Which organization dictates insurance company AML requirements and responsibilities?

Insurance companies that issue or underwrite covered products that may pose a higher risk of money laundering must comply with Bank Secrecy Act/anti-money laundering (BSA/AML) program requirements. A covered product includes:

• An annuity contract other than a group annuity contract
• A permanent life insurance policy other than a group life insurance policy
• Any other insurance product with cash value or investment features

Insurance regulations only apply to insurance companies, excluding agents and brokers from the requirements. However, insurance companies are held responsible for compliance with their program, which includes the activities of any agents and brokers. Insurance companies should therefore integrate their agents and brokers into their AML program.

Features of a BSA/AML program

Insurance companies must develop a written, risk-based BSA/AML program addressing the covered insurance products. At a minimum, the program must consist of the following features:

• A designated compliance officer responsible for effectively implementing the program
• Ongoing training of appropriate persons, including insurance agents and brokers
• Policies, procedures and internal controls tailored to the AML risks of the institution
• Independent testing to monitor ongoing compliance, including testing for compliance of insurance agents and brokers

Along with implementing an adequate BSA/AML program, insurance companies are subject to suspicious activity reporting (SAR) requirements. Companies are required to submit a SAR to the Department of Treasury’s Financial Crimes Enforcement Network. Insurance companies must obtain relevant customer information from agents, brokers and any other sources to report such transactions.

Areas of concern to review

Insurance companies face the challenge of developing an AML program that incorporates insurance agents and brokers, and effectively covers the risks proportionate to its specific products offered. Any areas of concern can be addressed by conducting the following reviews:

• Policies and procedures: Evaluate policies and procedures to determine adequacy given the institutions’ risks and current industry regulatory requirements
• AML risk assessments: Assess the inherent and residual AML risks related to products, services, customers and geographic exposure
• Model validations and AML automated system data validation: Determine if the appropriate AML models and systems are effectively implemented
• Independent audits: Conduct independent reviews and detailed AML transactional testing to ensure the program’s ongoing compliance
• Training: Review staff training programs to ensure adequate coverage of relevant responsibilities under the program
• Risk-based review: Determine and assess the total effectiveness of AML-related processes and internal controls in relation to the specific products, services, customers and geographies of the company, including staffing levels and expertise, customer due diligence processes, effectiveness of the monitoring processes in place to identify and report suspicious activities, and the integration of insurance agents and brokers into the program
• Independent/outsourced due diligence and sanctions screening: Identify beneficial ownership structures, negative news and sanctions screening for customers, vendors and transaction parties

Money Laundering in the Insurance Sector

With around 62% of firms reporting exposure to financial crime, money laundering in the insurance sector is a growing global problem. Life insurance firms are at particular risk of money laundering because of the massive flows of funds into and out of their businesses: most life insurance firms offer highly flexible policies and investment products that offer opportunities for customers to deposit and subsequently withdraw large amounts of cash with a relatively minor reduction in value.

Accordingly, governments and international authorities implement a range of AML insurance regulations and issue life insurance sanctions lists. With compliance penalties including fines and prison terms, life insurance firms should ensure they understand their obligations and how to implement them as part of their AML insurance policy.

Life Insurance AML/CFT Risks

Life insurance products and mechanisms that are vulnerable to money laundering in the insurance sector include:

• Single premium policies: Policies that allow money laundering in the insurance sector to offload large amounts of money in a single transaction.
• Annuity policies or high regular premium savings: After paying premiums with criminal funds, money launderers can receive legitimate income from annuity policies or premium savings products.
• Cooling-off periods: Money launderers can request refunds of premiums during a cooling-off period or can deliberately overpay premiums to trigger a refund.
• Policy surrender: Money launderers can surrender their policies at a loss to regain their deposited money.
• Top-ups: After paying a small initial premium in order to avoid regulatory attention, money launderers can top up their policy payments to offload more criminal funds. 
• Transferring ownership: Customers can purchase life insurance policies and transfer ownership to a criminal third party who subsequently withdraws the money.
• Policy loans: After building up its value with premium payments, money launderers can take out loans from their life insurance policy using its cash value as collateral. Policy loans do not involve stringent AML insurance checks and do not  have to be repaid: the value of the loan and interest will be deducted from the death benefit. 
• Collateral: Single premium policies can be used as collateral for bank loans. Money launderers can surrender their policies to repay their loans. 
• Secondary life market: Instead of surrendering their policy, customers in poor health can sell their policy to a criminal third party. Insurers must then identify the new policy owner.

