What is AML & KYC compliance?

AML compliance is a regulated entity's conformity to the requirements set by AML regulations. KYC compliance refers to the requirements for identification and verification of a customer.

What is an AML policy?

An AML policy is a series of internal rules and measures for preventing money laundering and terrorist financing.

What are KYC & AML checks?

KYC is part of AML. A KYC check verifies that the client is actually who they say they are. An AML check screens customers against sanctions, PEP lists, and watch lists.

How do businesses become KYC/AML compliant?

Businesses must develop and effectively implement AML compliance programs, which include implementing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures, risk assessment, AML policies and internal controls, ongoing monitoring, suspicious activity and transaction reporting, and more.

What is the AML process?

Typically, it consists of the following checks:Customer Due Diligence (CDD)Enhanced Due Diligence (EDD) Risk assessment AML policies and internal controls Ongoing monitoring Suspicious activity and transactions reports AML compliance officer appointment AML training programs for staff

Verification

Jul 04, 2024

5 min read

KYC and AML—Key Differences and Best Practices (2024)

In this article, we cover everything that businesses need to know about KYC and AML.

Polina Rebeka

Content Manager

KYC (Know Your Customer) is a fundamental component of AML (Anti-Money Laundering) regulations, requiring financial institutions to verify the identity, suitability, and risks associated with customers to prevent illegal activities such as money laundering and terrorism financing.

In recent years, it’s become clear that KYC alone isn’t enough anymore to stop criminals from scamming companies. Our research shows that 70% of fraud takes place after KYC. So while KYC remains an important part of any company’s security structure, it’s paramount that a more holistic approach is taken.

To deter criminals, companies need to comply with Anti-Money Laundering (AML) regulations, setting up internal policies and systems that can spot illegal activities in a timely manner. But before doing so, it’s essential to learn about the differences between all the basic components, as they can easily get mixed up.

In this article, we’ll dive deep into KYC and AML, the compliance implications, and how to build smooth and secure user onboarding flows.

What is Know Your Customer (KYC)?

Know Your Customer (KYC) is the process of obtaining information about the customer and verifying their identity. The scope of identity information to be obtained varies by jurisdiction. Usually, businesses need at least the following data:

Name
Date of birth
Address.

During the verification process, customers provide businesses with certain credentials, such as their ID. It’s on the businesses to ensure that submitted documents aren’t fake and that customers are who they say they are.

What is Anti-Money Laundering (AML)?

Anti-Money Laundering (AML) is a series of measures and procedures carried out by financial institutions and other regulated entities to prevent financial crimes. For regulated businesses, this includes analyzing customers and their transactions, recordkeeping, reporting to AML authorities on suspicion of money laundering, and so forth.

Regulated businesses must develop their AML measures under the AML regulations of the country or region they operate in. Here are some examples:

The Money Laundering, Terrorist Financing and Transfer of Funds Regulations in the UK;
The Anti-Money Laundering Act in Germany;
The Payment Service Act (PSA) in Singapore.

National authorities also issue guidelines that help businesses understand their AML obligations. The Financial Action Task Force (FATF), meanwhile, sets global AML standards which are then adopted by individual jurisdictions.

What is the difference between KYC and AML?

AML involves a broad range of measures, usually referred to as an AML compliance program. KYC is just one component of this program, and is therefore encompassed by AML.

AML program requirements can vary across jurisdictions. But, usually, they involve the following:

Customer Due Diligence (CDD)
Enhanced Due Diligence (EDD)
Risk assessment
AML policies and internal controls
Ongoing monitoring
Suspicious activity and transactions reports
AML compliance officer appointment
AML training programs for staff.

During the CDD procedure, businesses must identify and verify customers—in other words, carry out KYC checks. At this stage, businesses must also define customer risk profiles.

Where and when are KYC and AML required?

AML compliance, including KYC, is mandatory for regulated entities under AML/CFT regulations. The scope of regulated entities varies across jurisdictions. Usually, this includes:

Financial institutions;
Credit institutions;
Insurance companies;
E-money institutions;
Payment institutions;
Virtual Assets Service Providers (VASPs);
Gambling service providers,
Art dealers, etc.

VASPs fall under AML regulations in many countries, including the US, Canada, UK, France, Singapore, Japan, South Korea, and others. Whereas, in some other countries, VASPs aren’t yet even written into law, or are banned altogether.

KYC/CDD is required in a number of cases described by national AML regulations. Usually, they include, but are not limited to, cases when the client:

Establishes a relationship with a business for the first time (for example, opening an account at a bank or crypto exchange platform);
Makes a transaction exceeding the amount defined by AML regulations;
Poses suspicions in relation to money laundering/terrorist financing.

