AML - Non-Financial Sector in Germany

Journal of Management and Governance (2019) 23:1099–1137
https://doi.org/10.1007/s10997-019-09453-5
An analysis of anti‑money laundering in the German

non‑financial sector
Christian Friedrich1 · Reiner Quick1
Published online: 13 February 2019

© Springer Science+Business Media, LLC, part of Springer Nature 2019
Abstract
European anti-money laundering (AML) law obliges both financial and non-financial
private companies to contribute to combatting money laundering. Since the financial
sector has implemented largely effective AML in the meantime, money launderers
are increasingly moving their activities to the non-financial sector (non-FS). This
study examines how AML obligations are implemented in the German non-FS. We
intend to systemize different implementations of these obligations to provide a basis
for improving future AML implementations, guidance, and research in the non-FS.
The German setting is especially suited for this research, because its AML law is
stricter than European AML law with respect to non-FS obligations, and because
Germany has a large and interconnected economy. We use Grounded Theory to col-
lect and analyze rich data from semi-structured interviews with 13 managers from
eight multinational companies. Our result is a theory which systemizes the identi-
fied AML implementations. This helps explain how these various AML approaches
emerge, and identifies ways in which the identified non-compliance and unaddressed
AML risks can be mitigated. Another key observation is that guidance by the regu-
latory authorities is lacking. For both practice and regulators, the findings imply that
the non-FS should follow a systematic AML process and that the regulatory authori-
ties should support this approach through additional guidance. We also close some
gaps in the literature, which has largely neglected the non-FS and rarely collected
original data of actual AML implementation. The developed theory contributes to a
better understanding of how AML effectiveness can be assessed and enhanced.
Keywords Money laundering · AML Directive · Grounded Theory · Non-financial

sector · Designated non-financial businesses and professions (DNFBP)
* Reiner Quick
quick@bwl‑tu‑darmstadt.de
Christian Friedrich
friedrich@bwl‑tu‑darmstadt.de
1
Department of Accounting and Auditing, Darmstadt University of Technology, Hochschulstr. 1,
64289 Darmstadt, Germany
13
Vol.:(0123456789)
1100 C. Friedrich, R. Quick
1 Introduction
Recently, the fourth Anti-Money Laundering Directive of the European Union

(DIRECTIVE (EU) 2015/849) emphasized once again that financial and non-finan-
cial private companies have to contribute to combatting money laundering. Money
laundering is a border-crossing issue and a crucial element of organized crime (Gel-
emerova 2009). The continuing importance of the global combat of money laun-
dering has recently been accentuated by the leaked documents known as “Panama
Papers” (Abel and MacKay 2016). The global magnitude of money laundering is
estimated to be up to five percent of global economic output, which equals 2 tril-
lion US dollars (Camdessus 1998; UNODC 2018). The United States Department of
State (2016) evaluates Germany as attractive for money launderers, due to its large
and internationally interconnected economy. Moreover, the latest Anti-Money Laun-
dering (AML) Index of the Basel Institute on Governance (2016) showed that Ger-
many is among the countries with the highest money laundering risk in the EU (rank
4) and the OECD (rank 6). In Germany, money laundering is estimated to account
for 100 billion Euros per year and is expected to grow. 20 to 30 percent thereof is
laundered in the non-financial sector (non-FS, Bussmann and Vockrodt 2016). This
data demonstrates that Germany is an important link in global money laundering
networks.
Moreover, Germany provides a unique setting in which to study AML in multi-
national companies, because it has some specific regulations for “persons trading
in goods (PTIG)”, a subgroup of the non-FS, which are stricter than EU AML law
and oblige all PTIG to implement risk-based AML systems.1 However, compared
to the financial sector, these regulations are accompanied by rather limited detailed
information and guidance on how to interpret and implement the respective obli-
gations. Accordingly, the implementation and enforcement of the AML obligations
are underdeveloped in the German non-FS (Bundeskriminalamt 2014). This under-
mines international efforts to combat money-laundering, because AML can only be
effective when it is implemented holistically (Chong and Lopez-De-Silanes 2015;
Ferwerda 2009). Evidence from the US corroborates the potential effectiveness of a
“dual plaintiff” approach to combatting financial crime, by combining the strengths
of the public prosecutor with those of private companies (Braithwaite 2013). While
the financial sector is combatting money-laundering with increasing success, money
launderers are quick to adapt and shift to laundering their money through the non-
FS, thus hindering holistic AML (Choo 2013; Unger and den Hertog 2012). As early
as 2006, the Financial Action Task Force (FATF) (2006) identified this trend and an
increased use of trade-based money laundering, i.e. using companies which trade
in goods to launder money. In 2012, this trend was confirmed and a lack of aware-
ness of it was identified (Asia/Pacific Group on Money Laundering 2012). In June
2012, a man who had laundered three million Euros through trading in used automo-
biles was sentenced to 4 years in prison by a German court (an der Brügge 2012). A
1
EU AML law only obliges PTIG to conduct AML, when they have cash transactions above 10,000
Euros, cf. Sect. 2.
13
An analysis of anti‑money laundering in the German non‑financial… 1101
similar case amounting to half a million Euros has only recently ended with a con-
viction (Stralau 2017). In the context of the recent scandal surrounding the South-
African operations of the Gupta family, SAP, a large German multinational com-
pany, has been accused of money laundering (Prinsloo 2017; Davies 2017).
As the available literature on AML in the non-FS is scarce and generally lacks
original empirical evidence, the present paper collects interview data on how the
non-FS, represented by large multinational companies with headquarters in Ger-
many, implements AML regulations in practice. The objective is to bridge the gap
between the formal existence of laws and regulations and their actual implementa-
tion, thereby investigating the practical effectiveness of regulatory AML. More pre-
cisely, our objective is to identify which AML laws are indeed put into practice, with
which specific measures, the reasoning behind such implementation, and how and
why all this varies among the investigated companies. Also, we investigate how this
implementation is influenced by the regulatory and supervisory authorities. Aggre-
gating this evidence, should reveal the strengths and weaknesses of these various
approaches to implementing the law. The approaches are best systemized to develop
a generic systematic process of implementing AML in the non-FS which can inform
future research and practice when reflecting on or working through AML in the non-
FS. This is intended to address the following research questions: To what extent are
AML laws implemented in the German non-FS? Which specific measures are used
to implement AML? How do different approaches vary and what is the reasoning
behind such variation? What are the strengths and weaknesses of these implementa-
tions? What generic systematic process of AML implementation for non-FS compa-
nies can guide future AML implementation in the non-FS?
To answer these questions, semi-structured interviews with managers in charge
of AML at eight multinational manufacturing companies with headquarters in
Germany were conducted. With Grounded Theory, the results were coded and an
explanatory theory (Gregor 2006) developed which identifies a comprehensive
AML development process.2 The theory serves as a systemization of different
approaches to and elements of AML implementation in the non-FS. Moreover, it
identifies varying properties and dimensions of its development steps which reveal
both the strengths and weaknesses of different approaches. Companies were catego-
rized into four general cases with regard to their path along this development pro-
cess. The AML quality is largely heterogeneous. Two of the cases describe compa-
nies with obvious AML deficiencies.3 The other two cases describe the path through
the process (depending on company type) which ensures an individual and risk-
based approach to AML without major shortcomings. Finally, in a broader context
2
This development process is our (grounded) theory. The outcome of a research project which applies
Grounded Theory is generally termed a theory and can take different forms, e.g. a framework, a process,
or a model (Corbin and Strauss 2015, cf. Section 3.1).
3
AML deficiencies (or implementation deficiencies) cover non-compliance with AML laws and a fail-
ure to identify risks in the context of money laundering systematically, and respond to them effectively.
Deficiencies in AML enforcement (e.g. p. 5) mean that regulatory and supervisory authorities do not
provide enough guidance in combination with supervision, which then fails to result in sufficient pressure
to make companies set up AML systems which are compliant with AML laws.
13
extending beyond the non-FS to include the financial sector, our results indicate that
effective AML across industries can be achieved if every company within a supply
chain collects and analyzes AML-relevant information for which it has the greatest
expertise.
This paper makes several contributions. While some results have to be interpreted
in the context of some specific German regulations, the paper is of general inter-
est to the international combatting of money laundering, because AML is a cross-
border challenge and the interviewees were all representatives of multinational
companies. These companies have cross-border operations and need to apply a
company-wide, coherent AML regime. Moreover, the specific German regulation is
stricter than AML regulation in other jurisdictions, and therefore provides a setting
in which such AML can meaningfully be studied. The results can inform regula-
tors from other jurisdictions as to whether a stricter regulation is desirable. Given
that we noted large deficiencies in AML implementation and enforcement despite
strict regulation, formal regulatory change without a concerted focus on guidance
and enforcement is unlikely to improve AML quality significantly.
This result is an important extension of prior AML literature which largely
focused on the design of formal AML law, but not on its actual implementation.
Moreover, the little research which deals with actual measures for fighting money
laundering or with money laundering techniques focuses exclusively on the finan-
cial sector. With our in-depth data on AML implementation in the non-FS, we close
these gaps in the literature. Additionally, AML research has often relied on second-
ary data or theoretical analysis. Therefore, our interviews add to the so far scarce
efforts to collect original data. Finally, our AML development process can serve as a
conceptual basis for further analysis, especially for quantitative research.
For practice, the paper provides evidence that non-FS companies should con-
sider a comprehensive and systematic AML development process in order to achieve
AML compliance. To support this, the regulatory authorities should themselves con-
tribute, at least by providing more detailed guidance on legal concepts which are
subject to interpretation. Key factors which hinder companies in following a com-
prehensive AML development process and key legal concepts with a strong need for
interpretation, are laid out in the presented theory. The regulatory authorities need
to take into consideration that non-FS companies, especially large multinationals,
require special guidance and attention to be paid to combatting of money launder-
ing, because these firms are subject to unique challenges which differ from those
faced by the FS and by small non-FS companies. On the other hand, such firms also
accumulate unique expertise and potentially AML-relevant information within sup-
ply chains, which can help in developing more effective AML from the perspec-
tive of the economy as a whole. Furthermore, we provide evidence that the current
enforcement approach does not exert enough pressure on multinational companies to
establish AML without obvious deficiencies.
The remainder of the paper is structured as follows. The next Section provides
the background for the study, especially from a regulatory perspective. This perspec-
tive focuses on “persons trading in goods” to which most of the studied companies
belong. Section 3 describes the method and data collection and Sect. 4 the results.
The paper concludes with Sect. 5.
13
2 Background and prior research
While money laundering can be defined in various ways (Unger et al. 2006), it is
depicted particularly clearly by the three stage model of the U.S. customs and bor-
der protection (Herzog 2014; Department of the Treasury 2015; OECD 2009). In
the placement stage, illicit funds are converted to legal funds, mainly by converting
cash into book money. In the layering stage, a complex web of often border-crossing
transactions is used to conceal the origin of the funds. During integration, the now
legal-seeming funds are used to invest in either illegal or legal operations or in con-
sumption. In short, the fourth AML Directive of the European Union (Sect. 1 Art.
1 #3) defines money laundering as any activity or attempted activity related to this
model. Therefore, in the context of the present paper, we consider the risk of a com-
pany being used by money launderers in any of these stages. A priori, we expect the
first two stages to play the most significant role for multinational companies. While
the placement stage should be easier to assess as it involves cash transactions, we
expect non-FS companies most likely to be used during the layering stage, when
funds with an illicit origin flow through the economy without cash transactions.
The German AML legislation, under which this study was conducted, is shaped
at three levels. At an international level, the FATF sets the tone for high anti-money
laundering standards. With its mutual evaluation of the member states, it exerts
pressure to comply with its 40 recommendations (FATF 2012). The latest evaluation
of Germany was completed with the third follow-up report in 2014, which evalu-
ates Germany as largely compliant (FATF 2015). However, minor issues remain,
including the supervision and guidance of the non-FS. Federal states are responsi-
ble for the supervision of PTIG4 and the modality of the supervision varies greatly
(Bussmann 2015; FATF 2015). Supervision is a major issue for the non-FS, because
of the lack of guidance on how to apply AML laws, as well as a lack of enforce-
ment, which results in low pressure on obliged companies (cf. Sect. 4). In contrast
to the non-FS, which is the focus of our research, the German financial sector has
been subject to high scrutiny by the Federal Financial Supervisory Authority (BaFin
2017) at least since 2003. It has access to very detailed guidance, such as by the
German Banking Industry Committee (2014). Therefore, this striking difference in
supervision and guidance is an important aspect of our analysis of the non-FS. We
expect the non-FS to lack sufficient supervision to create pressure which leads to
high-quality AML implementation. Hence, we examine how PTIG as a non-FS sub-
group perceive their supervision.
Turning to the concrete AML regulation for non-FS at a European level, the
European Union defines a clear framework for national AML legislation through its
AML Directives.5 In line with the FATF, the AML Directives apply a risk-based
4
While this supervision and the cash threshold mentioned below only apply to PTIG, other non-FS
companies face the same or more AML requirements and supervision compared to PTIG.
5
The fourth AML Directive was issued in 2015 and amended in 2018. It had not been transposed into
national German law when the research on hand was conducted. Therefore, it was conducted based on
the prior, third AML Directive. However, changes of the fourth AML Directive which have not been
anticipated by the German legislator and were thus not yet in place in Germany when the study was
13
approach as the basic regulatory principle. This implies that an assessment of risks
is the foundation for AML implementation and that mitigation efforts should cor-
respond to the risk levels, i.e. high-risk areas need stronger AML measures than
low-risk areas. With the introduction of the risk-based approach, the basic theory
behind AML implementation in fact becomes agency theory, because the regula-
tor (principal) delegates the specific design of risk-adequate AML measures to the
obliged companies (agents) who have private information about their money laun-
dering risks, their AML efforts, and potentially about money laundering activities
(Dalla Pellegrina and Masciandaro 2009).6 Supervision in our case represents infor-
mation systems from classical agency theory, i.e. the measure for reducing infor-
mation asymmetry between principal and agent. This risk-based approach and the
associated theoretical lens of agency theory hence shape the design of our interview
guide and the interpretation of our Grounded Theory results.7 Although this natu-
ral a priori conception of agency theory cannot be completely excluded from our
empirics, we devoted considerable effort to ensuring pure induction in our Grounded
Theory approach (cf. Sect. 3), without undue influence from this theoretical lens.
The major difference between EU AML law and international standards (FATF
2012) is that the AML Directive is stricter in that it also applies to PTIG, but only
when they are involved in cash transactions exceeding 10,000 Euros (Sect. 1 Art. 2
#3e). Therefore, the AML Directive includes PTIG, which are neglected by interna-
tional standards.8 However, the Directive focuses on cash transactions and, hence,
on the placement stage. In Germany, major parts of the AML Directive and its
Footnote 5 (continued)
conducted, merely influence the study context, but neither its results nor their interpretation and appli-
cability. The most severe change is the reduction of the cash transaction threshold for which PTIG have
to conduct customer due diligence from 15,000 Euros to 10,000 Euros. Although this does not change
the mechanism of this regulation, during the research, all questions relating to this regulation were asked
using the benchmark of 10,000 Euros.
6
Indeed, we believe that agency theory fits well to risk-based AML regulation and implementation, as
they fulfill the three problem characteristics of agency theory of Eisenhardt (1989): (1) Substantial goal
conflict: While the regulator aims for maximally effective AML, obliged companies generally aim for
profit and therefore for the lowest possible AML costs. (2) Sufficient outcome uncertainty: As money
laundering risks without AML are uncertain, the risk-reduction achieved through AML is also uncertain.
(3) Team-oriented jobs for which behavior evaluation is impossible: While an AML system can be evalu-
ated, the implementation of this system is a team effort by the entire firm which is, if possible at all, very
costly to evaluate.
7
Note that agency theory is well-known in economics, while Grounded Theory is a methodology which
results in the development of a novel theory based on inductive interpretations of original data. The two
are distinct and our Grounded Theory approach provides tools that ensure an appropriate separation dur-
ing the course of the research (cf. Sect. 3).
8
Examples of jurisdictions outside Europe which neglect PTIG completely are Australia, Japan, and
the USA. Australia does not oblige any PTIG (Sect. 6 of the Australian Anti-Money Laundering and
Counter-Terrorism Financing Act 2006) and Japan and the USA only oblige dealers of precious goods
to adhere to money laundering rules (Art. 2 of the Japanese Act on Prevention of Transfer of Criminal
Proceeds (Act No. 22 of 2007), and Title 31, Parts 1020-1030 US Code of Federal Regulations, and Title
31, Paragraph 5312 United States Code). Conversely, Switzerland is stricter than EU laws, because it
obliges all PTIG who accept cash to adhere to money laundering laws (Art. 2 Par. 1b Swiss Anti-Money
Laundering Act).
13
predecessors are transposed within the AML Code (Gesetz über das Aufspüren von
Gewinnen aus schweren Straftaten—GwG). While other laws play an important role
for the FS, which is subject to higher AML requirements (e.g. Quedenfeld 2017),
this study only considers the GwG, because it is the only AML law which applies
to the non-FS. Regarding PTIG, the GwG is even stricter than the AML Directive in
that it generally obliges PTIG to follow the GwG regardless of the cash-transaction
threshold (Sect. 2 Paragraph 1 #16 GwG).9 In line with our study, the GwG therefore
considers the risks of being involved in money laundering at all stages of the three-
stage money laundering model. This general obligation has been upheld with the
most recent revision of the GwG, which tends to intensify the obligation for large
multinationals (Cappel 2017). The key requirements, which a non-FS company has
to fulfill to comply with the GwG, are summarized in Table 1 (Bausch and Voller
2014). They form the foundation of the interview guide (cf. Sect. 3). Following the
guidance of Bausch and Voller (2014), who provide a practice-oriented and the first
comprehensive guide for PTIG10 to implementing GwG-compliant AML systems,
our a priori expectation is that Table 1 is a possible structure of an AML system of a
PTIG which is sufficient to fulfill GwG requirements.
Little research has been conducted on AML in the non-FS. Some researchers
argue that it is necessary to oblige the non-FS to implement AML in order to achieve
effective AML systems, since money launderers are increasing their laundering
activities outside the FS, because AML in this sector has improved significantly in
recent years (Delston and Walls 2012; Ferwerda et al. 2013). FS supervisors also
observe that, with stronger AML, FS companies tend to avoid risky customers
which then simply shift their activities to sectors with less money-laundering scru-
tiny (Joint Committee of the European Supervisory Authorities 2017). Also, there
is a trend towards more trade-based money laundering, which underlines the impor-
tance of PTIG (Asia/Pacific Group on Money Laundering 2012). This demonstrates
the need for a focused analysis of the non-FS with regard to practical AML imple-
mentation, which so far constitutes a gap in the literature.
While no evidence exists for only the non-FS, a recent study reports that 58% of
all German companies (FS and non-FS combined) claim to have established AML,
and another 17% report AML in the process of being established (Bussmann et al.
2016). A study on the dark figure of money laundering (Bussmann and Vockrodt
2016), which contains the only empirical evidence on practical AML implemen-
tation in the non-FS, estimates that Suspicious Transaction Reports (STRs) of the
non-FS should be twice as numerous as are actually filed, which indicates a low
9
Considering PTIG, German laws are hence stricter than those of other European jurisdictions, such as
France and Italy, which basically define obligated parties just like the EU AML directive (Art. L.561-2 of
the French Monetary and Financial Code (Code monétaire et financier) and Art. 3 of the Italian decreto
legislativo 2007, n. 231, amended by Art. 1 decreto legislativo 2017, n. 90). Similarly, in the UK, most
AML regulations only apply to entities which are also obligated by the EU AML directive (so-called
regulated sector, Provision 3 of the UK Money Laundering Regulations 2007).
10
At the time when the interviews were conducted, to the best of our knowledge, this was the only com-
prehensive guide and the only one to focus on PTIG. It was far more extensive than any guidance or
combination of guidance provided by regulators, supervisors or other authorities.
13
Table 1 Key AML requirements for the non-financial sector

