Your questions - our answers

Here you will find answers to your questions on the topic of money laundering prevention. We have summarised everything for you: What is money laundering and how do money launderers often operate? What are your obligations? What are the duties of money laundering officers and what is involved in legally compliant customer identification?

Do you have any further questions? Contact us now.

Money laundering

What is money laundering?

Money laundering describes the channeling of incriminated - i.e. illegally acquired - funds into the legal economic cycle. The aim is to provide the criminal with legal assets that can be explained and that do not allow any evidence of criminal activity. Money laundering is used in particular to finance organised crime and global terrorism.

For this reason, there are many complex obligations that do not always make it easy for obligated parties to achieve full AML compliance (compliance with the obligations under the Money Laundering Act or money laundering prevention compliance). Non-compliance with the requirements and obligations according to the Money Laundering Act is still widespread. The authorities are increasingly imposing high fines for this. Fines of up to five million euros are possible.

When is money laundering a criminal offense?

According to the German Money Laundering Act (GwG), money laundering is not only punishable once a certain amount of money is exceeded. For the legislator, it is also largely irrelevant whether cash or non-cash transactions are involved.

What does the three-phase model of money laundering describe?

A well-known and easy-to-understand model to describe money laundering is the so-called "three-phase model of money laundering" which is also taught by the UNDOC (United Nations Office on Drugs and Crime) in training courses. Money laundering is divided into three phases: Placement, Layering and Integration.

The three phases can be illustrated with an example in the motor vehicle sector: A customer orders several cars from a car dealer and makes the down payment in cash (placement). Shortly before delivery, the customer cancels the order and has the deposit paid back by bank transfer (layering). Afterwards, the alleged customer can invest the money laundered in this way further into the legal economic cycle (integration), as he has a proof of origin through the repayment of the down payment of the cars at the car dealer. The legislator therefore starts the fight against money laundering at the placement stage. Car dealers may also have to identify their customers when they are seriously interested in buying and subject them to a risk analysis.

What is understood by structuring?

Structuring" is the deliberate splitting of larger sums into smaller amounts in order to circumvent thresholds.

The Money Laundering Act provides for certain threshold values for transactions in specific sectors, above which obligated parties must implement their obligations under the Money Laundering Act. These thresholds can be circumvented through structuring. If, for example, KYC checks only have to be carried out above a certain threshold, the sums to be laundered are broken down into smaller amounts.

In the case of jewellers and traders of precious metals, for example, individual items could be regularly acquired by the same person, the amount of which is below the threshold value in each case, without there being a comprehensible reason. This makes it possible for money launderers to circumvent identification and documentation even in the case of larger, accumulated sums and thus to conceal the origin of funds. Even though it is difficult to identify this form of money laundering in practice, such attempts must be reported. If no report is made, a company is in danger of making itself liable to prosecution in case of doubt.

What does smurfing mean?

"Smurfing" is similar to the concept of "structuring", but this process is more complicated and requires more human resources from the money launderer. Smurfing involves distributing the payment or execution of a transaction among different people. In this way, amounts can be pieced together and then distributed via middlemen and women. The clients act in the background.

This form of money laundering can also be detected if the company has an effective money laundering prevention concept that includes staff training, KYC checks and monitoring of transactions.

Money laundering prevention

What is money laundering prevention?

Active money laundering prevention makes it possible to detect and prevent the concealment of illegally acquired funds and their infiltration into the regular economic cycle.

From an economic point of view, many obligated parties under the German Money Laundering Act (GwG) do not see the prevention of money laundering as their original task, but they are nevertheless obligated by law to prevent money laundering. The reason for this is that it is becoming increasingly difficult to trace laundered money once it has entered the legal economic cycle.

While the international community is guided by the guidelines of organisations such as the Financial Action Taskforce (FATF), compliance with money laundering guidelines in Germany is regulated, among other things, by the GwG, which was first passed in 1993 and has undergone numerous amendments to date. The "Act on the Tracing of Profits from Serious Crimes" defines various measures and obligations that must be implemented by the so-called "obligated persons". These measures form the concept of money laundering prevention, which is essentially based on three pillars: Risk management, due diligence obligations and suspicious activity reporting.

Who is responsible for combating money laundering?

