💡 왼쪽 원문을 읽으면서 오른쪽에 따라 써보세요. Tab 키로 힌트를 받을 수 있습니다.

원문 렌더가 준비되기 전까지 텍스트 가이드로 표시합니다.

Introduction — In 2026, AML moved from "paper filings" to "real-time graph tracing"

In 2026, Anti-Money Laundering (AML) is no longer a back-office, quarter-end paperwork chore. The US Bank Secrecy Act (BSA) crossed its 50-year mark, the European Union stood up the single supervisory body **AMLA** (Anti-Money Laundering Authority) in Frankfurt in July 2025, and as of June 2026 a Single Rulebook directly applies across all 27 member states. Korea finished the first-year review of its Virtual Asset User Protection Act (effective July 2024), and Japan has effectively unified non-face-to-face identity verification on the My Number Card + JPKI under the amended Act on Prevention of Transfer of Criminal Proceeds (改正犯収法).

This article walks through 50 years of AML/CFT (Counter-Financing of Terrorism) regulation, the differences among KYC/CDD/EDD, SAR/STR mechanics, sanctions screening (OFAC SDN, EU consolidated list, UN), transaction monitoring (rule-based vs ML), and nine global AML vendors (Chainalysis, Elliptic, TRM Labs, ComplyAdvantage, NICE Actimize, Oracle OFSAA, FICO Tonbeller, SAS AML, FIS Detect) — along with Korea's KFIU and commercial bank AML systems (KB STM, Shinhan SAFE, Woori ARMS), Japan's JAFIC and NTT Data ANSER-AML.

Fifty years of AML/CFT regulation — from BSA 1970 to AMLA 2026

The US Bank Secrecy Act (BSA, enacted 1970) was the world's first AML statute, requiring banks to retain records and file Currency Transaction Reports (CTR). The 1986 Money Laundering Control Act criminalized money laundering at the federal level. In 1989 the G7 summit established the **FATF** (Financial Action Task Force), whose 40 Recommendations became the international standard. After 9/11, the USA PATRIOT Act of 2001 expanded CFT obligations, and in 2012 FATF introduced Recommendation 15, formalizing the concept of a Virtual Asset Service Provider (VASP).

The 2019 FATF Travel Rule mandated information sharing between VASPs on transfers above the `$1K+ VASP transfer` threshold. In 2024 the EU passed the AMLR/AMLD6/AMLAR package; AMLA launched in June 2025; and the Single Rulebook took effect in June 2026 — the largest regulatory upheaval in AML history.

1970: US Bank Secrecy Act (BSA) — CTR obligations, $10K cash threshold

1986: Money Laundering Control Act — laundering as a federal crime

1989: G7 Paris Summit — FATF created

1990: FATF 40 Recommendations (first publication)

2001: USA PATRIOT Act — CFT and KYC strengthened

2003: FATF 40+9 Recommendations (9 CFT added)

2012: FATF Recommendation 15 — virtual assets formally covered

2018: EU AMLD5 — virtual asset providers in scope

2019: FATF Travel Rule — VASP-to-VASP data sharing

2020: AMLD6 — unified definition of laundering offence

2021: US AML Act 2020 in force

2022: OFAC Tornado Cash sanctions (first SDN smart contract)

2023: Korea Virtual Asset User Protection Act passed

2024: EU AMLA package (AMLR, AMLD6, AMLAR) adopted

2025: AMLA launches in Frankfurt (July)

2026: EU Single Rulebook in force (June) ← present

KYC, CDD, EDD — getting the three-letter trio straight

KYC (Know Your Customer) is the umbrella term for customer identification programs. Within it, CDD (Customer Due Diligence) is the standard regime: identity verification, beneficial ownership, transaction purpose. EDD (Enhanced Due Diligence) applies to high-risk customers — Politically Exposed Persons (PEPs), residents of high-risk jurisdictions, anomalous patterns.