Requirement Short description
Customer due diligence (CDD) For some transactions, especially for cash transactions above
15,000 Euros, companies have to conduct a CDD (know-your-
customer-principle)
Depending on the risk, there are simplified and enhanced CDDs
Risk analysisa Based on their businesses, companies have to identify and
evaluate all risks with regard to AML
Internal controls Independent of trigger-transactions, all companies have to
establish risk-based internal AML controls, e.g.
Business-/customer-related controls
AML trainings for employees
Employee reliability checks
AML officer For some companies it is mandatory to designate an AML
officer;b for others it is recommended
Suspicious transaction reports (STRs) If there is indication for possible money laundering, every firm
has to file an STR. An internal process for when and how to
file an STR should be defined
a
At the time of our study, the concept of a risk analysis was still driven by experience and regulations
from the financial sector. It was extensively discussed in most interviews. By now, in the latest version of
the GwG which was enacted after the study, PTIG are explicitly obliged to conduct a risk analysis
b
While the GwG does not directly oblige non-FS companies to designate an AML officer, it empowers
regulatory authorities to oblige all non-FS companies to designate an AML officer except for PTIG who
do not primarily trade in high-value goods
level of AML. For PTIG, the STR numbers are the farthest from expectations. As
one focal issue, the authors emphasize the positive effects of voluntarily appointing
an AML officer, but find that only one fifth of the non-FS companies do so. This evi-
dence shows that practical AML implementation in the non-FS, especially for PTIG,
is at a low level and an early development stage. We therefore expect to observe con-
siderable variance in AML approaches as, apparently, no common standard has yet
been established. Moreover, PTIG businesses and therefore their risk profiles can be
diverse. Therefore, diversity in their AML implementation might also be explained
by the risk-based approach of the GwG. However, because all PTIG generally have
the same obligations, we also expect considerable overlap in their AML systems.
How such overlap and variation manifest themselves and to what extent overlap may
prevail, is an important empirical question which has not yet been examined.
Considering the AML literature overall (FS or non-FS focus), there is a gen-
eral lack of research which bridges the gap between AML laws, which are poten-
tially effective in deterring money laundering, and the practical implementation
of these laws. A considerable body of work merely analyzes the FATF’s mutual
evaluation reports (e.g. Choo 2013, 2014; Omar et al. 2015), although these
reports do not provide information about actual AML implementation (Pol 2018).
Such research answers the question of which gaps exist between formal AML
law and FATF standards, but does not identify gaps in actual AML implementa-
tion, which may hinder the deterrence of money laundering. Other works provide
game-theoretical analyses to identify AML approaches which are theoretically
13
more efficient, but do not enhance their analyses with empirical data (e.g. McCa-
rthy et al. 2015). Research which collects original data with interviews, surveys
or case studies in order to investigate AML implementation and to derive rec-
ommendations for practice and lawmakers (e.g. Naheem 2018; Gilmour 2016)
remains scarce (Demetis 2018) and is so far limited to the financial sector.
Above and beyond this identification of a research gap, some of this literature
provides a concrete motivation and context for our study. Keesoony (2016) argues
that a uniformity of AML regulation among nations is needed to strengthen
efforts to combat money laundering. Leveraging this argument to the national
level (i.e. uniformity among states/authorities) and to enforcement, the hetero-
geneity of guidance and supervision for PTIG could inhibit the effective combat-
ting of money laundering. This confirms the value of analyzing this issue. Turner
and Bainbridge (2018) analyze the pace with which UK AML regulations evolve
from the “end-user” (i.e. obliged parties) perspective. They identify a number of
rules whose implementation is subject to substantial discretion, while there is no
helpful guidance by authorities. They argue that this is perceived negatively by
obliged parties as they risk severe sanctions if their discretionary choice is sub-
sequently regarded as inappropriate by the supervisor. This tends to lead to dis-
proportionately high compliance costs in attempts to avoid non-compliance risks.
How PTIG react to discretion in implementing the GwG is hence an important
issue for our interviews. Lastly, Pol (2018) argues that AML regulatory effec-
tiveness should be assessed with an in-depth evaluation of its outcomes, i.e. the
real impact of this regulation on money laundering activities. He claims that
FATF mutual evaluations merely assess outputs of national AML laws, leaving
their impact on obliged parties and money launderers, and hence AML effective-
ness, unknown. This supports our focus on how regulation and enforcement really
impact on PTIG behavior (i.e., we respond to the call to focus on outcomes). At
the same time, this indicates that the FATF expects effective AML if AML laws
are comprehensive. This requires that AML laws indeed be implemented by the
obliged parties. In this logic, PTIG should not show great variation in their com-
pliance with AML laws.
Summing up the above considerations, regulatory requirements are substantial,
and prior research underscores the importance of AML in the non-FS and the impor-
tance of acquiring an in-depth understanding of how AML laws are put into prac-
tice. However, there is little original empirical evidence on AML implementations
overall and no such evidence for the non-FS. Therefore, the present research seeks
to bridge the gap between rather strict standards on the one hand and potential defi-
ciencies of practical AML implementation on the other. In-depth original insights
from practice are collected to add to our understanding of the gaps in AML imple-
mentation which might exist regardless of the quality of formal AML laws. Compar-
ing various implementations, we also seek to identify the strengths and weaknesses
of these different approaches. Adding to existing recommendations in the literature
with a focus on the financial sector, and taking into account the particularities of the
non-FS, our aim is to develop a generic systematic process of AML implementa-
tion. We hence provide a basis for future practical AML implementation, regulatory
debate focused on actual AML implementation, and future AML research.
13
Table 2 Characteristics of the semi-structured interviews participants’ companies