Who is included among the obligated parties according to the German Money Laundering Act (GwG) is regulated in § 2 para. 1 GwG. This includes, among others:

  • Credit institutions (§ 2 Para. 1 No. 1 GwG)
  • Financial services institutions (Section 2 (1) No. 2 AMLA)
  • Payment institutions and electronic money institutions (Section 2 (1) No. 3 AMLA)
  • (self-employed) financial agents (section 2 (1) no. 4 AMLA)
  • Insurance companies (Section 2 (1) No. 7 AMLA)
  • Insurance intermediaries (section 2 (1) no. 8 AMLA)
  • Capital management companies (section 2 (1) no. 9 AMLA)
  • Lawyers, patent lawyers and notaries (section 2 (1) no. 10 AMLA)
  • Legal advisers (section 2 (1) no. 11 AMLA)
  • Auditors, tax consultants (section 2 (1) no. 12 AMLA)
  • Fiduciary dealers (section 2 (1) no. 13 AMLA)
  • Real estate agents (Section 2 (1) No. 14 AMLA)
  • Organisers and brokers of games of chance (Section 2 (1) No. 15 AMLA)
  • Dealers in goods, art brokers and art stockists (Section 2 (1) No. 16 AMLA)

The obligations to be complied with differ depending on the sector.

What is the penalty for money laundering?

In Germany, fines of up to five million euros are due for violations of the Money Laundering Act. However, only a record fine of 145,600 euros has been imposed so far. Nevertheless, an infringement does not only have financial consequences for the obligated party. Unappealable penalty notices are also partially disclosed ("naming" and "shaming") according to Section 57 AMLA.

The text of the law states: "In the notice, the nature and character of the offence and the natural persons and legal persons or associations of persons responsible for the offence must be named. This can mean a high loss of reputation for those affected.

What are interpretation and application notes (AuAs)?

The Money Laundering Act (AMLA) is flanked, among other things, by so-called interpretation and application notes (AuAs for short), which are typically prepared by the supervisory authorities.

The AuAs are specific statements on the interpretation and application of the Money Laundering Act. Although the Money Laundering Act partly contains clear provisions on the practical application, some specifications remain unclear. The reason for this is that there are different sector-specific factors that must be taken into account, for example, when preparing risk analyses. In order to provide obligated parties with clearer specifications, these are developed on the basis of the Money Laundering Act in so-called "AuAs".


What is risk management?

Obligated persons under the Money Laundering Act must carry out risk management. Effective risk management means the identification and minimisation of money laundering risks in the activities of obligated persons.

For this purpose, it is important to determine and assess the risk of money laundering and terrorist financing in the company or trade in a risk analysis. Based on this, security measures must be taken. These include, for example, the implementation of training, the examination of employees and, in the case of certain obligated parties, the appointment of an anti-money laundering officer.

In addition, the general design of measures to fulfil further legal obligations, such as the establishment of anonymous whistleblower systems or mandatory transaction monitoring, may be required by the legislator or the authorities.

In order for the supervisory authorities to be able to understand what obligated parties have done to comply with their legal obligations, all these processes must be transparently documented and archived. Supervisory authorities attach great importance to the fact that risk management procedures are not only set up once, but - also against the background of constantly evolving legal requirements - are regularly reviewed and adapted.

What is included in the general duties of care?

In order to combat money laundering and terrorist financing, it is mandatory to comply with the customer due diligence requirements of the Money Laundering Act. Before entering into a business relationship, obligated persons must fulfil various due diligence obligations towards their customers. The AMLA distinguishes between general and enhanced due diligence obligations.

These include, for example, customer due diligence obligations such as the obligation to identify contractual partners, to clarify whether the contractual partner is acting for a beneficial owner or whether the customer is a politically exposed person.

What purpose have the general duties of care?

The information obtained through compliance with the general due diligence requirements make it possible to carry out an individual risk assessment of the respective customer relationship. The aim of this, in turn, is to determine whether one must fulfil enhanced due diligence obligations - this can be the occasion for more intensive follow-up research. Obligated persons may have to find out whether a contractual partner is domiciled in a third country - a country outside the EU - whether there is a high risk of money laundering or terrorist financing in the respective country and whether the contractual partner holds political office. These circumstances significantly influence the risk of a business relationship or transaction. These questions must be asked by obligated parties and answers must be documented. Negligent breaches of customer due diligence obligations could result in fines.

In order to be able to prove that all customer due diligence obligations have been fulfilled, all documents must be kept for at least five years after the audit in compliance with the General Data Protection Regulation.

What is meant by suspicious activity reporting?

If there are indications of money laundering, companies are obliged to report the suspicion. This includes the suspicion that assets originate from an illegal source, transactions are connected to terrorist financing or contractual partners do not disclose their beneficial owners. In these cases, the obligated party must report the facts to the Central Financial Transaction Investigation Unit (FIU) via the reporting portal goAML. The authorities investigate the reports and initiate an investigation if necessary.

