Anti-money laundering compliance in the Philippines can feel intimidating because it mixes criminal law, banking rules, customer identification, data privacy, and government reporting. For Philippine businesses, the first practical question is not “Do I have a big transaction?” but “Am I a covered person under the Anti-Money Laundering Act, and do I have systems to detect and report risky transactions?” This guide explains who must comply, what Philippine law requires, how to build a workable AML program, what documents are usually needed, and the common mistakes that cause businesses to fail AMLC, BSP, SEC, Insurance Commission, or sector-specific compliance checks.
What anti-money laundering compliance means in the Philippines
Anti-money laundering compliance means having policies, people, records, and reporting systems that help prevent a business from being used to hide, move, or enjoy money or property from unlawful activity.
In simple terms, money laundering usually happens when dirty money is made to look clean. It often involves three stages:
- Placement — illegal funds enter the financial or commercial system, such as through deposits, remittances, casino chips, real estate payments, or high-value purchases.
- Layering — transactions are made complicated to hide the source, owner, or trail of funds.
- Integration — the funds appear legitimate, such as through investments, properties, business income, loans, or corporate structures.
Philippine AML compliance is not only for banks. Depending on the business, it can cover remittance companies, financing companies, lending companies, insurance businesses, securities brokers, virtual asset service providers, casinos, real estate developers and brokers, jewelry and precious metals dealers, lawyers, accountants, company service providers, and other businesses classified as covered persons.
A covered person is expected to know its customers, understand beneficial ownership, monitor transactions, keep records, file required reports, avoid tipping off customers, and cooperate with lawful AMLC or regulator requirements.
Main Philippine laws and regulators
The central law is the Anti-Money Laundering Act of 2001, Republic Act No. 9160, as amended by:
- RA No. 9194 (2003) — strengthened reporting and AMLC powers.
- RA No. 10167 (2012) — expanded authority on freeze orders and bank inquiry.
- RA No. 10365 (2013) — expanded covered persons and unlawful activities.
- RA No. 10927 (2017) — included casinos as covered persons.
- RA No. 11521 (2021) — further strengthened the AML framework, including additional covered persons, beneficial ownership, and targeted financial sanctions.
The key government body is the Anti-Money Laundering Council (AMLC). It is the Philippines’ financial intelligence unit. The AMLC receives and analyzes covered transaction reports and suspicious transaction reports, issues regulations and guidelines, applies for court orders when needed, and coordinates with law enforcement and foreign counterparts.
Other regulators also matter:
| Business type | Usual regulator or supervising authority |
|---|---|
| Banks, quasi-banks, money service businesses, e-money issuers, payment operators, virtual asset service providers | Bangko Sentral ng Pilipinas |
| Securities brokers, investment houses, financing companies, lending companies, investment companies | Securities and Exchange Commission |
| Insurance companies, insurance brokers, pre-need companies, HMOs when applicable | Insurance Commission |
| Casinos, junket operators, gaming-related covered entities | PAGCOR and AMLC |
| Real estate developers and brokers | AMLC, with sectoral coordination involving DHSUD, PRC, HLURB legacy rules where relevant, and local permitting offices |
| Jewelry dealers, precious metals/stones dealers, company service providers, certain lawyers and accountants | AMLC, plus applicable professional or business regulators |
The 2018 Revised Implementing Rules and Regulations of RA 9160, the 2021 AMLC Registration and Reporting Guidelines, the 2021 AML/CTF Guidelines for DNFBPs, the BSP’s AML/CFT regulations in the Manual of Regulations for Banks, and AMLC’s newer GoTRACS transaction reporting rules are especially important for day-to-day compliance.
Is every Philippine business required to register with the AMLC?
No. Not every sari-sari store, restaurant, contractor, importer, clinic, school, online seller, or ordinary corporation is automatically required to register with the AMLC.
