AML screening for banks sits at the intersection of the densest regulation, the highest transaction volumes, and the strongest correspondent-banking expectations in financial services. A mid-size European bank running ~3,000 onboarding events, ~300,000 wires and a 2-million-customer rescreening pass every day operates within a tolerance band of milliseconds for latency and percentage points for false positives. This article walks through the production architecture, the regulator expectations behind each component, and an anonymised migration case study with the real metrics.
What Makes Bank AML Screening Different
A Tier-2 European bank (scale: ~2 million retail + 150,000 commercial customers, ~300,000 SWIFT/SEPA transactions per day) carries this AML load:
- Onboarding: ~3,000 new customer applications per day (branch + digital combined)
- Transaction screening: ~300,000 transactions; originator and beneficiary screened on each
- Rescreening: nightly batch, full portfolio against current lists
- Sanctions match volume: ~12,000 raw matches per day, ~150 escalated to review, 3-5 true positives
- PEP/adverse media volume: ~5,000 matches per day, ~200 escalated to review, ~20 true positives (most already-known)
- SAR filing: 30-60 per month to the national FIU
- Compliance team size: ~25 AML analysts, 3 team leads, MLRO
At this volume, system architecture, regulator compliance and team workflow must be designed as one whole.
Architectural Components
1. Customer Onboarding Pipeline
A new customer application (branch or digital) flows:
- KYC starts: identity document, video KYC or NFC chip verification, address.
- Once KYC validates, a synchronous AML screening API call (target latency <300 ms).
- No match: account opens. Match: case management; AML analyst reviews within 24 hours.
- High-risk customer (PEP, high-risk jurisdiction, correspondent bank): EDD process starts; senior management approval obtained.
- Every step audit-logged; retained per jurisdiction (UK: 5 years post-relationship end; EU: 5 years).
Under AMLD5 Article 13, the relationship cannot be established before identification and screening are complete. Practically, the bank must hold account activation until the screening result is decided.
2. Transaction Screening Pipeline
Every financial transaction screens originator and beneficiary:
- SWIFT MT103 messages:
50K,59,52A,57Afields for originator/beneficiary/intermediary banks - SEPA Credit Transfer (pacs.008):
Dbtr,Cdtr,DbtrAgt,CdtrAgtblocks - TARGET2 / RTGS messages: the equivalent blocks per scheme
- Domestic instant payment systems (FPS in UK, SCT Inst in EU): real-time screening required
- Card transactions: counterparty screening on high-value or high-risk jurisdiction card events
- Crypto on-ramp/off-ramp (where the bank serves crypto-asset firms): exchange and wallet address screened against on-chain risk signals
Target latency: p99 <100 ms (the message cannot wait). Match held; case management reviews within 2 hours.
3. Rescreening Batch
A nightly job re-screens the portfolio:
- Method: full sweep weekly, delta sweep daily
- Volume: ~2 million retail + 150,000 corporate × all lists = billions of match operations
- Duration target: <6 hours (00:00 to 06:00 window)
- Output: alerts land in the morning analyst queue
4. Case Management
All screening output funnels into a single case management system. Features:
- Case prioritisation (list binding force + customer risk level)
- Analyst assignment
- Investigation notes + decision
- Escalation
- SAR drafting + export to local FIU format (NCA SAR Online for UK, goAML XML for many FIUs)
- Audit trail
- KPI dashboard
5. FIU Integration
Reporting routes to the national FIU:
- Suspicious Activity Report (SAR / STR): filed under national format and window
- Asset freeze reporting: for confirmed sanctions matches, reported to OFSI (UK) or equivalent under their statutory timeframe
The architectural recommendation is to integrate FIU submission via a workflow that includes MLRO sign-off; manual data entry into FIU portals is a known error source.
Correspondent Banking Obligations
Banks with overseas correspondents (especially USD via US correspondents, EUR via EU correspondents) carry extra AML expectations:
- OFAC SDN screening required: contractual condition from the correspondent
- Wolfsberg Group Correspondent Banking Questionnaire (CBQ): annual update
- Beneficial Owner transparency: UBO of underlying customers must be visible
- Annual AML programme review: correspondent may audit the respondent's AML system directly
Sanctions screening explained covers OFAC and the other lists in detail.
Case Study: A European Bank Migration
A mid-size European bank (~2 million customers) migrated its legacy monolithic AML system to a modern API-based platform. Before:
- Legacy system: on-prem, 10+ years old, batch-heavy
- Onboarding screening latency: 2-4 seconds average (UX problem)
- Transaction screening: batch, not real-time (four times daily)
- False-positive rate: 94% (PEP), 97% (sanctions name-only)
- Compliance team: 35 analysts for manual review
- List update latency: 6-8 hours average
- SAR filing: manual Excel-based process
After migration (Legichain, 9-month project):
- Onboarding screening latency: p99 <250 ms
- Transaction screening: real-time, p99 <80 ms
- False-positive rate: 2-5% (sanctions after multi-attribute scoring), 35-45% (PEP after match grouping)
- Compliance team: 18 analysts (reallocated effort, no involuntary reduction)
- List update latency: <15 minutes (OFAC), <60 minutes (others)
- SAR filing: one-click export to national FIU format from case management
These are actual measured metrics; the bank is anonymised.
