Dec 26, 2022
4 min read

KYC and AML — the Difference and Best Practices

In this article, we cover everything that businesses need to know about KYC and AML.

When it comes to compliance, by far the most popular terms you’ll hear are “AML” and “KYC”. Still, many people confuse their definitions. So, what do KYC and AML really mean? And what is the difference between AML and KYC? In this article, we dive deep into KYC and AML, their compliance implications, and how they can help build smooth and secure user flows.

What is Know Your Customer (KYC)?

Know Your Customer (KYC) is the process of obtaining information about the customer and verifying their identity. The scope of identity information to be obtained varies by jurisdiction. Usually, businesses need at least the following data:

  • Name
  • Date of birth
  • Address.

During the verification process, customers provide businesses with certain credentials, such as their ID. It’s on the businesses to ensure that submitted documents aren’t fake and that customers are who they say they are.

Suggested read: Know Your Customer Guide

What is Anti-Money Laundering (AML)?

Anti-Money Laundering (AML) is a series of measures and procedures carried out by financial institutions and other regulated entities to prevent financial crimes. For regulated businesses, this includes analyzing customers and their transactions, recordkeeping, reporting to AML authorities on suspicion of money laundering, and so forth.

Regulated businesses must develop their AML measures under the AML regulations of the country or region they operate in. Here are some examples:

National authorities also issue guidelines that help businesses understand their AML obligations. The Financial Action Task Force (FATF), meanwhile, sets global AML standards which are then adopted by individual jurisdictions.

What is the difference between KYC and AML?

AML involves a broad range of measures, usually referred to as an AML compliance program. KYC is just one component of this program, and is therefore encompassed by AML.

AML program requirements can vary across jurisdictions. But, usually, they involve the following:

During the CDD procedure, businesses must identify and verify customers—in other words, carry out KYC checks. At this stage, businesses must also define customer risk profiles.

Where and when are KYC and AML required?

AML compliance, including KYC, is mandatory for regulated entities under AML/CFT regulations. The scope of regulated entities varies across jurisdictions. Usually, this includes:

  • Financial institutions;
  • Credit institutions;
  • Insurance companies;
  • E-money institutions;
  • Payment institutions;
  • Virtual Assets Service Providers (VASPs);
  • Gambling service providers,
  • Art dealers, etc.

VASPs fall under AML regulations in many countries, including the US, Canada, UK, France, Singapore, Japan, South Korea, and others. Whereas, in some other countries, VASPs aren’t yet even written into law, or are banned altogether.

KYC/CDD is required in a number of cases described by national AML regulations. Usually, they include, but are not limited to, cases when the client:

  1. Establishes a relationship with a business for the first time (for example, opening an account at a bank or crypto exchange platform);
  2. Makes a transaction exceeding the amount defined by AML regulations;
  3. Poses suspicions in relation to money laundering/terrorist financing.

How automation improves KYC/AML compliance

Businesses can implement either manual (performed by a human compliance team) or automated KYC/AML checks. Automated KYC/AML and sanctions screening solutions reduce the risk of losing applicants by increasing pass rates.

Automated KYC checks

By automating KYC, businesses obtain customer identity data through online identity verification. This process can occur on a mobile or web platform, and usually involves 5 steps:

  1. The user selects their ID document type;
  2. The user uploads photos of their document;
  3. The KYC platform screens and validates the document;
  4. Users upload a photo of themselves holding the document;
  5. The KYC platform verifies that the user is a real person.

Automated KYC procedures can also include biometric checks. One of them is called liveness, which is a face authentication process that verifies whether the client is a real person.

Automated AML and sanctions screening

Automated KYC and AML screening solutions are beneficial in terms of costs and efficiency. They reduce manual work and protect businesses from crime by getting reliable data from trustworthy sources, such as:

  • PEP lists;
  • Sanctions lists;
  • Watchlist;
  • Adverse media lists.

With automated AML solutions, businesses can build verification flows according to AML/KYC requirements in a given jurisdiction.

Best practices for KYC/AML in banking, crypto, and fintech

Banking, fintech, and crypto markets are the most vulnerable to money laundering and fraud. Effective KYC/AML processes can mitigate this by:

  • Lowering legal and reputational risks. By complying with AML laws, businesses can avoid hefty fines and other penalties from regulators while safeguarding their reputation.
  • Detecting fraudsters. In financial services, fraudsters not only use fake IDs, but apply a variety of sophisticated schemes, for example, money muling. By ensuring that only verified users can become customers, businesses can curb even the most innovative fraud attacks.
  • Improving user experience. When businesses optimize their KYC/AML flows according to applicant risk profiles, users don’t have to pass extra checks. This reduces drop-offs and improves the user experience.

Case study: Bybit

Bybit, a global crypto trading and staking platform, needed to implement an automated KYC solution to fight fraud, stay compliant with AML regulations, and stop fraudsters from passing the onboarding stage.

Sumsub rose to the challenge by adding two levels of verification checks:

  1. ID verification and biometric liveness for users who wish to withdraw up to 50 BTC;
  2. Proof of address (PoA) verification for those who wish to operate with larger sums.

Since integration, Sumsub has solved Bybit’s previous issues with delayed checks and verification errors:

  • Verification time has been reduced to about one minute;
  • The average pass rate has reached 78% for first-level verification;
  • Forgery attempt detection has risen to 99%.

Learn more about Sumsub and Bybit’s partnership in our article.

Case study: YouHodler

Fintech platform YouHodler needed a strong and reliable KYC provider to operate in full compliance with ever-changing regulations. They also had challenges onboarding users in the UK, Australia, and Canada, where it’s common to use a driver’s license as an ID.

Sumsub enabled YouHodler’s clients to conduct KYC/AML on a truly global scale, increase their pass rate, reduce load on the support team, and decrease costs:

  • The average pass rate grew to 92%. Pass rates grew by 10% in the UK, while in Australia and Canada they increased by 14% and 18% accordingly.
  • The verification time fell to 1.2 minutes. Before, it took 9.8 minutes on average to verify one user. This means that verification time sped up by more than 700%.
  • YouHodler lowered support and user verification costs by 50%. The company also implemented automatic reports for regulatory bodies and applicable laws.

Learn more about Sumsub and YouHodler’s partnership in our article.

Frequently Asked Questions about AML and KYC

  • What is AML and KYC?

    Know Your Customer (KYC) is the process of obtaining information about a customer and verifying their identity. Anti-Money Laundering (AML) is a complex of measures carried out by financial institutions and other regulated entities to prevent financial crimes. KYC falls within AML measures.

  • Are AML and KYC the same?

    AML and KYC are not the same. KYC is just one component of an AML program, and is therefore encompassed by AML.

  • What is AML & KYC compliance?

    AML compliance is a regulated entity’s conformity to the requirements set by AML regulations. KYC compliance refers to the requirements for identification and verification of a customer.

  • What is an AML policy?

    An AML policy is a series of internal rules and measures for preventing money laundering and terrorist financing.

  • What are KYC & AML checks?

    A KYC check verifies that the client is actually who they say they are. An AML check screens customers against sanctions, PEP lists, and watch lists.

  • How do businesses become KYC/AML compliant?

    Businesses must develop and effectively implement AML compliance programs, which include implementing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures, risk assessment, AML policies and internal controls, ongoing monitoring, suspicious activity and transaction reporting, and more.

AMLAutomationFinancial InstitutionsIdentity VerificationKYCRisk ManagementSanctions