FATF Recommendation 10 defines CDD in four steps: customer identification, beneficial owner identification (25% ownership threshold), understanding the purpose and nature of the relationship, and ongoing monitoring. EDD additionally requires Source of Funds (SoF) and Source of Wealth (SoW), senior-management approval, and enhanced monitoring cadence.

| Item | KYC | CDD | EDD |

|------|-----|-----|-----|

SAR vs STR — two flavors of suspicious-activity reporting

The US and Korea use **SAR** (Suspicious Activity Report); the UK, EU, FATF and Japan use **STR** (Suspicious Transaction Report). The naming differs, the purpose is identical — report potentially illicit transactions to the relevant Financial Intelligence Unit (FIU). FinCEN requires filings within 30 days of detection; Korea's KFIU operates STR and CTR (KRW 10M+ cash) as separate streams.

There is no strict `<24hr SAR filing` threshold, but the BSA narrative urgent provision encourages immediate notification when terrorism financing or an ongoing crime is suspected. Japan's JAFIC takes on average 14 days from receiving an STR to forwarding it to enforcement authorities.

{

"report_type": "SAR",

"report_id": "SAR-2026-0042193",

"filing_institution": {

"name": "Example Bank N.A.",

"ein": "12-3456789",

"primary_regulator": "OCC",

"rssd_id": "1039502"

"subject": {

"subject_id": "SUBJ-2026-998312",

"name_first": "JOHN",

"name_last": "DOE",

"dob": "1985-03-14",

"id_type": "SSN",

"id_number_hash": "sha256:7a3f...",

"address": {

"street": "123 Main St",

"city": "Newark",

"state": "NJ",

"postal": "07102",

"country": "US"

}

"activity": {

"date_range_start": "2026-04-01",

"date_range_end": "2026-05-20",

"amount_usd": 487500.00,

"transaction_count": 23,

"suspicious_activity_codes": ["SAI", "STR-301"],

"narrative": "Structured cash deposits below $10K CTR threshold across 23 transactions"

"filing_date": "2026-05-25T09:14:22Z",

"filed_by": "compliance.officer@examplebank.com"

}

Sanctions screening — OFAC SDN, EU Consolidated, UN sanctions

Sanctions screening is the most foundational and most frequently botched part of AML. The US OFAC (Office of Foreign Assets Control) SDN (Specially Designated Nationals) list contained roughly 17,200 entries as of May 2026; the EU Consolidated List had about 2,400; the UN Security Council Consolidated List around 700. OFAC enforces secondary sanctions, extending coverage to non-US persons in practice.

OFAC's August 2022 designation of the Tornado Cash smart-contract addresses was a watershed moment — the first time code itself was placed on the SDN list. Court rulings in 2023 removed some addresses, but sanctions against the operators stand. In 2024 Garantex (a Russia-linked exchange) was added, and in 2025 several mixer addresses tied to North Korea's Lazarus Group were placed on the list.

from typing import List, Dict, Optional

from rapidfuzz import fuzz

class OFACSanctionsScreener:

"""Real-time OFAC SDN screening (US Treasury public API)"""

SDN_API = "https://sanctionslistservice.ofac.treas.gov/api/PublicationPreview/exports/SDN_ENHANCED.JSON"

def __init__(self, fuzz_threshold: int = 85):

self.threshold = fuzz_threshold

self.sdn_cache: List[Dict] = []

self._load_sdn_list()

def _load_sdn_list(self) -> None:

resp = requests.get(self.SDN_API, timeout=30)

resp.raise_for_status()

self.sdn_cache = resp.json().get("publishInformation", {}).get("entries", [])

print(f"[OFAC] Loaded {len(self.sdn_cache)} SDN entries")

def _normalize(self, name: str) -> str:

Latin extended -> ASCII, lowercase, strip punctuation

n = re.sub(r"[^a-zA-Z0-9\s]", "", name.lower())

return re.sub(r"\s+", " ", n).strip()

def screen(self, candidate_name: str, dob: Optional[str] = None) -> List[Dict]:

hits = []

target = self._normalize(candidate_name)

for entry in self.sdn_cache:

primary = self._normalize(entry.get("primaryName", ""))

score = fuzz.token_sort_ratio(target, primary)

if score < self.threshold:

continue

if dob and entry.get("dateOfBirthList"):

dob_match = any(d.get("dateOfBirth") == dob for d in entry["dateOfBirthList"])

if not dob_match:

continue

hits.append({

"uid": entry["uid"],

"primary_name": entry["primaryName"],

"type": entry["sdnType"],

"programs": entry.get("programList", []),

"score": score,

})

return sorted(hits, key=lambda x: -x["score"])

if __name__ == "__main__":

screener = OFACSanctionsScreener(fuzz_threshold=88)

matches = screener.screen("Vladimir Putin", dob="1952-10-07")

for m in matches[:5]:

print(f"{m['primary_name']:50} score={m['score']} programs={m['programs']}")

