Neobanks, also known as digital banks or challenger banks, have seen significant growth over the past few years. According to a report by Accenture, neobanks in the UK increased their customer base from 7.7 million in 2018 to nearly 20 million by the end of 2019, reflecting a growth rate of 150%. However, this rapid expansion has come with its own set of challenges. The customer growth rate dipped in the second half of 2019 from 170% to 150%, and the average deposit balance dropped by 25%, from £350 to £260 per customer.

In 2024, the global transaction value in the neobanking market is projected to reach $6.37 trillion, with an expected annual growth rate (CAGR) of 13.15% from 2024 to 2028, ultimately reaching $10.44 trillion by 2028. The number of users is anticipated to grow to 386.3 million by 2028, with a user penetration rate increasing from 3.89% in 2024 to 4.82% by 2028.

These statistics highlight the rapid growth and increasing significance of the neobanking sector, underscoring the need for comprehensive and effective AML compliance programs to manage the associated risks and regulatory requirements.

As neobanks continue to disrupt the traditional banking sector with their innovative and customer-centric approaches, they also face unique challenges in meeting regulatory expectations. A robust Anti-Money Laundering (AML) compliance program is essential for these digital-first banks to safeguard the integrity of financial systems, protect customers, and maintain trust.

In this comprehensive guide, we will explore the critical components of an effective AML compliance program for neobanks. Drawing on insights from Leonardo Correa, Group Head of compliance & AML at Taptap Send, and former compliance leader at Nubank, PwC, and Ziina, we will provide practical, step-by-step guidelines that neobanks worldwide can adopt to enhance their compliance efforts and ensure sustainable growth.

The unique AML challenges for neobanks

Neobanks operate exclusively online, leveraging digital platforms to deliver financial services. While this model offers significant benefits such as lower operational costs, greater convenience, and enhanced user experience, it also presents unique AML challenges:

  1. Anonymous transactions and user verification: The digital-first approach can make it more difficult to verify customer identities accurately. Traditional banks often rely on face-to-face interactions and physical documents for customer verification, whereas neobanks mostly implement robust electronic Know Your Customer (eKYC) procedures.
  2. Rapid transaction speeds: Neobanks facilitate faster transactions compared to traditional banks. While this enhances customer satisfaction, it also increases the risk of money laundering, as illicit activities can be conducted swiftly before detection systems trigger alerts.
  3. Global reach and diverse user base: Neobanks often serve customers across multiple jurisdictions, each with its own regulatory requirements. Navigating this complex landscape requires comprehensive and adaptable AML programs to meet various legal standards.
  4. Use of cryptocurrencies: Many neobanks offer cryptocurrency services, which are inherently more difficult to trace and regulate. This adds an extra layer of complexity to AML compliance, necessitating tight monitoring and reporting measures for cryptocurrency transactions.

Global regulatory bodies are increasingly scrutinizing neobanks to ensure robust AML compliance. Key expectations include:

  1. Customer due diligence (CDD): Neobanks must perform thorough CDD, verifying customer identities, understanding their activities, and assessing their risk profiles. Continuous monitoring of transactions is essential to detect any suspicious activities.
  2. Transaction monitoring: Implementing advanced transaction monitoring systems is critical for identifying and reporting suspicious activities. Implementing advanced transaction monitoring systems is critical for identifying and reporting suspicious activities. Utilizing an AI-native, risk-based, and customizable transaction monitoring system can significantly enhance a neobank's ability to comply with global regulations.
  3. Regulatory reporting: Timely and accurate reporting of suspicious activities is a regulatory necessity. Neobanks must have systems in place to generate and submit Suspicious Activity Reports (SARs) in compliance with local and international regulations.
  4. Ongoing compliance training: Regular AML training for employees ensures they are up-to-date with the latest regulations and best practices. This helps maintain a strong compliance culture within the organization.
  5. Risk assessment and management: Neobanks need to regularly assess their AML risks and implement appropriate risk management strategies. This includes evaluating exposure to money laundering risks and updating AML policies and procedures accordingly.