What are the main AML regulations

Each country has its own set of regulations, which require detailed descriptions of the reporting processes, as well as potential penalties. Here you can find the list of our articles for each country:

How automation improves KYC/AML compliance

Businesses can implement either manual (performed by a human compliance team) or automated KYC/AML checks. Automated KYC/AML and sanctions screening solutions reduce the risk of losing applicants by increasing pass rates.

Automated KYC checks

By automating KYC, businesses obtain customer identity data through online identity verification. This process can occur on a mobile or web platform, and usually involves 5 steps:

The user selects their ID document type;
The user uploads photos of their document;
The KYC platform screens and validates the document;
Users upload a photo of themselves holding the document;
The KYC platform verifies that the user is a real person.

Automated KYC procedures can also include biometric checks. One of them is called liveness, which is a face authentication process that verifies whether the client is a real person.

Automated AML and sanctions screening

Automated KYC and AML screening solutions are beneficial in terms of costs and efficiency. They reduce manual work and protect businesses from crime by getting reliable data from trustworthy sources, such as:

PEP lists
Sanctions lists
Watchlist
Adverse media lists.

With automated AML solutions, businesses can build verification flows according to AML/KYC requirements in a given jurisdiction.

Best practices for KYC/AML in banking, crypto, and fintech

Banking, fintech, and crypto markets are the most vulnerable to money laundering and fraud. Effective KYC/AML processes can mitigate this by:

Lowering legal and reputational risks. By complying with AML laws, businesses can avoid hefty fines and other penalties from regulators while safeguarding their reputation.
Detecting fraudsters. In financial services, fraudsters not only use fake IDs, but apply a variety of sophisticated schemes, for example, money muling. By ensuring that only verified users can become customers, businesses can curb even the most innovative fraud attacks.
Improving user experience. When businesses optimize their KYC/AML flows according to applicant risk profiles, users don’t have to pass extra checks. This reduces drop-offs and improves the user experience.

Case study: Bybit

Bybit, a global crypto trading and staking platform, needed to implement an automated KYC solution to fight fraud, stay compliant with AML regulations, and stop fraudsters from passing the onboarding stage.

Sumsub rose to the challenge by adding two levels of verification checks:

ID verification and biometric liveness for users who wish to withdraw up to 50 BTC;
Proof of address (PoA) verification for those who wish to operate with larger sums.

Since integration, Sumsub has solved Bybit’s previous issues with delayed checks and verification errors:

Verification time has been reduced to about one minute;
The average pass rate has reached 78% for first-level verification;
Forgery attempt detection has risen to 99%.

Learn more about Sumsub and Bybit’s partnership in our article.

Case Study: ANNA

ANNA, which stands for “Absolutely No-Nonsense Admin”, is a business account and tax app for small businesses. The company previously used a verification provider that couldn’t verify certain types of documents during the KYC process. On top of that, verification time was longer than expected and pass rates were low. Eventually, the company started working with Sumsub, integrating the following solutions:

AML Monitoring
ID Verification
Liveness/Face Match
Proof of Address

As a result, manual work was reduced by 95%. Pass rates increased by 88%, while fraud attempts went down by 6%.

Learn more about Sumsub and ANNA’s partnership in our article

Case study: Kaizen Gaming

Kaizen Gaming is one of the fastest-growing game tech companies globally. Before partnering with Sumsub, the company’s verification procedures were approximately 15% automated, meaning their internal compliance team had to perform 85% of the checks manually. This led to customer drop-offs and an unpleasant user experience. Realizing the issue, Kaizen Gaming needed a more sophisticated (and automated) solution to ensure seamless customer onboarding in compliance with regulatory requirements across markets.

The company partnered with Sumsub, integrating the following features:

Automated Data Extraction
ID Verification
Proof of Address
Bank Card Verification

As a result, Kaizen Gaming automated its onboarding, increasing overall performance by 350%.

Learn more about Sumsub and Kaizen Gaming partnership in our article.

FAQ

What is the difference between KYC and AML?

AML and KYC are not the same. KYC is just one component of an AML program, and is therefore encompassed by AML.
What is AML & KYC compliance?

AML compliance is a regulated entity’s conformity to the requirements set by AML regulations. KYC compliance refers to the requirements for identification and verification of a customer.
What is an AML policy?

An AML policy is a series of internal rules and measures for preventing money laundering and terrorist financing.
What are KYC & AML checks?

KYC is part of AML. A KYC check verifies that the client is actually who they say they are. An AML check screens customers against sanctions, PEP lists, and watch lists.
How do businesses become KYC/AML compliant?

Businesses must develop and effectively implement AML compliance programs, which include implementing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures, risk assessment, AML policies and internal controls, ongoing monitoring, suspicious activity and transaction reporting, and more.
What is the AML process?
Typically, it consists of the following checks:
- Customer Due Diligence (CDD)
- Enhanced Due Diligence (EDD)
- Risk assessment
- AML policies and internal controls
- Ongoing monitoring
- Suspicious activity and transactions reports
- AML compliance officer appointment
- AML training programs for staff