The duty to register generally applies when the business falls within the AMLA definition of a covered person. However, even businesses that are not covered persons will still encounter AML requirements in practice because banks, payment providers, investors, counterparties, and regulators may ask for:
- SEC or DTI registration documents
- Articles of Incorporation or partnership documents
- General Information Sheet
- Beneficial ownership information
- Mayor’s permit or business permit
- BIR Certificate of Registration
- Latest income tax returns or audited financial statements
- Board resolutions and secretary’s certificates
- IDs of directors, officers, authorized signatories, and beneficial owners
- Source of funds and source of wealth explanations
- Contracts, invoices, deeds of sale, import documents, or remittance details
This is why a non-covered business can still suffer delayed bank account opening, frozen transactions, rejected international transfers, or enhanced due diligence if its documents do not clearly show who owns the business, where the money came from, and what the transaction is for.
Covered persons under Philippine AML law
The AMLA uses the term covered persons to identify businesses and professionals that have direct AML duties.
Common covered persons include:
Financial institutions
These include banks, offshore banking units, quasi-banks, trust entities, non-stock savings and loan associations, pawnshops, foreign exchange dealers, money changers, remittance and transfer companies, e-money issuers, payment system operators, and virtual asset service providers when regulated as such.
Securities and investment-related businesses
These include securities dealers, brokers, salesmen, investment houses, investment agents, mutual funds, investment companies, and other entities supervised by the SEC in relation to securities and investment activity.
Insurance sector
These include insurance companies, insurance agents and brokers, professional reinsurers, reinsurance brokers, holding companies, and other persons supervised by the Insurance Commission when covered by AML rules.
Casinos and gaming-related covered persons
Casinos, including internet-based and ship-based casinos, became covered persons under RA No. 10927. Casino cash transactions exceeding the statutory threshold are reportable, and suspicious transactions must be assessed regardless of amount.
Real estate developers and brokers
RA No. 11521 expressly included real estate developers and real estate brokers as covered persons when they engage in buying and selling real estate. Real estate is a major AML risk area because high-value properties can be used to park illicit funds, hide beneficial ownership, or move value through nominees.
Dealers in precious metals and precious stones
Jewelry dealers and dealers in precious metals or precious stones may become covered persons for cash transactions above the AMLA threshold.
Lawyers, accountants, and company service providers
Lawyers and accountants may be covered when they perform specified activities for clients, such as managing client money, securities, or assets; organizing contributions for company creation or operation; creating, operating, or managing juridical persons or arrangements; or buying and selling business entities.
However, legal privilege and professional secrecy must be handled carefully. The AML framework does not simply turn every legal consultation or accounting engagement into a reportable matter. The covered activity and the nature of the transaction matter.
Offshore gaming operators and service providers
RA No. 11521 also included offshore gaming operators and their service providers as covered persons. In practice, this area has received close regulatory attention because of cross-border funds, nominee arrangements, labor concerns, tax issues, and possible links to other offenses.
Covered transaction vs suspicious transaction
Many businesses confuse these two. They are different.
| Type of report | Main trigger | Is suspicion required? | Practical example |
|---|---|---|---|
| Covered Transaction Report (CTR) | Transaction exceeds a legal threshold | No | A cash transaction above the applicable AMLA amount |
| Suspicious Transaction Report (STR) | Red flags, suspicious circumstances, or reasonable grounds to suspect ML/TF/PF risk | Yes | Customer uses nominees, refuses to identify beneficial owner, or transaction has no clear business purpose |
A covered transaction is not automatically illegal. It is reportable because it crosses the legal threshold.
A suspicious transaction may be reportable even if the amount is small. The issue is not only the peso value. The issue is whether the facts show suspicious circumstances.
Current AMLA transaction thresholds businesses should know
The usual statutory thresholds include:
| Transaction category | Reporting threshold |
|---|---|
| General covered transaction in cash or other equivalent monetary instrument | Over PHP 500,000 |
| Jewelry dealers, precious metals dealers, precious stones dealers | Cash transaction over PHP 1,000,000 |
| Casino covered transaction | Cash transaction over PHP 5,000,000 or equivalent |
| Real estate developers and brokers | Cash transaction over PHP 7,500,000 or equivalent |
For most covered persons other than casinos and real estate brokers/developers, AMLC reporting may consider the mode of settlement depending on the applicable rules and reporting format. For casinos and real estate developers or brokers, the covered transaction trigger is focused on covered cash transactions.