By addressing these unique challenges, neobanks can enhance their AML compliance programs, ensuring they meet regulatory expectations and protect the financial system from illicit activities.

Step-by-step guide from a compliance expert

Leonardo Correa, Group Head of Compliance & AML, Taptap Send

With over a decade of experience in the financial and compliance sectors, Leonardo Correa has led AML efforts at major institutions across various regions. Currently the Head of Compliance and AML at Taptap Send, he has previously held prominent roles at neobanks such as Nubank and financial powerhouses like PwC and Banco Safra. His expertise spans AML governance, global AML projects, and building compliance frameworks for both emerging and established markets. Leonardo’s career trajectory—from compliance specialist to leadership roles—has given him unique insights into the complexities of AML in the rapidly evolving fintech space.

Step 1: Establishing a compliance culture

The first step I believe is fostering a culture of compliance within the organization. This involves a top-down commitment where leadership prioritizes compliance as a core value. Clear expectations must be set, necessary resources provided, and leadership must lead by example. Regular communication about the importance of AML compliance and its impact on your organization's reputation and operational integrity helps reinforce this culture.

Step 2: Developing AML policies and procedures

Developing a comprehensive AML policy tailored to your specific operations is important. You should also make sure these policies cover customer due diligence, transaction monitoring, risk management, and reporting requirements. These policies need to be dynamic, regularly reviewed, and updated to reflect changes in your specific regulatory landscapes and emerging threats.

Step 3: Implementing effective customer due diligence

Effective customer due diligence is critical. I recommend using a combination of traditional verification methods and advanced technologies like AI and machine learning for eKYC processes. This ensures accurate identification and ongoing monitoring of your customer activities. Tools such as biometric verification and document authentication are essential for maintaining high CDD standards.

Step 4: Leveraging technology for transaction monitoring

In my opinion, this should be the most important part of your AML compliance program. Choosing the right technology for transaction monitoring can significantly enhance your AML capabilities. Utilizing an AI-native and risk-based transaction monitoring systems is very important in recent times. These systems should be capable of real-time monitoring and detecting unusual patterns, which is essential for identifying and mitigating suspicious activities promptly.

A risk-based approach ensures that the system prioritizes monitoring activities based on the risk profile of customers and transactions, focusing resources on the most significant threats. Also allowing you to fine-tune rules and parameters to comply with global regulations efficiently, adapting to your unique operational context.

When it comes to implementing such a system, you face a critical decision: whether to build an in-house solution or purchase an established software. Building an in-house system allows for some customization and control, ensuring that the solution is perfectly tailored to your specific needs. However, this approach requires significant resources, including time, expertise, and ongoing maintenance.

Alternatively, purchasing a comprehensive, market-proven software solution can be more advantageous. These established solutions often cover everything you might need and are constantly updated to keep pace with evolving regulatory requirements. This option can serve as a robust defense, ensuring compliance while allowing you to focus on your core business operations. By leveraging the expertise and technology of a dedicated software provider, you can benefit from their specialized knowledge and experience, ultimately enhancing your overall compliance strategy and operational efficiency.

Overall, it all comes down to making a proper pro/con assessment on which option would provide more value.

Step 5: Conducting regular training and awareness programs

Regular training and awareness programs are important. I suggest a structured training program that includes initial onboarding training, periodic refreshers, and updates on new regulations and trends. Interactive sessions, case studies, and scenario-based learning can enhance understanding and engagement among the entire compliance team.

Step 6: Continuous risk assessment and management

Ongoing risk assessment and management are crucial for maintaining an effective AML compliance program. Conduct regular risk assessments to identify and evaluate potential AML risks. This involves analyzing transaction patterns, customer behavior, and emerging threats. The insights gained should inform adjustments to AML policies and controls, ensuring they remain effective and relevant.

It's beneficial to use a risk assessment solution that integrates with your transaction monitoring system. This combined approach offers several advantages. Firstly, it provides a unified platform that analyzes data holistically, offering a comprehensive understanding of customer behavior and transaction patterns. Secondly, integrated systems allow for real-time risk management, enabling quicker and more informed decision-making by immediately evaluating detected unusual patterns in the context of overall customer risk, ensuring that your compliance program is both robust and adaptive to emerging threats.

