When it comes to compliance, by far the most popular terms you’ll hear are “AML” and “KYC”. Still, many people confuse their definitions. So, what do KYC and AML really mean? And what is the difference between AML and KYC? In this article, we dive deep into KYC and AML, their compliance implications, and how they can help build smooth and secure user flows.
What is Know Your Customer (KYC)?
Know Your Customer (KYC) is the process of obtaining information about the customer and verifying their identity. The scope of identity information to be obtained varies by jurisdiction. Usually, businesses need at least the following data:
- Date of birth;
During the verification process, customers provide businesses with certain credentials, such as their ID. It is on the businesses to ensure that submitted documents aren’t fake and that customers are who they say they are.
Suggested read: KYC Guide 2022—What’s KYC and Why is It Important?
What is Anti-Money Laundering (AML)?
Anti-Money Laundering (AML) is a series of measures and procedures carried out by financial institutions and other regulated entities to prevent financial crimes. For regulated businesses, this includes analyzing customers and their transactions, recordkeeping, reporting to AML authorities on suspicion of money laundering, and so forth.
Regulated businesses must develop their AML measures under the AML regulations of the country or region they operate in. Here are some examples:
- The Money Laundering, Terrorist Financing and Transfer of Funds Regulations in the UK;
- The Anti-Money Laundering Act in Germany;
- The Payment Service Act (PSA) in Singapore.
National authorities also issue guidelines that help businesses understand their AML obligations. The Financial Action Task Force (FATF), meanwhile, sets global AML standards which are then adopted by individual jurisdictions.
What is the difference between KYC and AML?
AML involves a broad range of measures, usually referred to as an AML compliance program. KYC is just one component of this program, and is therefore encompassed by AML.
AML program requirements can vary across jurisdictions. But, usually, they involve the following:
- Customer Due Diligence (CDD);
- Enhanced Due Diligence (EDD);
- Risk assessment;
- AML policies and internal controls;
- Ongoing monitoring;
- Suspicious activity and transactions reports;
- AML compliance officer appointment;
- AML training programs for staff.
During the CDD procedure, businesses must identify and verify customers—in other words, carry out KYC checks. At this stage, businesses must also define customer risk profiles.
Where and when are KYC and AML required?
AML compliance, including KYC, is mandatory for regulated entities under AML/CFT regulations. The scope of regulated entities varies across jurisdictions. Usually, this includes:
- Financial institutions;
- Credit institutions;
- Insurance companies;
- E-money institutions;
- Payment institutions;
- Virtual Assets Service Providers (VASPs);
- Gambling service providers,
- Art dealers, etc.
VASPs fall under AML regulations in many countries, including the US, Canada, UK, France, Singapore, Japan, South Korea, and others. Whereas, in some other countries, VASPs are not yet even written into law, or are banned altogether.
KYC/CDD is required in a number of cases described by national AML regulations. Usually, they include, but are not limited to, cases when the client:
- Establishes a relationship with a business for the first time (for example, opening an account at a bank or crypto exchange platform);
- Makes a transaction exceeding the amount defined by AML regulations;
- Poses suspicions in relation to money laundering/terrorist financing.
How automation improves KYC/AML compliance
Businesses can implement either manual (performed by a human compliance team) or automated KYC/AML checks. Automated KYC/AML and sanctions screening solutions reduce the risk of losing applicants by increasing pass rates.
Automated KYC checks
By automating KYC, businesses obtain customer identity data through online identity verification. This process can occur on a mobile or web platform, and usually involves 5 steps:
- The user selects their ID document type;
- The user uploads photos of their document;
- The KYC platform screens and validates the document;
- Users upload a photo of themselves holding the document;
- The KYC platform verifies that the user is a real person.
Automated KYC procedures can also include biometric checks. One of them is called liveness, which is a face authentication process that verifies whether the client is a real person.
Automated AML and sanctions screening
Automated AML and sanctions screening solutions are beneficial in terms of costs and efficiency. They reduce manual work and protect businesses from crime by getting reliable data from trustworthy sources, such as:
- PEP lists;
- Sanctions lists;
- Adverse media lists.
Best practices for KYC/AML in banking, crypto, and fintech
Banking, fintech, and crypto markets are the most vulnerable to money laundering and fraud. Effective KYC/AML processes can mitigate this by:
- Lowering legal and reputational risks. By complying with AML laws, businesses can avoid hefty fines and other penalties from regulators while safeguarding their reputation.
- Detecting fraudsters. In financial services, fraudsters not only use fake IDs, but apply a variety of sophisticated schemes, for example, money muling. By ensuring that only verified users can become customers, businesses can curb even the most innovative fraud attacks.
- Improving user experience. When businesses optimize their KYC/AML flows according to applicant risk profiles, users don’t have to pass extra checks. This reduces drop-offs and improves the user experience.
Case study: Bybit
Bybit, a global crypto trading and staking platform, needed to implement an automated KYC solution to fight fraud, stay compliant with AML regulations, and stop fraudsters from passing the onboarding stage.
Sumsub rose to the challenge by adding two levels of verification checks:
- ID verification and biometric liveness for users who wish to withdraw up to 50 BTC;
- Proof of address (PoA) verification for those who wish to operate with larger sums.
Since integration, Sumsub has solved Bybit’s previous issues with delayed checks and verification errors:
- Verification time has been reduced to about one minute;
- The average pass rate has reached 78% for first-level verification;
- Forgery attempt detection has risen to 99%.
Case study: YouHodler
Fintech platform YouHodler needed a strong and reliable KYC provider to operate in full compliance with ever-changing regulations. They also had challenges onboarding users in the UK, Australia, and Canada, where it’s common to use a driver’s license as an ID.
Sumsub enabled YouHodler’s clients to conduct KYC/AML on a truly global scale, increase their pass rate, reduce load on the support team, and decrease costs:
- The average pass rate grew to 92%. Pass rates grew by 10% in the UK, while in Australia and Canada they increased by 14% and 18% accordingly.
- The verification time fell to 1.2 minutes. Before, it took 9.8 minutes on average to verify one user. This means that verification time sped up by more than 700%.
- YouHodler lowered support and user verification costs by 50%. The company also implemented automatic reports for regulatory bodies and applicable laws.