Suspicious transactions are different. A suspicious transaction can be reportable regardless of amount.
Red flags Philippine businesses should not ignore
A red flag does not automatically mean the customer is guilty. It means the business should review, document, and decide whether enhanced due diligence or STR filing is required.
Common Philippine AML red flags include:
- A customer refuses to give valid ID, TIN, address, source of funds, or beneficial ownership information.
- A buyer wants to pay large amounts in cash when a bank transfer would be normal.
- Payments are split into smaller amounts to avoid a reporting threshold. This is often called structuring or smurfing.
- A company’s declared business does not match its transaction volume.
- A customer uses multiple unrelated third parties to pay for one purchase.
- Funds come from or go to high-risk jurisdictions without a clear explanation.
- A foreign buyer uses a Filipino nominee for property or business ownership without a legitimate structure.
- A customer insists on rushing a transaction and avoiding normal documentation.
- A person claims to represent a corporation but cannot produce a board resolution, secretary’s certificate, or authority to sign.
- A real estate buyer wants the deed of sale to show a lower price than the actual payment.
- A client frequently changes instructions on who should receive money.
- A politically exposed person, close associate, or family member is involved in an unusually complex transaction.
- A transaction appears connected to scams, illegal online lending, investment fraud, trafficking, corruption, tax crimes, smuggling, illegal gambling, or other unlawful activity.
Under the AMLA, predicate or unlawful activities include many offenses under Philippine law, such as drug trafficking, kidnapping, graft and corruption, plunder, robbery and extortion, swindling or estafa under the Revised Penal Code, smuggling, violations of securities laws, terrorism financing, trafficking in persons, and certain tax offenses under the National Internal Revenue Code.
Step-by-step AML compliance guide for Philippine businesses
Step 1: Confirm whether your business is a covered person
Do not rely only on your SEC primary purpose or business name. Look at what the business actually does.
Ask:
- Are you regulated by the BSP, SEC, Insurance Commission, PAGCOR, or AMLC as a covered sector?
- Do you move, hold, exchange, remit, invest, transfer, or manage money or value for customers?
- Do you sell high-value assets such as real estate, jewelry, precious metals, or precious stones?
- Are you a lawyer, accountant, or service provider forming companies or managing client assets?
- Do you deal with virtual assets, e-money, remittances, payments, lending, financing, or securities?
- Do you receive high-value cash payments from customers?
If the answer is yes, review the AMLA, the AMLC guidelines for your sector, and the regulations of your supervising authority.
Step 2: Register with the AMLC if required
Covered persons must register with the AMLC’s online registration system or applicable AMLC portal. Registration allows the covered person to submit reports electronically and comply with AMLC reporting rules.
Usual registration preparation includes:
- Board or management designation of a compliance officer
- Corporate information
- Principal office and branch information
- Contact details
- Ownership and management details
- Proof of business registration
- Regulatory license or authority, if applicable
- Money Laundering/Terrorism Financing Prevention Program
- Internal reporting chain
- Authorized users for AMLC reporting systems
AMLC portal processes have evolved, including online registration and reporting systems. Covered persons should maintain updated registration information because outdated compliance officer details, inactive email addresses, or old authorized users can cause missed AMLC notices and failed reporting.
Step 3: Appoint a competent compliance officer
A compliance officer should have enough authority to escalate issues, require documents, stop risky transactions, and interact with regulators. In small businesses, this may be a senior officer or owner-manager. In larger institutions, this is usually a dedicated compliance function.
The compliance officer should not exist only on paper. In real examinations, regulators look for actual participation, minutes, approvals, reports, training records, alerts, and documented decisions.
Step 4: Prepare a Money Laundering/Terrorism Financing Prevention Program
A Money Laundering/Terrorism Financing Prevention Program, often called an MTPP or AML/CTF program, is the business’s written compliance manual.
