Source of funds vs source of wealth: a compliance officer’s guide

Financial Action Task Force (FATF) Recommendation 12, adopted in the 2012 standard revision, requires financial institutions to establish both source of wealth and source of funds when onboarding politically exposed persons (PEPs) or when a customer’s risk profile triggers enhanced due diligence (EDD). Regulators continue to find these checks missing, incomplete, or treated as interchangeable across supervised institutions.

Between $800 billion and $2 trillion is laundered globally each year, equal to 2 to 5 percent of global GDP (UNODC Money Laundering Overview), and source verification gaps consistently appear in the audit trails that follow enforcement findings. The distinction is conceptually straightforward but operationally easy to miss. This guide defines each check precisely, maps the regulatory triggers, and outlines the documentation that satisfies examiners.

Source of funds (SoF) is the origin of money used in a specific transaction or business relationship. The complementary check, source of wealth (SoW), traces how a customer accumulated their total assets over time. Both are components of EDD, operating at different levels. SoF is transaction-anchored. SoW is biographical.

What is the source of funds?

Source of funds mean the origin of funds/assets that were used for a particular transaction. Source of funds addresses the transaction-level question of where money for a specific deposit, investment, or business relationship actually came from. Compliance teams collect SoF documentation at the point of a particular financial activity, not as a general portrait of the customer’s full financial life. The check covers one discrete event and the paper trail connecting that event to a legitimate origin.

SoF documentation standards

Regulatory examiners look for a paper trail connecting the declared source to the actual funds. A bank statement covering the incoming transfer satisfies SoF when the balance aligns with the declared amount and the transaction description matches the stated origin. Where the declared source is a business sale, a signed sale agreement combined with the corresponding bank receipt typically meets the standard under customer due diligence (CDD) frameworks. For salary-based deposits, payslips covering the relevant period alongside bank records showing the salary credit are the baseline expectation.

What are the examples of source of funds?

Source of funds examples can vary depending on who actually performed a transaction. For example for an individual it could be employment income, gifted money, inheritance, sale of an asset like a vehicle or a house, business profit or dividend money, or money obtained through a loan or credit and for business it could be a bank loan/credit, sale of an asset, investments, income from business operations/lease/rentals or other one-time/periodic events.

What is the source of wealth?

Source of wealth answers a biographical question about how a customer built their total financial position. SoW is a longer retrospective exercise tracing accumulated assets, employment history, inheritance, business ownership, and investment returns across the customer’s life. Unlike SoF, which is anchored to one transaction, SoW describes the full financial story from which specific funds are drawn.

When SoW checks are required

SoW checks are mandatory for PEPs under FATF Recommendation 12, with no risk-based exception available for this category. As of July 2025, the EU Anti-Money Laundering Authority (AMLA) has begun direct supervision of the highest-risk entities across EU member states, raising the threshold for SoW evidence across EU-regulated institutions. Beyond PEPs, SoW is expected for high-net-worth individuals whose declared wealth is inconsistent with their documented income, clients from jurisdictions flagged for elevated money laundering risk, and company directors connected to opaque ownership chains.

What are examples of source of wealth

Source of wealth evidence spans a longer period and draws from more source types than SoF. Therefore, source of wealth examples include tax returns across multiple years, company ownership records, audited accounts from a business the customer owns, inheritance documents such as probate certificates, long-term investment records, and employment history with cumulative earnings evidence all contribute to a SoW file. Some institutions also request a signed source of wealth declaration from the customer as an anchoring document, which is then used to cross-check the supporting evidence. Examiners do not expect a complete forensic reconstruction of every financial event, but they do expect a coherent narrative showing how the total declared wealth was built and is consistent with the customer’s profile.

What is the difference between a source of wealth and a source of funds?

Source of funds and source of wealth answer different questions at different levels of the customer file. SoF is transactional. SoW is biographical. SoF covers one event. SoW covers a financial lifetime. The most common EDD shortcoming found in regulatory reviews is this conflation. An institution that collected payslips for a single deposit but has no record of how a customer’s seven-figure account balance was accumulated across the prior decade exemplifies the gap.

The practical implication is that a completed SoF check does not discharge the SoW obligation, and collecting SoW documentation does not replace the need to trace individual transactions. Both checks are treated as distinct line items in most national implementations of FATF standards. Compliance teams working through KYC regulations across EU, UK, and APAC jurisdictions will find the same distinction drawn consistently, with SoF and SoW mapped to different clauses in each national transposition.

When do compliance teams need source of funds vs source of wealth checks?

The trigger framework for SoF and SoW depends on the customer’s risk category, the specific transaction type, and the regulatory regime the institution operates under. Blanket application of both checks to standard-risk accounts creates unnecessary compliance friction. For customers who qualify for EDD, skipping either check creates the audit gaps that regulators consistently find. The distinction between which check applies and when is exactly what a documented EDD procedure needs to specify.

EDD trigger categories by customer type

PEPs have required both SoF and SoW under FATF Recommendation 12 since the 2012 standard revision, and this obligation applies regardless of whether the PEP’s risk profile would otherwise qualify for simplified due diligence. High-net-worth individuals trigger SoW when declared wealth is inconsistent with documented income, or when the customer’s jurisdiction carries elevated money laundering risk as assessed by the institution’s own risk framework. Business customers require SoF for transactions above institution-agreed thresholds, and SoW for any beneficial owner who is themselves a PEP or high-risk individual identified during KYC onboarding. Standard retail customers require SoF for specific high-value transactions only, and do not trigger SoW requirements without an additional risk indicator such as a sanctions hit, unusual transaction pattern, or PEP link identified through ongoing screening.

Common mistakes in SoF and SoW verification

Most source verification failures in regulatory findings point to the same procedural gaps, not isolated errors on individual files.

Customer declarations accepted without independent corroboration are the most recurring findings across regulated sectors. Regulators expect institutions to verify, not record. Many compliance teams also collect SoF for a specific transaction and assume SoW is covered, but the two checks address fundamentally different questions about the customer file, and examiners treat them as separate obligations.

The SoW check creates further problems when treated as static. AML monitoring frameworks require institutions to flag changes in customer risk that warrant a SoW refresh, particularly for accounts where the value of the relationship has grown substantially since onboarding. An SoW file collected three years ago for a low-volume investor who now holds a seven-figure position is no longer adequate without a review. An inconsistent application across equivalent risk profiles, where detailed SoW evidence is collected for some PEPs while thinner documentation is accepted for others with comparable profiles, signals to examiners that the procedure is discretionary rather than systematic, which compounds the finding.

How Shufti helps compliance teams run EDD checks

Source verification sits inside the broader EDD workflow. The operational bottleneck is almost always the same. Compliance teams need to know which customer files require SoW documentation rather than SoF alone, and those assessments need to stay current as risk profiles change.

Shufti’s AML screening runs real-time checks against 100,000+ data sources, 3,500+ global watchlists, and 2.6 million PEP profiles, so compliance teams identify EDD-trigger customers at the point of onboarding rather than during a retrospective audit review. The user risk assessment module adds automated risk scoring that flags when a customer’s profile changes in a way that warrants a SoW refresh, replacing periodic manual reviews with event-driven triggers tied to screening outputs.

The documentation collection itself remains with the compliance officer. But the screening that determines whether SoF alone is sufficient or whether a full SoW investigation is warranted runs continuously in the background. That separation between automated risk signalling and human judgement on document adequacy is where EDD workflows gain both consistency and defensibility in enforcement proceedings.