7 Best Practices for Enhanced Due Diligence in AML

Table of contents

  1. Enhanced Due Diligence Starts with Identity Verification and AML/KYC Compliance
  2. Enhanced Due Diligence with Real-Time Transaction Monitoring and Screening
  3. Keep Abreast of the Latest Sanctions and Watchlists for AML Compliance
  4. Configurable Risk Scoring for AML Compliance
  5. Automated Regulatory Reporting for Financial Services
  6. Advanced Analytics for Effective Enhanced Due Diligence
  7. Manageable Workflows and Adaptable Case Management with Integrated Dashboards: The Final Piece to AML Compliance



IDMERIT provides all the anti-money laundering (AML) compliance solutions that banks, money services businesses (MSBs), Fintechs, casinos and other regulated industries need – all within one platform. AML is becoming more of an absolute necessity when it comes to enhanced due diligence in many industries. In this guide, we will talk about the seven keys to a good AML compliance solution.

Enhanced Due Diligence Starts with Identity Verification and AML/KYC Compliance


Passwords and Knowledge-Based Authentication (KBA) were once the pinnacles of online identity protection. However, with so much of your personal information being discovered through social media, online shopping habits and surveys, it is not hard for a cybercriminal to find the answers to your KBAs or bypass your password. Though banks still use KBA as a security measure, it does not assist with Know Your Customer (KYC), Know Your Business (KYB) or AML compliance

Knowledge-Based Authentication can be a part of basic customer due diligence for repeat transactions, but for Enhanced Customer Due Diligence (EDD) that meets AML compliance standards, you’ll need robust ongoing monitoring and automated KYC checks. EDD should include mobile ID verification for automated ID verification for customers using cellphones, tablets and other smart mobile devices.

Another way you can validate ID for unbanked customers is through IDMsocial.  Coupled with IDMscan and IDMdevice, your business can verify customer identity through their social media accounts and smart devices. Having automated KYC checks and mobile ID verification as part of automated AML solutions means a faster customer onboarding process and identity verification for enhanced due diligence.


Enhanced Due Diligence with Real-Time Transaction Monitoring and Screening


Screening and transaction monitoring is standard practice in basic customer due diligence. Performing real-time transaction monitoring and screening requires the capabilities of automation, advanced analytics and configurable risk scoring for enhanced due diligence. Lacking these capabilities has created many challenges for insurance companies and other financial services.

AML compliance for banks requires automated KYC checks and automated ID verification and is usually the industry standard when it comes to real-time transaction monitoring and screening. When companies lack the IT infrastructure, adaptability and business strategy to implement real-time transaction monitoring, it leaves them open to AML non-compliance and several onboarding process risks. Without up-to-date sanction screening, companies can risk fines and being labeled terrorist and money laundering agencies. 

Apart from the banking system, financial institutions are now seeing the safety, process and AML/KYC compliance benefits of real-time transaction monitoring. After years of being behind the banking sector, other financial services are finally adopting real-time transaction monitoring and screening as part of their enhanced due diligence in AML. However, many lack the personnel training, IT infrastructure or have a clue how to marry the process with their business strategy. 

The mad rush for implementation led to haphazard strategies, poor screening and hit-or-miss results for AML compliance. Smarter financial services sought out identity verification solution providers like IDMERIT who provides ID validation systems that can perform behavior monitoring, automated KYC checks and mobile ID verification. Through our IDMkyX suite of services, we can create a real-time transaction monitoring and screening process with up-to-date watchlists that match your business strategy and buyer profile.

7 Best Practices for Enhanced Due Diligence in AML

Keep Abreast of the Latest Sanctions and Watchlists for AML Compliance 


If your company is not performing automated ID verification with real-time transaction monitoring and screening, there is a high possibility it is operating with an outdated watchlist, not aware of the types of watchlists or even knowing they should be watching the watchlist. If your company is not monitoring current watchlists then there is a high possibility of fraud, AML non-compliance, CTF fines and being shut down. Avoiding all of that is simple once you are aware of the types of watchlists available and have automated ID verification and a solid workflow. 

There are over 1500 watchlists and luckily you don’t have to monitor everyone manually. Watchlist screening can be done automatically with IDMtrust for high-risk customers and IDMscan for ID verification. No matter the industry, there are three watchlists you should be screening for AML compliance. 