Employees No. Revenue [bn. €] No. Industry No. Listed company No.
< 20,000 3 <5 4 Automobile 1 Yes 4

20,000–100,000 3 5–20 2 Consumer goods 1 No 4
> 100,000 2 > 20 2 Engineering 3
Building 1
Diversified company 1
Transportation 1
3 Grounded theory and data collection
To obtain in-depth explorative insight into AML practice for the non-FS, Grounded
Theory (Glaser and Strauss 1967) was used, using a constructivist approach (Cor-
bin and Strauss 2015; Charmaz 2014). Constructivist means that the researcher
becomes part of the data and theory construction and that the results are interpreta-
tive and closely tied to the researcher (Charmaz 2014). Accordingly, the constructed
theory is not the only possible one which can be built from the underlying data.
This constructivism, however, “does not negate the validity of the theory” (Corbin
and Strauss 2015). Rather, it results in a theory which constitutes a systematic, inte-
grated, and comprehensive set of inductively developed concepts and can take dif-
ferent forms, such as frameworks, processes, or models. It is inherent to Grounded
Theory that the resulting theory is not only descriptive, but also contains strong
explanatory elements (Gregor 2006; Charmaz 2014). Moreover, Grounded Theory
is especially suited for developing fields (Kirk and van Staden 2001), which con-
forms to our expectations that a common standard has yet to be found for AML in
the non-FS and the fact that the extent and nature of variation of AML approaches is
unknown (cf. Sect. 2).
Semi-structured interviews were conducted during summer 2015 with 13 rep-
resentatives of eight multinational companies with headquarters in Germany (for
descriptive information, see Table 2). The participants had the greatest expertise on
AML and AML-related topics in their respective company. Theoretical sampling
was used by following emerging issues from prior interviews. For example, we sam-
pled for a company that has been subject to an AML audit, as this emerged in the
early interviews as a potential trigger for best-practice AML. The results of theo-
retical sampling are demonstrated by the great variety in our sample, which includes
different industries, private and public companies, as well as companies of the fol-
lowing categories (no. of companies): established AML (1), AML in development
stage (2), no AML (3), consider themselves as not obliged by GwG (2).
The interview guide (“Appendix”, English translation of the interview guide
which originally is German) was designed according to the review of regulations
and literature (cf. Sect. 2). It was revised after a discussion with two forensic ser-
vices practitioners (the consultants) with many years of experience with AML. Two
further revisions were realized during the interview-phase, in line with the Grounded
13
Theory principles outlined above. As a result, questions 3a, 7, 13, 14, 21, and 22
were added (cf. “Appendix”) and a question regarding STRs was dropped, as we
felt it was already covered by questions 3–14. The core questions, which were asked
at the start of each interview, explored whether AML was addressed at all in the
company and what money-laundering-related risks the company perceived as fac-
ing. When the core questions were answered positively (negatively), the interview
guide assessed how the company dealt with regulatory requirements (explored why
AML was omitted, what would change this omission, and whether other compliance
activities were related to AML).
Interviewees were approached via personal contacts and all agreed to participate.
Interviews lasted between 30 and 120 min (median 60, average 69.4) and were con-
ducted by one of the researchers and at least one of the consultants. The consult-
ants’ main function was to contribute the perspective of a practitioner with consid-
erable experience with AML issues in practice. This additional perspective helped
to ensure that no important points were missed and that all facets of AML in the
participating companies were considered. Thus, richer data could be obtained. Dur-
ing the interviews, a natural conversation was assured and the guide only served as
a reminder of what issues should be discussed. All but one of the interviews were
tape recorded and transcribed (Horton et al. 2004).11 During the interview-phase,
a research journal was kept which documents all ideas developed during the inter-
views and the coding process. It was used to inform theoretical sampling, the revi-
sion of the interview guide, the coding process (see below), and hence the theory
development.
Coding started after the first interview and could hence inform theoretical sam-
pling. The coding process was performed by one of the researchers12 and followed
the principles of Corbin and Strauss (2015) and Charmaz (2014), especially con-
cerning simultaneous analysis and data collection, as well as constant comparisons,
neither of which ends before theoretical saturation is achieved. This requires that
our major codes (so-called categories) are fully developed, show considerable varia-
tion (this is expressed in so-called properties and dimensions of each code), and are
linked together in a well-integrated theory.
During the interview phase, initial raw-data coding was conducted directly after
each interview. For each interview transcript, text ranging from half a sentence to a
short paragraph was grouped by topic and the topic was assigned a code. The code
and a brief description of the thoughts behind the code, similar to a memo, were
documented in an Excel sheet. The codes were derived largely inductively, i.e. we
tried to capture or summarize the content of a paragraph with a short phrase or a
single word. The initial terminology of the codes was taken as closely as possible
from interview transcripts. The background and the respective a priori expectations
11
For the other interview, a protocol was written during the interview. The transcripts/protocol were
later sent to the participants for confirmation. Only minor changes were needed.
12
This researcher was also present at all interviews. The other researcher (who was only present at
one interview) and the consultants (of the two consultants, at least one was present at each interview)
reviewed the coding. Hence, for each interview, at least one person who was not present at the respective
interview reviewed the coding. Minor changes in wording resulted.
13
laid out in Sect. 2 had some influence on the terminology, just as the interview guide
and the actual questions during the interview13 were influenced by these theoretical
expectations. Later, our a priori expectations mainly influenced our interpretation of
the inductively assembled theory.
All interviews were coded independently at first. Beginning with the second inter-
view, all Excel sheets were merged, so as to conduct constant comparisons directly
after each independent coding. Similar codes were grouped to iterate wording and
descriptions and later form more abstract categories. Finally, large network-type dia-
grams were used to depict the strongest relationships between the categories and
develop a preliminary theory. This included initial interpretations of the inductive
codes. Therefore, our a priori expectations (cf. Sect. 2) provided some indications as
to how certain codes are linked to each other, which was incorporated into the build-
ing of the diagrams. The analysis of the last interview yielded no changes to this
preliminary theory, which was a first indicator of theoretical saturation.
However, at this stage, properties and dimensions were not sufficiently devel-
oped for all categories, and the theory was not sufficiently integrated. Therefore,
in another major iteration, a second coding of the raw data was conducted. This
time, line-by-line codes with a focus on actions and processes (Charmaz 2014)
were developed, in order to identify more detailed properties and dimensions. More
extensive memos were written. 1336 raw codes and 59 pages (> 32,000 words)
of memos resulted. These raw codes were even closer to the transcripts terminol-
ogy and strictly inductive. This helped us to challenge our own interpretation of
our preliminary theory which was not free from our a priori expectations. From
the beginning, constant comparisons were assured by depicting more abstract and
central concepts in simple diagrams right. To do so, the preliminary theory of the
first major iteration was used, also following the constant-comparison principle. To
develop concise properties and dimensions, each line-by-line code was assigned a
more abstract category. These were grouped in a large table after recoding half, and
then again after recoding all the interviews. Network-type diagrams once more were
used to integrate the theory, at least once after recoding each interview. Through all
of the coding process, an interpretative reference for constant comparisons was the
basic framing of risk-based AML as a problem of agency theory. Because it became
clear during the analysis that more structured approaches to AML can be interpreted
as a risk-management approach, the COSO enterprise risk management framework
(Committee of Sponsoring Organizations of the Treadway Commission 2004, 2017)
was compared to the theory, so as to identify potential imprecision in its structure or
wording. Finally, taking together the preliminary theory, the line-by-line codes table,
and the largest network-type diagram, the theory was integrated and trimmed into a
final iteration to arrive at a final core category and fully integrated theory (Fig. 1,
Table 3). The level of theoretical saturation is sufficient for three reasons (Charmaz
13
Only one interviewer was heavily involved in the development of the interview guide and therefore
likely to be influenced by the a priori expectations mentioned above. The other interviewers all had dif-
ferent backgrounds which prevented the interview questions from being biased by a single group of pre-
conceptions.
13
AML in the non-FS:

Initial appraisal Finding a risk-adequate response
• Starting point
• Need to consider GwG obligation
1 Full process; goal: fulfill regulation
obligation and/or economic need affirmed
Responsibility 2 Skip AML-related activities; goal: fulfill regulation

no perceived obligation, no economic need for AML
3 Skip regulation; goal: avoid dirty money

