ANZ Bank reveals that it is reviewing its Anti-Money-Laundering Systems amid Westpac scandal” – This headline portrays the need for reviewing the AML policies, procedures and internal controls by banks following regulator actions on rival banks.

Increased Regulator expectations and advances in technology have made it difficult for financial institutions to meet the Anti Money Laundering and Counter Terrorism Financing obligations.

As per the FATF Recommendation - 18, it is vital for financial institutions to implement programmes against money laundering and terrorist financing. Financial groups are required to implement group wide programmes against money laundering and terrorist financing, including policies and procedures, controls and an ongoing training programme for employees.

In this recent case of bank failure:

“Westpac had allegedly failed to do a lot of things including carry out appropriate due diligence on 12 of its customers "with a view to identifying, mitigating and managing known child exploitation risks".

Even worse, AUSTRAC (the Australian regulator) alleged that in 2013 Westpac had been aware of the risks associated with these patterns of transactions relating to possible child exploitation yet did nothing until 2018.

And even then, it didn’t go far enough by putting in place automated detection scenarios on the other international payment channels. This slowness in addressing problems should be a red flag to the board.

The concise statement of claim, said one Westpac customer, who had been convicted of child exploitation offences, opened several accounts. AUSTRAC alleged that Westpac identified suspicious activity on one of the accounts that indicated child exploitation but failed to "promptly" review the other accounts.”

These red flags most likely have been identified and mitigated if the bank had delivered relevant training for personnel who conduct enhanced due diligence on customers to identify links with child exploitation. If effective AML transaction monitoring training had been delivered to staff working in the transaction monitoring controls it would have mitigated these risks even further.


The target audience of an AML training programme should include all full-time employees, part time employees including contractors, consultants, apprentice placements and individuals in branches or subsidiaries.

Specialized training should be provided to all personnel within each of the Three Lines of Defence:

  • Customer-facing Staff – (First Line of Defence) - The First line of defence should understand the AML/CFT efforts and what they need to do to be vigilant against money laundering. They also need training to avoid tipping off customers.

  • AML/CFT Compliance Staff – (Second Line of Defence) – Under the guidance of the MLRO, this function manages the organization’s day to day AML/CFT compliance program. This second line of defence is responsible for the organization’s adherence to the AML/CFT regulations and hence they would require more advanced training on AML/CFT regulations and on emerging trends in this field, recent changes in Sanctions & guidance issued by international organizations.

  • Independent Audit Function – (Third Line of Defence) – This function should independently assess the adequacy of AML/CFT Compliance programme. Third Line of Defence personnel should receive periodic training concerning regulatory requirements, changes in regulation, money laundering methods and enforcement, and the wider impact of AML failures on the organization. This organization should be capable of advising the compliance team with a gap analysis in the AML policies during an AML risk assessment program.

  • Senior Management and Board of Directors – The Board and Senior Management do not require the same level of training as the first, second and third line of defence. However, the Board of Directors should be trained periodically on legal and regulatory requirements, the penalties of non-compliance and the financial institution’s overall AML and Sanctions risks.

  • All other personnel – all personnel must undergo regular AML training. Whilst many organisations treat this as a “tick box exercise” using often ineffective online training, classroom training is a far better way of delivering broad AML training.


The factors to consider when designing an AML/CFT Training program are to identify the topics to be taught which are relevant to the audience and the roles they fulfil. This will vary according to the institution and the products/services it offers.

The AML Training Program should address a firm’s unique risks. Product specific training should address the following areas – Investment Banking, Trade Finance, Private Banking who serve Politically Exposed Persons (PEPs) and other high-risk clients.

There should be periodic training delivered to all personnel at least annually. This should include current changes in regulation, guidance issued by international bodies such as FATF, Wolfsburg, examples of recent fines faced by financial institutions and comments from regulators.

Training should be followed up by assessments to assess the understanding of the delegates.

It is best to provide training to the three lines of defence and each area should be made explicitly aware of the AML/CFT risks they need to address.

A systematic training plan needs to be created when addressing training for issues uncovered by audit, regulatory examinations or created by changes in the systems or regulations or when new products are introduced; or by a change in the firms risk appetite

The success of an effective AML framework is dependent on an engaged workforce who understand that they are all an important line of defence against money laundering.


LYSIS ACADEMY provides practical and bespoke AML and KYC training to develop teams of analysts, structured team development (Hire-Train-Deploy) and continuous professional development. The benefits of training with us:

  • Analytical skills to deal with complex investigative and remedial work arising in AML Field.

  • Updates staff on industry AML standards.

  • Fulfil regulatory training requirement.

In addition, we can offer a training needs assessment and training programme development. All Training Courses can be delivered in-house or in clients’ offices worldwide. LYSIS ACADEMY has successfully delivered bespoke training to many firms globally and has offices in Dublin, Edinburgh and Frankfurt, as well as our training centre in the City of London.

For more information please contact info@lysisacademy.com


By Vanitha Vinayak, Consultant at Lysis Group