For example, an insider in a financial organisation’s IT department amends a customer’s mobile phone number on the database to reflect a launderer’s mobile number. This lasts just long enough for the launderer to transfer ill-gained profits into the account, approve the addition of a beneficiary, and release the funds before the number is changed back to the original. The transaction itself is not suspicious and won’t appear on any exception reports unless the customer queries it, although he will not have suffered any material loss. It is only if all activity related to this account is recorded, and related back to the transaction, will there be any chance of prevention and detection.

“AML is an area that does not belong to IT, except insofar as to supply the infrastructure and access to information,” says Hurwitz. “Due to the high confidentiality requirements of the data under scrutiny, only the risk and compliance staff should have access to the data, and then only to the data they need.

“Moreover, one source of data is not enough. Investigators need to access internal information combined with external data from law enforcement agencies and the Internet to round out their knowledge of money laundering syndicates and methodologies.”

The start of any effective AML strategy is a high-level risk assessment of a company. Once done, the organisation needs to implement a proactive AML strategy of identifying potential money laundering activities in as close to real time as possible.

The way to accomplish this is by creating alerts that flag a series of activities as suspicious based on their context and behaviour. For example, if a clerk continually provides refunds greater than an average amount, it could indicate that there is a problem.

“AML is part of corporations’ regulatory compliance requirements, but it is possible to only put on a veneer of compliance and still get a stamp of approval,” states Hurwitz. “This is very short-sighted, however, as proactive AML not only saves the company from the embarrassment of being implicated in a scandal, it serves to reduce losses, cuts the time spent on problem resolution, and minimises the unrecoverable cost of facilitating AML practices.”