Transaction monitoring — rule-based vs ML-based

Traditional AML platforms (NICE Actimize, Oracle OFSAA, SAS AML) center on rule-based transaction monitoring. A representative rule: "three or more deposits between $9,000 and $9,999 within 30 days to the same account" (structuring detection). The problem is that false-positive rates of 90-95% are typical — compliance teams spend most of their time discarding alerts.

From the mid-2020s, ML-driven AML moved from POC to production. ComplyAdvantage (UK), Hawk:AI (Germany), Featurespace (UK), and Quantexa (UK, graph-native) are the headline names, and NICE Actimize and SAS have folded ML modules into their core stacks. The recipe combines unsupervised anomaly detection on transaction-graph embeddings (Node2Vec, GraphSAGE) with supervised models trained on SAR outcomes.

from sklearn.ensemble import IsolationForest

class TransactionGraphAnomalyDetector:

"""Transaction graph features + Isolation Forest anomaly detection"""

def __init__(self):

self.graph = nx.DiGraph()

self.model = IsolationForest(contamination=0.02, random_state=42)

def add_transaction(self, sender: str, receiver: str, amount_usd: float, timestamp: str):

if not self.graph.has_node(sender):

self.graph.add_node(sender, in_count=0, out_count=0, total_in=0, total_out=0)

if not self.graph.has_node(receiver):

self.graph.add_node(receiver, in_count=0, out_count=0, total_in=0, total_out=0)

self.graph.nodes[sender]["out_count"] += 1

self.graph.nodes[sender]["total_out"] += amount_usd

self.graph.nodes[receiver]["in_count"] += 1

self.graph.nodes[receiver]["total_in"] += amount_usd

self.graph.add_edge(sender, receiver, amount=amount_usd, ts=timestamp)

def node_features(self, node: str) -> np.ndarray:

attrs = self.graph.nodes[node]

in_degree = self.graph.in_degree(node)

out_degree = self.graph.out_degree(node)

pagerank = nx.pagerank(self.graph).get(node, 0)

clustering = nx.clustering(self.graph.to_undirected(), node)

return np.array([

in_degree, out_degree,

attrs["total_in"], attrs["total_out"],

attrs["total_in"] / max(attrs["in_count"], 1),

attrs["total_out"] / max(attrs["out_count"], 1),

pagerank, clustering,

])

def fit_and_detect(self) -> dict:

nodes = list(self.graph.nodes())

X = np.array([self.node_features(n) for n in nodes])

self.model.fit(X)

scores = self.model.score_samples(X)

return {n: float(s) for n, s in zip(nodes, scores)}

Chainalysis — the de facto standard in blockchain analytics

Chainalysis (founded 2014, HQ New York) holds an estimated 60-70% share of the global blockchain-analytics market — effectively the default vendor. Four core products: **KYT** (Know Your Transaction, real-time monitoring), **Reactor** (visual investigation), **Crypto Investigations** (for law enforcement), and **Business Data** (market intelligence). 2024 revenue was roughly $150M, and an IPO is being prepared for 2025–2026.

The underlying technology is heuristic address clustering — common-input ownership (addresses used together as inputs in a single transaction belong to the same wallet), change-address heuristics, and proprietary hot-wallet labeling for exchanges and services. KYT scores transactions for more than 30,000 VASPs in real time, and roughly 90% of the world's centralized exchanges deploy it.

from typing import Optional

class ChainalysisKYT:

"""Chainalysis KYT API — real-time transfer risk scoring"""

