn how to build analyst notes and draft a focused RFI (Request for Information).

By the end, you’ll understand how to document findings clearly, apply temporary risk controls, and communicate with clients effectively — all while keeping compliance standards high and protecting your institution from risk.

In this lesson, we’ll focus on one of the most critical parts of Customer Due Diligence: uncovering the real people behind legal entities.

Criminals often hide behind complex company structures, so financial institutions must identify the Ultimate Beneficial Owner (UBO) — the individual who controls the business.

We’ll explain global thresholds for ownership, how to trace through holding companies and trusts, and which documents are essential for verification. You’ll also see how signed management declarations help confirm there are no hidden controllers.

By the end, you’ll understand why identifying UBOs is key to preventing money laundering and ensuring transparency.

In this lesson, we’ll put theory into practice with real ownership structures. We’ll work through examples step by step to identify who qualifies as the Ultimate Beneficial Owner (UBO).

First, we’ll start with a simple case  and then we’ll move to a more complex structure with multiple layers of companies.

By practicing these scenarios, you’ll sharpen your ability to spot UBOs and understand how thresholds apply in real life.

In this lesson, we’ll explore how financial institutions assign risk levels to customers and why this matters for ongoing monitoring.

You’ll see how routine customers benefit from Simplified Due Diligence (SDD), while higher-risk profiles require Enhanced Due Diligence (EDD). We’ll also examine key factors that drive customer risk, including geography, occupation, delivery channels, and third-party relationships.

By the end, you’ll understand how risk ratings help institutions apply the Risk-Based Approach in practice and ensure that attention is focused where it matters most.

In this lesson, we’ll examine Politically Exposed Persons (PEPs) and why they are treated as higher-risk in financial compliance.

You’ll learn about different PEP categories — domestic, foreign, and international — as well as the importance of identifying their immediate family members and close associates.

We’ll also connect theory to practice with an open-source research exercise, where you’ll investigate real-life examples and see how much information can be found using public sources.

By the end, you’ll understand not only why PEPs require enhanced due diligence but also how to approach their risk assessment in a practical way.

In this lesson, we’ll review some of the most common red flags that financial institutions look for during the CDD process.

You’ll learn how to recognize issues such as inconsistent or unverifiable documents, reluctance to provide information and more as red flags.

We’ll also discuss the heightened risks tied to PEPs, shell companies, and sanctions or adverse media hits. These examples will help you sharpen your awareness and better understand when a customer’s behavior or profile signals potential money laundering or other financial crime.

Test your KYC skills in a real-world document review exercise.

In this lesson, you'll analyze a customer document and identify potential red flags, inconsistencies, and compliance concerns. This is a practical exercise designed to help you think like a KYC analyst rather than simply memorize concepts.

Put your KYC skills to the test with two practical compliance exercises.

You'll review a customer file for red flags and perform beneficial ownership research to identify who ultimately controls a company. These are the same types of tasks compliance analysts perform during customer due diligence reviews.

In this lesson, we’ll explore what transaction monitoring is and why it’s a cornerstone of AML compliance.

You’ll learn how monitoring helps detect money laundering, terrorist financing, and fraud by uncovering unusual patterns or anomalies that initial checks may miss.

We’ll also look at how real-time monitoring enables early intervention, helping institutions stay compliant, manage evolving risks, and protect the financial system.

In this lesson, we’ll look at what makes transaction monitoring systems effective.

You’ll learn how risk-based rules help target real threats while minimizing false alarms. We’ll break down key elements such as risk targeting, thresholds, velocity checks, and scenario-based rules, and see how they each play a role in spotting unusual or suspicious activity.

By the end, you’ll understand how to tailor monitoring rules to customer, product, and geographic risks for maximum effectiveness.

In this lesson, we’ll put AML Transaction monitoring theory into practice with real-life style exercises.

You’ll review sample transaction records from different branches and try to spot which entries should trigger alerts under risk-targeting, threshold, velocity, and scenario-based rules. You’ll see how monitoring rules catch patterns that might otherwise look normal.

By practicing these scenarios, you’ll sharpen your ability to recognize suspicious activity and apply monitoring rules effectively.

In this lesson, we’ll explore how automated monitoring systems strengthen AML programs.

