For many Philippine businesses, anti-money laundering compliance only becomes urgent when a bank refuses to open an account, asks for an AMLC Certificate of Registration, questions a large cash deposit, or delays a transfer from a foreign customer. The concern is understandable: the rules are technical, the penalties can be serious, and ordinary business owners often do not know whether the Anti-Money Laundering Act applies to them at all. This guide explains who must comply, what “covered” and “suspicious” transactions mean, how to register and report to the Anti-Money Laundering Council, what documents are commonly required, and how Philippine businesses can build a practical compliance system that works in real life.
What is anti-money laundering compliance in the Philippines?
Anti-money laundering compliance means having systems that prevent a business from being used to hide, move, or enjoy proceeds of crime.
In the Philippines, the main law is Republic Act No. 9160, or the Anti-Money Laundering Act of 2001, as amended by RA 9194, RA 10167, RA 10365, RA 10927, and RA 11521. RA 11521 further strengthened the AMLA by expanding covered persons, updating covered transaction thresholds, adding real estate developers and brokers, and strengthening targeted financial sanctions related to proliferation financing. (Supreme Court E-Library)
The government agency at the center of the system is the Anti-Money Laundering Council, or AMLC. The AMLC receives transaction reports, analyzes financial intelligence, investigates suspicious and covered transactions deemed suspicious, and coordinates with other agencies. Under RA 11521, the AMLC is composed of the Governor of the Bangko Sentral ng Pilipinas as Chair, the Insurance Commissioner, and the Chairperson of the Securities and Exchange Commission. (Supreme Court E-Library)
For businesses, AML compliance usually means five things:
- Know who your customer really is.
- Understand where the money is coming from.
- Monitor transactions that are unusually large, rushed, structured, or inconsistent with the customer’s profile.
- File required reports with the AMLC when the law says so.
- Keep records that can be produced during audit, inspection, bank review, or investigation.
Does every Philippine business need AMLC registration?
No. AMLC registration is only for covered persons. A sari-sari store, small restaurant, ordinary retailer, or professional service provider is not automatically required to register with the AMLC just because it earns income, accepts bank transfers, or has foreign customers. The AMLC has publicly reminded the public that registration is only for covered persons and is free. (Anti-Money Laundering Council)
However, even businesses that are not covered persons may still face AML-related questions from banks, payment platforms, auditors, foreign counterparties, or investors. For example, a non-covered corporation may still be asked to explain its beneficial owners, business model, source of funds, invoices, contracts, or tax filings during bank onboarding.
A practical way to think about it is this:
| Business situation | AMLC registration usually required? | Practical reality |
|---|---|---|
| Ordinary trading, retail, restaurant, BPO, manufacturing, consulting, or service company | Usually no | Banks may still ask for KYC documents, contracts, invoices, GIS, permits, and source of funds. |
| Bank, financing company, lending company, remittance business, money changer, e-money issuer, payment service provider, VASP, securities broker, insurer, or similar regulated financial business | Usually yes | Regulator-specific AML rules from BSP, SEC, or IC will also apply. |
| Real estate developer or licensed real estate broker | Yes, if within AMLA coverage | Large cash property transactions are high-risk and frequently checked. |
| Casino and gaming-related covered persons | Yes, if legally operating within the regulated sector | Note that Philippine offshore gaming operations have been separately affected by the government’s ban under Executive Order No. 74 and later policy developments. (Philippine Commission on Officers) |
| Jewelry dealers, dealers in precious metals or precious stones, company service providers, and certain lawyers or accountants handling covered services | Often yes | These are treated as designated non-financial businesses and professions, or DNFBPs. |
Who are covered persons under Philippine AML law?
A covered person is a person or entity required to comply with AMLA duties such as customer due diligence, recordkeeping, transaction monitoring, registration, and reporting.