3 Determination process risk analysis necessary; mitigation with little AML-relation
• Analysis of laws and obligation
• exchange
4 Skip process; no goal
mitigation without AML-relation
Perceived obligation
2
Risk analysis
• Collecting Information on potentail risks
• Potential risk indicators
4 • Evaluating probabilities and impacts
Mitigation
• Measures
• Balance
• Documentation Process environment
Actors
Processes and
Release from liability
Structures
• AML-aspect
• Development process
• Resources
1 • Supply chain
Fig. 1 Grounded Theory for AML in the non-financial sector
2014). First, Table 3 shows that the properties and dimensions of the major cate-
gories are developed in rich detail. Second, great variation of AML approaches is
depicted by the theory, e.g. by the four alternative cases in Fig. 1. This includes
different levels of AML compliance, which is contrary to the prior literature and to
the FATF evaluations which focus on formal AML laws rather than actual compli-
ance with these laws by obliged parties. Third, Fig. 1 and the detailed descriptions in
Sect. 4 show that the theory is well-integrated.
4 Results
An overview of our Grounded Theory, which we term the AML development pro-
cess (short: AML process), is presented in Fig. 1. The core category is the process
of finding a risk-adequate response to challenges in the context of AML in the non-
FS. Finding a response indicates that all interviewees located their organizations
as being in a process to determine the a priori unknown approach to dealing with
the topic of money laundering. The progress their respective organization has made
within this process ranged from rudimentary initial considerations to a completed
development of an AML system which is then revised on a regular basis. The idea
of risk-adequacy is already reflected in the risk-based approach of FATF, EU, and
13
Table 3 Overview of categories, concepts, and properties and dimensions
1112
Category Concepts Properties and dimensions
Initial appraisal
13
Starting point Prerequisites for AML considerations Outside motivation, awareness, existing compliance structure
Motivation for AML considerations Pressure, exchange, fear of scandal, former experience/prec-
edent, regulatory, economic, striving for compliance excel-
lence
Source of motivation Company itself versus external actors
Being aware of AML Not aware-fully aware; within industry/profession
Knowing regulations and/or obligation Unknown-vague awareness-fully known
Perceived obliged groups Mainly FS; mainly precious traders; all traders
Existing AML considerations None; implicit/intuitive versus explicit
Need to consider GwG obligation Company type with respect to initial ML-risk Precious dealer, normal dealer, service provider
Perspective on AML: Non-holistic
Regulation-oriented Perceptual gap
Operations-oriented Not-partly-mostly
Experience-based
Risk perception None-insignificant-moderate; not specified
Strength of perceived need None-strong; vague; mere interest; denial/overregulation
Goal of AML considerations None; avoid dirty money; fulfill regulations
Responsibility
Defining who is responsible No-unclear-yes
Locating AML within the company Compliance, internal audit, legal, corporate finance, treasury
Structure of AML department Top-down; centralized-dispersed-combined;
Size 0–2 full time equivalents;
Professional background Interdisciplinary; FS versus non-FS
Holding individuals responsible Nobody, AML officer, point of sale employee
C. Friedrich, R. Quick
Table 3 (continued)
Determination process
Analysis of laws and obligations Scope Obligation, goal of GwG, international rules, business model,
risk, sanctions
Requirements Detailed analysis, individually tailored, careful balancing
Facing regulatory complexity Several laws, need for interpretation, practical complexity,
regulatory gaps, international differences
Fitting company to law No fit for: multinationals, concept of cash, service providers,
business priorities, risk profile
Transferring obligations to practice Impossible, difficult, necessary, achieved
Regulatory definition of “persons trading in goods” (PTIG) Missing, circular definition, via tax law, no aid, uncertainty for
special cases
Understanding of PTIG Criteria: cash handling/threshold, precious goods, goods versus
services, contract types
Defining company as PTIG Yes; when in doubt, yes; when in doubt, no; no
Progress None-preliminary results-concluded
An analysis of anti‑money laundering in the German non‑financial…
Laws underlie constant change Problem versus chance

Fear of doing too much versus Fear of not doing enough
1113
13
Table 3 (continued)
1114
13
Exchange Finding orientation not found in complex law Common understanding, find and use guidance, minimum
requirements, benchmark, standards, full compliance
Industry-wide extent None-few; 70% critical border-line
Individual involvement None/unwanted-exchange with all relevant actors; intense;
never-always-choppy-steady-decreasing
Role: Careful-confident; exerting influence
Active giver Wait-and-see; feeling pressure
Passive receiver feeling pressure
Open receiver
Channels Direct/phone contact, conferences/congresses, audits, question-
naires, publications
Missing guidance by authorities What to do, how to do, common interpretations, non-FS spe-
cific guidance, materiality
Explaining disconnect of law and authorities No courage, no commitment, missing experience, no actions
for years
Self-development/regulation Undesired-taking place; individual-collective
Self-developed standards Pursued-unwelcome; not achieved; substitute guidance
Risk of excessive regulation versus Risk of no common Overregulation; abuse; denial to follow
standard
Perceived obligation
Evaluating obligation: Once versus recurring; subjective
Self-assessing accountability Yes-in doubt yes–no
Orientation towards authorities’ view Unclear; dynamic; international differences
Perceiving need for action Obligation versus economic reasons
Table 3 (continued)
Risk analysis
Collecting information on potential risks Structure/formality Intuitive, (un)structured, (un)aware, (not) documented
Collection procedure Bottom-up versus Top-down; surveys; workshops
Frequency Never-yearly
Scope National–international; HQ-whole company-beyond company
borders; Legal versus Operational entities
Depth Rudimentary-full detail; high-level abstraction
Focal point Business model/operations, transactions/cash flow, red flags,
scenario-based
Potential risk indicators Complexity Low–mediocre
Risky transactions: Third parties, natural person, “known” countries
Payment origin Own traders, unknown usage of goods, outside standard trans-
Transaction structure action cycle, unidentified contract partner, smurfing
Special trader typologies Over/under-invoicing, kick-backs, shell companies, fictitious
transactions, refunds to different account
Prevalence of cash None-large amounts; more likely for B2C/time-critical transac-

tions/foreign subsidiaries/certain business models
Precious/fungible goods
Economically unreasonable actions Selling off, speed before profit, not fitting personal/company
wealth, “normal” behavior not fitting specific context, com-
pany without operations
1115
13
Table 3 (continued)
1116
13
Evaluating probabilities and impacts Classifying risks: Segmenting in sub-risks
Reputation risk
Legal risk
Economic risk
Involvement Victim, perpetrator, secondary involvement
Concept of materiality Qualitative versus quantitative
Judgment task Careful interpretation; subjective; expert judgments
Factors for assessing probabilities and impacts: Case-by-case evaluation
Transaction type Volume; border-crossing; tendering
Origin of money Country; account/person/company
Customer type Public/private/state; consumer versus business; reputation
Customer base Number; dynamic; familiarity
Precision of results Vague-precise; uncertainty
Characteristics of results Residual risk; diverse portfolio; acknowledgement of different
perspectives; enforcement tool; horror scenario
Mitigation
Measures Measure characteristics: Efficient; effective; ease of use; modular; detailed-high level;
Risk avoidance Avoid cash, avoid (intransparent) transactions
Risk acceptance Regulatory, economic obligations; residual risk
Risk reduction Better understanding of transactions, complexity
Risk sharing Along supply chain
Guided by: Rules-/risk-/principles based; legal versus Operational
GwG CDD, trainings, employee background checks, STR filing
Other Monitoring, list comparisons, plausibility checks, policies
Compliance/risk
Organizational structure: Unstructured-standardized;
AML-designed AML officer, AML coordinator, AML competence center
From compliance/risk Three lines of defense, CMS-structure
Table 3 (continued)
Conduct: Unstructured-well defined; integrated-stand alone; automation;

Initial judgment At point of sale; information from transaction partner; every
Complete assessment individual versus general monitoring versus samples
Centrally; holistic/information; case-by-case; expert; integrated
data owner
Dissemination Not existent-established; local-international; limits
Balance Intended balance Mildest measure, prioritization; reason
Guiding principle Ethics, GwG, profit
Risk appetite Low-mediocre
Subjects to be balanced Different laws, risks; business versus law
Judging balance Individual evaluations; qualitative versus quantitative; com-
parative
Documentation Purpose Proof, check fulfillment of objectives, auditability
Extent None-detailed; only for what is done
Form Direct, indirect, informal
Release from liability

Being compliant in a relative sense None-insecure-achieved; not being subject to sanctions
Compliance (in fact) versus Proof of compliance
Through measures versus Through non-obligation
1117
13
Table 3 (continued)
1118
Actors
13
Management Awareness, openness, knowledge, support, involvement, moti-
vations, profession, tone at the top
Employees Awareness, openness, knowledge, support, involvement, moti-
vations, qualification, execution, profession
Unions
Prosecutors Feedback, capacities, efficiency, overview
Peers Own industry versus FS versus professional associations;
transferring responsibility; pressure; comparisons; power
differences
Consultants Involvement, professional background, covered subjects
Supervising authority Scrutiny; contact; help; quality; qualification; expectations;
organizational structure; audits; heterogeneity
Processes and structures
Resources General assignment Money, working compliance organization, specialists
Existing know-how Legal/FS experience, incomplete, subsidiary/old HQ
Creating know-how Learning by doing, external employees, exchange, trainings,
conferences, first-hand experience, secondary experience,
work in/with associations
Data availability Full-incomplete-none; complete data basis, external data
Data integration Incomplete, holistic, missing mapping
Data reliability
Technology Capabilities, limits, automation
Table 3 (continued)
AML aspect Perspective of AML-related activities Risk versus compliance versus AML management
Strength of AML relation None-grey area-AML only; consecutive; clear separation;
dynamic; more likely in high risk areas
Differences AML versus other compliance AML as secondary offense, affected employees, scope, data
Areas with AML relation Code of conduct, policies, CMS, internal control system, moni-
toring systems, internal audit, governance, business judgment
rule, general due diligence, legal department, customer
relationship management, transparency, sanctions/embargoes,
receivables/transaction management, corruption, background
checks
Resulting synergies “automatic” AML Dynamic; overlaps of law; single measure/module versus Entire
Simple supplementation system
Reporting processes, compliance network, internal control
system, training systems
AML too small, extend implementation, add-on to established
process/structure
Design processes Approach Emergent, heuristic, systematic, structured, mixed
Scope What is, what will be, what can be

