Four Pillars of AML Compliance Program- Pillars Three and Four

Posted on 31. Jul, 2012 by in Blog, Compliance, Consulting, Industry Events, News, Regulatory Updates, Training

The AML Compliance program is based Four (4) Pillars.


1.    Development of written internal policies, procedures and controls

a.    Development includes a comprehensive Risk Assessment

2.    Designation of Compliance Officer

3.    Ongoing and periodic training of employees

4.    Annual, periodic independent testing of AML Program

In this post we will discuss what is required for pillar three and four.  Check yesterday’s post for information on pillars one and two.

Pillar Three – Training

The AML Compliance program must include both initial and ongoing AML training for all staff.  This includes Executive Management and Board of Directors.

Ongoing training must be provided, (generally annually). In addition, new employees must be trained as soon as practical, usually within their first 30 days of employment, which is similar to the method Fair Lending training that is currently conducted.

Training and Testing

Training to include testing and information on high risk areas; fraud, red flags and company policy and procedures as well as how to report suspicious activity.


Record Maintenance

Records Maintenance is required for all AML training and must include the following:

–       Dates of training

–       Attendees

–       Test Results (yes, there needs to be a test)

Ongoing Training Program

The training program should include the following elements:

•          Require a sign-in and sign-out of participants

•          Have a level of testing

•          Function along the lines of your Fair Lending training

•          Should use a learning management system or central management system

On the Job Training

The AML Compliance Officer is to communicate/alert staff of new developments in:

  • Laws, regulations, government guidance, money laundering or fraud cases;
  • Policy and procedure changes
  • Enforcement actions

Copies of communications/alerts to be retained along with:

  • Date distributed, and;
  • Actions taken as a result

Training is the Focus!



Pillar Four -Independent Testing of Policy

Testing will be dependent upon the organizations size and risk.  It must be completed at least annually or more frequently if warranted.  It can be done by an independent 3rd party, or; can be done by Company personnel provided they do not:

1.    Work for the Compliance Officer, nor

2.    Perform any of the AML functions to be tested


We can help you with your AML policies and procedures and training. 

Contact us today to find out more!