Covered persons include financial institutions and certain non-financial businesses. The list includes, among others:
- Banks, offshore banking units, quasi-banks, trust entities, and other BSP-supervised entities
- Pawnshops, money changers, remittance and transfer companies, e-money issuers, payment service providers, and virtual asset service providers
- Insurance companies, insurance brokers, and other Insurance Commission-supervised entities
- Securities dealers, brokers, investment houses, investment companies, mutual funds, and other SEC-supervised capital market entities
- Casinos covered under RA 10927
- Real estate developers and real estate brokers, added by RA 11521
- Jewelry dealers, dealers in precious metals, and dealers in precious stones
- Company service providers
- Lawyers and accountants, but only when they provide specified services such as managing client money, securities, bank accounts, company formation contributions, legal persons, arrangements, or business entity purchases and sales
The AMLC’s DNFBP guidelines specifically cover jewelry and precious metals/stones dealers, company service providers, and persons including lawyers and accountants when they perform listed covered services. The same guidelines define a beneficial owner as the natural person who ultimately owns or controls the customer or has ultimate effective control over a legal person or arrangement. (Supreme Court E-Library)
Important note for lawyers and accountants
A lawyer or accountant is not automatically a covered person just because they practice law or accounting. The AML rules apply when they provide the covered services identified in the AMLA and AMLC issuances. The DNFBP guidelines also recognize that lawyers and accountants may not be compelled to breach legitimate privileged communication, while allowing confidential reporting where the information is outside privileged communication or involves the client committing or contemplating money laundering or terrorism financing. (Supreme Court E-Library)
Covered transactions vs. suspicious transactions
Philippine AML compliance becomes much easier once you understand the difference between a covered transaction and a suspicious transaction.
A covered transaction is reportable because it crosses a legal threshold. A suspicious transaction is reportable because something about it looks wrong, unusual, unexplained, structured, or connected to unlawful activity.
| Type of transaction | Meaning | Common threshold or trigger |
|---|---|---|
| Covered transaction | A transaction that meets a reporting threshold even if it may be legitimate | For most covered persons, cash or equivalent monetary instrument transactions exceeding ₱500,000 within one banking day |
| Casino covered transaction | Large casino cash transaction | More than ₱5,000,000 or equivalent |
| Real estate covered transaction | Large real estate cash transaction involving covered real estate developers or brokers | More than ₱7,500,000 or equivalent |
| Jewelry, precious metals, or precious stones transaction | Covered DNFBP transaction | More than ₱1,000,000 or equivalent |
| Suspicious transaction | Transaction with red flags regardless of amount | No clear purpose, customer not properly identified, amount inconsistent with profile, structuring, unusual deviation, link to unlawful activity, or similar circumstance |
RA 11521 states that suspicious transactions are reportable regardless of amount when circumstances exist such as lack of legal or economic justification, improper identification of the client, amount not commensurate with the client’s capacity, structuring to avoid reporting, deviation from the client’s profile, connection to unlawful activity, or similar indicators. (Supreme Court E-Library)
This means a ₱50,000 transaction can still be suspicious if the facts are troubling, while a ₱600,000 cash transaction may be a covered transaction even if it is fully legitimate.
Step-by-step AML compliance guide for Philippine businesses
1. Determine whether your business is a covered person
Start with your actual business activity, not just your SEC or DTI registration name.
Ask:
- Are you regulated by BSP, SEC, IC, PAGCOR, or another financial regulator?
- Do you transfer money, exchange currency, issue e-money, process payments, lend, finance, insure, broker securities, or handle virtual assets?
- Are you a real estate developer or licensed broker handling property transactions?
- Do you deal in jewelry, precious metals, or precious stones?
- Do you form companies, provide nominee arrangements, act as a corporate service provider, or manage client money or accounts?
- Are you being asked by a bank to present an AMLC Certificate of Registration because your business falls within a DNFBP category?
If the answer is yes, treat AML compliance as a formal regulatory obligation, not a paperwork exercise.
2. Identify your supervising authority
Covered persons are usually supervised by one or more agencies:
| Business type | Common supervising authority |
|---|---|
| Banks, pawnshops, money service businesses, payment operators, VASPs | BSP |
| Securities brokers, investment companies, financing and lending companies, covered company service providers | SEC |
| Insurance companies, brokers, and agents | Insurance Commission |
| Casinos and legal gaming entities | PAGCOR and AMLC |
| Real estate developers and brokers, DNFBPs | AMLC, with coordination from relevant licensing or professional agencies where applicable |
In practice, businesses often deal with several offices at once: AMLC for registration and reporting, SEC or DTI for business registration, LGU for business permits, BIR for tax documents, and the bank’s compliance team for account opening.