Developing step-by-step As needed, convenience-based, in manageable steps/phases,
parallel; inefficient
Improving constantly Constant challenge, constant evaluation
Limitations By law, by scope/priority, devil in the detail, execution
Supply chain Passing liability Giver versus receiver;
Position of risk In my entity, in my working group, direct contract partner,
mediate link of value chain, as an agent
Restrictions In influence, in transparency
Sharing responsibilities Business logic versus transactional logic
Assessing risk environment Industries, countries, subsidiaries
1119
13
German national regulations, and was emphasized in all interviews. This idea ranged
from intuitive risk considerations to full explicit acknowledgement of the risk-based
approach. The general view of AML in the non-FS expressed in the interviews was
very diverse. All interviewees generally saw money laundering as a problem. How-
ever, perceptions differed in considering the role of “persons trading in goods” in
combatting money laundering, as well as whether the interviewee’s organization ful-
fills the definition of PTIG. This ranged from denial to strong support of AML obli-
gations. The process is shaped by its environment which contains actors as well as
existing structures and processes.
A clearly dominant result is the substantial heterogeneity of guidance and super-
vision by the authorities, which is located in the environment and therefore not dis-
cussed in detail below. However, we wish to emphasize this insight, as it was present
during the entire data-collection process and mentioned several times as a poten-
tial reason for the overall rather low level of AML compliance. Especially partici-
pants with more sophisticated AML urged that increased activity by the authorities,
combined with more guidance on how certain legal concepts should be interpreted,
should improve AML in the non-FS. Such activity includes the exertion of pressure
on companies to take the necessary actions. This conforms well to the framing of
risk-based AML as a problem of agency theory. As expressed above, not all com-
panies (agents) felt a strong need to implement an AML system. Hence, their goals
conflict with that of the regulator (principal) to generally delegate AML imple-
mentation to PTIGs. As agency theory views both actors as utility-maximizers, a
stronger alignment of goals can be achieved either if the cost of AML implementa-
tion decreases (through more guidance and better interpretation of legal concepts) or
if the benefit of AML implementation increases (through the avoidance of penalties;
this benefit is higher if pressure by authorities increases, which is associated with an
increase in the likelihood of penalties for non-compliance).
Consistent with this view, the heterogeneity of supervision and guidance results
in a similar heterogeneity from non-FS companies with regard to their AML imple-
mentation. This is apparent in the great variety of properties and dimensions in
Table 3, some of which are discussed in detail below. More importantly, this is
expressed in the different cases which are discussed next, and show that non-FS
companies approach AML very differently, with different viewpoints and different
goals. This is important, because some of the heterogeneity of properties and dimen-
sions within our theory is consistent with risk-based AML since non-FS companies
are also heterogeneous in their business models and therefore in their AML risks,
especially compared to the FS. However, we propose that AML should be system-
atic and comprehensive regarding risk assessment and risk mitigation, and that this
could be achieved by following our AML process, regardless of the specific business
model. Heterogeneity with respect to following the process is therefore regarded
as an explanation of AML implementation shortcomings in the non-FS. As shown
below, some of this heterogeneity is reduced by exchange between peers, but such
exchange was reported as fragmented.
Our full AML process comprises nine major categories (including the two envi-
ronmental ones). The process is intended to answer our research question which
called for a systemization of AML implementation in the non-FS. The concepts and
13
the properties and dimensions associated with the categories are shown in Table 3.
Whenever we refer to “properties” or “dimensions” below, we refer to the right-hand
column of Table 3. The concepts within a major category are interdependent to a
varying extent. Strong connections exist between the categories along the process,
while the environmental categories influence every category to a greater or lesser
extent. We now briefly discuss the most important concepts in each category and ref-
erence major properties, supported with comments from the interviews, which were
carefully translated from the original German transcripts. We introduce each com-
ment with the aim of showing how the related element(s) of our theory are grounded
in this particular item of data. With the discussion of different properties and dimen-
sions, we intend to fulfill our research objective of pointing out the strengths and
weaknesses of current AML implementations in practice. The discussion focuses on
explaining differences between the four cases depicted in Fig. 1 and on potential
causes of these differences. Each company is classified as belonging to one of the
cases shown in brackets at the beginning of each comment. Moreover, in brackets,
the size of the company and whether it is listed on a stock exchange is depicted.14
Belonging to a case means that this company follows the path of this case which
is displayed in Fig. 1. All cases start at the top of the flow chart (full process) and
follow the steps of the full process, unless indicated otherwise by the arrows which
depict the “shortcuts” of Cases 2, 3, and 4. In total, four, two, one, and one company/
companies were classified as an example of Case 1, 2, 3, and 4, respectively.15 The
classification by cases is intended to show how current AML implementations vary
(third research question) and how they relate to a more abstract, systematic and com-
prehensive approach to AML implementation (our theory, final research question).
4.1 Initial appraisal
For each company, the AML process starts when the company initially encoun-
ters the topic of money laundering. At this beginning of the process, Cases 3 and 4
separate themselves from Cases 1 and 2. The starting point encompasses different
14
We classify a company as large if both its employees and its revenue are in the middle or upper cat-
egory of Table 2 (i.e. 20,000 or more employees, € 5 bn. or more revenue) and as small otherwise. We
term the opposite of “listed” as “private”. To assure anonymity, we did not include the industry of the
company in brackets. However, where it is important to provide an appropriate context, we explain
before or after the comment how the industry specifics or the participant’s individual background may
have influenced what is expressed in the comment.
15
As is inherent to constructivist Grounded Theory, the categorization of these four cases is not the
only possible classification. However, we chose this alternative because the main separator of these four
cases relates to the core category of our theory, i.e. finding a risk-adequate response to challenges in the
context of AML in the non-FS. For Case 1, this response is to fulfill the GwG very carefully and the risk
is affirmed as being large enough to complete the full process. For Case 2, the response is also to fulfill
the GwG, but the risk is perceived as negligible, which is why no mitigation is implemented. For Case 3,
the response does not relate to laws but only to perceived business risks that stem from dirty money. For
Case 4, the response is missing completely. All other characteristics of these cases are then based on the
concepts and properties and dimensions grounded in the data collected from the interviews which belong
to the respective cases. This is described in more detail in the following subsections.
13
determinants of the likelihood of a company considering AML in more detail. For

example, a company which is motivated by regulatory considerations is unlikely to
skip the determination process (see below) and will thus either follow Case 1 or 2.
Case 4 is the first to leave the full AML process, because companies in this case are
not even aware that AML is a topic they have to deal with. This is confirmed by the
following comment, which grounds the concept of “being aware of AML” and illus-
trates the dimension of “not [being] aware”.
(Case 4; small; private) “The topic of AML risk does not yet exist in this com-
pany. […] I don’t think the company has ever dealt with this issue.”
On a more theoretical level, therefore, companies only enter the AML process
when they reach an AML-related starting point. A necessary condition for this is an
awareness of AML. This can be seen by Case 4 companies, which basically skip the
entire AML process, because they do not fulfill this necessary condition. In the other
three cases, companies fulfill this condition to at least some extent. They continue
with an assessment of whether they need to consider whether they are obliged by the
GwG. Based on its perspective on AML, a Case 3 company will decide that it does
not need to consider any regulation. However, it wants to avoid illicit money in its
operations, as it is generally aware that money laundering exists. The next comment
is an example of the lowest end (“none”) of the concept “strength of perceived need”
in the category “need to consider GwG-obligation”. This is explained by a starting
point which includes only the FS in the “perceived obliged groups”. Hence, there
is no “goal” to “fulfill regulations”. This shows that Case 3 companies differentiate
themselves from Cases 1 and 2 by denying the need to consider a GwG obligation.
(Case 3; small; private) “I always saw the topic money laundering and GwG
as mainly something for financial service firms. […] [Still], it is important to
know our customers better to ensure that they do not use dirty money.”
4.2 Responsibility
Only Case 1 and 2 companies will formally define who is responsible for AML
topics. The properties of this responsibility serve as indicators of the priority and
quality of AML in the company. A clear assignment of responsibility goes a long
way to ensuring that a risk-based approach is followed. The size and structure of
the responsible unit, however, are dependent on how the company is structured as a
whole and how risky its operations are with respect to AML.
4.3 Determination process
The determination process lays an important foundation for the specific design of
AML measures, as it defines the envisaged AML system from a legal perspective.
Because the companies regard the GwG as complex and ambiguous, especially with
regard to PTIG, an individual analysis of laws to determine individual obligation
is conducted. The result is an individual definition of legal requirements which a
13
company seeks to fulfill. These requirements are subjective and influenced by the
company’s properties of the concepts which comprise the determination process.
For instance, if a manufacturing company acknowledges that a clear definition of
PTIG is lacking but that a key criterion is the trade in goods, it will likely decide
that, when in doubt, it has to define itself as a PTIG. This property (“when in doubt,
yes”) of the concept of “defining a company as PTIG” is grounded in the follow-
ing quote. It is important to note that the participant has a background as an AML
employee in the FS and is thus likely to be highly sensitive with regard to AML
obligations.
(Case 1; large; private) “I also checked the website of the responsible authority
[…] and no one tries to clarify […] what a ‘person trading in goods’ actually
is. […] Given the vague definitions that exist, I came to the conclusion that we
are presumably [a PTIG], as it is impossible for there to be such a big gap [in
the law].”
As is demonstrated further by the above comment, during the determination pro-
cess, companies face a high level of uncertainty regarding their interpretation of
the laws and obligations, which is subject to substantial discretion. This explains
why the fear of doing too little or too much with respect to legal requirements was
another dominant theme in the interviews. A common way to overcome this fear is
exchange among peers. Depending on its specific properties, this exchange can dom-
inate regulatory considerations and can lead to a self-development of AML stand-
ards by the peers. From the perspective of agency theory, this would be problematic
if such self-development resulted in AML which is contrary to the principal’s (regu-
lator) goals. The principal would then have to intervene, either with increased super-
vision or penalties. Therefore, whether self-development is intended or accepted by
the regulator remains an important issue to discuss.
Within this exchange, companies assume different roles, which are illustrated by
the following comments. The first comment depicts an active giver whose role is
also driven by the structure of the industry in question. The company is a very large
manufacturer with a large number of suppliers for which it is one, if not the only, of
the major customers. Therefore, it has the necessary power to impose standards on
its business partners. The second comment depicts a passive receiver.
(Case 1; large; listed) “We have gained experience and would like to use it.
We are also willing to participate in the development of standards which then
apply to everybody. […] And, of course, [we] thus give stimuli to our business
partners.”
(Case 2; large; listed) “We are always interested, always in conjunction with
noting that we are more at the receiving end for now.”
More abstractly, the determination process can be pictured as a major decision
node of an AML implementation. The necessary condition for an activation of this
determination process is that a company acknowledges the need to consider a GwG
obligation, i.e. it is a Case 1 or 2 company. The inputs of the determination process
are the laws and potential guidance as well as help which results from exchange. The
13
output of the determination process is the perceived obligation, which is described

in the next Section.
4.4 Perceived obligation
As a result of the determination process, a company either chooses to follow its self-
assessment as to whether it is a PTIG, or to orient itself toward the authorities’ view.
While the authorities’ view is often unclear, it is more likely to be used to justify a
passive role in AML. In this case, companies can justify their behavior as consistent
with the view of their supervisor. Interestingly, many authorities are perceived as
inactive regarding AML, which is then used to justify inactivity by the companies.
Therefore, companies that follow their own self-assessment may assume a more
active role than companies which follow the authorities. An example of such a situa-
tion is illustrated in the following comment. Companies were alerted by the activity
of an authority. Some then started a self-assessment on which they later based their
AML. Others, however, decided to follow the authorities’ view and thus reverted to
a passive role when the authorities’ activity ceased.
(Case 2; large; listed) “Two years ago, an authority showed some activity. […]
When no other authorities followed this example, however, the commotion
subsided. With differing results: […] some large firms now have optimized
processes, […] others not even rudimentary [ones].”
If, based on the chosen view, the company decides that it is not obliged to imple-
ment AML depending on its interpretation of the law, it will still assess whether
there is an economic need to implement AML-related measures. For instance, such
a need can be explained by important clients or suppliers which require the company
to have some AML in order to do business with it. If no economic need is also iden-
tified, the company belongs to Case 2 and will therefore skip the rest of the AML
process.
4.5 Risk analysis
At this point of the process, Case 3 companies rejoin Case 1 companies to analyze
AML risks. It is important to note that Case 3 companies perform a risk analysis
in pursuing their goal to avoid dirty money, which requires identifying the risks of
encountering dirty money. This is different from a Case 1 company, which has the
goal of fulfilling AML regulations and will therefore conduct a risk analysis in the
sense of the GwG. However, the actual design of the risk analysis varies greatly,
even among Case 1 companies. Again, this is because there is no clear guidance
on how to conduct a money laundering risk analysis. In our theory, we therefore
identify the following key concepts of the risk analysis and give an indication of the
cause-effect relations between certain properties of these concepts.
The depth and comprehensiveness of the risk analysis is determined by the
properties of the collection of information on potential risks. More structured and
detailed approaches indicate a higher quality of risk assessment. The variety of
13
possible focal points for the information collection shows that a company has to
consider carefully, which (combination) of these foci will generate the most accu-
rate information about their potential money laundering risks. In this context, the
variety of concepts as potential risk indicators reported in Table 3 shows that the
topic is very complex and that a one-dimensional focal point during risk identifi-
cation probably prevents a sufficiently comprehensive risk recognition. Similarly,
many factors determine the probability and impact of potential risks. The preci-
sion of the results is more likely to be high if these factors are considered more
carefully, more comprehensively, and in a more structured manner. However, the
evaluation of probabilities and impacts of risks remains a judgmental task, which
ultimately always results in a residual risk that cannot be clearly defined.
An example of high-quality risk assessment could be to send out question-
naires to all operating units which are tailored specifically to potential money
laundering risks. That is, the questionnaires should be based on a combination of
knowledge about current money laundering typologies and about the respective
businesses. The questionnaires would then assess whether and to what extent ele-
ments of such typologies exist, e.g. cash transactions (volume and frequency) or
customers from high-risk countries (frequency). Then, a common coding scheme
could be used to identify those operating units which are relatively risky com-
pared to other units of the company.
4.6 Mitigation
Case 4 companies may establish measures that potentially reduce money laun-
dering exposure, although they were designed according to different compliance
goals, e.g. to reduce corruption. Therefore, they reenter the AML development
process at this stage, although they will not install structured measures as pre-
sented in the detailed concepts of this category. They may cover single properties
of the concepts shown, but will never cover the entire range of concepts. Turn-
ing to Case 1 and Case 3 companies, their approaches to the design of meas-
ures also differ clearly. For example, measures that are guided by the GwG and
organizational structures that are AML-designed characterize a Case 1 company,
whereas measures guided by general risk management, such as general plausi-
bility checks of transactions, are typical for a Case 3 company. Other or more
general compliance frameworks can help to guide the design of AML measures.
For instance, distinguishing risk avoidance from risk acceptance, risk reduction,
and risk sharing can help to find the right response (or non-response, i.e. accept-
ance) for identified money laundering risks. A structured approach, although still
being developed, is revealed in the following comment which grounds a number
of properties for the concepts “guided by: GwG” and “organizational structure:
from compliance/risk”.
(Case 1; large; listed) “We will develop […] a compliance management system
for AML. […] This includes a code of conduct, […] a consulting process and a
reporting process, […] [and we will] of course offer training.”
13
A dominant theme across cases is that companies try to achieve a balance

