A comprehensive guide to Know Your Customer (KYC) and Anti-Money Laundering (AML) practices in the fintech industry.
For fintech businesses, compliance isn’t simple. They have to meet KYC requirements, perform AML screenings, and take preventive measures against fraud. If they fail to do so, they can face millions of dollars in fines.
Here, we’ve gathered the most important information for AML compliance in fintech, based on years working with over 700 companies in the industry.
Fintech is a very competitive market, with traditional institutions, tech giants, and startups all aiming to take up a dominant position—with over 5,000 new fintech businesses opened in 2021.
Understandably, fintech businesses have to compete for users—and this means putting effort into making onboarding as quick and effortless as possible. At the same time, fintech is full of fraudsters using fake identities to get loans or make payments, so swift conversion has to be balanced with advanced protection.
Here are the specific challenges that fintech businesses face:
In short, fintech businesses constantly have to balance high convention rates and fraud-proof security.
Fintech businesses must comply with a whole set of AML requirements, from customer verification to record-keeping. The consequences of not doing so are severe. For instance, in 2021, the HMRC, a British regulator, imposed a £23m ($31.7m) fine on MT Global, a money service business, for failing to follow Customer Due Diligence and other obligations.
Here’s our breakdown of the major procedures that form the basis of compliance for the fintech industry.
Global regulators require fintech businesses to adopt a risk-based approach to combat money laundering. To do so, businesses need to consider their sector, the products they offer, and the possible risks associated. For instance, the fintech sector is considered especially vulnerable to money laundering, so fintech businesses might have to implement stricter user checks.
To mitigate money laundering risks, businesses must institute an AML compliance program—a combination of internal documents (compliance policies and guides) as well as other safeguards, including employee AML training programs, verification procedures, and reporting systems. More specifically, these programs consist of the following:
Suggested read: Looking for a comprehensive breakdown of AML compliance requirements in a certain jurisdiction? Check out our ultimate guides here.
Know Your Customer, KYC for short, is an umbrella term for everything that a business should know about a customer. This encompasses Customer Due Diligence (CDD), identification, and verification.
Customer Due Diligence (CDD) is part of any KYC procedure. It involves verifying a customer through documents or information received from a reliable source. Fintech businesses must carry out CDD at the onboarding stage, before they allow users to initiate transactions.
Although CDD is the check companies apply the most, there are some situations when the money laundering risk is very low. This allows businesses to opt for Simplified Due Diligence (SDD), reducing the overall check time. On the other hand, if the situation is very high-risk, companies may need to perform Enhanced Due Diligence (EDD).
SDD is a simplified check for very low-risk situations. With SDD, it’s possible to reduce the time and extent of the verification process. Conducting SDD may be an option for dealing with publicly-owned enterprises or individuals from low-risk jurisdictions.
However, the presence of one or even several low-risk factors doesn’t automatically permit a business to apply SDD. A really thorough estimation is needed to conduct this check. So, in reality, businesses rarely undertake it.
Enhanced Due Diligence provides a greater level of scrutiny of potential business partnerships and highlights risks that cannot be detected by the standard verification procedure.
EDD is applied when users present a higher risk of money laundering or terrorist financing. For instance, if a user happens to be a Politically Exposed Person (PEP), compliance officers must collect additional data on their identity as per EDD. This includes the sources of funds and wealth.
Know Your Business (KYB) involves screening companies and their beneficial owners. This helps expose shell companies and the individuals behind them.
Transaction monitoring (KYT) helps businesses understand the source of incoming funds, clarify their counterparties’ purpose of payment, and enhance trust between affiliate financial institutions and correspondent banks.
To screen out fraudsters, fintech businesses should introduce a combination of approaches to ensure that true document holders undergo verification. This includes:
Even if fraudsters don’t launder money through a particular business, they might be using previously-laundered money to perform transactions—and it’s that business’s responsibility to prevent this from happening.
Payment Service Directive (PSD2) went into full effect in 2019, reinforcing KYC measures and demanding stronger customer authentication.
PSD2 requires that fintech businesses generate an encrypted authentication code for each transaction. This code should link the transaction to the user, creating a safer environment.
PSD2 also requires any third-party service provider to be compliant with the Regulatory Technical Standards (RTS) before performing any transactions.
Registration and KYC/AML verification are the first steps of your customers’ journey—so it’s vital to make this experience frictionless and engaging. Still, there are some major drawbacks that can prevent you from doing so:
These problems can be solved by automating KYC procedures and customizing the onboarding flow. Automation decreases manual labor and associated costs, leaves no room for human error, and increases pass rates. Customization offers alternative flows if users drop out at a certain stage.
Compliance with AML requirements allows businesses to avoid regulatory sanctions, fraud attacks, and chargebacks. It also helps earn the trust of users and investors.
To stay focused on their core tasks, businesses can delegate user onboarding to a provider, who sets up the KYC process for them in a quick and efficient manner. In our experience, this reduces operational costs by up to 40%.
All in all, the right AML compliance routine helps not only to avoid huge fines, but can also improve user onboarding experience and conversion rates.