3. Register with the AMLC portal if you are covered
AMLC registration is done online through the AMLC portal. The AMLC portal allows covered persons to perform online registration, attach supporting documents, and access reporting facilities. (AMLC Portal)
Common documents include:
| Requirement | Practical notes |
|---|---|
| Valid business registration | SEC Certificate of Registration, DTI Certificate, CDA registration, or other applicable proof |
| Articles, bylaws, partnership documents, or equivalent | Use the most recent versions, especially if there were amendments |
| Latest General Information Sheet or equivalent ownership document | Make sure directors, officers, shareholders, and beneficial owners are consistent with SEC records |
| Mayor’s permit or business permit | Usually requested to verify actual place of business |
| Board Resolution, Partnership Resolution, or Secretary’s Certificate | Should appoint the Compliance Officer, Alternate Officer, or authorized portal user |
| Certificate of Designation | Shows who is responsible for AML compliance |
| Notarized Deed of Undertaking | Must be signed by the proper owner, partners, president, directors, or authorized officers |
| Business model and target market description | Important for DNFBPs and risk assessment |
| List of owners, controlling stockholders, directors, officers, and office locations | Keep this consistent with SEC, BIR, LGU, and internal records |
| GPG/public key and official email | Needed for secure reporting and communications |
The AMLC DNFBP guidelines require DNFBPs to register with the AMLC and submit documents through the portal, including application letter, business model, list of owners and officers, business permit, SEC/DTI/CDA proof, notarized undertakings, and office locations. They also state that newly established DNFBPs must register before commencing operations. (Supreme Court E-Library)
4. Appoint a qualified Compliance Officer
The Compliance Officer should not be a name placed on a form just to satisfy a bank. This person must understand the business, have access to transaction records, communicate with management, and decide when a transaction should be escalated.
For corporations, the appointment is usually documented through a board resolution or Secretary’s Certificate. For partnerships and sole proprietorships, use the appropriate written authorization, resolution, or owner certification.
A good Compliance Officer should be able to:
- Maintain the AML compliance program
- Review customer due diligence documents
- Monitor red flags
- Approve or escalate suspicious transaction reviews
- Coordinate AMLC portal access and filings
- Keep audit trails and records
- Train staff
- Respond to AMLC or supervising authority requests
5. Prepare a written AML/CTF program
Covered persons should have a written Money Laundering and Terrorism Financing Prevention Program, often called an MTPP, MLPP, or ML/TFPP depending on the sector and issuance.
For DNFBPs, the AMLC guidelines require a written, risk-based program approved by the board, governing body, partners, or sole proprietor. At minimum, it should cover customer identification, ongoing monitoring, record retention, covered transaction reporting, suspicious transaction reporting, training, employee screening, internal audit, compliance officer designation, and new product or technology risks. (Supreme Court E-Library)
A practical AML program should answer these questions:
- Who is our customer?
- Who owns or controls the customer?
- What documents do we require before accepting business?
- What transaction amounts or behaviors trigger review?
- Who reviews red flags?
- Who decides whether to file a report?
- How quickly do we file?
- Where do we store records?
- How do we train staff?
- How do we correct audit findings?
6. Conduct customer due diligence before the transaction becomes risky
Customer due diligence, or CDD, means identifying the customer and verifying identity using reliable documents, data, or information.
For individual Filipino customers, this usually includes government-issued IDs, address, contact details, occupation or business, TIN where applicable, and source of funds or source of wealth when the risk is higher.
For foreign customers, expect stricter documentation. The AMLC DNFBP guidelines identify passport, Alien Certificate of Registration, and Alien Employment Permit as identification documents for foreign nationals where applicable. (Supreme Court E-Library) In practice, businesses may also request visa status, proof of address abroad, Philippine address, source of funds documents, apostilled or consularized corporate documents, and proof of authority for signatories.
For corporate customers, verify:
- SEC registration or foreign registration
- Articles of Incorporation, bylaws, partnership agreement, or equivalent
- Latest GIS or beneficial ownership information
- Board resolution or Secretary’s Certificate authorizing the transaction
- IDs of directors, officers, signatories, and beneficial owners
- Business permits
- BIR Certificate of Registration
- Contracts, invoices, deeds, or other transaction documents
- Source of funds, especially for large cash, foreign remittance, crypto-related, or third-party funded transactions
CDD should be risk-based. A longtime local corporate client paying through its own bank account is different from a newly formed company with nominee shareholders, foreign directors, no clear operating history, and a third party paying from another jurisdiction.
7. Identify beneficial owners, not just registered shareholders
A beneficial owner is the real natural person who ultimately owns or controls the customer or benefits from the transaction. This matters because money laundering often uses layers of corporations, nominees, relatives, employees, shell companies, or foreign entities.