A practical AML program should include:
- Business risk assessment
- Customer acceptance policy
- Customer due diligence procedures
- Enhanced due diligence procedures
- Beneficial ownership identification
- Politically exposed person screening
- Sanctions and targeted financial sanctions screening
- Transaction monitoring rules
- Covered transaction and suspicious transaction reporting process
- Internal escalation chain
- Record retention rules
- Data privacy and confidentiality controls
- Staff training plan
- Independent audit or compliance testing
- Board or senior management oversight
- Procedures for branches, agents, brokers, and representatives
- Handling of attempted transactions
- Handling of law enforcement, subpoena, court, or AMLC requests
The program should match the actual business. A copied template that does not reflect real products, customer types, transaction channels, and branch operations is a common audit weakness.
Step 5: Perform customer due diligence
Customer due diligence (CDD) means identifying and verifying the customer and understanding the purpose of the transaction or relationship.
For individual customers, this usually includes:
- Full name
- Date and place of birth
- Nationality
- Present and permanent address
- Contact number and email
- Government-issued ID
- TIN when applicable
- Occupation or business
- Source of funds
- Purpose of transaction
- PEP status when relevant
For corporate customers, this usually includes:
- SEC registration or DTI registration
- Articles of Incorporation, bylaws, partnership documents, or equivalent
- Latest General Information Sheet
- Beneficial ownership information
- Board resolution or secretary’s certificate
- IDs of authorized signatories
- Business address and contact details
- Nature of business
- Source of funds and source of wealth
- Audited financial statements, tax returns, contracts, invoices, or permits when needed
A beneficial owner is the natural person who ultimately owns, controls, or benefits from the customer or transaction. A corporation cannot be the final beneficial owner. If Company A owns Company B, the covered person must look through the chain until it identifies the natural persons who ultimately own or control the structure.
Step 6: Risk-rate customers and transactions
Not all customers carry the same risk. A risk-based approach means applying stronger checks where risk is higher.
Typical risk factors include:
| Risk factor | Lower risk example | Higher risk example |
|---|---|---|
| Customer | Long-established local company with clear filings | Shell company with nominee owners |
| Product | Regular payroll account | High-value cross-border transfers |
| Geography | Low-risk local transactions | High-risk or sanctioned jurisdictions |
| Channel | Face-to-face verified customer | Non-face-to-face or agent-based onboarding |
| Payment method | Bank transfer from customer’s own account | Multiple third-party cash payments |
| Purpose | Clear business purpose supported by contracts | No apparent economic or lawful purpose |
Enhanced due diligence may require additional IDs, proof of income, tax returns, audited financial statements, deeds of sale, loan agreements, import documents, proof of inheritance, donation documents, or explanations of source of wealth.
Step 7: Screen for sanctions, terrorism financing, and proliferation financing
Covered persons must have controls for targeted financial sanctions related to terrorism, terrorism financing, proliferation of weapons of mass destruction, and proliferation financing.
This means screening customers, beneficial owners, authorized signatories, counterparties, and sometimes vessels, entities, or jurisdictions against relevant sanctions lists and AMLC issuances. If there is a true match, the business must follow the required freeze, reporting, and non-dealing procedures.
A weak sanctions process is risky because the required action may be urgent. Staff should know the difference between:
- A false match
- A potential match needing review
- A confirmed or target match requiring immediate action
Step 8: Monitor transactions after onboarding
CDD is not a one-time event. Businesses must monitor whether transactions remain consistent with what they know about the customer.
Examples:
- A small retail business suddenly receives repeated multi-million peso transfers from unrelated individuals.
- A real estate buyer’s funds come from several companies not named in the sale documents.
- A remittance customer repeatedly sends amounts just below reporting thresholds.
- A foreign company with no Philippine operations buys assets through local nominees.
- A customer previously classified as low risk appears in negative media related to fraud or corruption.
The BSP has reminded supervised financial institutions to incorporate negative media screening into CDD and ongoing transaction monitoring. For non-bank covered persons, the same practical lesson applies: adverse news should trigger review, not automatic closure, unless the facts require it.
