AML & KYC Roadmap (Role-based, Progressive)

Overview  

 

This roadmap provides a structured, role-based learning journey that builds AML/KYC capability from baseline awareness to specialist execution and program leadership. It ensures employees receive the right depth of training based on their role, while creating measurable outputs that demonstrate competence and audit readiness.

 

Design Principles

 

• Progressive levels: each level builds on prior knowledge (awareness → foundations → practitioner → analyst → specialist → leader).
• Role-based targeting: training is assigned based on job exposure (frontline, KYC ops, AML investigations, sanctions, leadership).
• Practical outputs: every level produces work artifacts (files, narratives, playbooks) that can be QA-scored and used for governance.
• Compliance + quality: emphasizes documentation discipline, defensible decisions, and continuous improvement (RCA/CAPA).

 

AML & KYC Roadmap (Role-based, Progressive) 

 

LEVEL 0 — Onboarding AML/CTF Awareness (All Employees)

Duration: 1 day – 7hrs
Assessment: quiz + acknowledgment
Output: passed baseline test + signed policy attestation

 

Objectives

• Explain what AML/CTF is and why it matters to the organization and employees
• Identify basic red flags in customers, documents, and transactions
• Apply do’s & don’ts (privacy, tipping-off, escalation discipline)
• Know when and how to escalate concerns internally

 

Target audience

• All employees (including contractors, interns, third parties with access to customers/data)

Prerequisites

• None

 

Course Outline 

 

AML/CTF Basics 

• What is money laundering (ML) and terrorist financing (TF)
• Why AML/CTF matters (institution risk, penalties, reputational risk)
• The 3 stages of ML (placement, layering, integration) — simple examples
• Where employees commonly “touch” AML risk

Micro-check: 3–5 question knowledge check

 

Your Responsibilities 

• Everyone’s role vs. compliance team’s role
• Do’s & don’ts: confidentiality, tipping-off, documentation discipline
• Accountability: policies, code of conduct, escalation expectation

Scenario: “Customer asks why you’re asking questions—what do you say?”

 

Red Flags You Must Recognize 

• Customer behavior red flags (evasive, inconsistent story, urgency)
• Document red flags (altered IDs, mismatched info, suspicious addresses)
• Transaction red flags (unusual amounts, structuring, rapid movement)
• Digital red flags (device/IP anomalies, repeated attempts, mule patterns) — high level

Interactive: “Spot the red flag” mini-game (10 examples)

 

Internal Escalation & Reporting 

• When to escalate: unsure, suspicious, policy breach, data inconsistency
• Where/how to report internally (channels, forms, who receives it)
• What to include (who/what/when/where/how + screenshots/evidence)
• Response expectations: SLAs, what happens next

 

 Final Quiz & Attestation 

• 10–15 item quiz
• Policy acknowledgment (AML/KYC policy + escalation policy)

 

LEVEL 1 — Core AML/KYC Foundations (All Customer-facing + Ops + Support)

Duration: 1 day – 7 hrs
Output: KYC checklist exercise + sample customer risk rating

 

Objectives

 

• Understand the risk-based approach and how it drives KYC decisions
• Perform CDD correctly using standard checklists
• Apply customer risk profiling (low/medium/high)
• Know RDD vs Standard vs EDD and what triggers EDD
• Handle a possible sanctions match at a basic level
• Avoid common record-keeping and documentation errors

 

Target audience

 

• Branch/frontline, onboarding teams, customer service, operations, collections, account maintenance support, back-office teams touching customer data

 

Prerequisites

 

• Level 0 completion (or baseline awareness equivalent)

 

Course Outline

 

AML Program Overview & Risk-Based Approach 

• AML program components: governance, policies, KYC/CDD, monitoring, reporting, training, audit
• Three Lines of Defense (business / compliance / audit)
• Risk-based approach: what it is, why it exists, how it changes controls
• Roles and handoffs: frontline → KYC ops → compliance

Activity: Map your department’s touchpoints to AML controls

 

