What is KYC & AML?
All you need to know
about AML & KYC.
The Know Your Customer (KYC) process is performed to verify the identity of new customers and to prevent illegal activities, such as money laundering or fraud. KYC is undertaken as part of Anti-Money Laundering (AML) requirements.
Conducting KYC and adhering to AML regulations protects both the company and its customers.
What are KYC and AML Checks?
KYC is a key part of AML activity – and both AML and KYC are essential parts of due diligence in banking. KYC refers to the checks that banks (and other organisations) must carry out to establish a customer is who they claim to be and involves verifying the identity and documentation of the customer and establishing the level of risk they pose. AML or Anti-Money Laundering refers to the regulatory processes in place to control money laundering, fraud and financial crime.
KYC and AML is vital in the banking sector – given the potential for financial transactions to be criminal or fraudulent. Together, KYC and AML checks play a crucial role in safeguarding businesses and financial institutions from unlawful activities while maintaining the integrity of their operations and the security of their clients’ assets.
Check out our blog to discover the benefits of KYC in the banking sector.
Importance of AML & KYC.
AML and KYC regulations were introduced to control the problems of money laundering, fraud and other forms of financial crime.
The United Nations reports that money laundering accounts for 2-5% of global GDP (around US$800 billion to US$2 trillion). As such, AML regulations are vital in the effort to protect the financial services industry against fraud and money laundering.
Having robust AML and KYC procedures in place is the best way for banks, fintechs and other financial institutions to protect their platforms from misuse.
Verifying a new customer’s identity, establishing the level of risk they might pose and then monitoring them throughout the relationship is not only essential for protection, but also a legal requirement.
There is, however, another important aspect to AML and KYC in banking: While security and protection are key, these processes also form a vital early part of the customer experience. Customers want to feel secure, but they also want an easy and friction-free experience. Implementing intuitive AML and KYC procedures can offer this, thereby improving conversion rates and creating the right first impression.
Process of AML & KYC.
Processes for AML, Combating the Financing of Terrorism (CFT), and KYC are well defined in most countries’ AML regulations. Note that KYC is a subset of AML and CFT, and refers to the risk-based approach to customer identification and verification that forms part of AML requirements.
AML, CFT and KYC procedures must include:
- Identity verification. A new customer needs to be verified based on their official identity documents. This will include checks that documents are valid and that the image/likeness matches the customer. Identity verification is often automated, using modern artificial intelligence techniques.
- AML Screening and Monitoring. Customers need to be screened to determine risk levels. This can include PEP (Politically Exposed Persons) screenings and checks on sanction lists and watchlists.
- Continuous Monitoring. AML and KYC checks continue throughout the customer relationship. Individuals need to be monitored for changes and suspicious transactions must be identified.
The broader concepts of AML and CFT also include:
- Maintaining sufficient internal records and audit trail. The AML and KYC audit trail must be properly maintained for both internal use and for regulators.
- Reporting of suspicious activity and transactions. A process needs to be in place to report and deal with suspicious transactions – both internally and with appropriate authorities. This includes the handling of false positive results.
- Training and policies to keep employees up to date with regulations, processes used and tools.
Tools to Conduct AML and KYC Screenings:
AML and CFT procedures are usually supported by a variety of digital tools and software and although various providers offer AML and KYC services and solutions, not all are equal. In recent years, there has been a significant shift to automated solutions supported by machine learning and artificial intelligence. When choosing the best AML/KYC service provider, there are several things to bear in mind.
Ability to expand services.
There are several areas that banks or fintechs may want to expand into beyond standard customer onboarding. This could include new services (such as electronic signatures for transactions or PEP screening) or new verification technologies. Some solutions offer modular additions in this way, making expansion simpler.
Automated and manual verification.
Many service providers now offer automated onboarding and verification solutions. However, as not all jurisdictions permit the use of automated verification processes, it is important to choose a solution that offers manual or hybrid video-based verification as well as automated solutions.
Language support.
If a business onboards customers from different regions, then providing the right support – via on-screen directions, or in person – in the right language is vital.
Audit support and data security.
There are several security, regulatory and compliance issues associated with onboarding and verification. You need to make sure that your chosen provider offers what is required in the regions where you are operating.
Data sources and databases that third-party providers can access.
AML processes require external checks and verification, so ensuring proper access to data is important. This could include personal information for PEP screenings and checking watchlists, as well as local business information for corporate customers and the identification of beneficial owners.
The Regulatory Requirements for AML, KYC and EDD.
In Europe, KYC and AML are governed by the European Parliament’s Anti-Money Laundering Directives (AMLD) regulations (first issued and 1991 and most recently updated in 2021 with 6AMLD) and the eIDAS Regulations. By July 2027, banks in every European Member State will need to adhere to the Anti-Money Laundering Regulation. The UK has similar regulations, enacted via the Proceeds of Crime Act 2002, the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019), and the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017.
Some of the principal areas of AML and KYC legislation that banks must comply with include:
Establishing set of AML and CFT internal processes.