between AML compliance and business operations (or several other compliance
issues of differing priorities). Our theory helps to explain the priority accorded to
AML. The individual company properties in the concepts of this category (e.g. risk
appetite or emphasis on ethical behavior) determine the likelihood of AML being
given a higher priority. This tends to increase, for instance, with a decreasing risk
appetite or increasing emphasis on ethical behavior. The priority of AML is gener-
ally lower for Case 3 than for Case 1 companies. It is non-existent for Case 4 com-
panies, which only conduct AML as a side-effect of other compliance measures. The
next comment illustrates very clearly how this concept of our theory was taken from
the data inductively.
(Case 3; small; private) “This [i.e., AML] is not a top priority.”
Moreover, the comment shows the conflicting goals between the regulator and
the companies, which are central to the agency theory perspective on the topic. As
this agent apparently does not consider AML as a major goal, this conflicts with the
assumed goal of the regulator to achieve maximally effective AML.
Finally, the GwG requires measures to be thoroughly documented and therefore,
Case 1 companies are most likely to have a more direct, detailed and auditable docu-
mentation. Case 4 companies are the least likely to have formal documentation.
4.7 Release from liability
A major theme that emerged across cases is the desire of the companies to lower
their likelihood of being exposed to money laundering and thus achieve a low risk
of liability. As expressed in the concept of “being compliant in a relative sense”,
the exposure to liability depends on both the perception of supervisor scrutiny with
respect to AML, as well as the perceptions of the AML level of peers. Again, this
can be explained from the perspective of agency theory. When the principal’s goals
(i.e. expectations regarding AML) are low, the likelihood of the agent’s behavior
differing from the principal’s goals is relatively low. When the information system
quality (i.e. scrutiny of the supervisor) is low, the likelihood of such a difference
being detected is relatively low. Considering the AML level of peers, in a multiple
agent setting with a supervisor which has limited resources, the agent whose differ-
ence from the principal’s goals are greatest is most likely to be detected. Therefore,
the supervisor does not have enough resources to detect agents with behavior that
differs comparably little from the principal’s goals.
In Case 1 (Case 2), a reduced exposure to liability is clearly achieved through
AML measures (non-obligation). However, the important question of whether
compliance can be proven in the event of an audit by an authority is still subject to
uncertainty, especially for Case 2 companies, as indicated below.
(Case 2; large; listed) “We hope that an external party will confirm what we
already developed internally [in this case: during the determination process].
Because, as long as this is not the case, you can only believe [you are compli-
ant], but you are never really confident.”
13
In Cases 3 and 4, whether such a (partial) release from liability is achieved and
whether it is due to non-obligation or AML measures depends on whether their
choice not to consider an obligation was correct and, if not, whether their mitigating
measures increase GwG-compliance. However, the latter is without intent to serve
as an AML measure because of the perceived non-obligation. One participant com-
mented on (partial) failure as follows.
(Case 4; small; public) “As you realize […], we are very weak in this [i.e.,
AML] regard.”
4.8 Actors, processes and structures
Our theory describes a framework of categories which are embedded in an envi-

ronment. This environment of the AML process is a collection of factors that can
moderate the path of the company through the AML process. They influence many
of the concepts discussed above, especially their detailed properties and dimensions,
which are individual to any company and determine to which of the four cases the
company belongs. While the framework of categories within the environment is
generally fixed, the environment strongly influences the forms (i.e. properties and
dimensions) of these concepts. While many of the environmental factors influence
companies across cases, there are some differentiating factors which are discussed
below.
The first major group of environmental factors which shapes the AML process is
different actors. Awareness of AML is a necessary condition for Cases 1, 2, and 3
and an acknowledgement of the need to consider an AML obligation is a necessary
condition for Cases 1 and 2. Hence, the likelihood that a company falls into Case 3
or 4 decreases substantially when employees, especially managers, are aware of and
open towards governance and compliance topics. The following comment grounds
the causal relationship between a tone at the top, which is supportive of governance,
and a compliance department, which has the necessary resources to systematically
develop an AML implementation.
(Case 1; small; private) “It helps us a lot that our executives and our super-
visory board really support the whole governance area […] and provide the
necessary resources.”
This in turn also introduces the second major group of environmental factors:
resources are an important determinant of more comprehensive AML. Given that
AML implementations have been established in the FS for a while but are not
well known in the non-FS, know-how, especially if acquired from the FS, is a
strong separator between cases. Generally, Case 4 companies do not have AML-
specific know-how, because they would otherwise also be aware of AML and thus
not be in Case 4. Similarly, Case 3 companies are unlikely to acquire more than
basic AML know-how, because a denial of the need to consider a GwG obligation
is unlikely to coincide with comprehensive know-how of AML laws. Moreover, a
large portion of AML know-how is created by going through the AML process,
which is a reason why Case 3 companies have comparably little AML know-how,
13
and why Case 1 companies are most likely to end up with the most comprehensive
know-how. The strong correlation between know-how and proceeding through the
entire AML process is expressed in the following comment.
(Case 1; large; private) “I, personally, know that topic from my [earlier] job
in the financial industry.”
The next environmental category, AML aspect, describes how and to what
extent activities of the company with relation to risk, governance, and compli-
ance intersect with AML, whether intended or not. While most concepts of this
category are present across cases, “automatic” AML is what potentially creates
some mitigation in Case 4 companies. This means that AML-related mitigation
is achieved through activities which were created without any intention or aware-
ness of creating AML measures. The Case 4 company in our sample did not have
“automatic” AML. However, the following comment illustrates the idea of “auto-
matic” AML and shows that, while Case 4 companies exclusively conduct “auto-
matic” AML if they conduct any AML at all, “automatic” AML is not exclusive
for Case 4 companies. Especially Case 3 companies are likely to rely consciously
on “automatic” AML and/or areas with AML relations (but which are not
designed for AML exclusively). As in the following comment, “automatic” AML
is likely to be driven by the business context of the company. In this Case, the
interviewee’s company produces investment goods of high value in a business-
to-business context. Therefore, every single transaction is monitored closely as it
encompasses a significant fraction of the overall revenue of the company.
(Case 3; small; private) “In this context [i.e., selling goods of high value,
not AML-related], we have two measures: First, transactions are exclusively
cash-free. […] Second, we strictly inspect our customers’ [backgrounds].”
Concepts from the design processes do not apply to Case 4 companies, as they
do not consider AML consciously. For Cases 1, 2, and 3, however, design pro-
cesses play a role and their concepts help to distinguish the efficiency and com-
prehensiveness with which companies approach the different phases of the AML
process.
Finally, the position of a company within its supply chain exents a strong influ-
ence on the path which a company takes through the AML process. For exam-
ple, a giver company which passes liability to contractors is very likely to be a
Case 1 company, which gives it the necessary confidence to provide guidance
to suppliers or customers. A receiver company, on the other hand, is unlikely to
deny economic needs for AML when pressured by an important contract partner
to conduct AML. Hence, it will not fall into Case 2. Neither will it be in Case 4,
as it is confronted with AML by its contract partner and the necessary condition
of a starting point is hence fulfilled. As can be seen, collaboration along supply
chains considering AML generally leads to more comprehensive considerations
of the AML process. Such collaboration does not have to be restricted to the non-
FS, but can extend to include the FS, and can therefore span the entire economy.
This was expressed by the following opinion of one participant as to what would
13
be the optimal inclusion of practice in combatting money laundering. This par-