KYC Essentials: What to Collect & Why 

• Identity verification basics (individual vs. corporate)
• Purpose and intended nature of relationship
• Expected activity profile (products, volumes, channels)
• Source of funds basics (when required; evidence types at a high level)
• Data quality: consistency checks, updating customer info

Exercise: “Minimum KYC pack” sorting activity

 

Customer Risk Profiling 

• Risk factors: customer / product / channel / geography / behavior
• Low/medium/high rating: how to justify a rating
• Risk scoring logic (qualitative vs quantitative)
• Triggers that change risk rating (event-driven updates)

Workshop: Build a simple risk rating with rationale (2 sample customers)

 

CDD Levels: RDD vs Standard vs EDD 

• What each level means in practice
• EDD triggers: PEP, high-risk jurisdictions, complex structures, unusual behavior, adverse media
• What “EDD evidence” looks like (overview)
• Escalation and approvals: who signs off and when

Mini-case: “Should this be EDD?” decision drill (5 scenarios)

 

Sanctions Screening Basics: Handling a “Possible Match” 

• What sanctions/watchlists are (concept)
• What a “possible match” is vs true match
• What frontline should do: stop, hold, escalate, document
• Tipping-off risks and scripts for customer handling

Role-play: Customer gets frustrated about delays

 

Record Keeping & Common Findings 

• Required documentation principles (completeness, clarity, timestamp)
• Common errors: missing rationale, weak documentation, inconsistent details
• Audit-readiness mindset: “if it’s not documented, it didn’t happen”

Checklist drill: fix a “bad KYC file” sample

 

Level 1 Practical Assessment 

• KYC checklist completion (template-based)
• Sample customer risk rating + short written justification

 

LEVEL 2 — KYC Practitioner Track (KYC Analysts / Onboarding / Account Maintenance)

 

Duration: 2 days – 14 hrs
Output: complete KYC file pack + QA scoring rubric results

 

Objectives

 

• Execute CDD/EDD end-to-end with defensible documentation
• Apply periodic review and event-driven review rules consistently
• Perform beneficial ownership (BO) identification, validation, and documentation
• Assess and evidence source of funds / source of wealth (practical)
• Improve quality via KYC QA techniques to reduce rework

 

Target audience

• KYC analysts, onboarding specialists, account maintenance teams, QC/QA reviewers, KYC operations leads

 

Prerequisites

• Level 1 completion

• Basic familiarity with internal onboarding tools/forms is helpful

Course Outline 

 

Day 1 — Operating Model + BO + Complex Customers

 

KYC Operating Model End-to-End 

• Onboarding workflow
• Periodic review: cadence, triggers, scope, outputs
• Event-driven review: what events trigger review and escalation
• RACI: who does what (frontline/KYC/Compliance/Risk)

Activity: Build a workflow map for your institution

 

KYC Documentation Standards 

• File structure: minimum evidence pack by customer type
• Documentation quality: rationale writing, cross-referencing, version control
• Exception handling: what’s acceptable vs not, approvals

Exercise: Turn weak notes into audit-ready notes

 

Beneficial Ownership Deep Dive 

• BO concepts: ownership vs control
• Corporate structures: layers, intermediaries, groups
• How to identify BOs: thresholds + control tests (policy-based)
• Validation and documentation: what evidence to collect
• BO red flags: nominees, circular ownership, opaque structures

Workshop: BO mapping for 2 corporate structures (simple → complex)

 

Complex Customers & High-Risk Profiles 

• PEPs: identification, treatment, approvals, ongoing monitoring expectations
• NGOs/NPOs: risk factors, donation sources, geography considerations
• High-risk industries: cash-intensive, gambling, crypto exposure (as applicable)
• Correspondence/business relationships (as applicable)
• Handling inconsistencies and escalation

Case drill: classify customer type and required evidence set

 

Day 2 — SoF/SoW + QA + End-to-End File Build

 

