Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AML compliance in finance: what controls are teams missing?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: AML failures are costly and operational, according to SumSub’s Finance AML Compliance 101 Guide for 2026, which cites Starling Bank’s £28.9 million penalty and outlines obligations for banks, payments, wallets, and BNPL providers. The real lesson is that monitoring, screening, and reporting controls only work when they are treated as governed identity and risk processes, not paperwork.

NHIMG editorial — based on content published by Sumsub: Finance AML Compliance 101 Guide

By the numbers:

Questions worth separating out

Q: How should finance teams structure AML controls so they hold up in an audit?

A: Finance teams should structure AML controls as a documented workflow with clear ownership, evidence retention, and repeatable escalation.

Q: Why do AML programmes fail even when policies exist?

A: AML programmes fail when policy is not matched by operational discipline.

Q: How can organisations know whether AML monitoring is actually working?

A: Monitoring is working when alerts are actionable, triaged on time, and linked to outcomes that can be explained later.

Practitioner guidance

  • Map AML controls to named owners Assign a single accountable owner for monitoring, screening, investigation, and reporting so gaps do not hide between teams.
  • Test evidence reconstruction end to end Pick a sample alert or case and rebuild it from source data, analyst notes, approvals, and filing records.
  • Align screening refreshes with current risk data Refresh sanctions, customer, and counterpart data on a schedule that matches operational change, not convenience.

What's in the full article

Sumsub's full guide covers the operational detail this post intentionally leaves for the source:

  • A practical AML compliance toolkit with steps for monitoring, screening, and reporting in regulated finance.
  • Guidance on avoiding regulatory traps that affected high-growth financial firms in 2024 and 2025.
  • Coverage of compliance obligations across banks, payments, wallets, and BNPL providers.
  • A future-facing checklist intended for teams preparing 2026 AML programmes for audit and enforcement pressure.

👉 Read Sumsub's Finance AML Compliance 101 Guide for 2026 →

AML compliance in finance: what controls are teams missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

AML compliance failures are rarely just policy failures, they are control-ownership failures. The guide’s framing around expensive regulatory outcomes shows that the problem is not a missing document but a weak operating model. When screening, monitoring, and reporting are split across teams, the organisation loses end-to-end accountability. Practitioners should treat AML as a governed control chain, not a set of disconnected tasks.

A few things that frame the scale:

  • 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, with 46% confirmed and 26% suspected, according to The 2024 ESG Report: Managing Non-Human Identities.
  • That same report found that enterprises that have experienced a compromised NHI averaged 2.7 separate incidents in the past 12 months, which shows how quickly one exposure becomes a repeated control problem.

A question worth separating out:

Q: Who is accountable when AML reporting breaks down?

A: Accountability should sit with the control owner responsible for the end-to-end reporting workflow, not only with the analyst who files the report. Organisations need a named owner for escalation, review, and submission quality. That makes it possible to trace failures to process gaps instead of dispersing responsibility across multiple teams.

👉 Read our full editorial: Finance AML compliance 101 shows the cost of weak controls



   
ReplyQuote
Share: