How insurers strive to streamline money laundering prevention

Media scrutiny for insurance firms over anti-money laundering (AML) shortcomings is intensifying. Regulatory authorities in several countries have uncovered AML failures or insufficient controls and imposed hefty fines. While insurers file fewer suspicious activity reports (SARs) with the Financial Intelligence Unit (FIU) compared to banks, the risk of missing compliance threats remains high. And that’s why more and more insurers are choosing to strengthen their AML and compliance frameworks.

 

Why insurance policies appeal to money launderers

Banks aren’t the only target for money launderers – they also aim to channel illicit funds into the financial system via insurers. Their goal? To transform illegal assets into seemingly legitimate payouts.

Life insurance policies with investment components, single-premium annuities, or products with surrender values and early cancellation options are particularly attractive.

Why regulators target insurers

Investigations show that insurers run into regulatory trouble when AML safeguards are lacking. Supervisory authorities have imposed multimillion-euro fines for failures such as:

• Inadequate screening against sanctions and PEP (politically exposed persons) lists
• Delays in submitting SARs to the national FIU
• Breaches relating to sanctioned jurisdictions
• Insufficient compliance officers relative to company size
• Underperforming software unable to detect suspicious activity
• Weak Know Your Customer (KYC) and Customer Due Diligence (CDD) processes

Insurers submit significantly fewer SARs than banks, as the 2024 annual reports of Germany’s FIU and Switzerland’s MROS confirmed. However, the same legal requirements apply, including KYC/CDD processes to identify contracting parties, determine beneficial owners, and screen against sanctions and PEP lists.

And there’s more. Detecting potential money laundering in new business, existing policies, and claims handling is a dynamic process. Insurers have no choice but to update their methods on an ongoing basis to uncover anomalies.

Red flags for insurance money laundering

To detect money laundering or terrorism financing, insurers commonly apply a risk-based approach as part of an industry standard that the FATF also recommend. The risk profiles involved, however, differ across new business, in-force business, and claims.

 

AML risks in new business

When taking on new business, insurers verify the applicant’s identity, check sanctions and PEP lists, and assess creditworthiness. Other patterns they tend to flag include:

• Multiple investment-type policies concluded in a short period
• Unusually large initial contributions
• Policyholders relocating to high-risk countries soon after policy inception
• Replacing low-premium contracts with high single-premium policies despite financial disadvantages (e.g. taxation, interest losses)
• Strong focus on early cancellation or surrender values

 

AML risks in existing business

Behavioural changes in policyholders can be a red flag, including:

• Additional payments into existing policies, especially by third parties
• Unclear origin of funds when repaying loans
• Frequent beneficiary changes
• Premium payments from foreign accounts
• Changes in policy ownership

 

AML risks in claims handling

When processing surrender or partial withdrawal requests, insurers watch for signs like:

• Frequent early terminations or partial surrenders within initial policy years
• Payouts to high-risk banks
• Absence of bank account details for disbursement

The challenge of sanctions and PEP list screening: Data volume

For insurers to meet due diligence obligations, they have to routinely compare their data against sanctions and PEP lists, as well as internal watchlists. But the enormous data volumes involved make the challenge equally huge.

It’s not just about customer data, but also contractual partners such as claimants or beneficiaries—against millions of records on official lists.

To process such volumes and identify matches reliably, a high-performance screening solution is crucial. Unfortunately, not all matches are genuine and many are false positives. And technically, despite allowing for such matches, AML officers still have to manually check them off. Any hit that proves a non-match wastes valuable time and limits any capacity to assess real threats.

A tailored approach can mitigate this. Configuring the system to the insurer’s risk profile and applying pre-filters to exclude irrelevant entries is key to streamlining the whole process.

Regulatory guidance for insurers

In Germany, insurers subject to the Insurance Supervision Act (VAG) must establish a dedicated compliance function. BaFin serves as the competent supervisory authority and sets out its expectations in the Interpretation and Application Notes (AuA).

In Switzerland, insurers may choose between direct supervision by FINMA or adherence to the self-regulatory organisation of the Swiss Insurance Association (SRO-SVV). In Liechtenstein, the Financial Market Authority (FMA) provides regulatory oversight.

The EU Anti-Money Laundering Package, coming into force in 2027, will introduce new obligations. This comprehensive framework comprises three key legislative acts:

• AMLR – Anti-Money Laundering Regulation (EU) 2024/1624
• AMLD6 – Sixth Anti-Money Laundering Directive (EU) 2024/1640
• AMLA Regulation – Establishing the EU AML Authority (EU) 2024/1620

Additional guidance comes from the FATF, including Recommendation No. 10 on customer due diligence for insurers 10D.

Conclusion & outlook: AML in insurance—more automation, cloud migration

Insurers are increasingly implementing measures to strengthen their AML capabilities. Whilst regulations don’t explicitly require transaction monitoring systems, the sheer volume of customer, partner, and account data, combined with sanctions list entries, can only be managed effectively through modern technology.

Three clear trends are emerging:

1. Granular AML scenarios: Insurers are developing more precise understanding of suspicious patterns across new business, in-force business, and claims to enhance detection rates.
2. Powerful screening tools: Robust sanctions and PEP list screening systems are essential for processing extensive datasets.
3. Cloud-first approach: AML solutions are progressively migrating from on-premises deployments to SaaS models.

The shift towards cloud-based operations is accelerating. Many insurers are actively considering AML system migration to the cloud, motivated by:

• Limited resources for maintaining on-premises systems
• The opportunity to delegate first- and second-level support to managed service providers
• Long-term cost benefits offered by SaaS models