ticipant has considerable AML experience in both the FS and the non-FS and
considerable insight into both industries and how they might interact with respect
to AML. While this goes beyond our research focus on PTIG, coming back to our
motivation, it illustrates clearly how an improvement of AML in the non-FS and
a leverage of AML to a holistic view on the economy and all its actors, have the
potential to substantially improve AML-related information and therefore AML
success.
(Case 1; large; private) “Manufacturing companies […] are abused for money
laundering in a form which is not understandable for the banks. […] In these
cases, it would only be possible to roll out customer due diligence in the sup-
ply chain, namely where the best expertise about the business is found. The
banks only know the bank account owner well, and members of the supply
chain know only the next link in the chain.”
5 Conclusion
The present research examines, with the use of Grounded Theory, the current imple-
mentation of AML systems to fulfill AML regulations in the German non-FS. The
analysis of in-depth semi-structured interviews with 13 expert representatives from
eight multinational companies provides an explanatory theory as a conceptual basis
for future analysis of AML in the non-FS. The results show that the quality of AML
in the German non-FS is heterogeneous and at a rather low level. In addition to the
unfulfilled responsibility of the companies, this may partly be attributed to deficien-
cies of the regulatory authorities, especially regarding their guidance for the non-FS.
Our theory presents a comprehensive AML development process which indicates
how and at which point of the process these implementation deficiencies arise. This
relates back to our research questions asking for a systematic approach to AML
implementation, the extent to which AML laws are implemented, and how differ-
ent implementations vary. Returning to the fourth research question, strengths and
weaknesses of the different approaches are reflected in the different properties and
dimensions of the concepts of our theory, and express themselves in the respective
classification of the companies into the four cases. Finally, our results point to a
potentially more effective AML approach from adopting a broader perspective of the
economy as a whole. Consistent with individual approaches to AML along the AML
development process and consistent with a risk-based approach, participants sug-
gested that every company within a supply chain should collect and analyze AML-
relevant information for which it has the greatest expertise. Combining this informa-
tion, a more comprehensive picture on potential flows of illicit funds through supply
chains can be drawn.
This view is consistent with our motivation from prior literature that AML can
only be effective if all FS and non-FS companies conduct AML activities. Given
the shortcomings of PTIG in effectively conducting AML and the weaknesses of
different elements of the identified approaches, we provide in-depth insights into
13
the background of the weak numbers of AML in the German non-FS reported by
Bussmann et al. (2016) and Bussmann and Vockrodt (2016). Although we pro-
vide no evidence on how the occurrence of money laundering is affected by the
researched AML activities, these insights get closer to the real outcome observations
called for by Pol (2018), as we show the real effects of the regulation and the (defi-
cient) enforcement with respect to the conduct of PTIG as obliged parties. As antici-
pated from our analysis of prior literature (Keesoony 2016; Turner and Bainbridge
2018), our interviews confirmed the heterogeneity of enforcement and correspond-
ing discretion in how to implement the regulation as a major obstacle to effective
AML by PTIG.
Our rich empirical data contributes to the AML literature by filling three research
gaps. Firstly, much AML research focuses on the design of formal AML regulation
or on assessing the extent of money laundering. This research neglects the actual
implementation of AML which is the focus of the present paper. Secondly, prior lit-
erature largely relies on theoretical analysis or secondary data, such as FATF mutual
evaluation reports. We add to the scarce original data which is collected with inter-
views or surveys. Thirdly, the rare earlier studies which did collect original data or
analyzed AML implementation focused on the financial sector. To the best of our
knowledge, our study is the first in-depth analysis of actual AML in the non-FS. In
addition to filling these gaps, our theory serves as a starting point and a conceptual
basis for future research. We identified a large number of factors which determine
into which case a company falls, which detailed path it takes through the AML pro-
cess, and what quality of AML compliance the company is likely to achieve. We
hence provide detailed descriptions and preliminary explanations of differences
in AML by large multinational PTIG. Nonetheless, future research is needed to
validate the identified associations in larger samples and to find the most effective
interventions for ultimately reducing the risk of exposure to money laundering and,
hence, avoiding liability.
For practice and regulators, this paper confirms that companies and authorities
should work on establishing a systematic and comprehensive AML development
process. This would ensure that companies do not erroneously miss out on AML-
relevant information in areas in which they possess unique expertise within a supply
chain, simply because their overall AML risk is low and they therefore do not see
a need to conduct AML. On the other hand, this would also ensure that companies
do not install ineffective or inefficient AML measures merely to demonstrate AML
compliance, but without having conducted a complete assessment of relevant obliga-
tions and risks, so as to decide whether such measures are really needed from a risk-
based perspective. The presented theory points toward key factors and best practices
to help with such considerations, but also reflects on weaknesses in key concepts of
current AML implementation. However, practice demands and needs support from
the regulatory authorities to achieve a higher quality level of AML in the non-FS.
Standardized guidance would help companies to follow a comprehensive AML
development process without obvious implementation deficiencies, and at rea-
sonable cost. Such guidance has a long tradition in the FS and has contributed to
increased AML levels in the past. Participants expressed a strong desire for stand-
ardized guidance, both as instruction and as a benchmark for setting up their AML.
13
Clear guidance can also leverage outsourcing, which is explicitly encouraged by the
GwG. Finally, it would also help supervisory authorities to conduct more efficient
audits, as this would provide a framework which allows for standardized audit pro-
grams. To achieve such guidance, it would be desirable for regulators to formulate
common requirements for PTIG on a national level, just as the BaFin does for the
FS. Along with more guidance, more pressure through stricter enforcement, includ-
ing supervision and penalties for non-compliance, is needed to increase action by
the non-FS, which tends to follow lax enforcement with lax AML implementation.
This could be achieved by centralizing and professionalizing the supervision which
is currently fragmented and heterogeneous. Calls to homogenize, professional-
ize and centralize the supervision of PTIG, again following the role model of the
BaFin, have long been made, but remain unanswered (e.g. Bundesrat 2012). Such
an approach, which could also be imposed through regulatory changes, could com-
bine enhanced enforcement with enhanced guidance because a more professional
and centralized supervisor could also issue guidance, and thus assume a consulting
role, just as BaFin does.
This link between a lack of guidance and supervision and shortcomings of AML
implementations is placed in context by means of an agency theory perspective.
For the agent to follow the principal’s goal of maximally effective AML, the prin-
cipal has to either lower the cost for effective AML (e.g. by increasing guidance) or
increase the cost of missing AML compliance (e.g. by strengthening supervision).
Through this approach, we further substantiate the agency theory perspective that
earlier literature has assumed when analyzing a risk-based approach to AML (Dalla
Pellegrina and Masciandaro 2009).
Our Grounded Theory approach is limited by a rather small sample size. How-
ever, theoretical sampling and saturation mitigate the small sample size for the semi-
structured interviews. Nonetheless, it remains unclear whether the observations gen-
eralize to larger samples and whether all concepts of the theory, with their respective
properties and dimensions, cover the full variation of the respective aspect in prac-
tice. Future research should therefore consider quantitative analysis with larger
samples. It might be argued that a limitation of the theory is the focus on German
PTIG. However, all interviewees were representatives of multinational companies.
Furthermore, since the EU AML Directives and international standards are laxer
considering PTIG, the German setting lends itself to an investigation of how large
multinational manufacturers handle AML under comparably strict regulations. This
could well become relevant to regulators and companies in other jurisdictions in the
future. Future research could investigate regulatory differences for the non-FS across
countries and their impact on AML, which is assumed to be most effective when it
is seamless across countries and industries. Lastly, we related our results to the view
that the obligation of PTIG to conduct AML can be framed as an agency theory
problem between the regulator (principal) and the companies (agents). This view
could be extended to other actors identified in our theory, especially to the supervi-
sor. While in our perspective, we frame supervision as an information system, in
reality, there could be substantial information asymmetry between the company and
the supervisor on the one hand and between the supervisor and the regulator on the
other hand. The latter is especially possible when supervisors are non-experts with
13
regard to AML, and AML supervision is not their primary task (this is the case for
PTIG supervisors). Hence, two sub-problems arise which could be framed effec-
tively with agency theory. Future research could investigate this view, for instance
by interviewing supervisors and regulators and by relating their views to each other,
to the companies’ views and to the theory developed in this paper.
The major takeaway from our study is that AML in the non-FS, especially in large
multinational companies, plays an important role in the global battle against money
laundering, but still has considerable deficiencies even in a comparably strict regula-
tory setting. However, we show that there are examples of effective implementation
of the current risk-based AML regulation for PTIG, and provide a theory on how
a development process of such risk-based AML could work. We encourage future
work on money laundering in the non-FS and on a cross-country or cross-industry
level, which would take our findings one step further in contributing to more effec-
tively combatting money laundering.
Acknowledgements We thank Christopher Humphrey, Charles Bailey and Participants of the 4th Trans-
atlantic Conference of Accounting, Auditing, Financial Control and Cost Control in Lyon, France for
their valuable feedback on earlier versions of this paper.
Compliance with Ethical Standards
Conflict of Interest The authors declare that they have no conflict of interest.
Ethical approval This article does not contain any studies with human participants or animals performed
by any of the authors.
Appendix: interview guide
Note: The following questions only provide an orientation. The interview is

designed openly and should develop freely.
A. Basic questions
1. Is your company aware of the topic “money laundering risk“? To what extent? Is
the responsibility for that topic clearly assigned?
2. What money laundering risks does your company face?
B. GwG-obligations met or planned

3. Does your company meet all GwG-obligations?
a. Do you regard your regulatory authority/lawmakers as supportive for anti-

money-laundering (AML)?
13
If yes:
4. What triggered your company to implement AML?

5. What information sources were used?
6. Did you or do you have external support for the implementation of AML?
7. What implementation barriers did you face?
8. Do you have an AML-officer (internal or external)?
9. How do you meet the internal control requirements of the GwG?
10. Do you conduct a structured risk assessment considering money laundering
risks?
11. Are there any AML safeguards?
12. How do you meet documentation and archiving requirements?
13. What gaps do you see in your AML?
14. What success factors belong to and lead to good AML?
If no:
15. Is the topic unknown?

16. Is it known, but there were other reasons for not meeting the GwG?
17. What basic measures do you have in place which mitigate money laundering
risk?
18. How well developed are your internal controls?
19. Do you have a Compliance Management System?
20. What further control/monitoring elements do you have in place?
C. Other
21. Is there the willingness to set common regulatory standards in your industry/
market?
22. Do you (want to) know something about AML of your competitors/contract
partners?
23. Do you prepare an AML-report?
24. Next to the GwG, are there international/other national AML-laws which are
relevant to your company?
Backgrounds (only for the researcher, not provided to the participant)

Introduction: Intro to research (questions), anonymity, voice recording
1. Money laundering definition known? Laws known?

Risks for the company known, especially sanctions?
Action required? (Who, if no clear responsibility?)
2. Are these defined formally – if yes, by whom and on what foundation?
3. Who is a “person trading in goods”? Is your company?
13
a. Regularoty authorities: Do you know each other?