Source of Funds / Source of Wealth Practical 

• SoF vs SoW: definitions and why regulators care
• Evidence types: payslips, contracts, business financials, bank statements, sale of assets
• Reasonableness tests: proportionality, timeline, plausibility checks
• Red flags: sudden wealth, circular transfers, borrowed funds disguised

Lab: Decide if evidence is sufficient and write your rationale

 

Adverse Media & Negative Information Handling 

• What qualifies as relevant adverse media
• Credibility and documentation approach
• Decision outcomes: proceed / EDD / decline / escalate

Exercise: Write a structured adverse media rationale

 

KYC Quality Assurance & Rework Reduction 

• QA checkpoints: completeness, validity, consistency, rationale strength
• Common gaps: BO errors, missing SoF, weak EDD rationale, outdated IDs
• How to reduce rework: checklists, peer review, standard notes

Activity: QA score sample files using rubric

 

Capstone Lab: End-to-End KYC File Build 

• Build a full file using templates:
  • onboarding form + ID verification notes
  • risk rating + rationale
  • BO worksheet + evidence list
  • SoF/SoW evidence + reasonableness test
  • EDD checklist (if triggered) + approvals

Output: full KYC file pack + QA score

 

LEVEL 3 — Transaction Monitoring & Reporting (AML Analysts / Compliance / Ops Risk)

Duration: 3 days – 21 hrs
Output: alert-to-case simulation + STR-quality narrative

 

Objectives

 

• Understand transaction monitoring concepts and typologies
• Triage alerts consistently (false positive vs true concern) using standards
• Conduct investigations with a clear narrative and audit trail
• Produce STR/CTR-ready documentation and “defensible decisions”
• Manage productivity and quality using practical metrics/KPIs

 

Target audience

 

• AML analysts/investigators, compliance operations, ops risk, FIU/MLRO support teams, fraud teams with AML scope

 

Prerequisites

 

• Level 1 minimum; Level 2 recommended for teams doing KYC + TM handoffs
• Familiarity with the case management/TM tool is helpful

 

Course Outline

 

Day 1 — TM Foundations + Alert Triage

 

Transaction Monitoring Concepts 

• Monitoring objectives: detect suspicious behavior, support reporting
• Rules/scenarios/thresholds: what they mean
• Typologies overview: structuring, rapid movement, mule behavior, high-risk corridor flows
• Data inputs and limitations (false positives, missing data)

 

Alert Triage Standards 

• What makes a good triage decision
• False positive categories (data quality, expected behavior, duplicates)
• True hit indicators and escalation triggers
• Decisioning documentation standards

Lab: Triage 10 alerts with reason codes

 

Case Management Controls 

• Case lifecycle, statuses, approvals
• Segregation of duties and QC gates
• Evidence handling and audit trail

 

Day 2 — Investigations + Narrative Building

 

Investigation Workflow 

• Investigation checklist (customer profile, KYC file, transaction history, counterparties)
• Timeline building and pattern recognition
• Link analysis basics (relationships, shared identifiers)

Lab: Build a simple link map and timeline

 

Narrative Writing 

• STR-ready narrative structure:
  • background (customer, risk)
  • activity summary (what happened)
  • why suspicious (logic)
  • supporting evidence (what you checked)
  • recommendation/next steps
• Common narrative pitfalls (opinions, missing chronology, weak rationale)

Exercise: Write a narrative for one case

 

Day 3 Reporting Readiness + Metrics

 

CTR/STR Quality & Readiness 

• What makes reporting “high quality”
• Internal review workflow and documentation requirements
• Audit/Reg exam expectations

 

Metrics & Operational Excellence 

 

• Alert aging, throughput, QA accuracy, backlog control
• Productivity vs quality balance; calibration routines

 

8Full Simulation 

 

• Alert → investigation → disposition → STR-quality narrative
• Peer review using rubric

 

LEVEL 4 — Specializations Optional (Electives; 1 or 2 Days Each)

 

Elective A — Sanctions & Watchlist Management 

 