BASE_URL = "https://api.chainalysis.com/api/kyt/v2"

def __init__(self, api_key: Optional[str] = None):

self.api_key = api_key or os.environ["CHAINALYSIS_API_KEY"]

self.headers = {

"Token": self.api_key,

"Content-Type": "application/json",

}

def register_user(self, user_id: str, email: str, jurisdiction: str = "US") -> dict:

url = f"{self.BASE_URL}/users/{user_id}"

payload = {

"userId": user_id,

"email": email,

"jurisdictionId": jurisdiction,

}

resp = requests.put(url, headers=self.headers, json=payload, timeout=10)

resp.raise_for_status()

return resp.json()

def screen_transfer(self, user_id: str, network: str, asset: str,

transfer_ref: str, amount: float, address: str) -> dict:

url = f"{self.BASE_URL}/users/{user_id}/transfers/sent"

payload = {

"network": network, # e.g. Bitcoin, Ethereum

"asset": asset,

"transferReference": transfer_ref,

"transferTimestamp": "2026-05-25T09:30:00Z",

"outputAddress": address,

"assetAmount": amount,

}

resp = requests.post(url, headers=self.headers, json=payload, timeout=10)

resp.raise_for_status()

return resp.json()

def fetch_alerts(self, user_id: str) -> list:

url = f"{self.BASE_URL}/users/{user_id}/alerts"

resp = requests.get(url, headers=self.headers, timeout=10)

resp.raise_for_status()

return resp.json().get("alerts", [])

Example

kyt = ChainalysisKYT()

result = kyt.screen_transfer(

user_id="USER-12345",

network="Ethereum",

asset="USDT",

transfer_ref="0xabc123...",

amount=15000.00,

address="0x7F367cC41522cE07553e823bf3be79A889DEbe1B", # placeholder

)

print(json.dumps(result, indent=2))

Elliptic — UK-born compliance intelligence

Elliptic (founded 2013, London) is Chainalysis's strongest direct competitor. Core products: **Lens** (KYC-enhanced screening), **Navigator** (transaction monitoring), **Investigator** (case work), **Discovery** (market intelligence). Its differentiators are deep coverage of EU and UK regulation, plus deeper analysis of the NFT and DeFi corners of the market. A 2022 Series C of $60M (led by Wellington) put the company's 2024 valuation near $1.5B.

Elliptic's "Holistic Screening" approach evaluates risk not just for a single address but for the cluster it belongs to and the counterparties that cluster has transacted with. The firm has a strong investigative track record on the Lazarus Group, Conti ransomware, FTX bankruptcy recovery and similar high-profile cases, often working with US, UK and UN expert panels.

TRM Labs — strength in law enforcement and government

TRM Labs (founded 2018, San Francisco) is the newcomer but is growing fastest in the law-enforcement and government segments (FBI, IRS-CI, FinCEN). Estimated 2024 revenue around $100M, with a Series C of $70M (Thoma Bravo, Tiger Global). Headline products: **TRM Forensics** (investigation), **TRM Wallet Screening** (KYC), **TRM Tactical** (law enforcement only) and **TRM Phoenix** (national security).

The differentiator is the "Risk Threats" catalog — 26 pre-curated threat categories (ransomware, terrorism financing, North Korea, Iran, child exploitation, etc.) with attached intelligence. TRM also unifies analysis of 26 different blockchains into a single graph for cross-chain investigations.

|------|-------------|----------|----------|

| Founded | 2014 | 2013 | 2018 |

| Market share | 60-70% | 15-20% | 10-15% |

| Chains supported | 25+ | 23+ | 26+ |

| Valuation | $8.6B (2022) | $1.5B (2024) | $600M (2022) |

| IPO trajectory | 2025-2026 | TBD | TBD |

ComplyAdvantage — the AI-native sanctions screening challenger

ComplyAdvantage (founded 2014, London) is a startup challenging legacy sanctions vendors (Dow Jones Risk, Refinitiv World-Check) with an AI-first stack. Series D in 2022 raised $70M at a $670M valuation. The core technology is "Mesh AI" — proprietary NLP that crawls news, sanctions notices and government publications in 14 languages, producing a real-time PEPs / Adverse Media / Sanctions database.

The product is an API-first SaaS covering both onboarding screening and transaction-level screening, and the customer base skews fintech (Wise, Robinhood, Revolut). Internal benchmarks claim a 30–50% reduction in false positives versus legacy vendors.

