How Anti-Financial Crime Teams in FI`s Evolved

Anti-Financial Crime

The author
Andreas Winde Managing Director

Table of Content

Introduction and History

A major catalyst for the creation of dedicated sanctions roles was the first US sanctions legislation, notably the Trading with the Enemy Act (1917) [1] and the establishment of the Office of Foreign Assets Control (OFAC) [2] in the 1950s. Together, they gave the US government broad powers to administer and enforce economic sanctions motivated by foreign policy. Over time, these measures required individuals or even small teams mainly in the banks to keep track of the ever-changing sanctions lists and ensure that no prohibited parties had access to the financial system. 

At the same time, the first AML regulations began to take shape. In the United States, the Bank Secrecy Act (1970) [3] is often cited as the first landmark piece of legislation to prevent money laundering, as it required institutions to keep records and report certain transactions. On the other side of the Atlantic, the first EU Money Laundering Directive (Council Directive 91/308/EEC) [4] required Member States to take measures to combat the misuse of financial systems for illegal purposes. Both developments led to financial institutions – initially in the banking sector and later also in the insurance industry and other sectors – appointing specialized compliance functions.

In the early days of financial crime prevention, many institutions took a largely reactive approach, e.g. sanctions lists were only consulted when a transaction was conspicuous and the occasional “hit” was referred to a generalist in the legal or risk department. This reactive approach was the norm long before comprehensive compliance frameworks were fully established.

But by the 1990s, it became clear that a single “generalist” compliance officer could no longer keep pace with the proliferation of regulations. Institutions recognized the need for dedicated sanctions officers who focused on enforcement actions like those of OFAC, as well as dedicated AML officers whose responsibilities ranged from monitoring transaction patterns to conducting enhanced due diligence. This era marked the transition from a handful of designated officers to the more formal, structured financial crime-fighting functions we know today, reflecting both the demands of regulators and the increasing sophistication of criminal tactics.

Ultimately, these historic milestones laid the foundation for the specialized and technology-driven compliance teams that are commonplace across the financial industry today. What began as a patchwork of reactive measures and thinly staffed compliance corners has evolved into robust, multidisciplinary departments dedicated to protecting the integrity of the global financial system.  

While banks have led the way, often due to tighter regulatory controls, insurance companies and other financial institutions have been slower to build robust AFC capabilities. Over time, as regulations tightened globally (e.g. EU AML directives, FATF recommendations), insurers and other financial sectors recognized that they faced a similar risk and began to formalize their own compliance departments. 

From single officers to comprehensive compliance units

As part of the initial regulations, financial institutions typically appointed one or two individuals to oversee compliance. These designated officers often managed sanctions screening manually and cross-checked lists such as OFAC’s Specially Designated Nationals (SDN). They also reviewed suspicious transactions on a suspicious case basis. This approach was more reactive. With relatively few regulations to enforce and no comprehensive framework of best practice, a small staff could (in theory) manage the workload. All in all, manual work, non-standardized and poorly documented. 

 

With the development of global and regional regulations – e.g. the first EU Money Laundering Directive (Council Directive 91/308/EEC, 1991) [5] and subsequent updates – compliance with regulations to combat financial crime became increasingly complex. Institutions quickly realized that a one-man show was not enough because: 

 

  • Know Your Customer (KYC) and Customer Due Diligence (CDD) programs require specialized staff and continuous customer monitoring. 
  • The continuous monitoring of transactions required robust IT systems, permanent data flows and trained analysts. 
  • Evolving sanctions lists (e.g. multiple US, EU and UN sanctions regimes) required dedicated teams to deal with false positive alerts and potential true matches. 

 

In response, larger banks and insurers began to establish formal compliance departments. These groups combined traditional legal expertise with new investigative and analytical capabilities. Over time, the concept of first line of defense and second line of defense developed within these structures. 

