AML Supervision model

“In line with the FATF Standards, the FATF encourages the use of technology, including Fintech, Regtech and Suptech to the fullest extent possible.” – FATF President, April 2020

Under anti-money laundering compliance laws, governments across the globe supervise their financial services industries to ensure businesses uphold laws designed to obligate the identification and reporting of their clients’ suspicious transactions.  Such businesses include banks, brokers, lenders, FX traders, real estate agents, lawyers accountants and more. The suspicious ‘activity’ may involve a client’s verbal instruction to buy or sell assets or a financial transaction of another type.

These laws are commonly referred to as anti-money laundering and countering financing of terrorism or AML/CFT for short.  

Government divisions with oversight of AML/CFT laws are referred to as AML Supervisors.  AML Supervisors are responsible for carrying out AML Supervision across the financial services sectors.

The objective of AML Supervision is to ensure businesses are complying by having systems in place with capability to identify and report suspicious activity undertaken by their clients.

In some countries, such as Australia, it seems in recent times the AML Supervisor, AUSTRAC, is succeeding in prosecutions against banks.  Australia’s prosecutions for AML compliance breaches have included the Commonwealth Bank; Westpac is currently in court and now it looks like HSBC is also in hot water with AUSTRAC.  Australia is however yet to introduce the activities of professional services into their principles based, AML/CFT laws.  These services are considered a high risk to unwittingly facilitating ML/FT and are commonly known as transactions undertaken by ‘gatekeepers’.

Gatekeepers include lawyers, accountants and real estate agents.  The ‘gatekeeper’ term refers to the ability for financial criminals to access accounts and services through representation of a third party professional.  Organised and sophisticated criminals prefer this gatekeeper approach as they get to avoid direct contact with the financial institution to whom the gatekeeper is engaging with. By avoiding the need to respond to letters, emails and face-to-face interaction, criminals gain benefits by accessing services and products they might not otherwise have been able to.  This  opaque trail assists organised crime groups to work under the radar and have greater chance of avoiding detection.  The financial institutions to whom the gatekeepers are dealing with, may be oblivious to whom the transaction represents.  

When Australia’s parliament finally closes that loophole, with over 100,000 entities to monitor, Australia’s AML supervisory framework is likely to move from a labour intensive model to a technology based model. 

Human Resourcing versus Technology

“… the intensive manual, hands-on supervision model that most governments operate with is inadequate for achieving effective supervision.”

AML supervision will always require an element of human resourcing but the intensive manual, hands-on supervision model that most governments operate with is inadequate for achieving effective supervision. 

Where the financial services sector has raced forward with sophisticated technological systems, governments seem to be slower off the mark. 

Now that the world is twenty years post the dot com era, governments and businesses should have identified that effective technology can provide a level of efficiency that is impossible to match with a chain of human beings. 

Though there will always be a need for the human resourcing element with AML Supervision, the allocation and balancing of resourcing needs to be smarter.   

AML SupTech

Using Technology to Measure Risk

“Because an effective AML Supervision model includes a web of quality data, technology will always be needed.”

An automated risk model will instantly calculate risk at country level, across financial industry sectors, through to individual business entities.  If an AML supervisory model cannot automate this risk identification process, it has already hit a wall of deficiency. 

Country and Sector Risk Analysis

“National and sector risk reporting should be completed on at least an annual basis.”

Under international standards set by the Financial Action Task Force, governments are responsible for carrying out risk analysis across a country and the financial industry, sector by sector. These reports are referred to as national and sector risk assessments.  

These assessments allow governments and businesses to better understand their risks and in turn, develop risk mitigation strategies.    

National and sector risk assessments are vitally important for businesses establishing trading relationships.  

Unfortunately most countries have at least a 2-3 year gap between their national risk assessments.  Identifying any new risks 2-3 years after their emergence, results in businesses and government missing opportunities to identify suspicious activity sooner. 

With the benefits of SupTech, data systems are set to automate national and sector risk data.  AML Supervisors will know the real risks on an ongoing basis and will be able to inform businesses of any new or emerging risks instantly, if desired.

Identifying Risks at Business Entity Level

“If AML Supervisors are unable to identify their higher risk entities, they are unlikely to achieve their regulatory objectives.

In order to achieve the outcomes of effective supervision, AML Supervisors need to identify their higher risk entities.  These higher risk entities are not always the large size corporations.  A high risk entity may be a small business operating as a public payment system and transacting 100% of business with a high risk country. The ‘small’ business, based on human resourcing of 2-3 staff, may be transacting values that are hundreds of millions of dollars per annum. To aggravate the risk status, the country the business is transacting with might be high risk due to corruption levels, tax evasion or a sponsor of state terrorism. Potentially the trading country of the small domestic business could have red flags in each of those categories. If AML Supervisors are unable to identify their higher risk entities, they are unlikely to achieve their regulatory objectives.   


AML SupTech instantly identifies higher risk areas at national and sector level, through to business entity level. 

Once government is measuring risks based on quality data, decision makers are better informed.  This allows AML Supervisors to act swiftly and if necessary, apply remediation.

Developing SupTech

“SupTech enables AML supervisors to automatically identify real risks and continually measure whether regulatory objectives are being achieved.”

Developing a configuration for AML SupTech requires mapping quality data and measuring primary KRIs. When the switch is turned on, quality data will flow into measurement containers which in turn automatically report on risks.  

Ongoing monitoring and reporting is taken care of with automated work flows, freeing up AML Supervisors to deal with breaches, remediation and enforcement action.  The earlier wall of deficiency has disappeared and so too has the AML Supervision model that was heavily reliant on manual resourcing.

A sample of what an AML SupTech model may look like is demonstrated below. A Suptech model will simultaneously collate data, analyse, measure and report. 

AML SupTech

AML360 provides government with deep insight of AML/CFT risks across their financial industry and professional services.

For countries with smaller budgets, AML360 can provide a plug-and-go solution, configured and already tested to ensure it meets requirements at the country’s national and international standards. 

AML360’s plug-and-go solutions can be used for carrying out national and sector risk analysis, as well as risk profiling at business entity level.

The Changing Face of AML/CFT Supervision

“Because most governments are not yet utilising AML SupTech, AML Supervision has not yet reached its full potential.”

More countries are moving away from rules based AML/CFT laws and introducing laws developed on principles and objectives.  This is known as principles based legislation or the risk based approach to meeting regulatory outcomes.

This principles or risk-based approach to AML laws recognises smaller, lower risk businesses are not expected to have the same type of sophisticated compliance systems as higher risk entities.  

This change of AML legislation has required governments to operate with systems capable of determining their higher risk and vulnerable entities that operate within their financial industry.

For AML Supervisors who monitor tens of thousands or hundreds of thousands of businesses, they can only achieve this level of effective risk analysis through use of technology.

When governments and businesses do implement effective technology, we can expect to see another changing face to AML supervision and its outcomes.

AML SupTech

Get In Touch


* Kerry Grass

If your agency has an AML Supervisory function, request more information by sending your details to  

* Kerry has worked in AML regulated roles for government in three countries and formerly held AML management roles within banks.  Setting up Anti-Money Laundering Consultants Limited in 2010, the company later teamed up with AML professionals and software engineers to develop AML compliance technology. Known as AML360, the software delivers compliance management platforms to both businesses and government. 

AML Regulatory Technology