The Know Your Customer (KYC) process is performed to verify the identity of new customers, and to prevent illegal activities, such as money laundering or fraud. KYC is undertaken as part of Anti-Money Laundering (AML) requirements.
Conducting KYC and adhering to AML regulations protects both the company and its customers.
KYC is a key part of AML activity – and both AML and KYC are essential parts of due diligence in banking. KYC refers to the checks that banks (and other organizations) must carry out to establish a customer is who they claim to be, and involves verifying the identity and documentation of the customer and establishing the level of risk they pose. AML or Anti-Money Laundering refers to the regulatory processes in place to control money laundering, fraud, and financial crime.
KYC and AML is vital in the banking sector – given the potential for financial transactions to be criminal or fraudulent. Together, KYC and AML checks play a crucial role in safeguarding businesses and financial institutions from unlawful activities while maintaining the integrity of their operations and the security of their clients’ assets.
AML and KYC regulations were introduced to try and control the problems of money laundering, fraud, and other forms of financial crime.
The United Nations reports that money laundering accounts for 2- 5% of global GDP (around US$800 billion to US$2 trillion). As such, AML regulations are vital in the effort to protect the financial services industry against fraud and money laundering.
Having robust AML and KYC procedures in place is the best way for banks, fintechs, and other financial institutions to protect their platforms from misuse.
Verifying a new customer’s identity, establishing the level of risk they might pose, and then monitoring them throughout the relationship is not only essential for protection, but also a legal requirement.
There is, however, another important aspect to AML and KYC in banking: While security and protection are key, these processes also form a vital early part of the customer experience. Customers want to feel secure, but they also want an easy and friction-free experience. Implementing intuitive AML and KYC procedures can offer this, thereby improving conversion rates and creating the right first impression.
Processes for AML, Combating the Financing of Terrorism (CFT), and KYC are well defined in most countries’ AML regulations. Note that KYC is a subset of AML and CFT, and refers to the risk-based approach to customer identification and verification that forms part of AML requirements.
AML, CFT and KYC procedures must include:
The broader concepts of AML and CFT also include:
AML and CFT procedures are usually supported by a variety of digital tools and software, and although various providers offer AML and KYC services and solutions, not all are equal. In recent years, there has been a significant shift to automated solutions supported by machine learning and artificial intelligence. When choosing the best AML/KYC service provider, there are several things to bear in mind.
In Europe, KYC and AML are governed by the European Parliament’s Anti-Money Laundering Directives (AMLD) regulations (first issued and 1991 and most recently updated in 2021 with 6AMLD) and the eIDAS Regulations. The UK has similar regulations, enacted via the Proceeds of Crime Act 2002, the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019), and the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. Read our blog to discover more about how KYC technology is being used to clean up the UK’s financial services sector.
Some of the principal areas of AML and KYC legislation that banks must comply with include:
Established set of AML/CFT internal processes. These should follow relevant regulations and be understood and implemented by all associated staff.
This includes both individual and business customers. For businesses, checks that the company is legitimate and checks on the identity of the owners should be carried out.
Simplified Due Diligence (SDD), which includes simpler identity checks, is used for customers and accounts at minimal risk of money-laundering involvement. Enhanced Due Diligence (EDD) is used when a customer poses a higher risk of money laundering or terrorist financing activity.
These include transaction monitoring, PEP screening, and checking sanctions and watchlists.
AML and CFT are not one-off exercises. Customers and transactions must be monitored on an ongoing basis. Depending on the risk level of the customer, this could include regular PEP screenings, checking sanctions and watchlists, and adverse media.
Good AML procedures will reduce, but not eliminate money laundering and other forms of financial crime. There is also the challenge of false-positive results. Banks need processes in place to report and escalate cases (both internally and with appropriate authorities) and ensure an audit trail.
Money laundering and other types of financial crime not only have a massive impact on banks but also the wider economy. As such, financial services are heavily regulated. Rules regarding AML and KYC, first introduced by the Financial Action Task Force (FATF) in the 1990s, are still followed by over 190 countries.
