2019 Thomson Reuters Anti-Money Laundering Insights Report

Executive summary

It’s been more than a year since the Financial Crimes Enforcement Network’s Customer Due Diligence (CDD) Requirements for Financial Institutions became effective in May 2018. To follow up on the 2018 report, Thomson Reuters once again partnered with the Association of Certified Anti-money Laundering Specialists (ACAMS) to conduct another global survey of compliance decision-makers to gauge their CDD processes and activities. The responses illustrate the impact the CDD Rule continues to have on financial institutions’ operations.

The survey shows that organizations have become more comfortable with CDD Rule implementation; however, significant time and resources are still being allocated to specifically address compliance, including the purchase of enhanced technology, training for existing staff, and hiring new staff. Thus, a top priority for many companies in the coming year is simply a continued streamlining of business processes related to anti-money laundering (AML) and CDD.

Many companies continue to meet the stringent identity verification requirements under the CDD Rule by insisting on a comprehensive collection of information at the outset of the customer engagement. Two-thirds of organizations have reported a standardization of this complex process to reduce AML risk, a significant increase from 2018.

Additionally, 47% of respondents report using document scanning during this client onboarding to ensure a robust digital identity verification and address beneficial ownership issues. Notably, four in 10 companies employ no digital verification at account opening.

  • 2/3
    Up from 2018, two-thirds of respondents now report having a standardized onboarding to reduce AML risk

Financial service organizations also continue to navigate the CDD Rule that requires them to develop customer risk profiles based on the nature and purpose of customer relationships. While criminal history, geographic footprint, and adverse media continue to be important information, this year’s survey uncovered that one-half of companies identified that lawsuits, financial information, and judgments are also important when conducting Enhanced Due Diligence (EDD) on a customer.

The importance of data quality

Data quality remains critical for improving CDD Rule implementation in day-to-day operations. 

Thirty-one percent of respondents now declare that false-positives remain of their most troublesome compliance frustrations. Better vetting and verification of data could help prevent false-positives and the resulting wasted labor.

Companies have a hunger for more data overall, and data itself is a key criterion used when evaluating third-party CDD offerings. Ninety-five percent of organizations consider data accuracy a must while well-structured data remains the secondary benchmark of consideration by 92% of respondents.

  • 31%
    of respondents state false-positives remain a CDD pain point

Despite notable CDD Rule-geared hiring and increased efficiencies in the last two years, 53% of respondents are still experiencing and anticipating increases and pressures in their personal workloads. Moreover, 27% of organizations still foresee staff-level changes in the next 12 months, meaning CDD compliance will continue to impact budget and resource discussions.

To help offset these pressures, more decision-makers are open to exploring third-party solutions across the board; in fact, one of the most common process changes for this year’s survey was using third parties for customer screening enhancements according to 27% of the group. 

The CDD Rule has irrevocably altered the business landscape for countless financial organizations worldwide. Ongoing compliance success will hinge on the continuing automation, streamlining, and optimization of related processes and technologies — both internally and with trusted third-party providers. 

The CDD Rule: Ever-evolving compliance trends

Many survey findings were consistent with results from the two previous years. Having shifted from the pre-planning and initial phases of CDD Rule compliance, financial service organizations are now focused on exploring new tools and practices that drive increased efficiencies and reduce company liability, as well as ensuring staff on the front lines are highly trained. 

Major areas of growth include:

  • Continuing investments in personnel training as well as new hires to address ongoing workload pressures pertaining to CDD compliance
  • Improving data management and data quality internally and/or with the help of third-party tools and partnerships
  • Adopting the mantra of “streamline, streamline, streamline” surrounding any and all business processes to reduce overhead costs and liability headaches

Due diligence and AML processes

Eighty percent of organizations continue to kickstart the due diligence process right at account opening, mainly engaging in dialogue with the client to gather relevant AML/CDD information. However, there was a slight decrease in this method compared to 84% in 2017. Also notable in 2019, more organizations have standardized the critical, labor-intensive onboarding process to reduce AML risk. Sixty-seven percent of respondents have standardized onboarding, up from 56% in 2018. 

