Three Ways to Use Analytic Rigor in Your AML Compliance Operations

J.S. Held’s Inaugural Global Risk Report Examines Potential Business Risks & Opportunities in 2024

Read More close Created with Sketch.

Introduction: Influx of Information Triggers Threats to Anti-Money Laundering Compliance

Information abounds. The internet, social media, and web 3.0 are full of content and it’s available with a few finger taps. Alongside the rise of consumer and media produced content, more and more governments are pushed to be transparent and increase access to electronic records, lists, regulatory actions, etc. While the increase in the quantity of data available is astounding, so is the propensity for mis and disinformation to creep into data streams and overwhelm accurate and legitimate sources.

This and other threats can make it challenging for Anti-Money Laundering (AML) compliance teams to identify facts within the data flow and plethora of results. Additionally, it’s even more difficult in high stakes situations when business priorities face off against compliance demands.

To be effective, compliance teams need to be able to turn down the noise in order to make sound risk management decisions related to critical aspects of the compliance program like Know Your Customer (KYC) reviews and investigations. Because this isn’t an easy thing to do and typically involves competing priorities — such as cost versus speed — we advise our clients to use a strategy grounded in sound analytic judgement to derive the best results.

This article focuses on three steps to effective due diligence in AML compliance. Below is the strategy based on years of experience conducting investigations, building teams, and advising global banks through complex, high-pressure situations with regulators.

Three Steps to Effective AML Due Diligence

1. Ask Better Questions

In AML due diligence and investigations work, there is no cut-and-dried, one-size-fits-all approach to interrogating data and transaction information. It is usually best to approach the tasks the way a journalist might dig out a story. The analyst can examine the prospective or existing customer documents, ask probative questions to verify sources of wealth and uncover pertinent history, review transaction activity (if available), examine associates from different vantage points, and scrutinize the purpose for the account. Technology is an important tool in this process; the speed with which automated solutions generate results and potential alerts is critical to maintaining an efficient compliance process. That said, while it’s true technology has increased the pace with which searches can be conducted, it hasn’t eliminated the need to ask high quality questions in order to identify risks, mitigate red flags, and make it work more effectively for you – the analyst and team.

2. Understand the Data Sources

Not all data is created equally nor is it of equal value to your analysis or processes. It’s critical when selecting due diligence and data platforms to ensure you know the data sources being used so you can have confidence in the reliability, accuracy, and integrity of the results that will inform compliance and risk management decision-making. This can entail asking questions to verify if the data platform provider purchases data from third-parties and resells it or if the provider relies on only primary sources or a combination of both. Knowing the vendor of your vendor (fourth-party risk) is just as important to your compliance operations especially when misinformation and disinformation are increasing alongside the amount of information available on the internet. It’s important to conduct due diligence on your data platform providers just as you would on prospective customers.

3. Train and Evolve Constantly

Prioritize efforts to train and educate your investigative teams to keep pace with rapid technological advancements, counteract cognitive bias (those pesky mental shortcuts we take), and challenge existing thought processes. Don’t neglect this pillar of your compliance program. Present team members with a diverse portfolio of options to select from, offer material and content delivered via different channels and methods, and solicit honest feedback upon completion.

a. Channels include in-person, online, and hybrid options; and each offers its own benefits depending on the nature and type of content.

b. Methods vary based on the channel. For example, in-person training can occur in short form (one-hour, to half-day, to full, or multi-day options). Online options include both live and self-paced and self-study variations. Each has its own pros and cons that need to be considered alongside the needs of the team members.

c. Distribute long form articles to promote deeper thinking on relevant topics. Encourage team members to be conscientious about the information they consume on a daily basis and share strategies to combat analysis fatigue.

d. It’s also worth considering informal learning options that are more practical (less expensive and low stakes) and conducive to the fast-paced nature of compliance options. These can include things like a post audit or program review discussion; or an in-house lunch-and-learn about a recent regulatory update or enforcement action.

e. Finally, solicit feedback at the end of the courses or opportunities. Knowing what works and what doesn’t is a key ingredient in the creation of a successful training program.


Informed risk management and compliance decisions are the strongest when grounded in analytic rigor and backed by facts. The best way to ensure teams have the best tools in place to derive the conclusions – apply the above strategy. Ask better questions of your data and information; evaluate and understand where your sources get their information; continue to learn and train and you’ll be setting your team up for success with AML compliance cases.


We would like to thank Anne Walton for providing insight and expertise that greatly assisted this research.

Anne Walton is a Senior Director providing Anti-Money Laundering services under J.S. Held’s Global Investigations Practice. Anne specializes in building and monitoring anti-money laundering (AML) and sanctions compliance programs. Her prior investigative and risk management experience involved evaluating financial crimes compliance (AML / BSA / OFAC) cyber and physical security policies and programs. Anne’s past clients include financial institutions in APAC, Europe, and the Middle East; Fortune 500 companies; Fintech; banks serving crypto firms; non-governmental organizations; and local, state, and federal government.

Her expertise also includes Know Your Customer (KYC) evaluations and file reviews and testing; due diligence investigations of entities and high-profile and high-net-worth individuals, physical security risk assessments of critical infrastructure, Department of Homeland Security (DHS) cybersecurity tabletop exercises, and training law enforcement and intelligence analysts via the DHS Advanced Analytic Technique Workshop.

Anne can be reached at [email protected] or +1 248 564 2301.

Find your expert.

This publication is for educational and general information purposes only. It may contain errors and is provided as is. It is not intended as specific advice, legal, or otherwise. Opinions and views are not necessarily those of J.S. Held or its affiliates and it should not be presumed that J.S. Held subscribes to any particular method, interpretation, or analysis merely because it appears in this publication. We disclaim any representation and/or warranty regarding the accuracy, timeliness, quality, or applicability of any of the contents. You should not act, or fail to act, in reliance on this publication and we disclaim all liability in respect to such actions or failure to act. We assume no responsibility for information contained in this publication and disclaim all liability and damages in respect to such information. This publication is not a substitute for competent legal advice. The content herein may be updated or otherwise modified without notice.

noun_Download_747989_000000 Created with Sketch. Download PDF
You May Also Be Interested In

Building a Strong Compliance Program That Meets the Revised DOJ Corporate Enforcement Policy

This article examines the U.S. Department of Justice’s newly revised Corporate Enforcement Policy and details how corporations can build compliant programs....


Risky Business: How Fintech Firms Can Build Better AML and Sanctions Risk Assessments

This article examines the risks to Fintechs and how to create an AML and sanctions program that complies with regulatory requirements....

Keep up with the latest research and announcements from our team.
Our Experts