Which suspicious behaviour must lead to a report is regularly explained by the FIU in so-called sector-specific "typology papers". Typology papers deal with typical practices of money launderers and can thus help obligated persons to better recognise and report suspicious behaviour. In order to access the reporting portal and the typology papers, obligated persons must have access to the internal area of the FIU.

What are the components of a risk analysis?

There is no standardised process for the preparation of risk analyses, however, the Annexes to the AMLA specify certain risk factors that must be included in the risk analysis. The risk analysis is an integral part of money laundering prevention.

The inventory should include general data of the company, the location as well as on the customer, sales and product structure. In the risk analysis, company-specific risks are identified and evaluated on the basis of internal as well as external sources. For this purpose, industry-specific typology papers from the fight against crime, publications of the supervisory authorities and adverse media checks, among others, should be consulted. The internal security measures based on this derive, among other things, recommendations for action from the risk analysis. This also includes, among other things, the handling of suspicious cases and the appointment of a money laundering officer (if necessary).

A risk analysis should be reviewed and updated regularly. Kerberos Compliance takes on this task as part of the creation of a complete money laundering prevention concept. We ensure that the requirements of the German Money Laundering Act (GwG) are met.

Money Laundering Officer

Who can become a money laundering officer?

A money laundering officer should have the necessary expertise to ensure compliance with money laundering prevention requirements. Although the legislator does not explicitly stipulate which requirements an anti-money laundering officer must fulfil, it is advisable, in view of the increasingly complex requirements, to obtain certification in the area of anti-money laundering before taking on tasks. Otherwise, proper fulfilment of due diligence obligations is very unlikely. In this context, Section 7 (4) AMLA states that the appointment of an anti-money laundering officer can be revoked at the request of the supervisory authority "if the person does not possess the necessary qualifications and reliability".

Accordingly, companies themselves should be interested in the proper qualification of their money laundering officers. Money laundering officers are not only endowed with special rights and protection against dismissal, they also protect their company from high fines through their work

When must a money laundering officer be appointed?

The Money Laundering Act lists in § 2 GwG who belongs to the circle of obligated persons. This includes financial service providers, insurance companies, lawyers, casinos, gambling providers and dealers in goods. However, the companies concerned are not necessarily obliged to appoint a money laundering officer.

§ Section 7 (1) AMLA stipulates who among the obligated parties must appoint an anti-money laundering officer and his deputy at management level:

  • Credit institutions pursuant to Section 1 (1) of the German Banking Act (Kreditwesengesetz).
  • financial services institutions pursuant to Section 1 (1 a) of the Banking Act
  • Payment institutions and electronic money institutions pursuant to section 1 (3) of the Payment Services Supervision Act
  • Financial undertakings
  • Insurance undertakings
  • Capital management companies
  • Organisers and brokers of games of chance

The law stipulates that the competent supervisory authorities may issue orders as to whether the other obligated parties within the meaning of Section 2 AMLA must appoint a money laundering officer. In the case of dealers in goods, art brokers and art warehouse keepers (Section 2 (1) no. 16 AMLA), the order is to be issued if the principal activity of the obliged party is trading in high-value goods.

What does a money laundering officer do?

The duties of a money laundering officer include among other things, the preparation of a risk analysis, the creation of uniform reporting channels, the processing of suspicious cases and suspicious activity reports. Furthermore, the money laundering officer must also undertake actual monitoring measures to ensure that the regulations are complied with, which includes employee training. These measures must be carried out in addition to internal audit checks.

In line with the range of tasks and responsibilities involved, money laundering officers must possess the qualifications required to perform their duties. Pursuant to Section 7 (4) of the Money Laundering Act, the supervisory authorities may revoke money laundering officers if they do not possess these qualifications. Training and further education to become a certified money laundering officer is offered by the Kerberos Academy in cooperation with DEKRA Certification GmbH.

Why do you need a money laundering officer?

The function of a money laundering officer is defined in Section 7 (1) AMLA: "The money laundering officer is responsible for ensuring compliance with money laundering regulations; this does not affect the responsibility of the management level. The money laundering officer is directly subordinate to the management." The money laundering officer is thus the central office for combating money laundering and terrorist financing in a company.

Know Your Customer (KYC)

What is "Know-Your-Customer (KYC)"?

Know-Your-Customer (KYC) refers to the identification of customers. Identification involves extensive research and is generally known as "Know Your Customer" (KYC).

