Notifications
Clear all
Topic starter
09/06/2026 11:58 pm
TL;DR: Risk-based AML programmes are increasingly pressured by fast payments, digital onboarding, complex products, and multi-geography operations, and Veriff argues that static, checklist-style compliance fails to control LD/FT in practice. That makes governance, EWRA calibration, perpetual CDD, and evidence-backed investigations the core operating model, not optional hygiene.
NHIMG editorial — based on content published by Veriff: Chapter 4, AML compliance programme best practices
Questions worth separating out
Q: How should compliance teams structure an AML programme that actually adapts to changing risk?
A: They should build AML around explicit governance, risk assessment, and continuous recalibration rather than fixed compliance checklists.
Q: Why do static KYC reviews fail in modern financial crime programmes?
A: Static KYC fails because customer risk is not fixed after onboarding.
Q: What do organisations get wrong about transaction monitoring in AML?
A: They often treat monitoring as a volume problem rather than a calibration problem.
Practitioner guidance
- Map AML accountability across the three lines Define who owns onboarding, who challenges exception handling, and who validates control effectiveness.
- Tie CDD depth to changing risk signals Move away from calendar-only review cycles and trigger refreshes when products, geographies, customer behaviour, or negative intelligence change.
- Calibrate monitoring scenarios to typologies Align transaction-monitoring rules with the business model and the typologies most relevant to your exposure.
What's in the full article
Veriff's full chapter covers the operational detail this post intentionally leaves for the source:
- Step-by-step AML governance roles across the board, management, compliance, and audit functions
- Detailed EWRA risk dimensions for customer, geography, product, service, and delivery channel exposure
- Practical guidance on setting CDD triggers, review cadence, and escalation thresholds
- Investigation and SAR or STR documentation expectations that support audit-ready reporting
👉 Read Veriff's chapter on AML compliance programme best practices →
AML governance gaps: what risk-based compliance teams must fix?
Explore further
10/06/2026 2:32 am
Static compliance has become the wrong operating model for AML. The article shows that modern LD/FT risk changes too quickly for checklist governance to keep pace. Fast payments, digital onboarding, complex products, and cross-border operations create a moving target that static policy cannot absorb. Practitioners should treat AML as a continuously calibrated control system, not a documentation exercise.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- That remediation lag matters because 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time.
A question worth separating out:
Q: What do organisations get wrong about transaction monitoring in AML?
A: They often treat monitoring as a volume problem rather than a calibration problem. The real issue is whether scenarios are aligned to the organisation's typologies and risk exposure, whether thresholds are set realistically, and whether investigators can explain decisions consistently when alerts are reviewed.
👉 Read our full editorial: Risk-based AML compliance programmes need stronger governance