NICE Actimize — the enterprise AML market leader

NICE Actimize (subsidiary of Israel-based NICE, NASDAQ: NICE) commands roughly 30–35% of the Tier-1 bank AML market. Core platforms: **Actimize SAM** (Suspicious Activity Monitoring), **WLF** (Watch List Filtering), **CDD-X** (customer due diligence), **IFM-X** (Integrated Fraud Management) and the cloud-native **X-Sight** (launched 2022). JPMorgan, HSBC, Citi and Bank of America are reference customers.

NICE's strengths are its **Xceed** cloud compliance SaaS and ML/AI-driven alert triage automation. In 2024 it added **ActOne**, a generative-AI SAR-narrative writer, and in 2025 it began extending automation into PCAOB audit response workflows.

Oracle Financial Services Analytical Applications (OFSAA)

OFSAA traces back to Oracle's 2005 acquisition of India's i-flex solutions. It is an integrated bank-grade analytics platform built on a single canonical data model that spans AML/KYC, Fraud Enterprise, ALM (Asset Liability Management), Liquidity Risk and Regulatory Reporting. Core modules include **OFSAA AML**, **OFSAA KYC**, **OFSAA Sanctions Screening** and **OFSAA Customer Screening**.

The reference stack is Oracle Database + Oracle Big Data + WebLogic, but since 2024 OCI (Oracle Cloud Infrastructure) deployments have been growing. Adopters in Korea include KB and NongHyup (partial), and the Japanese megabanks (MUFG, Mizuho) run pieces of the stack.

-- Example OFSAA AML rule — structuring detection

-- (Real OFSAA configures rules in a GUI but the semantics are SQL.)

CREATE OR REPLACE VIEW v_aml_structuring_alerts AS

SELECT

c.customer_id,

c.customer_name,

DATE_TRUNC('day', t.txn_dt) AS txn_day,

COUNT(*) AS daily_txn_count,

SUM(t.txn_amt_usd) AS daily_total_usd,

LISTAGG(t.txn_id, ',') WITHIN GROUP (ORDER BY t.txn_dt) AS txn_ids

FROM fct_transactions t

JOIN dim_customer c ON t.customer_id = c.customer_id

WHERE t.txn_amt_usd BETWEEN 9000 AND 9999 -- evading $10K CTR threshold

AND t.txn_dt >= ADD_MONTHS(SYSDATE, -1)

GROUP BY c.customer_id, c.customer_name, DATE_TRUNC('day', t.txn_dt)

HAVING COUNT(*) >= 3

AND SUM(t.txn_amt_usd) >= 27000;

FICO Tonbeller — a German-origin global compliance platform

Tonbeller (Bensheim, Germany), acquired by FICO in 2015, is best known for **Siron**, an integrated compliance suite. Major modules: **Siron AML**, **Siron KYC**, **Siron Embargo** (sanctions), **Siron PEP** and **Siron Tax** (FATCA/CRS). The customer base skews European mid-market banks and insurers; coverage of German BaFin requirements is a particular strength.

Since 2023 Siron has been integrated with the FICO Falcon Platform to deliver payment fraud and AML on a single engine. AI-led false-positive reduction and RPA-assisted SAR drafting are the headline items on the 2025-2026 roadmap.

SAS AML — the analytics powerhouse takes on AML

SAS Institute (Cary, NC) brings deep statistical and data-mining DNA to AML. Core modules: **SAS AML Transaction Monitoring**, **SAS Visual Investigator** (case UI), **SAS Customer Due Diligence** and **SAS Sanctions Screening**. In 2024 the platform fully moved onto cloud-native **SAS Viya 4**.

The differentiation is graph analytics and time-series pattern detection, plus the ability to plug custom models built by an in-house data-science team into the AML pipeline. In Korea, KEB Hana, Shinhan and Woori use SAS in pockets of their AML stack.

FIS Detect Anti-Fraud + AML

FIS (Jacksonville, Florida) became the global #1 fintech infrastructure provider after acquiring SunGard (2015) and Worldpay (2019). **FIS Detect** (formerly SunGard Protegent) is the integrated fraud + AML monitoring platform, and **FIS Compliance Suite** covers KYC/CDD/EDD. The customer base skews mid-market US banks, credit unions and insurers — roughly 14,000 US financial institutions use some form of FIS compliance solution.