Office of Foreign Assets Control (OFAC)

OFAC enforces US sanctions on threats to the national security, foreign policy and economy of the United States. OFAC has a Specially Designated Nationals (SDN) list, which is a list of individuals and companies who are affiliated with or from targeted countries. OFAC has penalties and fines for institutions or individuals who willfully or unknowingly commit OFAC violations.


Financial Action Task Force (FATF) 

The FATF has a list of Politically Exposed Persons (PEP) who have the power and influence of a political office. PEPs are not limited only to sitting politicians. Former government officials and activists also make up the FATF PEP list. PEPs are not banned like SDNs, but you do need to protect your business in case they are involved in corrupt business practices. 


United Nations Security Council Sanction List

Any business associated with any country on the UN Security Council Sanctions list is automatically banned from doing business with its member states. The Financial Intelligence Unit (FIU) under the UN Security Council monitors AML/CTF compliance in the financial sector with the assistance of governing central banking authorities in individual countries. Failure to report sanction and CTF breaches or AML non-compliance to the FIU or Financial Intelligence Authority (FIA), as called in some countries, results in hefty fines and possible business closure. 

Along with PEP and SDN, screening for Special Interest Persons (SIP) and Special Interest Entities (SIE) should be part of enhanced due diligence in AML. SIPs and SIEs have a history of financial risks, criminal activity or court proceedings. Though there is no official list, compiling our own can be done from risk scoring, real-time time transaction monitoring and advanced analytics. 

To safeguard your company from violations, you can partner with IDMERIT which has access to current PEP and SDN watchlists and has the technology for automated ID verification, perform behavior monitoring and assist in creating your own SIP and SIE watchlist. We even scan adverse media watchlists for reputation, legal and regulatory risks of onboarding clients and employees.+


Configurable Risk Scoring for AML Compliance


Being KYC/AML compliant and avoiding fines for Counter-Terrorism Financing (CTF)  means reducing transaction risks and customer onboarding risks. Using a risk-based approach should be a part of your AML compliance solutions especially when dealing with customers from countries and industries with known high-risk factors. Configuring risk scoring factors to match with ongoing behavior monitoring and screening ensures accurate real-time reports and swifter risk management. 

Just as you would create a buyer profile, you can create a risk profile of your ideal risk client. Your risk profile can be based on your configurable risk factors and how high the potential individual may score. Factors of configurable risk scoring may include, but are not limited to:

System vulnerability – A check to test domain security and system risk factors. A weak system has a higher risk score.

Enforcement of risk – A check to verify there are processes and systems already in place to deal with risk. Low-risk enforcement = higher risk.

Asset value – The value of the product/service that you are requesting. Low value = low threat.

Threat intelligence capabilities Assessing cybersecurity threats, email maturity and IP address security. High threat intelligence capabilities = Low risk

Classification levelsAssessing the type of customer, business and service needs. Different business types may require more advanced risk assessments and have higher risk scores e.g. banks and other financial institutions.

When configuring risk scores and creating risk profiles be sure your identity verification company has up-to-date ID validation systems so when you validate ID, you are aware of more recent transaction activity and not aged data. Our IDMtrust service works instantly, assessing risk without personally identifiable information. We provide automated ID verification with configurable risk scoring identifying potential high-risk customers before and during the onboarding process and sales transactions. 


Automated Regulatory Reporting for Financial Services


In this digital age where everything is happening at the click of a keyboard or a swipe on a mobile phone, automation should not be just for the customer. As customers’ transactions are moving faster, banks and financial services have to process faster. Sadly, that has not been the case as many are still dependent on manual processes that have a high level of redundancy and lack clarity in their reporting process. 

Automated regulatory reporting for financial services is a critical activity for financial institutions and affects financial ratings from IMF, Moody and PricewaterhouseCoopers who pride themselves in regulatory reporting on the finance industry. To meet their high industry regulatory reporting standards, financial services must have a team effort from risk management, financial processes and technology. 

Besides fines and reputation damage, banks and other financial services can seem inefficient and risk AML non-compliance as a result of faulty or slow regulatory reporting. Untimely reporting can slow down industry changes, analytics and growth which is needed for customer protection, personnel adjustments and potential legislative modifications. 


