GDPR-vs-AML

Learning Outcomes

• •Understand the fundamental conflict between GDPR privacy rules and AML/WWFT data obligations.
• •Explain why AML legally overrides GDPR when data collection, profiling, and risk assessment are required.
• •Identify how criminal money flows impact society and why AML relies on extensive personal data processing.
• •Recognize how banks and gatekeepers navigate GDPR–AML contradictions in practice, including de-risking.
• •Understand the role of EU institutions such as AMLA and how future rules will reduce national discretion.
• •Apply core AML risk-assessment principles, including Annex 1–3 factors and the 80/10/10 risk distribution.
• •Assess risk based on patterns, context, client behavior, and firm-specific practice norms.
• •Identify signs of money mules through structured interviews and behavioral inconsistencies.
• •Document AML decisions properly, including risk markers, justification, KYC checks, and PEP screening.
• •Explain the expanding PEP definition, staff screening duties, and increasing compliance documentation requirements.