This includes the following steps in identification:

  • Identification and verification of all contractual partners
  • Identification of beneficial owners
  • Sanctions list comparison
  • PeP check (comparison with lists of politically exposed persons)
  • Adverse media check (comparison of publications by various media to assess reputational risk recommended)

In addition, there is an obligation to document the collected data and to keep it for five years in compliance with the German Data Protection Regulation (DSGVO).

What is the legal basis for KYC?

The identification of the contracting party - commonly known as "Know Your Customer" checks - is part of the general due diligence obligations under Article 10 of the AMLA.

Legally, Know Your Customer checks are further defined in Articles §11 and §12 of the AMLA. Accordingly, "Obligated persons (...) shall identify contracting partners, any persons acting on their behalf and beneficial owners before establishing the business relationship or before carrying out the transaction." (§11 GwG para. 1 sentence 1). However, it should be noted that different obligated parties - such as brokers - may also have to comply with sector-specific requirements for customer identification, which result from the following sections.

Exceptions to the identification of contractual partners are only permitted if the person to be identified has already been identified on previous occasions and there is no doubt that the information collected has not changed since then (§11 GwG. Para. 3).

Section 12 AMLA primarily regulates how obligated persons must verify the identity of contractual partners. In this context, the differences in the identification of natural persons (Section 12 AMLA Para. 1) and companies (legal persons) (Section 12 AMLA Para. 2) must be taken into account.

When is the identification obligation under the Money Laundering Act?

KYC checks must be carried out by all obligated parties according to the German Money Laundering Act if the specific requirements for their respective industry are met.

Real estate agents, for example, are only required to identify their clients if they broker rental contracts of 10,000 euros or more per month and/or purchase contracts. Car dealers are only obliged to do so from cash transactions of 10,000 euros. In the gaming sector, the limit for stakes or winnings is already 2,000 euros. These specifications are regulated in §10 GwG.

Irrespective of the above-mentioned thresholds, however, obligated parties are always obliged under the Money Laundering Act to comply with the general due diligence obligations vis-à-vis their contractual partners - i.e. also to conduct KYC checks - if there are facts indicating that the assets are related to terrorist financing or money laundering. Due diligence obligations must also be observed if there are doubts regarding the accuracy of the information on the identity of the parties involved in the transaction. This is regulated by §10 par. 3 nos. 3 and 4.

KYC check: What data has to be collected?

If the contractual partner to be identified is a natural person, then data must be collected in accordance with Section 11 GwG Paragraph 4 No. 1. These are:

  • First name and surname
  • Place of birth
  • Date of birth
  • Nationality
  • A residential address;

Changes in the contracting parties during a business relationship must also be documented by the obligated parties according to Section 11 AMLA Paragraph 6.

What data must be collected to identify companies?

If the contractual partner to be identified is a company - i.e. a legal entity - then data must be recorded in accordance with §11 GwG para. 4 no. 2. These are:

  • Company name, name or designation
  • Legal form
  • Registration number, if available
  • address of the registered office or principal place of business
  • the names of the members of the representative / representative body.

For the identification of beneficial owners, further information is required according to §11 GwG para. 5. In some cases, this also includes extracts from the transparency register.

Changes in the contracting parties during a business relationship must also be documented by the obligated parties according to Section 11 AMLA Paragraph 6.

What documents are required for the KYC exam?

In general, Kerberos requires the following documents for a KYC check:

If the contract partner to be identified is a natural person, a copy of a valid identification document* (ID) is sufficient.

For the identification of companies - i.e. legal entities - Kerberos requires the following documents:

  • Name of the company,
  • Registration (in Germany: commercial register number + register court; for foreign companies: an equivalent register number),
  • registered office (street, house number, postcode, city),
  • Copy of a valid identity document* (ID) of the appearing person (the person with whom you are conducting negotiations or who is your contact person),
  • Surname and first name of the beneficial owner of the company.

*Valid identity documents are in particular:

  • German identity card,
  • EU identity card incl. proof of address (registration confirmation or a recurring consumption bill (telephone, gas, water, electricity, etc.)),
  • Passport incl. proof of address (see above).

What is Due Diligence?

Due diligence is generally understood to be an extended Know Your Customer check - i.e. an in-depth check of the identity of business partners and customers. While due diligence is generally always recommended, it is only mandatory in certain cases - namely when there is an increased risk of money laundering or terrorist financing.

What exactly is meant by "enhanced" due diligence is only vaguely defined in Section 15 AMLA on enhanced due diligence obligations. Among other things, it states that "appropriate measures" must be taken to identify assets (Section 15 (4) AMLA). Likewise, in certain cases, "additional information" must be obtained about contracting partners and beneficial owners, without a more precise definition of where the information is to be retrieved and how much there should be. Within Europe, there are still different standards with regard to these checks, which sometimes makes the cross-border prosecution of money launderers more difficult.