**FIS Compliance Cloud**, launched in 2024, accelerated the SaaS migration, and FIS has a partnership with ComplyAdvantage to embed AI-driven sanctions screening into its stack.

FATF Travel Rule — data sharing for `$1K+ VASP transfer`

FATF Recommendation 16 (the Travel Rule) was originally written for wire transfers in 1996 and extended to virtual assets in 2019. VASPs must transmit originator and beneficiary information — names, account identifiers, addresses — to the next VASP for transfers above $1,000 (or EUR 1,000). The `$1K Travel Rule threshold` is the global default, but EU MiCA applies it from €1 (no de minimis), Korea uses KRW 1,000,000, and Japan uses JPY 300,000.

The hard problem is the lack of a common message format. IVMS101 (InterVASP Messaging Standard) was published in 2020 to address that, and Travel Rule Protocol (TRP), Sumsub, Notabene, Veriscope and OpenVASP compete on the rails.

{

"ivms101": {

"originator": {

"originatorPersons": [{

"naturalPerson": {

"name": {

"nameIdentifier": [{

"primaryIdentifier": "Doe",

"secondaryIdentifier": "John",

"nameIdentifierType": "LEGL"

}]

"geographicAddress": [{

"addressType": "HOME",

"streetName": "123 Main St",

"townName": "Newark",

"countrySubDivision": "NJ",

"postCode": "07102",

"country": "US"

}],

"nationalIdentification": {

"nationalIdentifier": "AB123456",

"nationalIdentifierType": "DRLC",

"countryOfIssue": "US"

"dateAndPlaceOfBirth": {

"dateOfBirth": "1985-03-14",

"placeOfBirth": "Newark, NJ, US"

}

}],

"accountNumber": ["bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh"]

"beneficiary": {

"beneficiaryPersons": [{ "naturalPerson": { "name": "..." } }],

"accountNumber": ["bc1qaer8m..."]

"originatingVASP": {

"vaspName": "Example Exchange Inc.",

"lei": "529900T8BM49AURSDO55",

"country": "US"

"beneficiaryVASP": {

"vaspName": "Example2 Exchange Ltd.",

"lei": "549300NB7N9YF8NV3M68",

"country": "JP"

}

EU AMLA 2026 — the single supervisor goes live

Under the AMLA Regulation passed by the EU Parliament in May 2024, AMLA stood up in Frankfurt in June 2025 and from June 2026 holds direct powers in four areas: (1) direct supervision of approximately 40 EU-level high-risk financial institutions (mostly G-SIBs); (2) enforcing the Single Rulebook; (3) operating the FIU.net cross-FIU information hub; and (4) maintaining EU-wide PEPs and sanctions reference lists.

Headline changes: EU-wide cash transaction cap of EUR 10,000 (member states can set lower limits); standardized non-face-to-face identity verification through eIDAS 2.0; direct AML coverage of Crypto-Asset Service Providers (CASPs); KYC obligations on goods transactions above EUR 25,000; unified Ultimate Beneficial Owner (UBO) registries; and an EU-wide standard SAR form (eAR).

Korea KFIU — the FIU and bank AML systems

The Korea Financial Intelligence Unit (KFIU), established in 2001 under the Financial Services Commission, runs STR/CTR intake under the Act on Reporting and Use of Specific Financial Transaction Information (특금법, enacted 2001, amended in 2020 to bring virtual asset providers in scope). In 2024 KFIU received roughly 1.3M STRs and 18M CTRs (KRW 10M+). After the introduction of VASP registration in 2020, 36 VASPs had registered by 2023.

