How familiar clients can create hidden AML risks

Dec 3 / Leonard Nwogu-Ikojo

In this fictional scenario, a quality review of long-standing client files reveals how familiarity can mask source-of-funds gaps in AML compliance. This case study examines why unexplained inflows, family gifts, and trusted domestic accounts still require verification under ongoing monitoring and enhanced due diligence obligations. Referencing Articles 20 and 34 of the AML Regulation, the article highlights why tenure and perceived trust can never replace documented, risk-based assessment.



This article is intended for educational and informational purposes only and does not constitute legal, regulatory, or professional compliance advice. The scenario and recommendations provided are illustrative and may not capture all applicable requirements or risks in specific cases. Readers should follow their organization’s internal policies, data protection requirements, and seek professional advice tailored to their circumstances.

Case snapshot: when long-term clients mask source-of-funds gaps

Max was reviewing four conveyancing files as part of a first-line quality review. Each file had passed onboarding and compliance sign-off months earlier. At first glance, everything looked tidy—bank statements, identity checks, payment receipts. But one detail kept repeating: unexplained funding gaps.

On one file, the buyer had contributed €30,000 to a purchase, yet the account statements showed a balance of €400 just six months before.

Another file showed two overseas clients wiring €70,000 into their UK account, followed by a cashier’s cheque from an unknown source.

A third relied on a parental gift—no inquiry into how the parent had amassed the funds.

When Max asked why no follow-up questions were recorded, the file owner replied, “They’ve been clients for years. Their funds are from a UK bank. Nothing unusual.”

Luc reviewed the notes and closed the folder slowly.

“Familiarity isn’t evidence. A relationship doesn’t launder money, and a UK sort code doesn’t make funds legitimate.”

Ella added, “If we skip verification because we trust the client, we’re outsourcing our judgment to them. That’s is delegation.”

Max drafted an internal briefing. Going forward, any assumed low-risk source—UK banks, family transfers, long-term clients—would trigger a second-level review unless supported by a clear audit trail showing how the money was earned or accumulated. Trust had to be proven, not presumed.

Regulatory lens: ongoing monitoring and source-of-funds verification

When a client’s financial behavior changes—such as the appearance of foreign transfers or unexplained inflows—Article 20 applies. It requires obliged entities to conduct ongoing monitoring, ensuring that transactions remain consistent with the customer’s established profile, business activity, and stated source of funds. Any inconsistency must trigger a review of the customer’s risk rating and an update to their CDD file.

If that review reveals elevated risk, Article 34 comes into force. It requires the application of enhanced due diligence: obtaining and assessing additional information on the customer’s source of funds and source of wealth, and verifying that these align with the customer’s risk profile and the intended nature and purpose of the relationship or transaction.

Final thought: the compliance risk of assuming “we know the client”

Trust is not a control. Longstanding relationships can dull scrutiny, turning familiarity into blind spots. A client’s reputation or tenure with the firm cannot substitute for verified source-of-funds evidence.

Money laundering risk often hides behind routine—accounts that look the same, names that sound known, patterns that feel harmless. True diligence means testing even the comfortable cases. The moment you assume “we know this client,” you’ve stopped knowing anything at all.



Created with