What is KYC & AML?

The Know Your Customer (KYC) process is performed to verify the identity of new customers, and to prevent illegal activities, such as money laundering or fraud. KYC is undertaken as part of Anti-Money Laundering (AML) requirements.

Conducting KYC and adhering to AML regulations protects both the company and its customers.

Want to talk to our KYC experts?

All you need to know
about AML & KYC

What are KYC and AML Checks?

KYC is a key part of AML activity – and both AML and KYC are essential parts of due diligence in banking. KYC refers to the checks that banks (and other organizations) must carry out to establish a customer is who they claim to be, and involves verifying the identity and documentation of the customer and establishing the level of risk they pose. AML or Anti-Money Laundering refers to the regulatory processes in place to control money laundering, fraud, and financial crime.

KYC and AML is vital in the banking sector – given the potential for financial transactions to be criminal or fraudulent. Together, KYC and AML checks play a crucial role in safeguarding businesses and financial institutions from unlawful activities while maintaining the integrity of their operations and the security of their clients’ assets.

Importance of AML & KYC

AML and KYC regulations were introduced to try and control the problems of money laundering, fraud, and other forms of financial crime.

The United Nations reports that money laundering accounts for 2- 5% of global GDP (around US$800 billion to US$2 trillion). As such, AML regulations are vital in the effort to protect the financial services industry against fraud and money laundering.

Having robust AML and KYC procedures in place is the best way for banks, fintechs, and other financial institutions to protect their platforms from misuse.

Verifying a new customer’s identity, establishing the level of risk they might pose, and then monitoring them throughout the relationship is not only essential for protection, but also a legal requirement.

There is, however, another important aspect to AML and KYC in banking: While security and protection are key, these processes also form a vital early part of the customer experience. Customers want to feel secure, but they also want an easy and friction-free experience. Implementing intuitive AML and KYC procedures can offer this, thereby improving conversion rates and creating the right first impression.

Graphic show what AML, CFT and KYC procedures must include.

Process of AML & KYC

Processes for AML, Combating the Financing of Terrorism (CFT), and KYC are well defined in most countries’ AML regulations. Note that KYC is a subset of AML and CFT, and refers to the risk-based approach to customer identification and verification that forms part of AML requirements.

AML, CFT and KYC procedures must include:

  • Identity verification. A new customer needs to be verified based on their official identity documents. This will include checks that documents are valid, and that the image/likeness matches the customer. Identity verification is often automated, using modern artificial intelligence techniques.
  • AML Screening and Monitoring. Customers need to be screened to determine risk levels. This can include PEP (Politically Exposed Persons) screenings, and checks on sanction lists, and watchlists.
  • Continuous Monitoring. AML and KYC checks continue throughout the customer relationship. Individuals need to be monitored for changes, and suspicious transactions must be identified.

The broader concepts of AML and CFT also include:

  • Reporting of suspicious activity and transactions. A process needs to be in place to report and deal with suspicious transactions – both internally and with appropriate authorities. This includes the handling of false positive results.
  • Training and policies to keep employees up to date with regulations, processes used, and tools.
  • Maintaining sufficient internal records and audit trail. The AML and KYC audit trail must be properly maintained for both internal use and for regulators.
Graphic showing the different tools that can be used to conduct AML and KYC screenings.

AML and CFT procedures are usually supported by a variety of digital tools and software, and although various providers offer AML and KYC services and solutions, not all are equal. In recent years, there has been a significant shift to automated solutions supported by machine learning and artificial intelligence. When choosing the best AML/KYC service provider, there are several things to bear in mind.

  • Data sources and databases that third-party providers can access. AML processes require external checks and verification, so ensuring proper access to data is important. This could include personal information for PEP screenings, and checking watchlists, as well as local business information for corporate customers and the identification of beneficial owners.
  • Language support. If a business onboards customers from different regions, then providing the right support – via on-screen directions, or in person – in the right language is vital.
  • Automated and manual verification. Many service providers now offer automated onboarding and verification solutions. However, as not all jurisdictions permit the use of automated verification processes, it is important to choose a solution that offers manual or hybrid video-based verification as well as automated solutions.
  • Ability to expand services. There are several areas that banks or fintechs may want to expand into beyond standard customer onboarding. This could include new services (such as electronic signatures for transactions or PEP screening) or new verification technologies. Some solutions offer modular additions in this way, making expansion simpler.
  • Audit support and data security. There are several security, regulatory, and compliance issues associated with onboarding and verification. You need to make sure that your chosen provider offers what is required in the regions where you are operating.

The regulatory requirements for AML, KYC, and EDD

In Europe, KYC and AML are governed by the European Parliament’s Anti-Money Laundering Directives (AMLD) regulations (first issued and 1991 and most recently updated in 2021 with 6AMLD) and the eIDAS Regulations. The UK has similar regulations, enacted via the Proceeds of Crime Act 2002, the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019), and the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. Read our blog to discover more about how KYC technology is being used to clean up the UK’s financial services sector.

Some of the principal areas of AML and KYC legislation that banks must comply with include:

Establishing set of AML and CFT internal processes.

Established set of AML/CFT internal processes. These should follow relevant regulations and be understood and implemented by all associated staff.

Confirming the identity of a customer prior to opening account or offering services.

This includes both individual and business customers. For businesses, checks that the company is legitimate and checks on the identity of the owners should be carried out.