The major commercial banks each run a homegrown AML system:

- **KB Kookmin STM** (Suspicious Transaction Monitoring) — introduced 2010, customized on top of NICE Actimize

- **Shinhan SAFE** (Shinhan AML Financial Engine) — built in-house, heavy on graph analytics

- **Woori ARMS** (AML Risk Management System) — overhauled in 2018, partial SAS AML

- **Hana H-AML** — built on Oracle OFSAA

- **NongHyup NH-AML** — in-house plus ComplyAdvantage for sanctions screening

Korea commercial bank AML systems compared

banks:

- name: KB Kookmin

system: STM

base_vendor: NICE Actimize

introduced: 2010

str_rules: ~180

annual_str: 220000

customization: High (60%+ in-house rules)

- name: Shinhan

system: SAFE

base_vendor: In-house

introduced: 2015

str_rules: ~240

annual_str: 195000

customization: 100% in-house

- name: Woori

system: ARMS

base_vendor: SAS AML + in-house

introduced: 2018

str_rules: ~160

annual_str: 175000

customization: High

- name: Hana

system: H-AML

base_vendor: Oracle OFSAA

introduced: 2012

str_rules: ~140

annual_str: 165000

customization: Medium

- name: NH NongHyup

system: NH-AML

base_vendor: In-house + ComplyAdvantage

introduced: 2019

str_rules: ~130

annual_str: 155000

customization: Medium-High

Japan JAFIC — Japan Financial Intelligence Center

The Japan Financial Intelligence Center (JAFIC) sits inside the Organized Crime Department of the National Police Agency (警察庁). The Act on Prevention of Transfer of Criminal Proceeds (犯収法) is the base statute, and three rounds of amendment (改正犯収法, 2016/2020/2024) have steadily tightened non-face-to-face customer identification.

JAFIC 2024 statistics: roughly 560,000 STRs (疑わしい取引の届出) received, with about 90% coming from banks. As follow-up to the 2025 FATF mutual evaluation, Japan strengthened the virtual-asset rulebook (revised Payment Services Act) and from 2026 stablecoin issuance falls directly under AML/CFT obligations.

The Japanese AML systems market: NTT Data's **ANSER-AML** (used by two of the three megabanks), Nomura Research Institute (NRI) **Value AML**, Fujitsu **F-AML** and IBM Japan + Oracle OFSAA. Among foreign vendors, NICE Actimize and SAS have partial footprints.

|------|--------|--------------|-------|------------------|

| Cash report threshold | $10,000 (CTR) | EUR 10,000 | KRW 10,000,000 | JPY 2,000,000 |

| STR / year | ~3.6M (2024) | ~2.2M (EU-wide) | ~1.3M | ~560K |

Key 2026 trends — generative AI, cross-chain, ESG-AML convergence

First, generative-AI SAR narrative writing is becoming standard. NICE Actimize ActOne, ComplyAdvantage AI Narrative and SAS AML Copilot compete head-to-head, with reported 60-70% reductions in SAR drafting time per analyst.

Second, cross-chain transaction analysis is a primary battleground. In 2025 laundering via cross-chain bridges such as Wormhole, LayerZero and Across Protocol exploded, and Chainalysis, Elliptic and TRM Labs are now competing on the ability to render the full cross-chain graph in a single view.

Third, ESG and AML are converging. Climate-related financial crime (carbon-credit fraud, greenwashing) and forced-labor supply-chain finance are now in scope. In the EU, the Corporate Sustainability Reporting Directive (CSRD) and AMLR are starting to share information channels.

Fourth, Privacy-Enhancing Technologies (PETs) — confidential computing and federated learning that let banks collaboratively detect laundering networks without exposing customer data — have moved into pilots, led by the UK PETs Lab and Singapore MAS Project Aurora.

Practitioner's guide — the four pillars of an AML program

FATF and the US FFIEC both define an AML program around four pillars: (1) a designated compliance officer (BSA Officer); (2) internal controls (policy, procedure, systems); (3) independent testing (at least annual); and (4) training (for all employees, especially front-line staff). The 2020 AML Act formalized Customer Due Diligence as a fifth pillar.

In day-to-day practice, teams track key risk indicators (KRIs): SAR filing volume trend, SAR-to-alert ratio (low values flag too many false positives), average alert handling time (SLA), sanctions-screening false-positive rate, KYC refresh timeliness, customer distribution across risk tiers, EDD population share and high-risk jurisdiction transaction share.

AML as a career — analyst and investigator paths

AML compliance is one of the fastest-growing job categories in global finance. The US BLS lists average compliance officer compensation around $76,000 (2024), and senior AML investigators at Tier-1 banks earn $130,000–$180,000. The headline credentials are **CAMS** (Certified Anti-Money Laundering Specialist, issued by ACAMS — the global default), **CFCS** (Certified Financial Crime Specialist) and the UK-based **ICA Diploma**.