Step 9: File CTRs and STRs correctly and on time
Covered persons must file complete, accurate, and timely reports through the AMLC’s electronic reporting facilities.
Important timing points:
- Covered transaction reports are generally filed within the period prescribed by AMLA and AMLC rules, commonly within five working days from occurrence, unless a different AMLC-prescribed period applies.
- Suspicious transaction reporting must follow the current AMLC reporting rules. Under newer GoTRACS guidance, the deadline and meaning of “occurrence” focus on the establishment or determination of suspicion.
- If a transaction is both covered and suspicious, treat it according to the applicable reporting rule and reporting code. Do not assume that filing a CTR removes the need to assess STR filing.
The internal reporting chain should be fast. A business that needs 15 internal approvals before deciding whether to file an STR will likely miss deadlines.
Step 10: Keep records for at least five years
Covered persons must maintain customer identification and transaction records so transactions can be reconstructed if AMLC, regulators, prosecutors, or courts need an audit trail.
As a practical rule, keep:
- Customer information forms
- ID copies and verification results
- Corporate documents
- Beneficial ownership declarations
- Risk assessment results
- Transaction documents
- Monitoring alerts
- Internal investigation notes
- CTR and STR filing confirmations
- Board approvals and compliance committee minutes
- Training attendance records
- Audit reports
- AMLC or regulator correspondence
Records are generally retained for at least five years from the relevant transaction, account closure, termination of relationship, or occasional transaction. If a case, investigation, or AMLC instruction applies, preserve records longer.
Step 11: Protect confidentiality and avoid tipping off
Covered persons, officers, and employees must not tell the customer that a suspicious transaction report has been filed or that the customer is under AML review. This is commonly called tipping off.
Bad examples include:
- “Sir, we reported you to AMLC already.”
- “Ma’am, your transaction looks suspicious, so we filed an STR.”
- “We cannot process this because AMLC might investigate you.”
- Sending internal STR documents to the customer or broker.
A safer approach is to use neutral operational language, such as requesting additional documents for compliance review, subject to the business’s approved procedures.
Documents commonly needed for AML compliance
| Document | Used for | Practical notes |
|---|---|---|
| SEC Certificate of Incorporation or DTI Certificate | Proof of legal existence | Foreign entities may need apostilled or authenticated equivalents |
| Articles of Incorporation, bylaws, partnership agreement | Authority, purpose, ownership structure | Check if business activity matches actual transactions |
| Latest General Information Sheet | Directors, officers, stockholders, beneficial ownership | Banks often require the latest stamped or submitted version |
| Beneficial ownership declaration | Identifying natural persons behind the entity | Watch out for nominee shareholders and layered ownership |
| Board resolution or secretary’s certificate | Authority of signatories | Usually notarized; banks may require original or certified copy |
| Government IDs and passports | Identity verification | Foreign passports may be required for non-Filipino owners |
| BIR Certificate of Registration | Tax registration | Often requested for business account opening |
| Mayor’s permit/business permit | Local business authority | Renewal delays can affect onboarding |
| Audited financial statements and ITRs | Source of funds, capacity, business legitimacy | Startups may submit contracts, invoices, bank statements, or capitalization documents |
| Contracts, invoices, deeds, import/export documents | Transaction purpose | Essential for unusual or high-value transactions |
| AML policies and MTPP | Compliance framework | Should be approved by board or senior management |
| Training and audit records | Proof of implementation | Regulators look for actual evidence, not just manuals |
Special issues for foreigners and foreign-owned Philippine businesses
Foreigners doing business in the Philippines often encounter AML checks when opening bank accounts, buying condominium units, investing in corporations, receiving dividends, lending money to Philippine affiliates, or remitting funds from abroad.
Common issues include:
Apostille or authentication of foreign documents
Foreign corporate documents, board resolutions, certificates of incumbency, powers of attorney, and notarized documents may need an apostille if issued in a country that is part of the Apostille Convention. If the country is not an Apostille Convention member, consular authentication may be required.