Do you contact each other? If yes, how did the contact look like?
4. Triggers
5. Know-How, also in general! Ongoing updates?
6. Possibly some duties performed by external consultants?
If yes, by whom and for what topics?
7. Position in the company/hierarchy? Funding?
Known to authorities?
Mandatory (authority’s general ruling) or voluntary?
8. General processes and identification process
risk-based approach incl. lawmakers black/white-list and simplified/enhanced
CDDs?
9. If yes, who does it, how often and who is responsible for measures derived from
its analysis?
10. Organizational instructions
Employee trainings
Transaction monitoring (business partners)
Coordination of all measures?
11. Compliance-Gaps: Compliance-measures without AML-coverage
12. Success factors
13. Company capable of AML?
What are know-how defeciencies?
14. What barriers/implementation difficulties?
Do company characteristics play a role?
15. Does it contain elements with potential to mitigate money laundering risk?
16. Do they have controls/monitoring and corresponding systems at all?
If so, how efficient are these systems? Are there efficiency efforts?
17. Risks? (after explaining ML) Is ML considered as far-fetched?
Do they have cash transactions? How do they respond to that?
ML-typologies likely for the company? (after interviewer‘s indication)
Even extant cases of ML?
Assessment of the risk of getting sanctioned?
18. Standard setting within the industry or spanning several industries?
Do they already have experience?
What are possible exchange platforms?
19. Has it ever been necessary?
Processes (internal/external STRs; Forms)?
20. If yes, what laws and how are they met?
FINAL QUESTION: What would you like to share with us that we did not talk
about at all or sufficiently?
13
References
Abel, A. S., & MacKay, I. A. (2016). Money laundering: Combating a global threat. Journal of
Accountancy, 222(3), 45–49.
an der Brügge, B. (2012). Friseur wegen Geldwäsche zu vier Jahren Haft verurteilt. (2012, West-
deutsche Allgemeine Zeitung.
Asia/Pacific Group on Money Laundering (2012). APG typology report on trade based money laun-
dering. http://www.fatf-gafi.org/media/fatf/documents/reports/Trade_Based_ML_APGReport.
pdf. Accessed August 3, 2018.
Basel Institute on Governance (2016). Basel AML index 2016 report. https://index.baselgovernance
.org/sites/index/documents/Basel_AML_Index_Report_2016.pdf. Accessed August 3, 2018.
Bausch, O., & Voller, T. (2014). Geldwäsche-Compliance für Güterhändler. Wiesbaden: Springer
Fachmedien.
Braithwaite, J. (2013). Flipping markets to virtue with qui tam and restorative justice. Accounting,
Organizations and Society, 38(6–7), 458–468.
Bundeskriminalamt (2014). Jahresbericht 2014 Financial Intelligence Unit (FIU) Deutschland. https
://www.bka.de/Shared Docs/ Downlo ads/DE/Publik ation en/JahresberichteUn dLagebilder/FIU/
Jahresberichte/fiuJahresbericht2014.html?nn=28276. Accessed August 3, 2018.
Bundesrat (2012). Drucksache 701/1/12 - Empfehlungen der Ausschüsse Fz - Wi zu Punkt ….. der
904. Sitzung des Bundesrates am 14. Dezember 2012 Gesetz zur Ergänzung des Geldwäschege-
setzes (GwGErgG). http://www.bundesrat.de/SharedDocs/drucksachen/2012/0701-0800/701-1-
12.pdf?__blob=publicationFile&v=1. Accessed July 6, 2018.
Bussmann, K. -D. (2015). Dark figure study on the prevalence of money laundering in Germany and
the risks of money laundering in individual economic sectors: Summary. https://www.schleswig-
holste in.de/DE/Fachin halte /M/marktu eber wachun g/Downlo ads/Geldwa esche /dunkel feldstudi
e_geldwaesche_Dtld.pdf?__blob=publicationFile&v=1. Accessed August 3, 2018.
Bussmann, K.-D., Nestler, C., & Salvenmoser, S. (2016). Wirtschaftskriminalität in der analogen und
digitalen Wirtschaft 2016 PricewaterhouseCoopers AG Wirtschaftsprüfungsgesellschaft. Halle:
Martin-Luther-Universität Halle-Wittenberg.
Bussmann, K.-D., & Vockrodt, M. (2016). Geldwäsche-Compliance im Nicht-Finanzsektor: Ergeb-
nisse aus einer Dunkelfeldstudie. Compliance-Berater, 5, 138–143.
Camdessus, M. (1998). Money laundering: The importance of international countermeasures. http://
www.imf.org/external/np/speeches/1998/021098.htm. Accessed August 3, 2018.
Cappel, A. (2017). Prävention gegen Geldwäsche ausgeweitet. (2017, 04/08/2017). Frankfurt:
Börsen-Zeitung.
Charmaz, K. (2014). Constructing Grounded Theory (2nd ed.). London: Sage.
Chong, A., & Lopez-De-Silanes, F. (2015). Money laundering and its regulation. Economics and Poli-
tics, 27(1), 78–123.
Choo, K.-K. R. (2013). New payment methods: A review of 2010-2012 FATF mutual evaluation
reports. Computers & Security, 36, 12–26.
Choo, K.-K. R. (2014). Designated non-financial businesses and professionals: A review and analysis
of recent financial action task force on money laundering mutual evaluation reports. Security
Journal, 27(1), 1–26.
Committee of Sponsoring Organizations of the Treadway Commission. (2004). Enterprise risk man-
agement: Integrated framework—executive summary. Montvale: Committee of Sponsoring
Organizations of the Treadway Commission.
Committee of Sponsoring Organizations of the Treadway Commission. (2017). enterprise risk man-
agement: Integrating with strategy and performance—executive summary. Montvale: Committee
of Sponsoring Organizations of the Treadway Commission.
Corbin, J., & Strauss, A. (2015). Basics of qualitative research (4th ed.). Los Angeles: Sage.
Dalla Pellegrina, L., & Masciandaro, D. (2009). The risk-based approach in the New European anti-
money laundering legislation: A law and economics view. Review of Law & Economics, 5(2),
931–952.
Davies, M. (2017). DA Will Lay criminal charges against SAP, Gupta-linked CAD house amid R100 M
Kickback Claims. (2017, 17/07/2017). New York City: Huffington Post.
13
Delston, R. S., & Walls, S. C. (2012). Strengthening our security: A new international standard on trade-
based money laundering is needed now. Case Western Reserve Journal of International Law, 44(3),
737–746.
Demetis, D. S. (2018). Fighting money laundering with technology: A case study of Bank X in the UK.
Decision Support Systems, 105, 96–107.
Department of the Treasury (2015). National Money Laundering Risk Assessment 2015. https://www.
treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Money%20Launderi
ng%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf. Accessed August 3, 2018.
Eisenhardt, K. M. (1989). Agency theory: An assessment and review. Academy of Management Review,
14(1), 57–74.
Federal Financial Supervisory Authority (BaFin, 2017). Prevention of money laundering. https://www.
bafin.de/EN/Aufsicht/Uebergreifend/Geldwaeschebekaempfung/geldwaeschebekaempfung_node_
en.html;jsessionid=5CD6C92A8F9525D831FE1AD488248FE2.1_cid381. Accessed August 3,
2018.
Ferwerda, J. (2009). The economics of crime and money laundering: Does anti-money laundering policy
reduce crime? Review of Law & Economics, 5(2), 903–929.
Ferwerda, J., Kattenberg, M., Chang, H.-H., Unger, B., Groot, L., & Bikker, J. A. (2013). Gravity models
of trade-based money laundering. Applied Economics, 45(22), 3170–3182.
Financial Action Task Force (FATF) (2006). Trade Based Money Laundering. http://www.fatf-gafi.org/
media/fatf/documents/reports/Trade%20Based%20Money%20Laundering.pdf. Accessed August 3,
2018.
Financial Action Task Force (FATF) (2012). International standards on combating money laundering
and the financing of terrorism & proliferation: The FATF recommendations. http://www.fatf-gafi.
org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf. Accessed August
3, 2018.
Financial Action Task Force (FATF) (2015). Mutual evaluations: Mutual Evaluation Germany. http://
www.fatf-gafi.org/topics/mutualevaluations/documents/mutualevaluationofgermany.html. Accessed
August 3, 2018.
Gelemerova, L. (2009). On the frontline against money-laundering: The regulatory minefield. Crime,
Law and Social Change, 52(1), 33–55.
German Banking Industry Committee (2014). Auslegungs- und Anwendungshinweise der DK zur Verhin-
derung von Geldwäsche, Terrorismusfinanzierung und “sonstigen strafbaren Handlungen”. https://
die-dk.de/media/files/DK-HinweiseStand_Februar2014.pdf. Accessed August 3, 2018.
Gilmour, N. (2016). Understanding the practices behind money laundering: A rational choice interpreta-
tion. International Journal of Law, Crime and Justice, 44, 1–13.
Glaser, B. G., & Strauss, A. L. (1967). The discovery of grounded theory: Strategies for qualitative
research. New York: Aldine.
Gregor, S. (2006). The nature of theory in information systems. MIS Quarterly, 30(3), 611–642.
Herzog, F. (2014). Einleitung. In F. Herzog & O. Achtelik (Eds.), Geldwäschegesetz (2nd ed.). Munich:
Beck.
Horton, J., Macve, R., & Struyven, G. (2004). Qualitative research: Experiences in using semi-structured
interviews. In C. Humphrey & B. Lee (Eds.), The real life guide to accounting research: A behind-
the-scenes view of using qualitative research methods (pp. 339–357). Oxford: Elsevier.
Joint Committee of the European Supervisory Authorities (2017). Joint opinion on the risks of
money laundering and terrorist financing affecting the Union’s financial sector. https://www.
eba.europ a .eu/docum e nts/10180 / 17597 5 0/ESAS+Joint + Opini o n+on+the+risks + of+money
+laundering+and+terro r ist+finan c ing+affec t ing+the+Union % E2%80%99s+finan cial+secto
r+%28JC-2017-07%29.pdf. Accessed August 3, 2018.
Keesoony, S. (2016). International anti-money laundering laws: The problems with enforcement. Journal
of Money Laundering Control, 19(2), 130–147.
Kirk, N., & van Staden, C. (2001). The use of grounded theory in accounting research. Meditari Account-
ing Research, 9(1), 175–197.
McCarthy, K. J., van Santen, P., & Fiedler, I. (2015). Modeling the money launderer: Microtheoreti-
cal arguments on anti-money laundering policy. International Review of Law and Economics, 43,
148–155.
Naheem, M. A. (2018). Illicit financial flows: HSBC case study. Journal of Money Laundering Control,
21(2), 231–246.
13
OECD (2009). Money laundering awareness handbook for tax examiners and tax auditors. http://
www.oecd-ilibrary.org/docser ver/download/2309141e.pdf?expires=1511518072&id=id&accna
me=oid016923&checksum=40829091C9B2A78EF4183AB92074D9FE. Accessed August 3, 2018.
Omar, N., Johari, R. J., Azam, M. A. M., & Hakim, N. O. (2015). Mitigating money laundering: The
role of designated non-financial businesses and professions in Southeast Asian Countries. In H. G.
Djajadikerta & Z. Zhang (Eds.), A new paradigm for international business (pp. 285–294). Singa-
pore: Springer.
Pol, R. F. (2018). Anti-money laundering effectiveness: Assessing outcomes or ticking boxes? Journal of
Money Laundering Control, 21(2), 215–230.
Prinsloo, L. (2017). U.S. Authorities Probe Germany’s SAP as Gupta Scandal Escalates. (2017,
10/26/2017). New York City: Bloomberg.
Quedenfeld, R. (2017). Grundlagen der Geldwäschebekämpfung. In R. Quedenfeld (Ed.), Handbuch
Bekämpfung der Geldwäsche und Wirtschaftskriminalität (4th ed., pp. 19–60). Berlin: Erich
Schmidt Verlag.
Stralau, M. (2017). Autohändler muss ins Gefängnis. (2017, 08/23/2017). Frankfurt: Märkische
Oderzeitung.
Turner, S., & Bainbridge, J. (2018). An anti-money laundering timeline and the relentless regulatory
response. The Journal of Criminal Law, 82(3), 215–231.
Unger, B., & den Hertog, J. (2012). Water always finds its way: Identifying new forms of money launder-
ing. Crime, Law and Social Change, 57(3), 287–304.
Unger, B., Siegel, M., Ferwerda, J., de Kruijf, W., Busuioic, M., Wokke, K., et al. (2006). The amounts
and the effects of money laundering. http://www.ftm.nl/wp-content/uploads/2014/02/witwassen-in-
nederland-onderzoek-naar-criminele-geldstromen.pdf. Accessed August 3, 2018.
United Nations Office on Drugs and Crime (UNODC) (2018). Money-laundering and globalization. https
://www.unodc.org/unodc/en/money-laundering/globalization.html. Accessed August 3, 2018.
United States Department of State (2016). International narcotics control strategy report: Volume II—
money laundering and financial crimes. https://www.state.gov/documents/organization/253983.pdf.
Accessed August 3, 2018.
Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published
maps and institutional affiliations.
Christian Friedrich is a Phd student at Darmstadt University of Technology (Germany). His research
interests are mainly in auditing, for example fraud and auditor reputation, and in forensic accounting.
Reiner Quick is a professor of accounting and auditing at Darmstadt University of Technology (Germany).
He completed his PhD at Mannheim University in 1990 and held professorships at the Universities of
Essen, Münster, and Souther Denmark. His research interests are mainly in auditing; for example, audit
quality, auditor independence, the auditor’s report, auditor choice, or auditor change.
13

AML - Non-Financial Sector in Germany

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AML - Non-Financial Sector in Germany

Uploaded by

Copyright:

Available Formats

Journal of Management and Governance (2019) 23:1099–1137

An analysis of anti‑money laundering in the German

Christian Friedrich1 · Reiner Quick1

Published online: 13 February 2019

Keywords Money laundering · AML Directive · Grounded Theory · Non-financial

Recently, the fourth Anti-Money Laundering Directive of the European Union

2 Background and prior research

Table 1 Key AML requirements for the non-financial sector

Table 2 Characteristics of the semi-structured interviews participants’ companies

< 20,000 3 <5 4 Automobile 1 Yes 4

3 Grounded theory and data collection

AML in the non-FS:

Responsibility 2 Skip AML-related activities; goal: fulfill regulation

3 Skip regulation; goal: avoid dirty money

Fig. 1 Grounded Theory for AML in the non-financial sector

Category Concepts Properties and dimensions

Laws underlie constant change Problem versus chance

Category Concepts Properties and dimensions

Prevalence of cash None-large amounts; more likely for B2C/time-critical transac-

Category Concepts Properties and dimensions

Conduct: Unstructured-well defined; integrated-stand alone; automation;

Release from liability

Category Concepts Properties and dimensions

Scope What is, what will be, what can be

determinants of the likelihood of a company considering AML in more detail. For

output of the determination process is the perceived obligation, which is described

A dominant theme across cases is that companies try to achieve a balance

4.7 Release from liability

4.8 Actors, processes and structures

Our theory describes a framework of categories which are embedded in an envi-

be the optimal inclusion of practice in combatting money laundering. This par-

Compliance with Ethical Standards

Appendix: interview guide

Note: The following questions only provide an orientation. The interview is

B. GwG-obligations met or planned

a. Do you regard your regulatory authority/lawmakers as supportive for anti-

4. What triggered your company to implement AML?

15. Is the topic unknown?

Backgrounds (only for the researcher, not provided to the participant)

1. Money laundering definition known? Laws known?

a. Regularoty authorities: Do you know each other?

You might also like

2 Background and prior research

3 Grounded theory and data collection

4.7 Release from liability

4.8 Actors, processes and structures