In Korea the standard path is CAMS (Korean sitting), the Financial Security Institute (FSI) AML curriculum and the Korea Institute of Finance (KIF) AML programs. In Japan, the ACAMS Japan chapter and the Japan Compliance Association (JCMA) certifications are the primary routes.

Closing — in 2026, compliance is strategy

In 2026, AML is no longer just a regulatory chore — it is a strategic, multi-disciplinary area where data, AI, blockchain and regulatory technology converge. The EU's Single Rulebook, Korea's Virtual Asset User Protection Act and Japan's third 改正犯収法 amendment all point the same way: convergence toward a global standard, real-time monitoring, AI-driven analysis. Chainalysis, Elliptic and TRM Labs lead on the blockchain side; NICE Actimize, Oracle OFSAA, SAS and FICO hold the line in traditional finance AML; AI-native challengers such as ComplyAdvantage close the gap in between. For AML engineers and analysts, 2026 is shaping up to be the most interesting — and most demanding — year in the discipline's history.

References

1. FATF, "International Standards on Combating Money Laundering — The FATF Recommendations (Updated 2024)" — https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Fatf-recommendations.html

2. FATF, "Updated Guidance for a Risk-Based Approach to Virtual Assets and VASPs" (2021) — https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Updated-guidance-rba-virtual-assets.html

3. FinCEN, "BSA E-Filing System and SAR Statistics" — https://www.fincen.gov/reports/sar-stats

4. US Treasury OFAC, "Specially Designated Nationals And Blocked Persons List (SDN)" — https://ofac.treasury.gov/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists

5. US Treasury OFAC, "Tornado Cash Designation Press Release" (2022-08-08) — https://home.treasury.gov/news/press-releases/jy0916

6. EU, "Anti-Money Laundering Authority (AMLA) Regulation 2024/1620" — https://eur-lex.europa.eu/eli/reg/2024/1620/oj

7. EU, "Anti-Money Laundering Regulation (AMLR) 2024/1624" — https://eur-lex.europa.eu/eli/reg/2024/1624/oj

8. Korea Financial Intelligence Unit (KFIU), "AML Statistics" — https://www.kofiu.go.kr/eng/statistic/statistic.do

9. KFIU, "Act on Reporting and Use of Specific Financial Transaction Information" — https://elaw.klri.re.kr/eng_service/lawView.do?hseq=49680

10. Japan Financial Intelligence Center (JAFIC), "Annual STR statistics" — https://www.npa.go.jp/sosikihanzai/jafic/

11. Chainalysis, "Crypto Crime Report 2025" — https://www.chainalysis.com/crypto-crime-report/

12. Elliptic, "Sanctions Compliance Guide for Crypto Businesses" — https://www.elliptic.co/resources

13. TRM Labs, "Illicit Crypto Ecosystem Report 2025" — https://www.trmlabs.com/post/the-illicit-crypto-ecosystem-report-2025

14. NICE Actimize, "Anti-Money Laundering Solutions" — https://www.niceactimize.com/anti-money-laundering/

15. Oracle, "Financial Services Analytical Applications (OFSAA) — AML" — https://www.oracle.com/industries/financial-services/anti-money-laundering/

16. FICO, "Tonbeller Siron Compliance Suite" — https://www.fico.com/en/products/fico-siron-compliance-suite

17. SAS Institute, "SAS Anti-Money Laundering" — https://www.sas.com/en_us/software/anti-money-laundering.html

18. ComplyAdvantage, "State of Financial Crime Report 2025" — https://complyadvantage.com/insights/state-of-financial-crime/

19. ACAMS, "Certified Anti-Money Laundering Specialist (CAMS)" — https://www.acams.org/en/certifications/cams

20. InterVASP, "IVMS101 Standard" — https://intervasp.org/ivms101/

21. FFIEC, "BSA/AML Examination Manual" — https://bsaaml.ffiec.gov/manual

22. Korea Virtual Asset User Protection Act — https://elaw.klri.re.kr/eng_service/lawView.do