For SEC-registered entities, beneficial ownership transparency became even more important under the Beneficial Ownership Disclosure Rules of 2026. The revised SEC rules took effect on January 1, 2026, apply broadly to SEC-regulated entities, introduced a 20% reporting threshold, and moved beneficial ownership reporting toward the HARBOR system. (Philippine News Agency)
For AML compliance, do not stop at “the company is registered with the SEC.” Ask who actually owns, controls, funds, or directs the company.
Common red flags include:
- A shareholder says they are “just holding shares for someone else”
- Payment comes from a person not named in the contract
- A newly formed company buys expensive property with no clear business activity
- The declared owner is a student, driver, household worker, or retiree with no financial capacity matching the transaction
- The customer refuses to identify the source of funds
- Foreign documents are incomplete, unauthenticated, or inconsistent
8. Monitor transactions and document red flags
AML compliance is not only done at onboarding. Covered persons must monitor transactions throughout the relationship.
Common suspicious transaction indicators in Philippine business practice include:
- Cash payments just below reporting thresholds
- Multiple payments split among relatives, employees, or related companies
- Sudden large transactions inconsistent with the client’s known business
- Use of third-party bank accounts without clear explanation
- Refusal to provide IDs, corporate records, or source of funds
- Rushed property purchases without negotiation or due diligence
- Overpayment followed by refund request to another account
- Use of crypto, casino funds, offshore companies, or high-risk jurisdictions without clear business purpose
- Customer connected to scams, trafficking, corruption, illegal gambling, drugs, tax fraud, or securities fraud
- Transaction documents that do not match actual payment flow
If a red flag is cleared, document why. If it remains suspicious, escalate internally and consider reporting.
9. File CTRs and STRs on time
Covered persons must file reports electronically through AMLC reporting systems.
The general rule under the AML framework is that Covered Transaction Reports must be filed within the prescribed period, commonly five working days from occurrence. AMLC’s GoTRACS issuance standardized rules for electronic covered and suspicious transaction reporting, and recent guidance has emphasized completeness, accuracy, timeliness, and electronic filing through AMLC facilities. (Anti-Money Laundering Council)
For Suspicious Transaction Reports, the key point is not only the transaction date but when suspicion is established or the suspicious nature is determined. Recent AMLC transaction reporting guidance has treated STR filing as prompt and tied to the “occurrence” of suspicion, with covered persons expected to maintain an internal reporting chain for review, validation, escalation, decision-making, filing, or documented non-filing. (ACCRALAW)
A practical internal process looks like this:
- Frontline staff detects a red flag.
- Staff submits an internal suspicious activity report to the Compliance Officer.
- Compliance Officer reviews KYC, documents, payment flow, and business purpose.
- Additional due diligence is requested if needed.
- Compliance Officer or committee decides whether to file an STR.
- Decision is documented.
- STR is filed electronically if warranted.
- The customer is not tipped off.
- Records are retained.
If a transaction is both covered and suspicious, treat it as suspicious for reporting purposes.
10. Keep records for at least five years
Covered persons should keep customer identification records, transaction documents, internal reports, CTRs, STRs, decisions not to file STRs, training records, audit records, and communications with regulators.
For DNFBPs, AMLC guidelines require customer identification and transaction documents to be safely stored for at least five years from account termination, electronic copies of CTRs and STRs for at least five years from submission, and internal reporting decision records for at least five years after the transaction. (Supreme Court E-Library)
In real life, recordkeeping failures are common because businesses rely on one employee’s email, personal laptop, paper folders, or messaging apps. A safer approach is to maintain a controlled compliance folder with access limits, backup, retention rules, and a clear naming system.
Data privacy and AML compliance
AML compliance requires collecting sensitive personal and financial information. That does not mean businesses can ignore privacy rules.
The Data Privacy Act of 2012, RA 10173, protects personal information while recognizing lawful processing in appropriate circumstances. The National Privacy Commission states that the law is meant to protect privacy while ensuring the free flow of information for legitimate purposes. (National Privacy Commission)
For AML compliance, businesses should:
- Collect only documents needed for KYC, verification, reporting, or legitimate compliance purposes
- Explain why information is collected
- Store IDs, passports, corporate documents, and financial records securely
- Limit access to staff who need the information
- Avoid sending sensitive documents through unsecured personal messaging accounts
- Keep records for required retention periods, then dispose of them securely when legally allowed
What happens if your business ignores AML compliance?
The consequences can be commercial, regulatory, civil, and criminal.
Bank account problems
Banks may refuse account opening, freeze internal processing, reject incoming funds, ask for additional documents, or close accounts if they cannot understand your business, ownership, transaction purpose, or source of funds.