Regulator Expectations
In the EU (under AMLD5 and AMLD6, supervised by national authorities like BaFin, ACPR, Bank of Italy):
- Risk-based approach documentation: the risk model must be written
- List coverage: which lists, update cadence
- Match decision documentation: every true/false positive decision reasoned
- Workflow controls: four-eyes principle, analyst supervisor sign-off
- Performance metrics: FPR, recall, MTTC must be tracked
- System change control: screening threshold changes go through test/audit
In the UK (under MLR 2017, supervised by FCA, PRA, HMRC):
- The same expectations, expressed through FCA SYSC chapters
- FCA's Financial Crime Guide as the operational benchmark
- Senior Managers and Certification Regime (SMCR) attaches personal accountability for AML failings
US correspondent expectations layer on top: BSA / USA PATRIOT Act / OFAC compliance demonstrable to the US correspondent.
Supervisory Inspection Preparation Checklist
What an FCA, BaFin, ACPR, Bank of Italy or equivalent supervisor expects to see:
Documentation:
- Written risk scoring model (factor definitions, weights, thresholds, validation report)
- List update process documentation (lists screened, cadence, ownership, monitoring)
- Alert investigation procedure (analyst workflow, escalation rules, four-eyes principle)
- SAR sign-off and submission procedure (MLRO role, FIU channel)
- AMLD5 / MLR 2017 mapping (article-by-article showing how the bank meets each requirement)
System evidence:
- Last 90 days of screening output (anonymised sample)
- False-positive and recall trend charts
- List update latency logs
- SAR volume monthly trend
- High-risk customer category distribution
Case evidence:
- True-positive sanctions hit cases (asset freeze + FIU notification)
- EDD applied customer examples (source of funds documentation, senior management approval)
- SAR examples (anonymised)
- Rejected onboarding examples (reasoning)
People and governance:
- MLRO appointment, scope of authority
- AML team organisation chart
- Training programme (annual mandatory AML training records)
- Annual AML programme presentation to the board
A supervisory inspection typically runs 2-4 weeks; sample dataset requested; team interviewed. Advance preparation directly affects inspection duration and outcome.
Performance Metrics: A Bank Standard
Monthly dashboard metrics:
| Metric | Target | Acceptable |
|---|---|---|
| Onboarding screening p99 latency | <300 ms | <500 ms |
| Transaction screening p99 latency | <80 ms | <150 ms |
| List update latency (OFAC) | <30 min | <2 h |
| Overall false-positive rate | <5% | <15% |
| Analyst cases-per-hour closure | >8 | >5 |
| Mean time to closure | <24 h | <48 h |
| SAR filing lag (days) | <5 | <10 |
| Annual supervisory findings (AML) | 0 | <5 |
Frequently Asked Questions
Should a bank build its own AML screening engine or use a vendor?
Vendor in most cases. List licensing (Dow Jones, Refinitiv), normalised data storage, fuzzy matching engine, continuous list maintenance — combined in-house build and operating cost easily exceeds seven-figure USD annually. Vendor (Legichain included) brings it into six figures. In-house economics only work at the largest Tier-1 bank scale.
What is the most common gap in supervisory reviews?
Top three: (1) risk scoring model documentation missing or stale; (2) list update process undocumented; (3) match decision rationale inconsistent (some cases detailed, others "FP" with no reasoning). Systematic fixes: standard templates, periodic internal audit, automated documentation.
What does it take to pass a correspondent bank AML review?
Complete the Wolfsberg CBQ form thoroughly with real metrics (FPR, list coverage, team size, FIU relationship). The technical AML system must be answerable: which lists are screened, which engine, manual review SLA. OFAC SDN screening evidence (sample logs) is almost always requested.
Are there additional expectations on inbound cross-border wires?
Yes. Inbound wires from EU follow the EU TFR (Transfer of Funds Regulation 2015/847 — recast as 2023/1113 for crypto); the bank must verify that originator information is complete. UK inbound under MLR 2017 Part 7. US correspondent inbound carries 31 CFR 1010.410 (Travel Rule) expectations. Missing information warrants a SAR consideration.
How does the bank screen a crypto exchange off-ramp into a customer account?
A crypto-asset firm is a high-risk industry customer for the bank. On TRY/EUR/GBP withdrawal the bank checks: source exchange is a bank customer (with crypto-asset licence in the relevant jurisdiction), receiving fiat account active, source-of-funds documented (exchange customer profile), exchange wallet address screened through blockchain AML. The bank typically requires the exchange to provide on-chain risk attestations for large withdrawals.
How Legichain Helps
Legichain's AML screening platform for banks ships with pre-configured templates for major EU and UK regulator expectations. Risk scoring, list coverage (UN, OFAC, EU, UK HMT, national lists), transliteration, SAR export to national FIU formats, audit trail — all standard.
At the mid-size European bank described in the case study, post-migration operational metrics: screening latency improved 10-30×, false positives reduced ~80%, compliance team reallocated 40% effort to higher-value investigations. Most recent supervisory review: no AML findings.
Solution overview for banks lays out the bank-specific requirement set.