The Three Lines of Defense Model

Originally, many financial institutions housed both 1st LoD and 2nd LoD compliance responsibilities under one roof, especially in smaller organizations or in the early implementation phase. As complexity increased and best practices matured, many separated these areas more clearly, although for practical or historical reasons some institutions still combine 1st LoD and 2nd LoD responsibilities into a single large compliance department. The Three Lines of Defense model [6], which is widely used today, illustrates how companies divide responsibility for risk management. 

1. First line of defense (1st LoD) 

In the context of AML and sanctions, they take care of day-to-day activities such as ensuring that KYC data is correct at login, flagging unusual transactions and following standard procedures. 

2. Second Line of Defense (2nd LoD) 

Functions that provide oversight and expertise – typically includes compliance and risk management. For AML and sanctions usually the interpretation of regulations, development of compliance frameworks, guidelines and monitoring tools and guidance to the first line and escalates issues to senior management. 

3. Third line of defense (3rd LoD) 

Internal audit function that independently assesses the effectiveness of the first and second lines of defense. 

In addition to the three lines of defense model (operations, supervision and internal audit), there is also a fourth line of defense. This fourth line of defense usually includes external control bodies such as [7] 

  • Regulatory authorities that enforce legal and supervisory requirements (e.g. central banks, specialized authorities such as FinCEN in the US or BaFin in Germany). 
  • External auditors, independent firms that review a financial institution’s risk and control environment. Their audits can reveal gaps in AML systems or sanctions compliance, leading to improvements. 
  • Industry and specialist bodies such as the FATF, the Wolfsberg Group or key trade associations that publish standards and influence policy making at national and global level. 


The fourth line does not work in isolation but checks and validates the effectiveness of the other three lines. [8] 

Regulators and external auditors expect seamless cooperation between these areas. In practice, the fourth line may lead to new or revised AML/KYC processes, stimulate technology upgrades (e.g. more advanced transaction monitoring software) or even drive the restructuring of compliance teams. Therefore, the model can be referred to as 3+1 Lines of Defense. 

Last but not least, we should not forget the accountability of top management. A critical aspect of any defense model is clear leadership and accountability at the highest level of the organization. 

The Board / C-Suite has the ultimate responsibility for the organization’s compliance culture, resources and risk appetite. A designated Chief Compliance Officer reports regularly to the board and executive committees and ensures that senior leadership is aware of key risks, major incidents and evolving legal obligations. By having visibility at the highest level, financial institutions ensure that compliance is not just a back-office function, but an integral part of strategic decision making. 

Continuous Reorganization

In recent years, we have assisted various large financial institutions. We have helped them re-evaluate the structure of their 1st and 2nd Lines of Defense and move away from the “all-in-one” compliance function. While some organizations maintain a single, holistic compliance department that combines the responsibilities of the 1st and 2nd LoD, others split the responsibilities of the 1st LoD: 

1. Dedicated operational or front office teams 

Business units and operational departments are often entrusted with central AML steps such as initial KYC data collection, ad hoc and regular due diligence checks or the reconciliation of watchlist screening results. By placing these tasks directly in the business units, the financial institutions want to bring responsibility closer to the source of the risks. By the way, the so-called simplified regular CDD checks can even be automated. New Fintech’s in particular are very open to using digital solutions instead of the existing human teams used by the established major banks.  

 2. IT and system support 

AML processes are increasingly supported by technology, from transaction monitoring systems to digital KYC questionnaires to automated name list screening. Some companies place AFC-specific IT teams under a dedicated compliance department, while others integrate them into general technology departments to make better use of company-wide resources. This means that specialized AML software developers or data analysts may be housed outside of the compliance department but still work closely with compliance officers on system improvements and model optimization. 

Conclusion

These changes in organizational structure are anything but uniform. Some large banks are still opting for centralized AFC functions that oversee the entire compliance issue. Others are taking a decentralized approach and spreading AML tasks across different operational and technology units. Insurance companies have similarly diverse configurations, often modeled after banks but with customizations to their specific product lines and risk profiles. 