This is especially common for:
- Real estate businesses
- Remittance-heavy businesses
- Foreign-owned companies
- Crypto-related businesses
- Lending and financing companies
- Businesses with frequent cash deposits
- Companies with nominee or layered ownership structures
- Businesses receiving funds from unrelated third parties
AMLC or regulator inspection
The AMLC DNFBP guidelines allow compliance checking and require covered DNFBPs to make available customer identification documents, CTRs, STRs, and AML programs when requested. Certified true copies of requested documents must be submitted within five working days from receipt of the AMLC request or order. (Supreme Court E-Library)
Administrative sanctions
AMLC administrative sanctions may include reprimand and fines. AMLC rules on administrative sanctions have provided for fines not exceeding ₱500,000 per violation, depending on the violation and applicable rules. (Anti-Money Laundering Council)
Criminal exposure
Money laundering itself can carry imprisonment and substantial fines. RA 9160 penal provisions include imprisonment ranging from seven to fourteen years and a fine of not less than ₱3,000,000 but not more than twice the value of the monetary instrument or property involved for certain money laundering offenses. Failure to keep records, malicious reporting, and breach of confidentiality can also carry penalties under the AMLA framework. (Lawphil)
Freeze orders and asset preservation
If property is believed to be related to unlawful activity, the AMLC may seek court remedies. Under RA 11521, the Court of Appeals may issue a freeze order upon a verified ex parte AMLC petition and probable cause; the freeze order is immediately effective for 20 days, subject to summary hearing and possible extension, but generally not exceeding six months unless covered by a separate asset preservation order in the proper case. (Supreme Court E-Library)
For a business, this can mean payroll disruption, inability to pay suppliers, reputational damage, and urgent need to produce documents explaining legitimate source and purpose of funds.
Common AML compliance mistakes Philippine businesses make
Mistake 1: Thinking “AMLC certificate” is needed by everyone
AMLC registration is not a general business permit. It is for covered persons. If a bank asks for it, first confirm whether your business is actually a covered person. If not, prepare a written explanation with supporting business documents instead of applying for something that does not apply.
Mistake 2: Treating KYC as a one-time checklist
A customer can be low-risk at onboarding and become high-risk later. Update records when there are changes in ownership, directors, business model, transaction volume, payment sources, or country exposure.
Mistake 3: Ignoring cash structuring
Splitting payments into smaller amounts to avoid reporting is itself a major red flag. For example, ten cash payments of ₱490,000 from related persons for one transaction may be more suspicious than one properly documented payment.
Mistake 4: Accepting third-party payments without explanation
If Juan buys property but the money comes from a foreign corporation, relative, casino account, crypto trader, or unrelated person, the business should document the relationship and business reason. If the explanation is weak, escalate.
Mistake 5: No internal reporting chain
Staff often notice red flags first. If there is no written process, suspicious facts may stay in Viber chats, personal notebooks, or verbal conversations. A simple internal suspicious activity form can prevent missed reports.
Mistake 6: Tipping off the customer
Do not tell a customer, “We are filing an STR against you.” Keep communications neutral: request documents, explain compliance requirements, or state that the business cannot proceed without required verification.
Mistake 7: Copy-pasting an AML manual that nobody follows
Regulators and banks look for actual implementation. A short, risk-based, working AML program is better than a 100-page generic manual that staff have never read.
Practical AML compliance checklist
Use this as a working checklist for Philippine businesses:
- Confirm whether the business is a covered person under AMLA.
- Identify the supervising authority: AMLC, BSP, SEC, IC, PAGCOR, or another regulator.
- Register with the AMLC portal if required.
- Appoint a Compliance Officer and alternate.
- Prepare board, partnership, or owner authorization documents.
- Prepare a written AML/CTF prevention program.
- Conduct an institutional risk assessment.
- Create customer acceptance policies.
- Collect and verify IDs, corporate documents, beneficial ownership information, and source of funds.
- Create enhanced due diligence procedures for high-risk customers.
- Monitor transactions manually or electronically.
- Train frontline, accounting, sales, and management personnel.
- Create internal suspicious activity reporting procedures.
- File CTRs and STRs when required.
- Keep records for at least five years.
- Conduct periodic independent review or audit.
- Update AMLC, SEC, bank, and LGU records when ownership, officers, address, or operations change.
- Secure personal data under the Data Privacy Act.
