Only banks and financial service providers engage in money–laundering prevention? Wrong, because other companies can also be affected by money–laundering as well. Since 2021, legislators have raised the penalties for money–laundering and missing prevention measures to 10 years’ imprisonment in the case of money–laundering for natural persons (i.e. §261 StGB –German criminal code). Companies can be fined up to 5 million euros or up to 10% of the previous year’s total turnover (i.e. §56 GwG –German AMLA). This illustrates: Money laundering prevention should be an important part of risk management for every company.
Table of Contents
What is Money Laundering?
Criminals generate money through illegal activities, such as:
- Drug trafficking
- Illegal arms trade
- Illegal gambling
- Protection racketeering
- Human trafficking
- Corruption
- Tax evasion
- Terrorist financing
- Sanctions and embargo circumvention
To make the origin of the money untraceable, the “illicit” funds are integrated into the legal economy — they are “cleaned.” This can be done in various ways:
- By depositing cash at banks or acquiring easily resalable assets (e.g., artwork, vehicles, jewellery, or cryptocurrencies like Bitcoin) – insertion.
- The money is dispersed through various financial transactions, often crossing borders and involving shell companies – layering.
- By investing in real estate, company shares, precious metals, and so on – extraction.
Money laundering -an example

Mr. Baumann is an art dealer and has been successful in the market for 20 years. A customer visits his store and purchases a painting for €50,000.
The buyer fills out a self-declaration form, but does not have their identification with them. Mr. Baumann is surprised that the customer pays in cash, but the profit is too tempting. He deposits the cash amount at his bank.
Due to the high amount of cash involved, the transaction raises suspicion. The bank examines the origin of the funds and reports the matter to the Financial Intelligence Unit (FIU). Shortly thereafter, the prosecutor contacts Mr. Baumann.
What is Money Laundering Prevention?
Money laundering prevention aims to prevent money laundering and terrorism financing. This is achieved by imposing specific requirements on certain industries, companies, and individuals (referred to as “obliged entities”); they must conduct due diligence on their business partners following established guidelines before proceeding with any transactions. This applies to both new and existing customers, which are subject to periodic review. The review frequency depends on the risk score of the customer in question.
If a customer presents a high risk due to involvement in specific business sectors (e.g., arms trade, gambling et al.), review cycles may be significantly shorter than low-risk customers, for example. In extreme cases, transactions with high-risk customers may be cancelled, or the business relationship may be terminated.
Due dilligence requirements also include the identification of the beneficial owner (the ultimate person who can be identified as the owner). The provisions of the German Money Laundering Act (AMLA) as well as other national and EU rules and regulations apply to everyone depending on jurisdiction.
The German AMLA (GwG) and Directive (EU) 2015/849 define certain companies as obliged entities (cf. Section 2 (1) AMLA or Article 2, Directive (EU) 2015/849):
- Banks
- Financial service providers
- Insurance intermediaries
- Investment management companies
- Lawyers
- Patent attorneys
- Notaries
- Auditors
- Tax consultants
- Trustees
- Real estate agents
- Art dealers
- Organizers and intermediaries of gambling activities
- and other industries
Risk Assessment: General, Simplified, and Enhanced Due Diligence
Companies are required to analyse their prospective and existing business partners by either performing the tasks themselves or enlisting the help of external compliance management experts. The level of service provision by third parties is subject to the size of the company, its business activities and potentially regulatory approval. There are three levels of due diligence:
- General due diligence: This includes, for example, the identification or, if applicable, clarification of the beneficial owners (e.g. holding more than 25% of company shares) or any relevant powers of attorney of authorized representatives, clarification of status as politically exposed persons (PEPs) or other risk category. This assessment should always be performed.
- Simplified due diligence: Simplified due diligence is permitted by money laundering law under certain conditions, which are specified in the relevant legal regulations. For instance, if a publicly listed bank provides a business account for a company, the money laundering risk is likely to be low since publicly listed companies are subject to legal disclosure requirements. However, before simplified due diligence can be applied, a documented risk assessment must always be conducted within the framework of general due diligence. The Wirecard case is a case in point.
- Enhanced due diligence: These measures apply when the risk assessment of the business relationship indicates an elevated risk. For example, a €100 million arms deal with the involvement of a politically exposed person and/or a “high-risk country”, the risk assessment would likely require the application of an enhanced due diligence. The initiation or continuation of the business relationship needs to be scrutinized more thoroughly.