You’ll learn how real-time alerts flag risky transactions instantly, while integrated data from KYC, customer profiles, and watchlists provides meaningful context for investigators.

We’ll also cover how storing historical data helps spot long-term trends, and how case management tools keep investigations organized and efficient.

Finally, we’ll look at how automation supports SAR reporting and how management dashboards track program health. By the end, you’ll understand why automation is essential for reducing false positives, streamlining workflows, and detecting sophisticated laundering schemes.

In this lesson, we’ll explore how alerts are generated and what common red flags look like across different types of transactions.

You’ll see how cash structuring, sudden large deposits, unusual denominations, or rapid wire movements can indicate money laundering. We’ll also cover red flags in trade finance and investment accounts, such as mismatched invoice values or using accounts as pass-throughs. Beyond system alerts, you’ll learn to recognize behavioral red flags — like evasive answers, reluctance to provide statements, or attempts to bribe staff.

By the end, you’ll understand how to spot warning signs that require closer review and escalation.

In this lesson, we’ll walk through what happens after a transaction monitoring alert is generated.

You’ll see how compliance teams triage alerts, gather supporting documents, and reassess customer risk before deciding whether to escalate. We’ll cover the two possible outcomes , closing a case with documented rationale or filing a Suspicious Activity Report (SAR) with the authorities. You’ll also learn how ongoing monitoring and proper documentation ensure transparency and regulatory compliance. Finally, we’ll touch on how MLROs may recommend offboarding customers if risks fall outside the institution’s appetite.

By the end, you’ll understand the full journey from alert to resolution.

In this lesson, we’ll practice applying transaction monitoring concepts to a real-world case study.

You’ll review the scenario of a Spanish retail company. By analyzing multiple-choice options, you’ll identify which details represent genuine red flags and which are normal business behavior. This exercise will help sharpen your ability to separate true risk indicators from routine activity, a critical skill for AML professionals.

Prepare your AML Handbook!

In this lesson, we’ll explore what Suspicious Activity Reports (SARs) are and why they are a cornerstone of AML compliance.

You’ll learn when financial institutions are required to file SARs, how they are submitted to Financial Intelligence Units (FIUs), and why confidentiality is essential to protect investigations. We’ll also cover the legal protections institutions receive when filing SARs and why “tipping off” customers is strictly prohibited.

By the end, you’ll understand how SARs act as the bridge between financial institutions and authorities to detect and disrupt illicit financial flows.

In this lesson, we’ll focus on how to write Suspicious Activity Reports (SARs) that are clear, complete, and useful for investigators. You’ll learn what kind of language should be used, what details should be included and other useful tricks.

By the end, you’ll know the best practices that make SARs credible and actionable for authorities.

In this lesson, we’ll define what sanctions are and why they matter in the world of compliance. You’ll learn how sanctions restrict trade and financial dealings with certain countries, individuals, or organizations.

By the end, you’ll understand sanctions as both a compliance obligation and a powerful tool of international policy.

In this lesson, we’ll explore the major authorities that shape the global sanctions landscape.

You’ll learn about OFAC, the EU’s Consolidated Sanctions List, and the United Nations Security Council’s binding resolutions, along with national regimes such as the UK’s OFSI and Canada’s Global Affairs.

We’ll discuss how these authorities differ in scope, enforcement, and reporting, and why multinational institutions must carefully map their operations to the relevant jurisdictions.

By the end, you’ll understand how sanctions lists are created, maintained, and enforced — and why compliance requires both global awareness and strict local adherence.

In this lesson, we’ll look at how sanctions compliance is carried out in practice.

You’ll learn how financial institutions use automated screening tools to flag potential matches against updated sanctions lists, and how compliance officers confirm results through investigation and open-source research. Finally, we’ll highlight the importance of documentation, collaboration across departments, and maintaining an effective audit trail.

By the end, you’ll understand how sanctions compliance safeguards both institutions and the wider financial system.

In this lesson, we’ll explore one of the most critical elements of a strong AML program: effective training.

You’ll learn how to design targeted training for different roles — from new hires to senior leaders — to ensure everyone understands their part in combating financial crime. We’ll also cover best practices such as using a mix of learning methods and fostering a culture where employees feel confident reporting suspicious activity.

By the end, you’ll see why a well-trained team is essential for building and maintaining compliance.

