Lesson 1Customer due diligence and onboarding controls: KYC, beneficial ownership, screening, EDD triggers for high-risk merchants like crypto and gamblingThis section tackles customer due diligence for merchants and partners, covering KYC, beneficial ownership, sanctions and PEP screening, EDD for high-risk areas, and ongoing checks suited to payment processor models.
Merchant KYC and verification controlsBeneficial ownership identificationSanctions and PEP screening at onboardingEDD for crypto, gambling, and high riskOngoing due diligence and refresh cyclesLesson 2Transaction monitoring and detection rules: typologies for payments and digital wallets, rule design, thresholds, and scenario developmentThis section focuses on transaction monitoring for payment processors, covering typologies for cards, APMs, wallets, rule design, thresholds, alert handling, tuning, and model governance to spot laundering and fraud.
Payment and wallet AML typologiesDesigning rules and scenariosThreshold setting and calibrationAlert triage and investigation flowsModel validation and performance reviewsLesson 3Risk-based approach: risk appetite statements, risk tolerances, segmentation of customers and productsThis section describes applying a risk-based approach for payment processors, with risk appetite statements, tolerances, customer and product segmentation, scoring, and matching controls to risk levels.
Drafting AML risk appetite statementsDefining risk tolerances and limitsCustomer and merchant segmentationProduct and channel risk scoringLinking controls to residual riskLesson 4Reporting and escalation: internal suspicious activity reporting, senior management and board reporting, regulator communication protocolsThis section covers AML and sanctions reporting and escalation, including internal suspicious reports, case escalation, management info for leaders and board, and regulator communication protocols.
Internal suspicious activity reportingEscalation criteria and timelinesManagement and board reporting packsRegulator communication protocolsReporting to sponsor banks and partnersLesson 5Sanctions compliance program elements: screening workflows, watchlist management, false positive tuning, blocking/filing proceduresThis section details sanctions compliance for payment processors, covering screening design, list management, workflows, false positive reduction, and procedures for blocking, rejecting, reporting decisions.
Sanctions risk assessment for processorsName and payment screening designWatchlist sourcing and list governanceFalse positive reduction and tuningBlocking, rejecting, and reporting flowsLesson 6Policies and procedures: AML, sanctions screening, KYC, enhanced due diligence (EDD), transaction monitoring, data protection, recordkeepingThis section guides drafting and maintaining risk-based AML, sanctions, KYC, EDD, monitoring, data protection, and recordkeeping policies that are practical, version-controlled, and regulation-aligned.
Policy hierarchy and ownership modelCore AML and KYC policy elementsSanctions and screening proceduresEDD and transaction monitoring SOPsVersion control and approval workflowLesson 7Training and competency management: role-based training curriculum, frequency, tracking and testing of effectivenessThis section covers role-based AML and sanctions training for payment processors, including curriculum by function, frequency, delivery, tracking, testing, and fixes for low performance.
Training needs analysis by role and riskDesigning AML and sanctions curriculaTraining frequency and refresher cyclesTesting knowledge and measuring impactTracking completion and remediation stepsLesson 8Governance and organizational structure: Board oversight, Compliance Officer responsibilities, escalation pathsThis section defines AML and compliance governance for payment processors, covering board duties, Compliance Officer role, escalation channels, and committees for independent controls.
Board AML and compliance oversight dutiesCompliance Officer mandate and authorityThree lines of defense model in practiceEscalation paths and issue ownershipCompliance and risk committee structuresLesson 9Recordkeeping and auditability: retention requirements, audit trails, change control for rules and modelsThis section explains recordkeeping and audit needs for AML programmes, including retention, secure storage, audit trails, and change control for rules, models, data to aid reviews.
Regulatory record retention requirementsDesigning searchable audit trailsEvidence of investigations and decisionsChange control for rules and modelsData lineage and system-of-record controls
