The recent fines dealt out to two UK banks by the Financial Services Authority (FSA) for non-compliance with anti-money laundering legislation has raised concerns that more firms are likely to be charged this year.

Earlier this month, the Bank of Scotland was fined £1.25m for failing to keep sufficient customer records, while High Street bank Abbey received a £2.3m fine last year. How companies use IT will play an important role in avoiding falling foul of the law in the future.

The danger of further penalties is greatest for small and mid-size financial services organisations struggling to understand what technology and processes are required, without attracting the attention of the FSA.

The problem is exacerbated by a lack of clarity in the rules about how far firms need to go, with the guidelines advising a risk-based approach to transaction monitoring, but without detailing anything more prescriptive.

'Some companies are unsure whether or not they need to put a complex IT system in place in order to comply,' said Peter Dorrington, head of fraud solutions at software vendor SAS.

'But they're also not terribly inclined to ask the FSA, because they don't want to draw attention to any potential shortcomings they may have,' he said.

The predicament is that it's not necessarily possible to improve the legislation right now - due to the complex and varied methods of money laundering activities - but that doesn't remove the need for rules.

'The FSA is not in a position where it can write a prescriptive handbook that covers all circumstances. That simply wouldn't be possible,' said Dorrington.

Graeme Yorston, IT director for sales and propositions at Abbey, said: 'It is difficult when some of these regulatory changes that we know are coming down the line are not as well defined as they could be.'

The result is likely to be more fines this year for non-compliance, not only for banks, but also for insurance companies and other financial firms.

A spokesman for the FSA says other cases are being looked at in relation to money laundering controls, but could not comment on their status.

'When those will come to fruition, I can't say,' he said.

'It would be very hard to lay down a prescriptive requirement on what banks should look out for. The very nature of the beast is that money laundering is always developing and changing.'

Jeremy Thorp, director for financial crime at the British Bankers Association, says anti-money laundering is an important issue for the FSA right now.

'I think the number of fines means that the FSA is currently taking the legislation very seriously,' he said.

Thorp advises firms to obtain newly revised guidance notes that are due to be published by industry body the Joint Money Laundering Steering Group in the coming weeks.

Although the nature of the crime makes it difficult to provide figures, the Scotsman reported evidence last week suggesting that money laundering in the UK may amount to anything up to £100bn per year.

Morgan Stanley takes action to stay in line

The FSA concludes up its 'Reducing money laundering risk' discussion paper this week, which is intended to stimulate debate on the two primary controls used for curbing suspicious activity: customer identification and transaction monitoring.

'The FSA lays down the rules that firms have to follow, and they're very high level. We encourage firms to take a risk-based approach to this issue,' said a spokesman for the regulator.

'If you're a small firm, you may not require a sophisticated computer system, which I think is what a lot of people think we're asking for. It's what appropriate to a firm's business,' he said.

Although the regulator's rules don't prescribe the use of automated systems to deal with anti-money laundering activity, various analysis tools are being employed by banks to deal with the problem.

Last summer, investment bank Morgan Stanley implemented a global reporting system to help it comply with anti-money laundering legislation.

'There were three main components that affected us. We had to establish an anti-money laundering programme, collect more information about customers, and increase our suspicious activity reporting,' said executive director for technology strategy Arthur Riel.

The firm has also appointed a compliance officer, established a suspicious activity reporting system and created a preliminary governance structure for the initiative.