AML checks face scrutiny over proof of funds origin
Verifyo co-founder Victor Mendez says bank statements alone do not establish legitimate provenance under risk-based AML controls.
By Ingrid Halvorsen · Staff Writer
· 4 min read
Financial institutions, law firms, estate agents and fintechs face a compliance gap when they treat bank statements as sufficient proof of source of funds, according to Victor Mendez, co-founder and CMO of Verifyo. Mendez argues that a statement may show that money entered or sat in an account, but it does not by itself prove the funds were lawfully obtained, a distinction with direct implications for enhanced due diligence files and supervisory reviews.
The issue turns on a separation embedded in UK anti-money laundering rules: source of funds concerns the origin of money used in a specific transaction, while source of wealth concerns how a customer accumulated their broader financial position. HM Revenue & Customs separates those concepts in its economic crime supervision guidance, and Mendez says firms weaken their controls when they use one category of evidence as a substitute for the other.
Risk triggers determine the depth of checks
Under the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, enhanced customer due diligence is required in higher-risk circumstances. Regulation 33 covers cases including relationships involving persons established in high-risk third countries, politically exposed persons and other relationships a firm assesses as presenting higher money laundering or terrorist financing risk.
For politically exposed persons, regulation 35 requires firms to take adequate measures to establish both source of wealth and source of funds involved in the relationship or transaction. Mendez says that drafting makes the two checks separate evidential tasks, rather than interchangeable compliance labels.
The 2024 amendments to the UK framework set domestic politically exposed persons at a lower starting point of risk than non-domestic PEPs, according to Mendez. He adds that this remains a starting point for assessment rather than an exemption from enhanced due diligence.
International standards take a similar risk-based approach. The Financial Action Task Force’s Recommendation 19 calls for enhanced measures in relationships linked to higher-risk jurisdictions, proportionate to the risk. The European Banking Authority’s risk factors guidelines also say firms should scale due diligence according to the money laundering and terrorist financing risks identified.
Documents must be reconciled with the customer profile
Mendez says acceptable evidence depends on what each document can actually prove. Bank statements can show movement or availability of funds. Pay slips can support employment income over a period. Inheritance papers, loan agreements, audited accounts and company records can show plausible channels through which money may have been received.
HMRC guidance states that no single document is conclusive proof of legitimacy and that official records should be obtained in a way that is proportionate to risk. Mendez says the core control is the reconciliation of the document trail with the customer’s explanation and the amount being transacted.
Regulation 28 requires firms to understand the purpose and intended nature of a business relationship and to conduct ongoing monitoring. That monitoring includes scrutiny of transactions, and where necessary the source of funds, against the firm’s knowledge of the customer and risk profile.
The legal stakes extend beyond file quality. Section 340 of the Proceeds of Crime Act 2002 defines criminal property by reference to whether it constitutes or represents a benefit from criminal conduct and whether the person concerned knows or suspects that fact. Where a firm forms a suspicion, the regulated sector has obligations to report to the UK Financial Intelligence Unit at the National Crime Agency.
Supervisors look for judgement, not volume
The Financial Conduct Authority’s Financial Crime Guide expects firms to document and challenge information on source of funds and source of wealth during due diligence. Mendez says a file that contains documents without a recorded assessment of why the explanation was accepted may fail to show a defensible compliance decision.
He says the strain is greatest in high-volume environments, where teams may default to collecting records rather than recording the reasoning that connects those records to a conclusion on origin. Because regulation 28 links provenance to ongoing monitoring, Mendez adds that firms should keep origin judgements current as the customer relationship changes.
This story draws on original reporting from Finextra Research.