Established set of AML/CFT internal processes. These should follow relevant regulations and be understood and implemented by all associated staff.
Confirming the identity of a customer prior to opening account or offering services.
This includes both individual and business customers. For businesses, checks that the company is legitimate and checks on the identity of the owners should be carried out.
Establishing risk levels for each customer, following appropriate processes.
Simplified Due Diligence (SDD), which includes simpler identity checks, is used for customers and accounts at minimal risk of money-laundering involvement. Enhanced Due Diligence (EDD) is used when a customer poses a higher risk of money laundering or terrorist financing activity.
Carrying out further checks on customers as part of EDD.
These include transaction monitoring, PEP screening, and checking sanctions and watchlists.
Conducting ongoing monitoring.
AML and CFT are not one-off exercises. Customers and transactions must be monitored on an ongoing basis. Depending on the risk level of the customer, this could include regular PEP screenings, checking sanctions and watchlists, and adverse media.
Ensuring adequate and accurate reporting and remediation.
Good AML procedures will reduce, but not eliminate money laundering and other forms of financial crime. There is also the challenge of false-positive results. Banks need processes in place to report and escalate cases (both internally and with appropriate authorities) and ensure an audit trail.
AML & KYC in UK and Europe.
Money laundering and other types of financial crime not only have a massive impact on banks but also the wider economy. As such, financial services are heavily regulated. Rules regarding AML and KYC, first introduced by the Financial Action Task Force (FATF) in the 1990s, are still followed by over 190 countries.
In Europe, KYC and AML are governed by the AMLD and eIDAS regulations. The AMLD regulations were first issued in 1991 but have since seen several updates and improvements. Most updates coincided with the launch of the 5th Anti-Money Laundering Directive (5AMLD) in 2020, and 6AMLD in 2021. 5AMLD added a new focus on sources of finance (including pre-paid cards and cryptocurrencies) and further developed the concept and monitoring of PEP. 6AMLD focused on ensuring consistent understanding and treatment across the EU.
Although AMLD regulations are implemented into law in each EU country, there are some differences, such as in Germany, where there is an additional independent law, known as the German Anti-Money Laundering Act (Geldwäschegesetz, abbreviated GWG). Read our blog to discover how KYC and AML solutions are playing an increasing role in tackling money laundering in Germany.
The UK has similar regulations to Europe, enacted via the Proceeds of Crime Act 2002, and the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019).
An area that often sees many regional differences is whether automated identity verification is legally allowed to be used. For example, Germany requires a video-based KYC process to verify an individual’s identity, whereas the UK, as one of the most progressive regulatory areas, permits fully automated identity verification using AI techniques and biometrics. With constantly changing regulatory environments, it is important to use a software solution that can be adapted to manual, hybrid, and automated verification.
By July 2027, banks in every European Member State will need to adhere to the Anti-Money Laundering Regulation.
AML & KYC FAQ.
What is the meaning of AML, CDD and KYC?
Confusion often arises regarding the difference between KYC and AML. Although they do refer to some of the same requirements, KYC should be considered a subset of AML requirements. AML refers to all regulatory processes in place to control money laundering, fraud, and financial crime, while KYC is the risk-based approach to customer identification and verification that forms part of AML requirements.
KYC procedures include CDD (Customer Due Diligence) and EDD (Enhanced Due Diligence). CDD is about establishing a customer’s risk level and to what extent they can be trusted. Higher-risk customers require enhanced checks under EDD.
What is CFT under KYC and AML regulations?
AML and CFT (Combatting the Financing of Terrorism) are linked and often referred to together. Many banks and other institutions will refer to an AML/CFT program. However, there are differences in scope between the two terms. CFT refers to a broader issue involving all financing of terrorist organisations or acts. This could be from both legal and illegal sources.
In the case of AML, the funds involved are of an illegal origin (with attempts made to conceal the source). KYC is a subset of the requirements of both AML and CFT. It involves the identification and risk assessment of any customer, whatever the potential criminal involvement.
What are the KYC and AML regulations?
AML and by inclusion, KYC are strictly regulated in most countries. These regulations stem back to early guidance from the FATF. Each authority now has its own regulations, embedded into national law, but the contents and concepts are intricately linked with FATF guidance. In Europe, regulations are set by the European Parliament through the Anti-Money Laundering Directives (AMLD). Each EU country implements these into its legal system and empowers a national regulator to oversee compliance.
What is the outlook and future trends for AML and KYC?
The two basic mandatory KYC documents are proof of identity with a photograph and a proof of address. These are required to establish one’s identity at the time of opening an account, such as a savings account, fixed deposit, mutual fund, and insurance.
How IDnow helps with KYC processes.
As there is no one KYC process, what it really comes down to is knowing the needs of your institution and complying with regulations, but don’t worry because IDnow is here to assist in finding the right solution just for you.
Learn in a first chat with one of our experts how the IDnow Trust Platform enables you to get your KYC process up and running!
