Skip to content
Home » What FinTechs Need to Know About AML – Part 3

What FinTechs Need to Know About AML – Part 3

Beginning in 1950 with the founding of the Office of Foreign Assets Control (“OFAC”) and continuing to the present with the recent passage of the Anti-Money Laundering Act of 2020, the US enacted a complex set of overlapping laws, rules and regulations that require financial institutions (“FIs”) to take steps designed to detect and prevent money laundering and terrorist financing (the “AML Laws”). Without detailed knowledge of the AML Laws, it’s all too easy to miss a key requirement and incur significant regulatory fines, business disruption and reputational damage.

DigiPli – together with Barclays Rise – prepared a series of articles to assist FinTechs in better understanding and complying with their AML obligations.


Part 1 of this series discussed the four main ‘pillars’ of an AML compliance program applicable to all financial institutions, including FinTechs operating as non-bank financial institution (“NBFIs”). Part 2 provided specific details of the AML controls each FinTech must implement. This article covers the additional requirements applicable to more highly regulated FinTechs.

Highly Regulated FIs

FinTechs operating as banks, mutual funds, broker-dealers in securities, futures commission merchants, and introducing brokers in commodities (“Highly Regulated FIs”) are subject to all the requirements as FinTechs operating as NBFIs, as discussed in Parts 1 and 2 of this series. However, they’re also subject to an additional set of requirements often referred to as the ‘fifth pillar’.

The CDD Rule

The additional requirements applicable to Highly Regulated FIs arise out of the Customer Due Diligence Rule (the “CDD Rule”), which applies to all customer accounts that these FIs open on or after May 11, 2018. The CDD Rule requires Highly Regulated FIs to implement the following additional requirements for each customer:

  1. Beneficial Ownership Identification. Identify and verify the identity of the ‘beneficial owners’ and ‘control persons’ of each customer that is a legal entity.
  2. Nature & Purpose Analysis. Collect information that will enable the FI to understand the nature and purpose of the customer relationship by considering factors such as geography, product type, expected account value, expected frequency of transactions, customer type, etc. The FI must use this information to assign an AML-specific risk rating to a customer (i.e., the risk of the customer using the FinTech’s infrastructure to engage in money laundering, criminal activity, or terrorist financing activities) and perform enhanced due diligence on higher risk customers.
  3. Ongoing Customer Monitoring. Conduct ongoing monitoring of the customer’s activities to identify and report suspicious transactions and, with a frequency driven by the customer’s risk rating, periodically review and update the customer’s assigned risk rating, profile, and other information.

Additional Requirements

Depending on the type and nature of a Highly Regulated FI’s business, operations and regulatory status, additional AML-related requirements may apply to the FinTech. Many of these requirements are covered in Part 4 of this series, which addresses AML best practices for FinTechs operating as NBFIs. However, a detailed discussion of each of the additional requirements is beyond the scope of this article.


Designing and implementing an AML program that meets regulatory requirements in an efficient and effective manner is a complex and daunting task for many FinTechs. If you have any questions regarding your AML obligations, or if you’re looking to automate your AML program and streamline your customer experience, feel free to contact us at

About the Series

This is the third in a series of four articles that provides an overview as to what FinTechs need to know about the US AML Laws. Part 1 discussed the four main ‘pillars’ of an AML compliance program applicable to all financial institutions, including FinTechs operating as NBFIs. Part 2 provided specific details of the AML controls each FinTech must implement. Part 4, the last installment, will cover FinTech best practices in AML compliance.

Schedule a Demo

    Request Product Sheet

      Subscribe to our Newsletter