Duration: 1 or 2 days 

Output: match disposition playbook + controls checklist

 

Objectives

• Improve match disposition quality and reduce false positives safely
• Apply governance: list updates, testing, escalation, approvals

 

Audience

• Sanctions analysts, screening ops, compliance, investigators, QA leads

 

Prerequisites

• Level 1; Level 3 recommended for investigation-heavy roles

Course Outline

 

• Sanctions obligations & governance model
• Screening mechanics: data elements, transliteration, fuzzy logic concept
• Tuning basics: reducing noise safely
• Match disposition workflow and documentation standards
• Escalations, approvals, holds, customer communications do/don’t
• Testing, list updates, QA, audit readiness
  Lab: Disposition 15 matches + write rationales

 

Elective B — Digital/eKYC & Fraud Controls (Fintech Focus) 

 

Duration: 1 or 2 days 

Output: digital controls checklist + specialist playbook

 

Objectives

• Understand eKYC flows and control points
• Detect digital onboarding abuse (synthetic IDs, mule accounts)
• Connect fraud signals to AML monitoring

 

Audience

• Digital onboarding, fintech ops, fraud + AML teams, product risk, compliance

 

Prerequisites

• Level 1; Level 2 recommended for onboarding/KYC practitioners

 

Course Outline

 

• eKYC flow & control points
• Identity proofing vs authentication vs lifecycle management
• Biometrics/liveness basics; device/IP signals; velocity rules
• Mule accounts + wallet typologies; layering patterns
• Agent/merchant network risks; escalation and monitoring scenarios
  Lab: Design controls for a sample eKYC flow + test cases

 

Elective C — Trade/Remittance/Lending Typologies 

 

Duration: 1 or 2 days 

Output: typologies guide + controls checklist

 

Objectives

• Identify sector-specific red flags and apply practical controls

 

Audience

• Remittance ops, trade finance, lending teams, compliance, investigations

 

Prerequisites

• Level 1; Level 3 recommended for monitoring/investigation roles

 

Course Outline

 

• Sector mechanics and risk points
• Red flags and typologies by product
• Monitoring scenario ideas and thresholds (conceptual)
• KYC enhancements and documentation expectations
• Escalation, QA and case examples
  Lab: “Spot the typology” + propose controls

 

LEVEL 5 — Program Leadership & Assurance (MLRO / Compliance Heads / Auditors / Risk Leaders)

Duration: 2 or 3 days
Output: AML program scorecard + exam-readiness action plan

 

Objectives

• Run an AML program end-to-end and defend it to regulators/auditors
• Execute an enterprise ML/TF risk assessment with a refresh cycle
• Establish governance across three lines of defense
• Govern monitoring models/scenarios: tuning, validation, change control
• Build exam readiness evidence packs and issue management
• Drive continuous improvement with KPI/KRI + RCA/CAPA

 

Target audience

• MLRO, compliance leaders, heads of AML ops, internal audit, operational risk leaders, senior QA/QC, product risk governance

 

Prerequisites

• Level 1 required; Level 3 strongly recommended for leaders overseeing investigations/TM

 

Course Outline 

 

Day 1 — Governance + Risk Assessment

1. AML governance & Three Lines of Defense 
2. Enterprise ML/TF risk assessment 
   • methodology, scoring, residual risk, refresh cycle
3. Policy/procedure architecture + control library 

Workshop: build a mini-risk assessment + top risks list

 

Day 2 — Model/Scenario Governance + Exam Readiness

1. Scenario/model governance 
   • tuning, validation, change control, effectiveness testing
2. Regulatory exams readiness 
   • evidence pack design, walkthrough prep, issue management
3. QA/QC operating model

Workshop: assemble an evidence pack outline

 

Day 3 (Optional) — KPI/KRI + Continuous Improvement

1. KPI/KRI dashboarding 
2. RCA/CAPA discipline 
3. Continuous improvement roadmap 

Workshop: build a scorecard + CAPA plan