Establishing risk levels for each customer, following appropriate processes.

Simplified Due Diligence (SDD), which includes simpler identity checks, is used for customers and accounts at minimal risk of money-laundering involvement. Enhanced Due Diligence (EDD) is used when a customer poses a higher risk of money laundering or terrorist financing activity.

Carrying out further checks on customers as part of EDD.

These include transaction monitoring, PEP screening, and checking sanctions and watchlists.

Conducting ongoing monitoring.

AML and CFT are not one-off exercises. Customers and transactions must be monitored on an ongoing basis. Depending on the risk level of the customer, this could include regular PEP screenings, checking sanctions and watchlists, and adverse media.

Ensuring adequate and accurate reporting and remediation.

Good AML procedures will reduce, but not eliminate money laundering and other forms of financial crime. There is also the challenge of false-positive results. Banks need processes in place to report and escalate cases (both internally and with appropriate authorities) and ensure an audit trail.

AML & KYC in UK and Europe

Money laundering and other types of financial crime not only have a massive impact on banks but also the wider economy. As such, financial services are heavily regulated. Rules regarding AML and KYC, first introduced by the Financial Action Task Force (FATF) in the 1990s, are still followed by over 190 countries. 

In Europe, KYC and AML are governed by the AMLD and eIDAS regulations. The AMLD regulations were first issued in 1991 but have since seen several updates and improvements.  

Most updates coincided with the launch of the 5th Anti-Money Laundering Directive (5AMLD) in 2020, and 6AMLD in 2021. 5AMLD added a new focus on sources of finance (including pre-paid cards and cryptocurrencies) and further developed the concept and monitoring of PEP. 6AMLD focused on ensuring consistent understanding and treatment across the EU. 

Although AMLD regulations are implemented into law in each EU country, there are some differences, such as in Germany, where there is an additional independent law, known as the German Anti-Money Laundering Act (Geldwäschegesetz, abbreviated GWG). Read our blog to discover how KYC and AML solutions are playing an increasing role in tackling money laundering in Germany.

The UK has similar regulations to Europe, enacted via the Proceeds of Crime Act 2002, and the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019).  

An area that often sees many regional differences is whether automated identity verification is legally allowed to be used. For example, Germany requires a video-based KYC process to verify an individual’s identity, whereas the UK, as one of the most progressive regulatory areas, permits fully automated identity verification using AI techniques and biometrics. With constantly changing regulatory environments, it is important to use a software solution that can be adapted to manual, hybrid, and automated verification.  


What is the meaning of AML, CDD, and KYC?

Confusion often arises regarding the difference between KYC and AML. They do refer to some of the same requirements, but KYC should be considered a subset of AML requirements. AML refers to all regulatory processes in place to control money laundering, fraud, and financial crime, while KYC is the risk-based approach to customer identification and verification that forms part of AML requirements.

KYC procedures include CDD (Customer Due Diligence) and EDD (Enhanced Due Diligence). CDD is about establishing a customer’s risk level and to what extent they can be trusted. Higher-risk customers require enhanced checks under EDD.

What is CFT under KYC and AML regulations?

AML and CFT (Combatting the Financing of Terrorism) are linked and often referred to together. Many banks and other institutions will refer to an AML/CFT program.

However, there are differences in scope between the two terms. CFT refers to a broader issue involving all financing of terrorist organizations or acts. This could be from both legal and illegal sources.

In the case of AML, the funds involved are of an illegal origin (with attempts made to conceal the source).

KYC is a subset of the requirements of both AML and CFT. It involves the identification and risk assessment of any customer, whatever the potential criminal involvement.

What are the KYC and AML regulations?

AML and by inclusion, KYC are strictly regulated in most countries. These regulations stem back to early guidance from the FATF. Each authority now has its own regulations, embedded into national law, but the contents and concepts are intricately linked with FATF guidance.

In Europe, regulations are set by the European Parliament through the Anti-Money Laundering Directives (AMLD). Each EU country implements these into its legal system and empowers a national regulator to oversee compliance.

What is the outlook and future trends for AML and KYC?

The two basic mandatory KYC documents are proof of identity with a photograph and a proof of address. These are required to establish one’s identity at the time of opening an account, such as a savings account, fixed deposit, mutual fund, and insurance.

IDnow & KYC

How IDnow helps with KYC processes

Learn more how KYC  and Autoldent, download our free AML Fact Sheet.

Step up your KYC game

How can we help?

As there is no one KYC Process, what it really comes down to is knowing the needs of your institution and complying with regulations, but don’t worry because IDnow is here to assist in finding the right solution just for you.

Learn in a first chat with one of our experts how the IDnow Proofing Platform enables you to get your KYC process up and running!

Get in touch with us

Our Products


Digital verification via video-chat, backed by AI-technology. Our AML-compliant solution meets high security requirements.


Automated, AI-powered identity verification for users all over the world – anytime, anywhere. And AML-compliant.


Our automated instant identity verification is based on Artificial Intelligence and Machine Learning. It’s simple, secure, and available anywhere, at any time.

IDCheck.io PVID

Identity verification is in the process of being certified by the ANSSI and complies with the Anti-Money Laundering Directives (AML-CFT) and meets high security requirements.


NFC-based solution for the electronic German identification card. Our identity verification solution with easy data scanning via smartphone. AML-compliant.