For payment institutions (PIs) and e-money firms (EMI’s), few anti-money laundering (AML) concepts create as much practical uncertainty as Source of Funds (SOF) and Source of Wealth (SOW).
Both play an important role in understanding customer risk, yet firms often struggle with when each is required, how much information is enough, and what regulators expect in practice. The result can be inconsistent customer outcomes, unnecessary friction during onboarding, or controls that are either disproportionate or insufficient.
The good news is that the Money Laundering Regulations 2017 do not require firms to obtain SOF or SOW in every case. Instead, they reinforce a risk-based approach. The objective is not to collect more documents, but to understand whether customer activity is credible, consistent and aligned with the firm’s assessment of risk.
What is the difference between Source of Funds and Source of Wealth?
Although the terms are often used interchangeably, they serve different purposes.
Source of Funds (SOF) | Source of Wealth (SOW) |
Explains where the money involved in a specific transaction or business relationship comes from. | Explains how the customer accumulated their overall wealth. |
Transaction-focused. | Customer-focused. |
Commonly relevant during ongoing monitoring, unusual transactions and enhanced due diligence. | Typically required in higher-risk relationships, particularly PEPs. |
Typically required in higher-risk relationships, particularly PEPs.
Understanding the distinction is important. Confusing SOF and SOW can lead to unnecessary customer requests or, conversely, insufficient scrutiny where greater understanding is required.
What do the Money Laundering Regulations require?
The Money Laundering Regulations 2017 require firms to understand customer activity and ensure it is consistent with the customer’s expected risk profile.
Importantly, they do not require firms to obtain SOF or SOW in every case. Instead, firms should apply a proportionate, risk-based approach.
In practice, this means:
- using SOF and SOW to understand customer activity whereappropriate;
- scaling enquiries according to the level of financial crime risk; and
- ensuring customer activity is credible, explainable and consistent with the firm’s understanding of the relationship.
When is Source of Funds required?
In practice, SOF is most relevant when firms need to understand or validate specific transactions.
Typical examples include:
1. Ongoing monitoring and unusual activity
Where transactions are:
- unusually large;
- complex; or
- inconsistent with expected behaviour.
In these situations, firms should understand where the funds originated and whether the activity is consistent with the customer’s profile.
2. Enhanced due diligence (EDD)
Where enhanced due diligence (EDD) is required, firms should obtain additional information about the origin of funds and understand what money is expected to move through the relationship.
3. Politically exposed persons (PEPs)
Where a customer is identified as a PEP, firms must take appropriate measures to establish the source of funds involved in the relationship or relevant transactions.
When is Source of Wealth required?
SOW is typically reserved for higher-risk scenarios, where understanding a customer’s broader financial background is necessary.
Typical triggers include:
1. PEP relationships
For PEP relationships, firms are required to establish both:
- Source of Funds.
- Source of Wealth.
This is critical in assessing exposure to corruption or misuse of public funds.
2. High-risk jurisdictions or relationships
Where relationships involve higher-risk jurisdictions, elevated financial crime risks or other factors requiring enhanced due diligence, firms may need to understand the customer’s broader financial background to support a more rigorous risk assessment.
A common mistake: treating SOF and SOW as a document collecting exercise
One of the most persistent weaknesses observed in firms is treating SOF and SOW as a simple exercise in collecting documents..
In reality, documents are only part of the picture.
Good practice requires firms to assess whether:
- the explanation is credible;
- the information is proportionate to the risk; and
- the activity is consistent with the customer profile.
For example, a payslip may support an employment income narrative, but it may not explain a large one-off transaction that significantly exceeds expected earnings.
Information vs verification: getting the balance right
Another common area of confusion is the difference between obtaining information and verifying it.
In lower-risk cases, a reasonable explanation may be sufficient. However, in higher-risk cases firms should seek reliable and independent evidence. This distinction is critical to demonstrating a proportionate, risk-based approach.
What does good look like in practice?
Strong frameworks are typically built around five key principles.
Define clear triggers
Identify when SOF and SOW should be considered, such as transaction thresholds, enhanced due diligence or PEP relationships.
Assess the whole picture
Review customer activity holistically rather than relying on individual documents in isolation.
Apply proportionate evidence
Scale evidence requirements according to customer risk, transaction complexity and the credibility of the explanation provided.
Escalate where appropriate
Provide clear guidance on when matters should be referred to Compliance, the MLRO or senior management.
Maintain a clear audit trail
Document not only the information obtained, but also why it was considered sufficient to support the firm’s assessment.
Common Source of Funds and Source of Wealth mistake
Across the industry, similar issues continue to raise:
- treating SOF and SOW as interchangeable;
- collecting documents without assessing whether theyactually explainactivity;
- assuming funds arelow riskbecause they originate from a regulated account;
- overlooking third-party funding risks;
- failing to refreshinformation when risk or behaviour changes; and
- applying EDD without documenting rationale.
Even well-designed AML frameworks can be undermined where these issues are not addressed consistently.
Final thought: it’s about understanding, not paperwork
Ultimately, SOF and SOW checks are not standalone requirements – they are part of a broader objective.
Firms that apply clear, risk-based triggers, focus on credibility rather than documentation alone, and maintain well-evidenced decision-making are better placed to identify financial crime risks while demonstrating compliance with regulatory expectations.
When approached correctly, SOF and SOW are not a compliance burden they are essential tools in identifying and mitigating financial crime risk.
How fscom can help
fscom supports payment institutions, e-money institutions and other regulated firms with AML framework reviews, customer due diligence, enhanced due diligence, financial crime risk assessments, regulatory remediation and AML and financial crime audits.
If you would like to review your Source of Funds and Source of Wealth framework or assess whether your controls reflect current regulatory expectations, get in touch.