Advanced Analytics for Effective Enhanced Due Diligence


Basic customer due diligence which includes transaction screening, AML/KYC compliance and sanction screening isn’t enough for effective enhanced due diligence. Advanced analytics goes further in detecting unusual transaction activity by reducing risk, increasing report accuracy and assisting in data and case management. Advanced analytics involves data mining and can include anomaly detection, machine learning artificial intelligence and multivariate data analysis.

With only anomaly detection, financial institutions can identify unusual traffic patterns, transactions that don’t belong, outdated or incomplete data and even loopholes in their customer onboarding process. Add in machine learning and you get automated data processing, increased reliability and adaptability, reduced costs and time and easier system management. 

Now image adding in AI and biometrics. Not only can you perform automated KYC checks, but you can also have behavior monitoring and complete automated AML compliance solutions. This is the power of technology and automation at its best and it’s available to you through IDMERIT’s suite of identity verification solutions.


Manageable Workflows and Adaptable Case Management with Integrated Dashboards: The Final Piece to AML Compliance


You can have configurable risk scoring, advanced analytics, automated AML solutions and regulatory reporting, but none of it will work seamlessly without adaptable case management and manageable workflows. To facilitate enhanced due diligence, coordination between dashboards and workflows must merge with business strategy and your onboarding process.


Adaptable Case Management

Effective case management systems require software that can adapt to each transaction. There can be case management systems for automated KYC checks, for flagged watchlist customers and used as AML compliance solutions. 


Manageable Workflows

With so many different cases, case management can be overwhelming and challenging at times. Managing your onboarding process, ongoing transaction monitoring, customer outreach KYC requirements and AML compliance solutions entail using a workflow that can meet all these obligations and be user-friendly. Of course, for the workflow to be manageable, it will need a dashboard to visualize everything.


Integrated Dashboards

Dashboards help manage data, records and facilitate better record retrieval and accurate regulatory reporting. Creating customized integrated dashboards that pair easily with workflows, transaction monitoring and risk screening makes it easier to have all your data visually accessible to anyone.

Analytics can be complicated to the everyday man and advanced analytics seems like rocket science to the uninitiated. Understanding dashboards requires a trained individual that you may not have on your team. In fact, workflows and case management all require additional personnel, skills and technology. Integrating dashboards makes managing transaction cases and workflows easier. However, without comprehension of the data, all that effort would be for naught.

The same can be held true for these seven practices for enhanced due diligence in AML. No matter how well everything is put together, it all comes down to understanding the data and knowing what action you should take next. AML compliance is necessary for financial institutions and businesses and for proper AML compliance you need effective enhanced due diligence. Therefore, if you do not have the time, skills and technology to combine all these practices or end up implementing them haphazardly, your company still won’t be fully AML compliant. 


IDMERIT IDMkyX suite of Identity Verification Services can be your dashboard for easier AML compliance. We perform automated ID verification and ID validation through IDMscan, automated KYC checks, behavior monitoring, transaction monitoring with mobile ID verification through any device and social media platform with IDMdevice and IDMsocial. With IDMtrust, we provide risk assessments using configurable risk scoring and can be your complete AML compliance solution for EDD with IDMaml

Verify anyone, anytime and anywhere with IDMERIT.  

Tony Raval
Tony Raval

Tony Raval brings more than 15 years of leadership in data technology as the Founder and CEO of IDMERIT, headquartered in Carlsbad, California. He leads an executive team including top data tech veterans to execute on his passion of creating a global data universe generating true and trusted intelligence. IDMERIT’s competitive success has come from the company’s ability to perform cross-border transactions, for which Tony and his team have developed a meticulous process and progressive technology. The company was launched as the result of a highly effective engagement with a leading global financial institution, whereby the company was uniquely able to triangulate multiple elements to create a comprehensive, and yet, frictionless experience. Tony has provided data intelligence to companies such as Google, SalesForce, and HP as well as clients across financial, government and other sectors seeking a superior partner in compliance and mitigating risk. He holds a Master’s Degree in computer engineering and data sciences, is an active member of the Entrepreneurs Organization San Diego and dedicated mentor to new entrepreneurs in EO’s Accelerator Program, enjoys meditation and running, and he and his wife Sonal recently celebrated their three-year-old son's birthday.

Get Notified about Industry Updates