Foreign ownership and nominee risks
AML compliance intersects with foreign ownership restrictions. Foreigners generally cannot own private land in the Philippines, subject to limited exceptions such as hereditary succession. Certain industries also have nationality limits under the Constitution, the Foreign Investments Act, public utility rules, land laws, and special statutes.
Using a Filipino nominee to hide the real foreign owner can create serious problems. It may trigger AML red flags and can also raise issues under the Anti-Dummy Law, corporation law, tax law, property law, and sector-specific licensing rules.
Source of funds from abroad
A bank or covered person may ask for:
- Foreign bank statements
- Sale documents for property abroad
- Employment contracts or payslips
- Tax returns
- Company dividends or board approvals
- Loan agreements
- Inheritance or donation documents
- Proof of business income
A simple statement like “funds from abroad” is often not enough for a high-value transaction.
Politically exposed persons
A foreign customer may be a politically exposed person (PEP) if the person holds or held a prominent public position, or is a close family member or associate of such person. PEP status does not mean the transaction is illegal, but it normally requires enhanced due diligence.
Common AML compliance mistakes in the Philippines
1. Treating AML as a bank-only issue
Real estate developers, brokers, jewelry dealers, casinos, remittance businesses, lending and financing companies, virtual asset businesses, and certain professionals may have direct AMLC obligations.
2. Registering with AMLC but not implementing the program
Registration is only the start. The business still needs actual CDD, risk rating, monitoring, training, reporting, and recordkeeping.
3. Accepting “representatives” without proof of authority
For corporate customers, always verify who can sign, pay, receive funds, and give instructions. Ask for a board resolution, secretary’s certificate, special power of attorney, or equivalent authority.
4. Ignoring beneficial ownership
The name on the SEC papers is not always the real controlling person. Layered corporations, nominees, trust-like arrangements, and informal side agreements require deeper review.
5. Filing reports late because suspicion was debated too long
A business may take reasonable steps to validate facts, but it should not use internal review as an excuse to miss AMLC deadlines. The reporting chain should clearly state who decides and within how many days.
6. Telling customers about STRs
Tipping off can create separate liability. Staff should be trained on what they can and cannot say.
7. Collecting documents but not reviewing them
Having a folder of IDs and permits is not enough. Someone must check whether the documents are valid, consistent, current, and relevant to the transaction.
8. No audit trail for decisions
If the business decides not to file an STR after review, document why. Regulators often examine whether the decision was reasonable based on the facts known at the time.
9. Weak branch or agent controls
Money service businesses, real estate networks, pawnshops, financing companies, and sales-agent-heavy operations often fail because head office policies do not reach branches, brokers, or agents.
10. Forgetting data privacy
AML compliance requires collecting sensitive information, but the Data Privacy Act of 2012, RA No. 10173, still requires lawful processing, proper access controls, security measures, and privacy-conscious retention.
Practical AML compliance checklist
| Area | Minimum practical control |
|---|---|
| Governance | Board or senior management approval of AML program |
| Registration | AMLC registration and updated authorized users |
| Compliance officer | Designated officer with real authority |
| Risk assessment | Written assessment of products, customers, geography, channels, and delivery methods |
| CDD | Customer identification, verification, and purpose of transaction |
| Beneficial ownership | Natural persons identified and documented |
| EDD | Additional checks for high-risk customers and transactions |
| Sanctions screening | Screening of customers, beneficial owners, signatories, and counterparties |
| Transaction monitoring | Rules for unusual activity, thresholds, and patterns |
| Reporting | CTR/STR procedures, deadlines, escalation, and filing proof |
| Recordkeeping | At least five-year retention and searchable records |
| Training | Role-specific staff training, not just generic lectures |
| Audit/testing | Periodic independent review of AML controls |
| Confidentiality | No tipping off; restricted access to STR-related files |
| Data privacy | Secure storage and limited access to personal data |
What happens if a business fails to comply?