- Document decisions, especially decisions not to proceed or not to file an STR.
- Review the program when laws, AMLC issuances, products, payment channels, or risks change.
Frequently Asked Questions
Do small businesses in the Philippines need AML compliance?
Small businesses do not automatically need AMLC registration. However, they still need clean documentation for bank transactions, taxes, business permits, customer contracts, and source of funds. If the business is in a covered sector, such as money services, lending, real estate brokerage, securities, insurance, jewelry, or company services, formal AML compliance may be required.
What is an AMLC Certificate of Registration?
An AMLC Certificate of Registration is proof that a covered person has registered with the AMLC. It is not a general clearance saying the business is “safe” or “approved” for all purposes. Banks commonly ask for it when dealing with covered persons, especially DNFBPs.
Is AMLC registration free?
Yes. AMLC has reminded the public that registration is only for covered persons and is completely free. Be cautious of fixers or services claiming that payment is required by the AMLC itself. (Anti-Money Laundering Council)
What is the ₱500,000 AMLA rule?
For most covered persons, a covered transaction includes a cash or equivalent monetary instrument transaction involving more than ₱500,000 within one banking day. This does not mean transactions below ₱500,000 are always safe. A lower-value transaction can still be suspicious depending on the circumstances. (Supreme Court E-Library)
Are real estate brokers covered by AMLA?
Yes. RA 11521 expressly includes real estate developers and brokers as covered persons. For real estate developers and brokers, a single cash transaction above ₱7,500,000 or equivalent is a covered transaction. Suspicious transactions are reportable regardless of amount. (Supreme Court E-Library)
Can a bank ask where my money came from?
Yes. Banks and other covered persons must conduct customer due diligence and ongoing monitoring. If your transaction is large, unusual, foreign-funded, cash-heavy, or inconsistent with your profile, the bank may ask for contracts, invoices, deeds of sale, tax returns, business permits, proof of employment, financial statements, or other source-of-funds documents.
Does filing an STR mean the customer is guilty?
No. An STR means the covered person detected circumstances that require reporting to the AMLC. It is not a conviction, not a criminal judgment, and not proof by itself that the customer committed money laundering.
How long should AML records be kept?
For DNFBPs, AMLC guidelines require customer identification and transaction documents to be kept for at least five years from account termination, and electronic CTRs and STRs for at least five years from submission. Other covered persons should follow AMLA, AMLC, and supervising authority retention rules applicable to their sector. (Supreme Court E-Library)
Can foreigners open or operate Philippine businesses without AML issues?
Foreigners can own or participate in Philippine businesses subject to nationality restrictions, licensing rules, visa status, tax registration, and sector-specific laws. AML issues usually arise when ownership is unclear, funds come from unrelated third parties, foreign documents are not authenticated, source of funds is weak, or the structure appears designed to hide the real owner. Banks often require passports, corporate records, apostilled or consularized foreign documents, proof of address, proof of authority, and source-of-funds documents.
What should a business do if a customer refuses KYC documents?
If required documents are missing or the customer refuses to explain identity, ownership, source of funds, or transaction purpose, the business should not simply proceed. For covered persons, failure to complete customer due diligence may require declining or terminating the business relationship and considering whether an STR should be filed. AMLC DNFBP guidelines state that where CDD obligations are not met because of refusal or unacceptable delay, the DNFBP should terminate the relationship and consider filing an STR. (Supreme Court E-Library)
Key Takeaways
- AML compliance in the Philippines is mainly governed by RA 9160, as amended, especially RA 11521.
- Not every business needs AMLC registration; registration is for covered persons and is free.
- Covered persons include financial institutions, real estate developers and brokers, casinos, money service businesses, securities and insurance entities, and certain DNFBPs.
- A covered transaction is based on legal thresholds; a suspicious transaction is based on red flags and is reportable regardless of amount.
- Real estate cash transactions above ₱7,500,000, casino cash transactions above ₱5,000,000, and most covered cash transactions above ₱500,000 require careful reporting analysis.
- Strong AML compliance starts with knowing the customer, verifying beneficial owners, documenting source of funds, monitoring transactions, and keeping records.
- Banks may ask AML-style questions even from non-covered businesses, especially for large, foreign, cash-heavy, or unusual transactions.
- A practical AML program should be written, risk-based, approved by management, understood by staff, and actually followed.
- Keep AML records securely for the required period and handle personal data consistently with the Data Privacy Act.
- The safest business practice is simple: do not accept money you cannot explain, document, and defend.