What companies search when conducting CDD

  • 51%
    PEP checks
  • 43%
    Negative news checks
  • 42%
    Enhanced watch list scans

In terms of the information companies most request from clients, the top three types remain the same. Ninety-four percent report beneficial owner identification as a top inquiry, followed by occupation or nature of business (90%) and source of funds (90%).

Diving deeper, verification of the individual(s) reported as beneficial owners are mainly through data collected directly from customers (92%). Additionally, 65% of companies also confirm via corporate registry information, and 55% consult third-party data sources.

In terms of digital identity verification of clients, nearly one-half (47%) use document scanning while roughly one-quarter (23%) employ mobile phone authentication. However, it’s noteworthy that 38% of respondents do not incorporate any digital identification during onboarding.

  • 47%
    Document scanning
  • 23%
    Mobile phone authentication
  • 38%
    Do not incorporate any digital identification during onboarding

Unfortunately, major operational challenges from 2018 have not been erased for compliance professionals; organizations report the same greatest pain points from 2019. Fifty-three percent of respondents cite that not being able to validate information is their biggest hurdle and 51% report difficulties in keeping information up-to-date overall. Forty-eight percent express frustration with the increased length and complexity of client onboarding. 

  • 53%
    Information cannot be validated
  • 51%
    Difficulties in keeping information up-to-date
  • 48%
    Frustrated with increased length and complexity of the onboarding process

These challenge areas indicate opportunities for further optimization and/or possible third-party solutions to assist day-to-day operations. Survey respondents seem to concur this will be the case, as the top three process changes include utilizing third-party customer screening enhancements (27%), integrating automation into company workflow management (14%), and incorporating beneficial ownership/expanding risk criteria (14%). 

  • 27%
    Third party/customer screening enhancements
  • 14%
    Integration of automation
  • 14%
    Incorporating beneficial ownership/expanding risk criteria

In terms of risk management and monitoring, roughly two-thirds of respondents still continuously monitor customers 24/7. However, in 2019 there was an uptick in companies only monitoring select high-risk customers after initial engagement, from 32 to 39%. Additionally, employing third-party partners for continuous monitoring services rose to 26%.

Monitoring customers post-screening

Additionally, respondents still report three key criteria to include in customer risk ratings: customer activity (65%), geographic location (59%), and transaction history (37%). However, political exposure (27%) and customer statement of expected activity (23%) still have significant consideration. Transaction details remain the most common included in actual SARs generated, according to 93% of respondents.

  • 65%
    Customer activity
  • 59%
    Geographic location
  • 37%
    Transaction history

Enhanced due diligence

Though technically a subset of Due Diligence and AML Processes, ramifications of the extra scrutiny involved in EDD and its impact on organizations deserve special attention.

In 2019, significantly fewer respondents reported line of business and centralized operations/account opening departments providing oversight of EDD process; compliance is consistently reported as the top departmental oversight by 80% of respondents.

Departmental oversight of EDD processes

Since survey inception, slightly fewer respondents (55%) report that they are always impacted by KYC information and the customer’s geographic footprint to trigger EDD. Among those who are engaged with EDD, the most common trigger in 2019 is foreign wire transfers to high-risk jurisdictions, according to 47% of respondents.

A foreign wire to/from a higher risk jurisdiction 

Survey respondents indicate the most important information for EDD continues to include geographic information (73%), criminal history (71%), and adverse media (62%). However, new survey questions for 2019 revealed that lawsuits (54%), judgements (54%), and financial information (52%) are also important to companies.

Data solutions and decisions

In 2019, only 14% of survey respondents rely on office management software to run their AML program. Instead, 38% — up from 31% last year — rely on an automated system to manage screening, workflow, and records management, signaling a trend toward the procurement of CDD-friendly automation.