Know Your Customer
“Know your customer”, or KYC in short, means to know who you are doing business with. It’s not just about knowing the names of the company directors; it’s about thoroughly examining the companies you intend to do business with. Where is your business partner domiciled, what is his business case, which products is he interested in, who is the beneficiary or ultimate beneficial owner (UBO) of the company, and what other business relationships exist are just some questions that need to be answered as part of the KYC process.
The process also requires determining external risks resulting from certain governmental policies and functions, such as:
- Sanctions, embargo, and anti-terrorism lists
- List of politically exposed persons (PEPs)
- Transparency registers for ultimate beneficial owners
- Other (official) lists
Sanctions, embargo, and anti-terrorism lists
The EU or individual countries impose restrictions on certain individuals, companies, or states. These restrictions are made available in publicly accessible lists. These lists assist in assessing the (potential) business partner during a risk assessment. Some lists sources:
- Financial Sanctions and Embargo List of the EU
- OFAC
- United Nations Security Council
- UK sactions lists
- et al.
Politically Exposed Persons (PEP)
Politically exposed persons are individuals who hold or have held important public positions in the past 12 months. Due to their high level of influence and power, they are considered to be more susceptible to bribery and corruption, as well as other offences. Section 1(12) of the Anti-Money Laundering Act (GwG) includes a definition of persons that are deemed to be politically exposed, i.e.:
- Heads of state, government leaders, ministers
- Members of parliament
- Ambassadors
- Heads of state-owned companies
- Armed forces personnel in prominent positions
Spouses, children, and known close associates of these individuals are also considered to be PEPs.
This identification is mandatory. Since no official lists are issued by states or the EU, this identification can be more complex. Therefore, companies may rely on relevant service providers.

What happens if a company fails to comply with anti-money laundering due diligence requirements?
In such cases, authorities can impose fines of up to one million euros or a fine “up to” twice the economic benefit derived from the violation.” In cases of serious, repeated, or systematic breaches, fines of up to five million euros or 10% of the previous year’s turnover are possible.
Money Laundering Risk Management
Legal requirements change regularly. It is essential to systematically and transparently establish and periodically review money laundering prevention measures within the company. The following areas should be considered:
- CDD framework
- Fraud prevention
- Prevention of other criminal activities
- Compliance with financial sanctions and embargo regulations
In practice, it has proven to be useful to appoint at least one person as the Money Laundering Officer. This individual can be internal or external.
The Money Laundering Officer assesses the specific money laundering risks faced by the company and proposes measures to address these, such as:
- Policies and procedures for Money Laundering Prevention
- Customer risk analysis for new and existing customers
- Regular company-wide AML risk assessments
- Development of cycles to review relevant risk areas (KYC, fraud, criminal activities, financial sanctions, etc.)
- Monitoring of legal changes related to money laundering (e.g., current sanctions lists)
Conclusion
Given the potential threat of fines and sanctions, reputational damage and financial harm are realistic threats to a company. Therefore, money laundering prevention is relevant for every business. By applying appropriate risk management processes, i.e. risk assessments, these can be easily integrated into the company’s daily operations and contribute to the improvement of Money-Laundering prevention measures.
Having a central point of contact within the company is a legal requirement. Although the appointment of an internal MLRO is the preferred option, the engagement of an external MLRO, such a Riscreen, can also be a suitable option for companies.
Do you require assistance with Money-Laundering-Prevention topics? With over 20 years of experience in the field and a diverse international client base, we can offer tailor – made solutions. Contact us for an initial consultation.