AML Insurance Regulations

Authorities around the world impose a range of AML insurance regulations. Those anti money laundering insurance regulations involve both AML transaction monitoring and sanctions screening obligations:

AML Insurance Transaction Monitoring: Bank Secrecy Act

Most financial authorities put in place risk-based AML insurance transaction monitoring requirements for insurance companies within their jurisdictions. In the United States, the Bank Secrecy Act (BSA) sets out a range of “covered products” to which transaction monitoring requirements apply:

• Permanent life insurance policies (excluding group life insurance policies)
• Annuity contracts (excluding group annuity contracts)
• Any insurance product with cash value or investment features

Suspicious Activity Reports: Under the BSA, insurance firms must submit suspicious activity reports (SARs) to the Financial Crimes Enforcement Network (FinCEN) when they detect suspicious transactions connected to one of the covered products. FinCEN issues a SAR form specifically for insurance companies: when completing the form, insurers must obtain client information from a range of sources, including insurance agents and brokers. 

FinCEN has set a $5,000 threshold for transactions that should be classified as suspicious and merit SAR submission. Insurers should also consider a range of red flags that could indicate potential money laundering in the insurance sector or terrorism financing activities. Those transaction red flags include:

• The purchase of an insurance product that does not reflect a customer’s needs.
• The early surrender of an insurance product at a cost to the customer.
• The surrender of an insurance product with the refund directed to a third party.
• No concern for the investment performance of a purchased insurance product and significant concern for its early surrender terms.
• Purchases using unusual payment methods, such as cash or cash equivalents, or with monetary instruments in structured amounts.
• Customer reluctance to provide identifying information when purchasing an insurance product.
• Customers borrowing the maximum amount available from their insurance product shortly after purchase.

AML Solutions for Insurance Companies

Find out more about our solutions for insurance companies.

Demo request

Financial Action Task Force: The intergovernmental Financial Action Task Force (FATF) sets out AML insurance sector guidance to be implemented within its member states (as a member state, the US enacts FATF requirements in the BSA). The FATF works in partnership with private sector insurance companies to ensure that its AML insurance regulations are effective and reflect current industry expertise.

Asia-Pacific: The risk posed by AML life insurance products is also reflected by financial regulators in APAC. Like other jurisdictions, insurance industry regulations in APAC are risk-based and entail a range of transaction monitoring requirements. In Singapore, for example, the Monetary Authority of Singapore (MAS) includes specific requirements for insurers in Notice 314 on the Prevention of Money Laundering and Countering the Financing of Terrorism. Learn more about Transaction Monitoring >

Insurance and AML Sanctions

Insurance companies must comply with targeted financial sanctions that are imposed on customers, entities and individuals by international and governmental authorities. In practice, this means that insurance firms are restricted or prohibited from selling life insurance products to customers that appear on official sanctions lists. 

Accordingly, insurance firms must implement sanctions screening measures as part of their AML insurance programs to identify customers that appear on those lists. Where customers (policyholders or beneficiaries) appear on sanctions lists, insurance firms must take steps to block transactions or freeze assets and report to the relevant authorities.

Since many international authorities share the same AML/CFT objectives, there may be overlap between various sanctions lists. The US, for example, implements the Office of Foreign Assets Control (OFAC) sanctions list, along with the United Nations Security Council sanctions list. 

Key points for insurers to consider for their sanctions compliance policy include:

• Risk-based: Firms must select sanctions watchlists that align with the risk presented by their customers and the jurisdictions in which they operate.
• Ongoing screening: Firms must ensure that their sanctions program screens customers on an ongoing basis to accommodate changes in risk profiles. 
• Confirmation process: When a customer is matched to a sanctions list, firms should have a process in place to confirm that customer’s identity and inclusion on the list.

Error detection: Sanctions programs should have fail-safe measures to catch employee errors or even deliberate attempts to circumvent the screening process.

Learn more about Sanctions Screening >

How to Comply with AML Insurance Regulations

In addition to implementing suitable transaction monitoring measures to prevent their life insurance products from being used for criminal purposes, insurers should also ensure their AML/CFT programs include suitable customer due diligence (CDD) measures to verify the identities of their customers. CDD is a critical component of the sanctions screening process since it allows insurers to establish that customers are being truthful about their identities and to subsequently find them on sanctions lists.

Given the vast amount of information involved in transaction monitoring and sanctions screening, many insurers choose to automate their AML/CFT programs with smart technology. Automated AML/CFT is an opportunity to enhance the speed and accuracy of monitoring and screening processes, reduce potential human error and, ultimately, avoid costly compliance penalties.

Learn more about AML Solutions for Insurance

AML insurance compliance tools for insurers, insurtechs, brokers, and re-insurers giving you a granular view of your customers’ risk throughout the client lifecycle.

Originally published February 26, 2020, updated May 18, 2022

Which department is responsible for AML?

Who monitors the compliance of insurance companies?

Who is responsible for establishing and maintaining procedures designed to ensure compliance with AML?

Who enforces AML in us?