What is Collusion in Anti-Money Laundering?

Definition

Collusion in Anti-Money Laundering (AML) refers to the deliberate cooperation or conspiracy between two or more parties—such as financial institutions, their employees, customers, or third-party intermediaries—to conceal, facilitate, or enable money laundering activities. This includes actions like falsifying records, ignoring suspicious transactions, sharing insider information to evade detection, or structuring deals to bypass regulatory scrutiny. Unlike isolated negligence, collusion implies intent and coordination, making it a criminal offense under AML frameworks. It undermines the integrity of financial systems by exploiting trusted relationships within institutions.

Purpose and Regulatory Basis

Collusion matters in AML because it represents a sophisticated threat that erodes the effectiveness of preventive controls. Financial institutions serve as gatekeepers against illicit funds; when insiders collude, they create blind spots that allow criminals to integrate dirty money into legitimate economies. Detecting and preventing collusion protects institutions from reputational damage, fines, and legal liability while safeguarding the broader financial system.

Globally, the Financial Action Task Force (FATF) sets the standard through Recommendation 18, which mandates robust internal controls to prevent collusion among staff and with external parties. FATF’s 2023 updates emphasize risk-based approaches to insider threats.

In the United States, the USA PATRIOT Act (2001), particularly Section 312, requires enhanced due diligence to combat collusion in correspondent banking. The Bank Secrecy Act (BSA) criminalizes conspiracies under 18 U.S.C. § 371, with penalties up to 5 years imprisonment.

The European Union’s Anti-Money Laundering Directives (AMLD), especially the 6th AMLD (2020), explicitly criminalizes collusion as an aggravated form of money laundering, imposing up to 10 years imprisonment. National implementations, like the UK’s Money Laundering Regulations 2017, require firms to mitigate collusion risks via senior management accountability.

These regulations aim to deter collusion by mandating whistleblower protections, independent audits, and mandatory suspicious activity reporting (SARs).

When and How it Applies

Collusion applies whenever coordinated actions enable money laundering, often triggered by red flags like unusual transaction patterns, employee-customer familiarity, or discrepancies in KYC data.

Real-world use cases:

• Insider facilitation: A bank teller colludes with a customer to process undeclared cash deposits below reporting thresholds (structuring), as seen in the 2014 HSBC case where staff ignored $881 million in suspicious transactions.
• Correspondent banking collusion: Banks in high-risk jurisdictions collude to omit beneficial owner details, echoing the 2018 Danske Bank scandal involving €200 billion laundered through Estonia.
• Third-party schemes: Employees share login credentials with criminals for fake account creation, detected via anomalous IP logs.

Triggers include rapid account openings with shared IP addresses, employee overrides of alerts, or correlated suspicious patterns across accounts. Institutions apply collusion detection through behavioral analytics, linking employee actions to customer behaviors.

Types or Variants

Collusion manifests in several forms, each requiring tailored controls.

Internal Collusion

Involves staff within the same institution, such as managers approving high-risk clients despite alerts. Example: The Wells Fargo fake accounts scandal (2016), where employees colluded to meet sales targets, indirectly aiding laundering.

Sub-variant: Vertical Collusion

Senior executives directing juniors to overlook risks, as in the 1MDB Malaysian scandal where bank leaders facilitated $4.5 billion embezzlement.

External Collusion

Between institution and outsiders, like customers or agents. Example: Lawyers colluding with banks to layer funds via shell companies, per FATF’s 2022 typology report.

Inter-Institutional Collusion

Coordination between firms, such as payment processors ignoring mutual red flags. The FinCEN Files (2020) revealed banks like JPMorgan processing $920 billion in suspicious payments through lax oversight.

Technology-Enabled Collusion

Use of insiders to bypass fintech controls, e.g., bribing developers to disable transaction monitoring.

Procedures and Implementation

Institutions must embed anti-collusion measures in their AML programs.

