AML in insurance: How to detect & combat money laundering

To combat global financial crime, governments and international authorities implement a range of anti-money laundering and countering of terrorist financing (AML/CFT) regulations that impact the insurance sector. Penalties for compliance failures can include heavy fines, and failures to catch internal criminal activity can result in imprisonment . It’s crucial that insurance companies understand their AML/CFT obligations and how to implement them in a risk-based manner.

How does money laundering work in the insurance industry?

Money laundering in the insurance industry typically involves the exploitation of various products and mechanisms to obscure the origins of illicit funds. One common method is through the purchase of insurance policies, such as life insurance or annuities, with the use of dirty money. Criminals may overpay premiums, surrender policies prematurely, or make fictitious claims to cycle the illicit funds back as legitimate payouts. Reinsurance arrangements can also be manipulated where criminals establish offshore entities to overpay for coverage, channeling dirty money into reinsurers that eventually reach the primary insurance companies.

Examples of money laundering in insurance

Some additional forms of money laundering in the insurance industry include:

AML insurance regulations

International authorities impose a range of AML regulations and standards that affect insurance companies.

Financial Action Task Force (FATF)

The Financial Action Task Force (FATF) is an international watchdog that sets out AML/CFT guidance to be implemented within its member states. Its core guidelines are set out in its 40 Recommendations, against which it benchmarks member states in its periodic mutual evaluation reports (MERs) . These MERs help galvanize individual countries’ AML/CFT regulatory efforts and ensure they are effective and adaptive to changing risks. Member states use these reports as starting points for improving their anti-financial crime oversight and resources.

The international body also provides industry-specific guidance, including for the life insurance industry. Even though the FATF is not a regulator, firms would be wise to familiarize themselves with its industry- and country-specific guidance, as this will likely inform local AML/CFT regulations and contains valuable information regarding key sectoral risks useful for firms.

For example, in October 2018, after a consultation period, the FATF released Guidance for a Risk Based Approach in the life insurance sector. The guide discusses identifying, evaluating, and responding to financial crime risks effectively – especially through ongoing customer due diligence (CDD) and regulatory reporting. It also discusses key sectoral risks and vulnerabilities firms should be familiar with.

United States regulations

Introduced in 1970, the Bank Secrecy Act (BSA) is the United States’ foundational anti-money laundering and countering the financing of terrorism (AML/CFT) regulation. The BSA imposes AML/CFT compliance obligations on financial institutions operating in the US. These include implementing a risk-based anti-money laundering program with appropriate CDD and screening measures and carrying out reporting and record-keeping when dealing with suspicious transactions and customers.

Insurance companies qualify as “financial institutions” under the BSA . In 2001, the USA PATRIOT Act required all BSA-defined financial institutions to establish an AML/CFT program. In accordance with this requirement, the Financial Crimes Enforcement Network (FinCEN) implemented a final rule in 2005 requiring qualifying insurance companies to establish BSA-compliant AML/CFT programs and file suspicious activity reports (SARs). As of April 1, 2013, all SARs must be filed through the regulator’s e-filing portal.

The final rule defines an insurance company as “any person engaged within the United States as a business in the issuing or underwriting of ‘covered products.’ ” These products include:

These products are the focus of the final rule because their investment or cash value creates a greater risk of use in money laundering or terrorist financing (ML/TF) activities.

European Union (EU) regulations

The EU insurance industry is regulated at a national level, with partial union-wide oversight from the European Insurance and Occupational Pensions Authority (EIOPA). AML/CFT is overseen by national regulators based on national legislation conforming to the EU’s standards, and AML Directives (AMLDs) apply exclusively to life and investment-related insurance. The EU is proposing reforms that don’t imply extending obligations to non-life insurance products. However, Insurance Europe is concerned about broadening coverage requirements.

Additionally, the EU has established its autonomous sanctions regime, with extensive measures in response to the Russian invasion of Ukraine. Restrictions require European insurance firms not to provide services that facilitate designated commerce.

United Kingdom regulations

The UK insurance industry is overseen by the Prudential Regulatory Authority (PRA) and the Financial Conduct Authority (FCA). While only life and investment providers are subject to the AML/CFT regulations, all insurers must follow the Senior Management Arrangements, Systems, and Controls (SYSC) framework, the Proceeds of Crime Act (POCA) 2002, and the Sanctions and Money Laundering Act (SAMLA) 2018. The FCA advises all insurers to establish strong controls, regardless of whether they are covered by the UK Money Laundering Regulations (MLRs).

Singapore regulations

The Monetary Authority of Singapore (MAS) regulates the insurance sector and sets AML/CFT obligations. Only life insurers are subject to these requirements through Notice 314, but all insurers must assess AML/CFT risks and implement risk-appropriate measures. MAS supports innovation and encourages insurers to use regtech, machine learning, and advanced techniques for AML/CFT compliance. In a circular issued in February 2022, MAS emphasized the use of Singapore’s national digital ID systems for CDD and highlighted biometrics, liveness detection, and document authenticity checks.

Australia regulations

Insurers in Australia are regulated by the Australian Prudential Regulation Authority (APRA). Australian Securities and Investment Commission (ASIC) issues Australian Financial Services License (AFSL) to insurance intermediaries. The Australian Transactions Report and Analysis Centre (AUSTRAC) supervises AML/CFT compliance using a thematic approach, and firms providing designated services must conform to AUSTRAC’s general AML/CFT program model. Life insurers, sinking fund providers, and those offering advice on such products must comply with the AML/CFT Act. All companies must also meet sanctions regulations, including the Autonomous Sanctions Act of 2011, which includes a Magnitsky-style program aimed at human rights abuses.

Penalties for non-compliance with AML regulations in insurance

Specific penalties and fines for non-compliance with AML regulations in the insurance sector can vary depending on the regulatory authority and the severity of the violations. Some examples include:

It is important to note that specific penalties can differ based on the laws and regulations of each jurisdiction and the unique circumstances of the case. In many cases, regulatory authorities have the discretion to determine the fines and penalties, considering factors such as the scale of the violations, the company’s cooperation, and its compliance history. To avoid such penalties, insurance companies must adhere to AML regulations and maintain robust compliance programs.

AML/CFT red flags in the insurance industry

Insurers should consider a range of red flags that could indicate money laundering in the insurance sector or terrorism financing activities. According to FinCEN, these include:

It’s important to note that red flags are best considered in the context of a wider risk-scoring framework. Many red flags may have a legitimate explanation once the broader context is considered, but signs may equally be overlooked if a firm fails to holistically evaluate a customer’s risk indicators. The best approach is to develop a risk scoring system tuned to a firm’s unique risks and execute targeted due diligence on customers based on their risk tiers. Customers deemed to be at higher general ML/TF risk should undergo enhanced due diligence (EDD) when red flags are encountered. Lower-risk customers may only require standard due diligence in those instances. This helps a firm ensure the bulk of its resources target the riskiest activity.

How can insurance companies establish a robust AML/CFT program?

According to FinCEN rule 31 CFR § 1025.210 , insurance companies must establish several core features as a minimum foundation for a sound and compliant AML/CFT program. These include:

If an insurance company is registered with – and therefore regulated by – the Securities and Exchange Commission (SEC) , its compliance with SEC AML/CFT regulations for registered products will satisfy FinCEN’s final rule requirements.

Cutting edge AML solutions for insurance companies

AML and anti-fraud solutions are critical for insurance companies to maintain compliance and effectively manage risk. The following list outlines essential software that firms should consider including in their compliance program. It also highlights the key features and capabilities to consider when evaluating potential vendors.