The ongoing reorganization of compliance structures reflects the industry-wide drive for greater efficiency, ownership and technological innovation in the fight against financial crime. While regulators continue to demand robust controls, major financial institutions are experimenting with how best to deploy their human and technological resources – leading to a constant cycle of restructuring. From an AML Compliance consultancy view, we can confirm that every variation of these models exists in practice, each with its own strengths and challenges. Ultimately, the right structure depends on an institution’s size, product complexity and risk appetite, while also balancing it with evolving global AML and sanctions regulations.

Other articles

How Anti-Financial Crime Teams in FI`s Evolved

A major catalyst for the creation of dedicated sanctions roles was the first US sanctions legislation, notably the Trading with the Enemy Act (1917) 1and the establishment of the Office of Foreign Assets Control (OFAC) 2in the 1950s. Together, they gave the US government broad powers to administer and enforce economic sanctions motivated by foreign policy. Over time, these measures required individuals or even small teams mainly in the banks to keep track of the ever-changing sanctions lists and ensure that no prohibited parties had access to the financial system. 

EU AML Framework 2025

The European Union will implement a transformative AML framework in July 2025, taking a significant step in the fight against money laundering and terrorist financing. This new package, already adopted in 2024 in response to persistent vulnerabilities in the financial system and the complexity of cross-border risks, offers an ambitious overhaul of the regulatory landscape.

Risk-Based Approach Adoption

The Risk-Based Approach (RBA) is a foundational principle in modern anti-money laundering (AML) frameworks. It is about understanding the risks of money laundering and terrorist financing (ML/TF) within a business. By identifying and assessing these risks, the RBA supports an effective but also efficient allocation of resources to combat ML/TF effectively.

Suspicious Activities Detection acc. to the German Money Laundering Act (GwG)

Identifying suspicious activities is a cornerstone of combating money laundering, helping Obliged Entities (OEs) detect and deter fraud and other illicit activities. To this end, OEs must closely monitor high-risk criteria to flag transactions or behaviours that deviate from standard patterns. All red flags should be investigated to determine whether they represent legitimate transactions or warrant further scrutiny.

Challenges in AML Compliance

The threat of money laundering has become a major problem for financial institutions worldwide. Both banks and non-bank financial institutions, such as insurance or investment companies, are under increasing regulatory pressure to implement effective and efficient anti-money laundering (AML) solutions to prevent illicit financial activities. These institutions must not only protect their business and reputation, but also ensure that they do not become unwitting accomplices of criminal individuals or organisations.

Implementing Effective AML Solutions

The threat of money laundering has become a major problem for financial institutions worldwide. Both banks and non-bank financial institutions, such as insurance or investment companies, are under increasing regulatory pressure to implement effective and efficient anti-money laundering (AML) solutions to prevent illicit financial activities. These institutions must not only protect their business and reputation, but also ensure that they do not become unwitting accomplices of criminal individuals or organisations.
Confused man in suit looking at two similar doors

Overcompliance in Sanctions Compliance

The proliferation of unilateral and secondary sanctions has led to a concerning trend of overcompliance by businesses, particularly banks and financial institutions. Overcompliance refers to excessively restrictive practices that go beyond the requirements of sanctions regulations.
Sources

[1] https://uscode.house.gov/view.xhtml?path=/prelim@title50/chapter53&edition=prelim

[2] https://ofac.treasury.gov/

[3] https://www.fincen.gov/history-anti-money-laundering-laws

[4] https://finance.ec.europa.eu/financial-crime/anti-money-laundering-and-countering-financing-terrorism-eu-level_en

[5] https://eur-lex.europa.eu/eli/dir/1991/308/oj

[6] https://www.theiia.org/globalassets/documents/resources/the-iias-three-lines-model-an-update-of-the-three-lines-of-defense-july-2020/three-lines-model-updated-english.pdf 

[7] https://www.fatf-gafi.org/en/topics/fatf-recommendations.html

[8] https://www.bis.org/bcbs/publ/d328.pdf

AFC News

Subscribe on LinkedIn

Sanctions Hub

Clarity in Sanctions