1. Risk Assessment: Conduct annual collusion risk evaluations, mapping high-risk roles (e.g., compliance overrides).
2. Segregation of Duties: Prohibit single-employee approvals for high-value transactions; implement four-eyes principles.
3. Technology Controls: Deploy AI-driven tools like behavioral monitoring (e.g., NICE Actimize) to flag anomalous employee-customer links.
4. Training and Screening: Mandatory annual AML training with collusion scenarios; continuous background checks via tools like World-Check.
5. Monitoring and Auditing: Real-time transaction surveillance with employee activity logs; independent audits quarterly.
6. Whistleblower Channels: Anonymous reporting hotlines, protected under regulations like the EU Whistleblower Directive.

Implementation involves board oversight, with metrics like override rates tracked in MI reports.

Impact on Customers/Clients

Customers face heightened scrutiny if flagged for potential collusion, but rights are protected.

• Rights: Access to clear explanations under GDPR/CCPA; right to appeal restrictions via complaints processes.
• Restrictions: Temporary account freezes, enhanced due diligence (e.g., source-of-funds proof), or termination if collusion is suspected.
• Interactions: Institutions must notify customers of SAR filings (without revealing details) and offer remediation paths. Legitimate clients may experience delays, but transparency builds trust—e.g., providing audit trails upon request.

Non-collusive customers benefit from stronger systems, reducing fraud victimization.

Duration, Review, and Resolution

Suspected collusion triggers immediate holds (24-48 hours), followed by investigation (up to 90 days under BSA).

• Review Processes: Compliance teams assess within 30 days; escalate to senior management or regulators if unresolved.
• Ongoing Obligations: Heightened monitoring for 12-24 months post-resolution; periodic re-KYC.
• Resolution: Clear via evidence (e.g., no intent proven), or escalate to law enforcement. Timeframes vary: EU AMLD mandates 10-day initial reviews.

Reporting and Compliance Duties

Institutions must file SARs within 30 days (U.S. FinCEN) or 10 working days (UK FCA) for suspected collusion, detailing parties, transactions, and evidence.

• Documentation: Retain records for 5-10 years, including audit trails and rationale for non-reporting decisions.
• Penalties: Fines up to $1 million per violation (BSA); criminal charges for knowing collusion (e.g., Deutsche Bank’s $20 billion penalty in 2020). Personal liability for executives under corporate criminal liability regimes.

Related AML Terms

Collusion interconnects with:

• Know Your Customer (KYC): Weak KYC enables collusion entry points.
• Suspicious Activity Reporting (SAR): Primary detection tool.
• Ultimate Beneficial Owner (UBO): Concealment via nominees fuels collusion.
• Sanctions Screening: Collusion evades OFAC/UN lists.
• Trade-Based Money Laundering (TBML): Collusion via invoice manipulation.

It amplifies risks in Customer Due Diligence (CDD) failures.

Challenges and Best Practices

Challenges:

• Insider anonymity via VPNs or encrypted comms.
• Resource strain in detecting subtle patterns.
• Jurisdictional gaps in cross-border collusion.

Best Practices:

• Leverage RegTech like Chainalysis for network analysis.
• Foster a speak-up culture with incentives.
• Conduct red-team simulations quarterly.
• Collaborate via public-private partnerships (e.g., JMLSG in UK).

Recent Developments

Post-2022, FATF’s virtual asset focus highlights crypto collusion risks, mandating VASPs to monitor insider trades. EU’s 2024 AMLR introduces a €10 billion anti-collusion fund for tech upgrades. AI advancements, like machine learning for anomaly detection (e.g., Feedzai’s 2025 platform), counter deepfake-enabled schemes. U.S. FinCEN’s 2025 pilot uses blockchain analytics to trace collusive wallets. Trends show rising employee collusion in DeFi, per Chainalysis 2026 report.

Collusion strikes at AML’s core by betraying internal trust, demanding vigilant controls, technology, and culture. Prioritizing its prevention ensures compliance, resilience, and systemic integrity amid evolving threats.