In Europe, KYC and AML are governed by the AMLD and eIDAS regulations. The AMLD regulations were first issued in 1991 but have since seen several updates and improvements.
Most updates coincided with the launch of the 5th Anti-Money Laundering Directive (5AMLD) in 2020, and 6AMLD in 2021. 5AMLD added a new focus on sources of finance (including pre-paid cards and cryptocurrencies) and further developed the concept and monitoring of PEP. 6AMLD focused on ensuring consistent understanding and treatment across the EU.
Although AMLD regulations are implemented into law in each EU country, there are some differences, such as in Germany, where there is an additional independent law, known as the German Anti-Money Laundering Act (Geldwäschegesetz, abbreviated GWG). Read our blog to discover how KYC and AML solutions are playing an increasing role in tackling money laundering in Germany.
The UK has similar regulations to Europe, enacted via the Proceeds of Crime Act 2002, and the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019).
An area that often sees many regional differences is whether automated identity verification is legally allowed to be used. For example, Germany requires a video-based KYC process to verify an individual’s identity, whereas the UK, as one of the most progressive regulatory areas, permits fully automated identity verification using AI techniques and biometrics. With constantly changing regulatory environments, it is important to use a software solution that can be adapted to manual, hybrid, and automated verification.
Confusion often arises regarding the difference between KYC and AML. They do refer to some of the same requirements, but KYC should be considered a subset of AML requirements. AML refers to all regulatory processes in place to control money laundering, fraud, and financial crime, while KYC is the risk-based approach to customer identification and verification that forms part of AML requirements.
KYC procedures include CDD (Customer Due Diligence) and EDD (Enhanced Due Diligence). CDD is about establishing a customer’s risk level and to what extent they can be trusted. Higher-risk customers require enhanced checks under EDD.
AML and CFT (Combatting the Financing of Terrorism) are linked and often referred to together. Many banks and other institutions will refer to an AML/CFT program.
However, there are differences in scope between the two terms. CFT refers to a broader issue involving all financing of terrorist organizations or acts. This could be from both legal and illegal sources.
In the case of AML, the funds involved are of an illegal origin (with attempts made to conceal the source).
KYC is a subset of the requirements of both AML and CFT. It involves the identification and risk assessment of any customer, whatever the potential criminal involvement.
AML and by inclusion, KYC are strictly regulated in most countries. These regulations stem back to early guidance from the FATF. Each authority now has its own regulations, embedded into national law, but the contents and concepts are intricately linked with FATF guidance.
In Europe, regulations are set by the European Parliament through the Anti-Money Laundering Directives (AMLD). Each EU country implements these into its legal system and empowers a national regulator to oversee compliance.
The two basic mandatory KYC documents are proof of identity with a photograph and a proof of address. These are required to establish one’s identity at the time of opening an account, such as a savings account, fixed deposit, mutual fund, and insurance.
IDnow & KYC
Learn more how KYC and Autoldent, download our free AML Fact Sheet.
Step up your KYC game
As there is no one KYC Process, what it really comes down to is knowing the needs of your institution and complying with regulations, but don’t worry because IDnow is here to assist in finding the right solution just for you.
Learn in a first chat with one of our experts how the IDnow Proofing Platform enables you to get your KYC process up and running!
Digital verification via video-chat, backed by AI-technology. Our AML-compliant solution meets high security requirements.
Automated, AI-powered identity verification for users all over the world – anytime, anywhere. And AML-compliant.
Our automated instant identity verification is based on Artificial Intelligence and Machine Learning. It’s simple, secure, and available anywhere, at any time.
Identity verification is in the process of being certified by the ANSSI and complies with the Anti-Money Laundering Directives (AML-CFT) and meets high security requirements.
NFC-based solution for the electronic German identification card. Our identity verification solution with easy data scanning via smartphone. AML-compliant.