In this lesson, we’ll dive into the essential role of record keeping in an effective AML program.

You’ll learn why securely storing key documents like customer IDs, transaction details, and risk assessments is a non-negotiable part of compliance. We’ll discuss the typical retention periods and why adhering to them is crucial for surviving audits.

You'll also discover how to leverage secure digital systems to make record keeping more efficient while ensuring a clear audit trail. By the end, you'll understand why accurate records are not just a legal requirement but a fundamental safeguard for your institution.

In this lesson, we'll dive into the core reasons why effective training and record keeping are essential for any financial institution.

You'll learn how a well-trained staff can act as effective line of defense, spotting suspicious activity early to prevent financial crime. We'll also explore how comprehensive documentation and a knowledgeable team build trust with regulators, leading to smoother audits and fewer legal risks.

Finally, you'll see why a commitment to continuous improvement—through regular training updates and meticulous record keeping—is crucial for staying ahead of new threats and protecting your institution's reputation.

In this lesson, we’ll explore the importance of customer risk assessment in AML/CFT efforts. We’ll learn how evaluating a customer’s identity, business operations, and source of funds helps pinpoint higher-risk profiles- such as Politically Exposed Persons, complex corporate structures, and cash-intensive industries.

By tailoring due diligence to these risks, institutions can apply enhanced scrutiny where needed and streamline checks for lower-risk clients, ultimately strengthening their overall risk management framework.

In this lesson, we’ll explore how financial institutions evaluate their products and services to identify vulnerabilities to money laundering and terrorist financing.

We’ll discuss how certain products - like prepaid cards, virtual currencies, trade finance, and private banking services - are particularly high-risk due to their potential for enabling anonymous transactions or rapid, cross-border fund transfers.

We’ll also examine in detail three key high-risk areas: private and correspondent banking, digital platforms, such as e-wallets and virtual asset services, and trade finance. Understanding these risks enables institutions to implement targeted controls and monitoring systems to mitigate financial crime effectively.

In this lesson, we’ll examine Geographic Risk - the impact of a customer's or business’s location on money laundering and terrorist financing risks. We’ll discuss how factors such as weak AML frameworks, high corruption, political instability, and cash-intensive economies can elevate risk levels.

Additionally, we’ll explore how indicators like bank secrecy havens, frontier markets with limited transparency, and regions known for drug production or transit further complicate risk assessments.

Understanding these geographic factors enables institutions to implement tailored due diligence measures and enhanced controls to effectively mitigate these risks.

In this lesson, we’ll explore Delivery Channel Risk - how the method by which customers access financial services impacts overall risk exposure. We’ll compare face-to-face transactions, which typically allow for robust verification, with remote channels that can increase anonymity and complicate due diligence.

We’ll also examine the additional risks introduced by using third-party agents or intermediaries, as well as the challenges posed by digital platforms like e-commerce and mobile payments. This understanding helps institutions tailor enhanced verification and monitoring controls to mitigate potential risks.

In this lesson, we’ll examine Third-Party Risk - the additional risk that arises when financial institutions rely on external intermediaries for customer onboarding or transaction processing.

We’ll explore how thorough due diligence, formal written agreements, ongoing monitoring, and robust regulatory oversight are critical in ensuring that these third parties maintain strong AML/CFT measures.

By effectively managing third-party risk, institutions can safeguard their compliance framework and prevent external vulnerabilities from undermining their efforts to combat financial crime.

In this lesson, we’ll explore red flags - key indicators that trigger further investigation even after standard due diligence has been completed.

We’ll examine how adverse media reports, involvement of politically exposed persons, unusual transaction patterns, the use of offshore entities or bearer shares, contradictory information, and sanctions breaches each signal potential money laundering or terrorist financing.

Recognizing these red flags is crucial for prompting enhanced scrutiny and protecting financial institutions from illicit activities.

In this lessons, students step into the role of a junior AML analyst and work through two realistic case files involving cash-intensive retail customers.

Using structured case information — including KYC data, transaction behavior, customer explanations, and basic OSINT — students practice identifying potential placement-stage indicators, assessing red flags, and deciding on the appropriate next action.

This unit is designed to help beginners move from theory to practice by developing judgment, documentation skills, and risk-based thinking, reflecting how AML investigations are handled in real financial institutions.