Salesforce Anti-Money Laundering
Salesforce Anti-Money Laundering (AML) is the set of screening and compliance capabilities in Financial Services Cloud that help banks, lenders, and insurers detect and prevent money laundering during customer onboarding and ongoing monitoring.
Definition
Salesforce Anti-Money Laundering (AML) is the set of screening and compliance capabilities in Financial Services Cloud that help banks, lenders, and insurers detect and prevent money laundering during customer onboarding and ongoing monitoring. It runs identity verification, sanctions screening, adverse media checks, and politically exposed person (PEP) checks against applicants and customers, then stores the results on a structured Know Your Customer (KYC) data model inside the org.
AML in Salesforce is not a single standalone product. It is delivered through the Know Your Customer framework, which connects to external Identity and Verification service providers and Screening service providers. Those providers do the actual list matching, and Salesforce records the outcome, the risk rating, and the audit trail so compliance teams can review and report.
How AML screening works inside Financial Services Cloud
What money laundering compliance asks of a firm
Anti-money laundering rules require regulated firms to know who their customers are and to spot suspicious activity. Banks, credit unions, lenders, wealth managers, and insurers all fall under these obligations in most countries. The work breaks into a few duties. First, verify that a person or business is who they claim to be. Second, screen them against sanctions lists, watchlists, and adverse media to flag known risks. Third, assign a risk rating and keep monitoring as the relationship continues. Fourth, keep records that prove the checks happened, because regulators audit them. Missing any of these can mean large fines and reputational damage. Salesforce AML exists so these steps run where the customer relationship already lives. Instead of pulling an applicant out to a separate compliance tool, an onboarding rep or an automated process triggers the checks from the account or lead record. The results come back into the same org, attached to the customer. That keeps the compliance picture and the sales picture in one place, which shortens onboarding and reduces the chance that a check gets skipped.
The Know Your Customer data model
AML screening in Financial Services Cloud is built on the Know Your Customer (KYC) data model. This is a group of standard objects that store everything collected about a party during onboarding and beyond. The center of the model is the Party Profile object, which ties identity, risk, and screening data back to an Account, Contact, or Lead. Around it sit objects for each kind of check. Party Identity Verification and Party Identity Verification Step record whether a person proved their identity and how. Party Screening Summary and Party Screening Step record the result of running someone against sanctions and watchlists. Party Profile Risk holds the calculated risk rating. Other objects in the same model capture addresses, identity documents, income, expenses, credit data, and financial accounts. Because these are real Salesforce objects, you can build reports, list views, flows, and validation rules on top of them. A compliance analyst can see every screening hit for a customer in one related list. The structured shape also means the data is queryable and auditable, which matters when a regulator asks for evidence of the controls a firm applied.
Service providers do the matching
Salesforce does not maintain the sanctions lists or run the fuzzy name matching itself. That work belongs to specialist vendors, and the KYC framework calls them two ways. Identity and Verification service providers confirm that an applicant is a real, correctly identified person, often by checking government documents or biometric data. Screening service providers compare the applicant against sanctions lists, PEP databases, and adverse media sources, then return any matches. You connect these vendors as external integrations. The setup uses External Services or integration definitions together with a Named Credential that holds the endpoint and authentication for the provider. When a screening runs, Salesforce sends the party details to the vendor, the vendor responds with results, and the framework writes those results onto the Party Screening Summary and related step records. Many of these vendors publish prebuilt connectors on AppExchange, so a firm can choose a provider it already trusts for compliance. This split keeps Salesforce as the system of record and orchestration layer, while the heavy lifting of list maintenance and matching stays with companies whose business is exactly that.
Where AML fits in the onboarding flow
AML checks are part of a wider customer onboarding process in Financial Services Cloud, not a bolt-on at the end. A typical flow starts when a prospect becomes a lead or applies for a product. The firm gathers identity details and documents, often through Discovery Framework forms and Document Checklist Items that collect what regulators require. Identity verification runs to confirm the person is genuine. Screening then checks them against sanctions and adverse media. The results feed a risk rating on Party Profile Risk, which can route the application to the right path. A clean, low-risk applicant may continue to account opening with little friction. A hit or a high risk score can pause the flow for a compliance officer to review before anything proceeds. Because each step writes to the KYC objects, the onboarding record carries its own compliance history. Automation tools like Flow and OmniStudio integration procedures can trigger these checks, branch on the outcome, and notify staff. The point is that compliance and onboarding share one process, so a customer is screened as a natural part of becoming a customer.
Ongoing monitoring and audit evidence
AML obligations do not end once an applicant is approved. Sanctions lists change, customers change behavior, and someone clean at onboarding can later appear on a watchlist. Good AML practice re-screens existing customers on a schedule and reacts to new alerts. In Financial Services Cloud you can drive this with scheduled automation that re-runs screening against the same providers and updates the Party Screening Summary records. Risk ratings can be recalculated so a customer who becomes higher risk is flagged for review. Just as important is the evidence trail. Regulators and internal auditors want proof that checks ran, what they found, and who acted on the results. Because every screening and verification lands on dated KYC records, the org holds that history. Pairing this with Salesforce Shield Field Audit Trail or the platform audit features lets a firm show exactly when a control fired and what changed. Reports and dashboards built on the KYC objects give compliance leaders a live view of outstanding alerts and overdue reviews, which turns a paper-heavy obligation into something a team can actually manage day to day.
A worked example: onboarding a new account holder
Picture a regional bank using Financial Services Cloud to open deposit accounts. A prospect named Priya applies online, and the form creates a Lead with her name, date of birth, and address. An onboarding flow gathers her ID document through a Document Checklist Item, then calls the bank's Identity and Verification provider through a Named Credential. The provider confirms the passport is valid and matches Priya, and a Party Identity Verification record is created with a pass result. The flow then sends her details to the Screening provider. The provider checks global sanctions lists, PEP databases, and adverse media, and returns one possible name match. Salesforce writes a Party Screening Summary with that potential hit and creates a Party Screening Step for the detail. Because there is a match, the risk score on Party Profile Risk rises and the application routes to a compliance queue. An officer opens Priya's Party Profile, sees the screening hit is a false positive against an unrelated person, clears it with a note, and lets onboarding continue. Every action is recorded, so the bank can later show a regulator the full chain of checks.
Trust & references
Cross-checked against the following references.
Straight from the source - Salesforce's reference material on Salesforce Anti-Money Laundering.
Hands-on resources to go deeper on Salesforce Anti-Money Laundering.
About the Author
Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.
Test your knowledge
Q1. What is Salesforce AML?
Q2. Who needs AML?
Q3. How does Salesforce AML work?
Discussion
Loading discussion…