You can find out more about the due diligence process with Kerberos here on our solutions page.

The risk assessment provides information on whether a business relationship should be maintained or terminated and provides a solid basis for decision-making. For this purpose, various databases are used to disclose as many connections to business partners, service providers and other third parties as possible.

What and who are beneficial owners?

The beneficial owner is the natural person who owns or controls the contracting party or at whose instigation a transaction is carried out or a business relationship is established.

According to this definition, beneficial owners include any natural person who indirectly (e.g. through shares in a company) or directly (e.g. as a private individual) owns more than 25% of the capital shares and/or more than 25% of the voting rights. In practice, however, the situation is complicated.

For example, start-ups are often financed through different sources, so that private investors and companies sometimes hold equal stakes in these companies and each own more than 25% of the voting rights or capital shares.

In the case of multi-level shareholding structures, the natural persons - possibly also through several legal entities - who exercise control over the contracting party according to the above standard must be determined. If, for example, a natural person directly owns 30% of a company while a legal partnership holds the remaining 70%, the beneficial owners of the legal partnership must also be indicated as indirect beneficial owners.

This assessment is based on legal information from the Federal Office of Administration on the obligation to report beneficial owners in the transparency register. According to this, persons who can prevent fundamental decisions via a blocking minority also count as beneficial owners. Thus, if two natural persons each hold 50% of the voting shares of a company, both are considered beneficial owners of this company. Thus, if two natural persons each hold 50% of the voting shares of a company, they are both deemed to be beneficial owners of that company.

Since 2017, beneficial owners must be entered in the transparency register. In this register, the beneficial owners of legal entities, companies and associations are to be centrally recorded and made publicly accessible.

What are "FIU suspicious transaction reports" and what must be observed when complying with reporting obligations?

One of the obligations of the AMLA is to report suspicious transactions to the FIU (Financial Intelligence Unit) via the goAML portal. Obligated persons must register with this portal for this purpose. Violations of this obligation can be punished with fines.

The report includes answers to the following four basic questions - but should be enriched with further information:

  • Who is it about?
  • What was purchased?
  • What was suspicious?
  • Additional conspicuous features

A non-exhaustive - but further-reaching list of information to be included in SARs can be found here. After the examination of SARs, the FIU sends the reporters corresponding requests for action.

Why are countries on the FATF risk lists?

The FATF (Financial Action Task Force) consists of 39 member states. It establishes international criteria to combat and prevent money laundering, terrorist financing and proliferation financing and verifies their worldwide compliance. The advantage of compliance is that countries receive a kind of seal of approval that facilitates access to the international market. If no strategic deficit is identified in an FATF audit, other countries do not have to comply with special security measures in trade with these very countries. If countries are on the so-called "grey list", they show (according to the FATF) strategic deficits in the implementation of international requirements or, as in the case of Syria, have not been able to be audited by the international organisation for a long time. International trade can adjust to the particular risks associated with the FATF's assessment and exercise special caution. The naming of a country on the "black list", as is currently the case only with Iran and North Korea, is explicitly linked by the FATF with the recommendation not only to exercise special caution, but also to immediately impose sanctions to protect the international market. A complete overview of the lists can be found here.

What is a "sanctions list check" and a "PeP check"?

According to the Money Laundering Act, contracting partners must be checked to see if they are politically exposed persons. This means that it is checked whether they hold or have held political office. This would result in stricter due diligence requirements.

In addition, it is advisable to check whether contractual partners are on sanctions lists.

In this process, it makes a difference whether it is a natural or legal person - especially with regard to their beneficial owners. In particular, persons against whom international sanctions have been imposed often use company networks that conceal the identity of the beneficial owners. Under certain circumstances, sanctions can be circumvented in this way. The identification of the actual beneficial owners and their comparison with sanctions lists are accordingly important components of the KYC process.

KYC checks therefore also help to comply with international sanctions and prevent corruption. If the authorities determine that there are avoidable illegal business transactions due to structural deficits in compliance with customer due diligence obligations, there is sometimes not only the threat of fines. There is also the risk of high reputational damage and the possibility that countries such as the USA could initiate further legal action.

Sie haben weitere Fragen?

Nehmen Sie jetzt Kontakt auf.

An unexpected error has occurred. Please try again or write to

Please fill in all required fields.

Thank you. We will contact you soon.

In a hurry? Call us!

Our support staff is available on weekdays from 09:00 - 17:30.

+49 221 650 88 92 – 0