Usage of technology to manage AML program

Relating to third-party AML/CDD solutions providers, this year’s survey addresses the top four criteria organizations are focused on when evaluating third-party assistance. Ninety-five percent of respondents reported that data accuracy was very important, while 93% cited both well-structured data and company reputation/credibility. Breadth of content was also mentioned by 92% of the group.

  • 95%
    Data accuracy
  • 93%
    Well-structured data
  • 93%
    Company credibility/reputation
  • 92%
    Breadth of content

Of note, this year’s survey hints that many companies are not completely happy with their current third-party providers. Only 15% of respondents report being “extremely satisfied” with their current provider. Fifty-two percent are “somewhat satisfied,” and 22% identify as “neutral.” Clearly, there is room for third-party providers to improve the quality and quantity of their CDD Rule-related offerings.

Budget and staffing

Unfortunately, organizations are still feeling the pinch in terms of the CDD Rule impacting company resources across the board, specifically with staffing bandwidth. A 63% majority of respondents share that their previous year’s workload has been elevated, and 53% feel that will remain the case into 2020. Though expected hiring is down since survey inception, 27% expect staffing changes in the next 12 months. 

Expected staff level change in the next 12 months

Among those who expect personal workload increases, the most common expectations are for expanded job duties (26%). Twenty-one percent expect more emphasis on AML and compliance.

Specific budget information itself is unclear from the survey sample for 2019. Most respondents (74%) did not know their organization’s dedicated budget for AML/CDD compliance requirements, and nearly one-fifth report having no dedicated budget at all.

Other challenges and trends

In terms of reported, perceived challenges, 43% of respondents affirmed once again that the CDD Rule is their biggest compliance difficulty, though down from 55% in 2018. Fewer respondents in 2019 identified the Foreign Account Tax Compliance Act (FATCA) and/or the Fourth EU AML Directive and General Data Protection Regulation (GDPR) as troublesome. No dramatic upticks with other compliance rules were noted.

Challenging compliance trends

On a related note, the greatest operational challenges related specifically to AML and the CDD Rule continue to be increased regulatory expectations (36%), not having enough properly trained staff (32%), and too many false-positives (31%). Additionally, the 2019 survey also revealed that 22% of respondents feel lack of automation is a significant hurdle.

Greatest operation challenges related to AML and CDD

Overall, streamlining business processes is a notably higher priority, with 56% of respondents saying it will be a focus in the next 12 months versus 36% in 2017, and 38% in 2018. Other notable priorities moving into 2020 include improving data management and quality (52%) and training for existing staff (48%). Forty-one percent also want to invest in new technology and process automation.

  • 56%
    Say streamlining business processes is a priority for next year

Shifting to enforcement actions related to AML and CDD compliance, only one in five (21%) respondents in 2019 experienced any discipline. Only a minority of organizations (15%) are very concerned about personal civil and criminal liability, certainly a downward trend from survey inception when overall anxiety surrounding CDD compliance was higher.

Survey participants also reported a range of AML- and CDD Rule-related topics they try to follow. The majority are invested in regulatory changes (16%), while 13% are interested in CDD, beneficial ownership, and AML in general. 


Compliance departments have now had roughly three years of preparing for, and ultimately implementing, the CDD Rule – a long journey of ups and downs as they forged a blueprint for success. This process has required organizations to stretch their vision, workflow management, staffing, technology, and more, representing a seismic shift in the financial services sector that will continue to reverberate in years to come. 

Though organizations have continued to become largely settled into a CDD-focused financial services world, decision-makers know it pays to stay sharp in the ongoing quest to future proof their organizations. Complacency could prevent leaders from addressing the new and ongoing challenges that are becoming clearer surrounding CDD Rule compliance. 

Organizations must continue to stay abreast of new developments in AML and cultivate opportunities to optimize, automate, and streamline CDD Rule compliance processes to reduce overhead expenses and headaches, increase speed and accuracy, tap into robust reporting capabilities, and engage top-tier third-party solutions when necessary. Additionally, organizations must continue to focus on elevating data purity and relevance as they seek to balance risk, reward, and liability in all client engagements.

Download Report PDF