Standards Development

Scope

This document provides organizations with guidance for managing the risk of money laundering in their operations, supply chains and wider operating context. Recognising the complexity and sensitivity of money laundering, this guidance uses a risk-based approach to help organizations understand the risk of money laundering, use and build appropriate leverage to manage and reduce this risk as part of their legal and non-legal frameworks, and go beyond their legal and statutory duties.

This standard would be applicable to all types and sizes of organizations.

Purpose

Money laundering is a massive global problem with far reaching consequences. It is estimated that money laundering accounts for 2–5% of global GDP, or $800 billion to $2 trillion annually. It is an international crime that involves over 60 countries as major laundering hubs, especially offshore financial centres.

Social and economically, the result of money laundering include: undermining financial systems by distorting markets, eroding trust in institutions, fuelling organized crime, terrorism, corruption and tax evasion. In addition, developing countries suffer disproportionately, losing billions in illicit financial flows that could be used in healthcare, education or infrastructure.

This proposal is to develop recommendations to combat money laundering. They would provide organizations in the non-financial services industries (e.g. production and commodities industries) and in the financial services industry with knowledge and practice on the development of risk and compliance policies, processes and implementation to manage risk of money laundering for their organization.

In March and April 2025, in cooperation with partners, BSI held a series of webinars on anti-money laundering (AML), inviting ISO/TC309 members and relevant stakeholders, to consider the scope and type of standardisation in AML. These webinars, and subsequent discussions, revealed that while the option of developing a management system standard might be beneficial, that a more attractive option is to develop guidance. Following publication of such guidance, it is possible that additional standardisation might be considered. However, the consensus was that bringing together a wide group of stakeholders to raise awareness and build consensus on AML good practice, is best served by developing guidance. This is particularly important for organisations in countries without comprehensive money laundering regulations. It is expected that involvement by the ISO/TC309 Developing Countries Contact Group (DCCG) will play a valuable role in this regard.

The proposed guidance and recommendations are not intended to replace regulations and laws. However, it is intended to support the Financial Action Task Force (FATF) recommendations serve as the backbone of AML strategies worldwide.

This ISO standard is intended to complement this work and provide additional clarity.

The guidance would include:

• the nature and risk of money laundering as a crime and as a risk to an organization;

 • industry sector specific knowledge and practice;

• risk arising from predicate offences (such as bribery, fraud and money laundering);

• consequences of unmanaged risk and exposure with money laundering;

• money laundering risk assessment for large organizations and SMEs;

• money laundering risk management and compliance framework for large organizations and SMEs, and under resource constraints;

• implementing a compliance program for anti-money laundering risk management;

• designing and implementing AML procedures, such as know-your-client, customer due diligence, enhanced due diligence, monitoring and reporting large and suspicious transactions, and recordkeeping;

• procedures for cooperating with government investigations;

• internal audit policies and procedures related to AML; and

• AML training.