AML consequences and misconceptions

‍Why this matters

Many firms underestimate the ongoing effort AML requires or assume the biggest risks apply only to larger firms. But even minor lapses — especially if repeated — can lead to significant consequences, from time-consuming remediation to reputational harm or legal action.

Compliance isn’t about perfection — it’s about building systems that keep pace with risk and regulation, and spotting issues before they become serious problems.

How to assess the cost of compliance vs non-compliance

It helps to break AML costs into what you actively invest in — and what it might cost you if something goes wrong.

Compliance costs to be aware of

Technology and tools
AML software licences and integrations
Ongoing maintenance, updates, and cybersecurity
Backup systems and disaster recovery planning
Time spent configuring systems for real-world workflows

Staff and training
MLRO or compliance support salaries
Time spent on due diligence, SARs, record-keeping
Training and screening relevant employees
Time and cost involved in audit prep and reviews

Due diligence and monitoring
Client onboarding (ID checks, risk assessments)
Monitoring client activity and risk profile changes
Keeping all documentation up to date
Reporting suspicious activity and storing records correctly

Other operational overhead
Internal AML reviews
Responding to supervisor feedback
Data retention and destruction policies
Inefficiencies from fragmented systems or unclear processes

Consequences of getting it wrong

Lost productivity
Firms often try to “catch up” just before a compliance visit — but the time lost scrambling is usually far greater than if AML had been managed consistently in the background. A flagged firm may also be classified as high-risk, leading to more frequent (and disruptive) supervisory reviews.

Regulatory penalties
Delays, repeated failings, or missed undertakings can lead to formal disciplinary action and fines — especially if your firm can’t show evidence that you’re addressing known issues.

Reputational damage
Disciplinary outcomes can be made public. Even without a fine, the reputational damage from negative PR or loss of client confidence can be long-lasting.

Strain on client relationships
A sudden remediation programme can tie up your team and stretch resources thin — delaying client work and damaging trust. A proactive, efficient AML process is less disruptive in the long run.

Serious legal risk
Extreme AML failings can be interpreted as complicity under POCA. A conviction could result in fines, imprisonment, removal from a professional body, or disqualification from running a practice.

Common misconceptions that lead to non-compliance

“We’re too small to be a target”
In reality, smaller firms often appear more vulnerable to criminals due to fewer resources or perceived controls.

“We’ve done the policies — now we can move on”
AML isn’t static. It needs review, staff engagement, and regular updates as risks and clients evolve.

“Electronic ID checks are enough”
Tech supports compliance but doesn’t replace human judgement. Risk assessments must guide verification — not the other way around.

“All our clients are low-risk”
Every client brings different AML risks. Trust alone isn’t enough — you need documented, objective assessments.

“I’ve known these clients for years”
Familiarity doesn’t equal compliance. You may never have asked the AML-relevant questions — especially around source of funds or complex ownership.

“We’ll sort out AML later”
AML compliance doesn’t become easier over time. Delays just make the fix harder — and increase risk exposure.

“We can’t work with PEPs”
You can — with enhanced due diligence, senior approval, and strong oversight. MLR 2017 doesn’t prohibit it.

Summary

AML compliance does involve cost — but avoiding it costs more. The risk of fines, disruption, or reputational damage far outweighs the effort required to stay on top of your firm’s obligations.

A strong AML setup isn’t about doing more — it’s about doing the right things consistently, so your firm stays protected without slowing down. By knowing the pitfalls and misconceptions, you can keep your firm’s compliance efficient, focused, and under control.

This article was summarised by the Firmcheck content team. The original content was written by independent AML expert Ian Waters and is available on our blog.

‍