AML non-compliance can lead to several consequences:
- Administrative sanctions by AMLC or the supervising authority
- Monetary penalties
- Regulatory findings during examination
- Suspension or revocation of registration or license
- Difficulty maintaining bank accounts
- Reputational damage
- Criminal exposure for money laundering, failure to report, tipping off, or related offenses
- Freezing, inquiry, or forfeiture proceedings involving suspicious property
The Supreme Court has recognized the strong public interest behind AML enforcement. In Republic v. Eugenio, G.R. No. 174629, the Court discussed AMLA bank inquiry powers in relation to bank confidentiality. In Ligot v. Republic, G.R. No. 176944, the Court recognized that a freeze order may issue upon probable cause that monetary instruments or property are related to unlawful activity, even without a prior criminal charge. In Republic v. Glasgow Credit and Collection Services, Inc., G.R. No. 170281, the Court dealt with civil forfeiture proceedings under the AMLA framework.
For businesses, the practical lesson is simple: AML compliance is not just paperwork. It creates the audit trail that shows the business acted responsibly when faced with high-risk transactions.
Frequently Asked Questions
Are all Philippine businesses required to register with the AMLC?
No. AMLC registration generally applies to businesses and professionals classified as covered persons under the AMLA and AMLC rules. However, non-covered businesses may still need to provide AML-related documents to banks, payment processors, investors, and counterparties.
What is the difference between KYC and CDD?
KYC means “know your customer.” CDD, or customer due diligence, is the broader compliance process of identifying the customer, verifying information, understanding the purpose of the relationship, identifying beneficial owners, risk-rating the customer, and monitoring transactions.
Is a covered transaction automatically illegal?
No. A covered transaction is reportable because it exceeds a legal threshold. It does not automatically mean the money is illegal. Suspicious transactions require a separate assessment of red flags and circumstances.
Can a small business be questioned by the bank for AML reasons?
Yes. Banks must perform CDD on customers. Even a small business may be asked for invoices, contracts, IDs, tax documents, or source of funds if transactions are unusual, large, inconsistent with the account profile, or connected to higher-risk counterparties.
What is beneficial ownership, and why do banks keep asking for it?
Beneficial ownership identifies the natural persons who ultimately own, control, or benefit from a company or transaction. Banks and covered persons ask for it because criminals often hide behind corporations, nominees, relatives, or layered entities.
Are real estate brokers covered by AMLA?
Yes, real estate brokers are covered persons when engaged in buying and selling real estate under the AMLA framework. A real estate broker handling high-value or suspicious transactions should have AMLC registration, CDD procedures, transaction monitoring, and reporting controls.
Do lawyers and accountants have to report clients to AMLC?
Only in covered circumstances. Lawyers and accountants may be covered when they perform specified financial, company formation, asset management, or transaction services. Ordinary legal advice, court representation, and privileged communications require careful treatment under the rules on professional secrecy and legal privilege.
How long should AML records be kept?
As a practical baseline, covered persons should keep customer and transaction records for at least five years, and longer if the account, customer, transaction, investigation, or case requires continued preservation.
What should a business do if a customer refuses to provide documents?
The business should follow its customer acceptance and CDD policy. Depending on the risk, it may decline the transaction, refuse onboarding, terminate the relationship, or assess whether an STR is warranted. The decision and reasons should be documented.
Can a business tell a customer that it filed an STR?
No. Covered persons, officers, and employees must avoid tipping off. STR-related information should be confidential and accessible only to authorized personnel.
Key Takeaways
- Philippine AML compliance is governed mainly by RA No. 9160, as amended by RA Nos. 9194, 10167, 10365, 10927, and 11521.
- Not every business is a covered person, but many businesses still face AML checks through banks, payment providers, regulators, and counterparties.
- Covered persons must register with AMLC, conduct customer due diligence, identify beneficial owners, monitor transactions, keep records, and file required reports.
- Covered transactions are threshold-based; suspicious transactions are red-flag-based and can be reportable regardless of amount.
- Strong AML compliance depends on real implementation: trained staff, clear escalation, timely reporting, updated records, and documented decisions.
- Foreign-owned businesses should pay special attention to apostilled documents, beneficial ownership, source of funds, and nominee arrangements.
- A good AML program protects the business from regulatory penalties, bank account disruptions, reputational harm, and exposure to criminal or forfeiture proceedings.