Step 7: Ensuring Robust Reporting Mechanisms

Maintaining accurate records and ensuring timely reporting of suspicious activities are vital components of an effective AML compliance program. I believe that robust reporting mechanisms are essential because they streamline the generation and submission of Suspicious Activity Reports (SARs), Currency Transaction Reports (CTRs), and other necessary documentation based on your jurisdiction's specific requirements.

Utilizing automation tools can significantly enhance the efficiency of tracking and documenting suspicious activities. These tools ensure that all relevant information is captured accurately and that reports are submitted promptly, reducing the risk of non-compliance. The ability to automate and standardize these processes helps maintain consistency and thoroughness in reporting, which is crucial for satisfying regulatory obligations.

For example, integrating automated reporting systems with your transaction monitoring solutions ensures that any detected suspicious activity triggers an immediate review and potential report generation. This integration supports a seamless workflow from detection to reporting, making the entire process more efficient and reliable.

I find this approach makes a lot of sense because it reduces the manual workload on compliance teams, minimizes the risk of human error, and ensures that we meet all regulatory deadlines. This not only helps in maintaining regulatory compliance but also enhances our ability to detect and respond to potential financial crimes swiftly and accurately.

By following these steps, neobanks can build a strong AML compliance program that not only meets regulatory requirements but also enhances their operational integrity and customer trust. These insights provide a practical and actionable roadmap for neobanks aiming to navigate the complex landscape of AML compliance effectively.

Importance of AML compliance for neobanks

Some risks of non-compliance

Failing to implement a robust AML compliance program can have severe consequences for neobanks, including:

  1. Non-compliance with AML regulations can lead to significant reputational harm. Trust is a cornerstone of the banking industry, and any indication that a neobank is not adequately preventing money laundering can erode customer confidence. Negative publicity can spread rapidly in today's digital age, making it difficult for affected neobanks to regain their reputation.
  2. Regulatory bodies globally impose substantial fines on financial institutions that fail to meet AML compliance standards. For instance, the European Union, the United States, and other major financial markets have stringent AML regulations, and violations can result in multi-million-dollar fines. These penalties can have a substantial financial impact on neobanks, especially those operating on thinner margins compared to traditional banks.
  3. Beyond financial penalties, neobanks may also face legal action, including lawsuits and sanctions from regulatory authorities. Legal proceedings can be lengthy and costly, diverting resources from core business operations and innovation. In extreme cases, non-compliance can lead to the revocation of operating licenses, effectively shutting down the neobank.

Benefits of Compliance

  1. A robust AML program helps build and maintain customer trust. Customers are more likely to engage with financial institutions that are perceived as secure and trustworthy.
  2. Effective AML compliance can lead to improved operational efficiency. Automated and AI-driven AML systems can streamline processes such as customer due diligence, transaction monitoring, and reporting. This reduces the burden on compliance teams, allowing them to focus on higher-level risk management activities and improving overall productivity.
  3. Meeting AML requirements ensures that neobanks remain in good standing with regulatory authorities. This can prevent costly fines and legal issues, allowing the bank to operate smoothly and focus on growth and innovation.
  4. A comprehensive AML program helps identify and mitigate risks associated with money laundering and other financial crimes and helps protect them from potential losses and enhance their overall risk management framework.
  5. Compliance with global AML standards makes entry into new markets much easier, supporting growth and expansion efforts.

In conclusion

An effective AML compliance program is essential for neobanks to navigate the complex regulatory landscape, maintain customer trust, and safeguard their operations. It starts with establishing a compliance culture where priorities are set from the top-down, clear expectations are defined, and necessary resources are provided. Developing dynamic AML policies and procedures tailored to specific operations ensures all aspects of customer due diligence, transaction monitoring, and reporting requirements are covered.

Contact us to explore how we can support your compliance efforts and ensure your operations are aligned with the highest standards of regulatory compliance.

Our team at Flagright is ready to assist you in navigating the complexities of AML compliance and implementing effective solutions tailored to your needs.