A comprehensive guide to Know Your Customer (KYC) and Anti-Money Laundering (AML) practices in the fintech industry.
For fintech businesses, compliance isn’t simple. They have to meet KYC requirements, perform anti-money laundering (AML) screening, and take preventive measures against fraud. If they fail to do so, they can face millions of dollars in fines. For instance, in 2021, the UK’s tax, payment, and customs authority (HMRC) imposed a £23m ($31.7m) fine on MT Global, a money service business, for failing to follow Customer Due Diligence (CDD) and other obligations.
We at Sumsub have covered everything you need to know about AML compliance in fintech, based on years experience working with over 700 companies in the industry.
Know Your Customer and other Anti-Money Laundering procedures are essential for fintech companies as part of the compliance process. Companies must ensure that they follow local (and, where applicable, global) regulations regarding customer due diligence. This includes:
Fintech is a competitive market, with traditional institutions, tech giants, and startups all aiming to take up a dominant position—which is why global venture funding reached $451 billion in 2022.
Therefore, fintech companies have to compete for users—and this means putting effort into making onboarding as quick and effortless as possible. At the same time, fintech apps and services are targeted by criminals who use financial platforms for money laundering, fraudulent, and terrorism financing purposes.
Main compliance challenges in fintech
Some of the main challenges the fintech sector faces include:
In short, fintech businesses constantly have to balance ease of onboarding and security. This can be achieved, in part, through automated solutions such as Know Your Customer (KYC) and transaction monitoring.
Global regulators require fintech businesses to adopt a risk-based approach to combating money laundering. This means considering risks inherent to the sector and products that a company deals with.
For instance, the fintech sector is considered especially vulnerable to money laundering. To mitigate these risks, fintech companies must institute an AML compliance program—a combination of safeguards that include:
Know Your Customer (KYC) is an umbrella term for everything that a business should know about a customer. This encompasses procedures such as customer identification and identity verification.
To identify a customer, businesses usually need at least the following data:
After collecting this essential information, fintech companies need to verify it. Typically, a government-issued document is used for that purpose.
Fintech companies need to establish AML risk management policies to separate customers by risk level. Depending on their risk level, customers may have to submit certain documents and go through specific monitoring processes.
Customer Due Diligence (CDD) is part of any KYC procedure. It involves verifying a customer through documents or information received from a reliable source, such as checked databases. Fintech businesses must carry out CDD at the onboarding stage before they allow users to initiate transactions.
Although CDD is the check companies apply the most, there are some situations when the money laundering risk is very low. This allows businesses to opt for Simplified Due Diligence (SDD), reducing the overall check time. On the other hand, if the situation is very high-risk, companies may need to perform Enhanced Due Diligence (EDD).
Enhanced Due Diligence provides a greater level of scrutiny of potential business partnerships and highlights risks that cannot be detected by the standard verification procedure.
EDD is applied when users present a higher risk of money laundering or terrorist financing. For instance, if a user comes from a high-risk country, compliance officers must collect additional data on their identity. This includes sources of funds and wealth.
Companies should conduct AML screening for adverse media, global sanctions, and watchlists, such as OFAC, UN, HMT, EU, DFT, etc. regardless of the client’s risk profile. Besides that, companies should check whether their customer is a Politically Exposed Person (PEP). This process should take place during onboarding and throughout the entire customer relationship.
Transaction monitoring helps businesses build and update the risk profiles of their customers and enhance trust between affiliate financial institutions and correspondent banks. Transaction monitoring software spots unusual patterns and reviews dubious transactions made in digital or fiat currencies.
Essentially, a transaction monitoring solution is supposed to answer the following questions:
For fintech companies, an efficient transaction monitoring system is needed to easily process transactions and detect those potentially linked to criminal activities.
Registration and KYC/AML verification are the first steps of a customer’s journey—so it’s vital to make this experience frictionless and engaging. Still, there are some major drawbacks that can prevent a company from doing so:
These problems can be solved by automating KYC procedures and customizing the onboarding flow. Automation decreases manual labor and associated costs, leaves no room for human error, and increases pass rates. Customization offers alternative flows if users drop out at a certain stage.
To screen for fraudsters, fintech companies should introduce a combination of approaches to ensure that the true document holders undergo verification. This includes:
Even if fraudsters don’t launder money through a particular business, they might be using previously-laundered money to perform transactions—and it’s the business’s responsibility to prevent this from happening.
Compliance with AML requirements allows businesses to avoid regulatory sanctions and fraud. It also helps earn the trust of users and investors. To stay focused on their core tasks, businesses can delegate user onboarding to a provider, who sets up the KYC process for them in a quick and efficient manner. In our experience, this reduces operational costs by up to 40%.
All in all, the right AML compliance routine helps not only avoid huge fines, but also improve the user onboarding experience and conversion rates.
While certain requirements are practically universal, companies should always consider the regulatory specifics of the countries and industries (e.g., banking, money services businesses, etc.) they’re operating in. For example, in the US it’s not possible to obtain a license in one state and work in another. Therefore, companies would need a separate license for each state.
There is also a knowledge gap between regulators and the businesses they are attempting to oversee. Regulators worldwide have been comparatively slow to adjust to the significant changes brought about by the rise of fintechs. Therefore, it’s important to consider that regulation of the industry is often still in its infancy, and that further , efforts will be made to promote development.
At Sumsub, we’ve prepared the ultimate fintech report, detailing the main regulations for a diverse range of businesses all over the world. This includes the US, UK, EU, APAC, LATAM, and MENA.Download this eBook
Anti-Money Laundering (AML) in fintech are regulatory norms aimed at financial crime mitigation. Fintech companies must comply with a broad set of AML requirements, from customer verification to recordkeeping. To ease this process, they often use specialized fintech KYC/AML solutions.
Know Your Customer (KYC) is a legal requirement for AML-regulated companies, including fintechs, to verify the identity of their customers and assess their risk level.
Each country has its own set of requirements regarding customer onboarding. At the very least, companies should implement a user verification process and employee training. Companies should also keep all the records of their customers and transactions for a certain period of time specified by the authorities and report any suspicious activity.
KYC solutions allow fintech companies to comply with applicable regulations and minimize the level of criminal activity. KYC includes customer identification, identity verification, risk scoring, and ongoing monitoring.