In this article, we cover everything that businesses need to know about KYC and AML.
When it comes to compliance, by far the most popular terms you’ll hear are “AML” and “KYC”. Still, many people confuse their definitions. So, what do KYC and AML really mean? And what is the difference between AML and KYC? In this article, we dive deep into KYC and AML, their compliance implications, and how they can help build smooth and secure user flows.
Know Your Customer (KYC) is the process of obtaining information about the customer and verifying their identity. The scope of identity information to be obtained varies by jurisdiction. Usually, businesses need at least the following data:
During the verification process, customers provide businesses with certain credentials, such as their ID. It’s on the businesses to ensure that submitted documents aren’t fake and that customers are who they say they are.
Suggested read: KYC Guide 2022—What’s KYC and Why is It Important?
Anti-Money Laundering (AML) is a series of measures and procedures carried out by financial institutions and other regulated entities to prevent financial crimes. For regulated businesses, this includes analyzing customers and their transactions, recordkeeping, reporting to AML authorities on suspicion of money laundering, and so forth.
Regulated businesses must develop their AML measures under the AML regulations of the country or region they operate in. Here are some examples:
National authorities also issue guidelines that help businesses understand their AML obligations. The Financial Action Task Force (FATF), meanwhile, sets global AML standards which are then adopted by individual jurisdictions.
AML involves a broad range of measures, usually referred to as an AML compliance program. KYC is just one component of this program, and is therefore encompassed by AML.
AML program requirements can vary across jurisdictions. But, usually, they involve the following:
During the CDD procedure, businesses must identify and verify customers—in other words, carry out KYC checks. At this stage, businesses must also define customer risk profiles.
AML compliance, including KYC, is mandatory for regulated entities under AML/CFT regulations. The scope of regulated entities varies across jurisdictions. Usually, this includes:
VASPs fall under AML regulations in many countries, including the US, Canada, UK, France, Singapore, Japan, South Korea, and others. Whereas, in some other countries, VASPs aren’t yet even written into law, or are banned altogether.
KYC/CDD is required in a number of cases described by national AML regulations. Usually, they include, but are not limited to, cases when the client:
Businesses can implement either manual (performed by a human compliance team) or automated KYC/AML checks. Automated KYC/AML and sanctions screening solutions reduce the risk of losing applicants by increasing pass rates.
By automating KYC, businesses obtain customer identity data through online identity verification. This process can occur on a mobile or web platform, and usually involves 5 steps:
Automated KYC procedures can also include biometric checks. One of them is called liveness, which is a face authentication process that verifies whether the client is a real person.
Automated AML and sanctions screening solutions are beneficial in terms of costs and efficiency. They reduce manual work and protect businesses from crime by getting reliable data from trustworthy sources, such as:
With automated AML solutions, businesses can build verification flows according to AML/KYC requirements in a given jurisdiction.
Banking, fintech, and crypto markets are the most vulnerable to money laundering and fraud. Effective KYC/AML processes can mitigate this by:
Bybit, a global crypto trading and staking platform, needed to implement an automated KYC solution to fight fraud, stay compliant with AML regulations, and stop fraudsters from passing the onboarding stage.
Sumsub rose to the challenge by adding two levels of verification checks:
Since integration, Sumsub has solved Bybit’s previous issues with delayed checks and verification errors:
Fintech platform YouHodler needed a strong and reliable KYC provider to operate in full compliance with ever-changing regulations. They also had challenges onboarding users in the UK, Australia, and Canada, where it’s common to use a driver’s license as an ID.
Sumsub enabled YouHodler’s clients to conduct KYC/AML on a truly global scale, increase their pass rate, reduce load on the support team, and decrease costs:
Know Your Customer (KYC) is the process of obtaining information about a customer and verifying their identity. Anti-Money Laundering (AML) is a complex of measures carried out by financial institutions and other regulated entities to prevent financial crimes. KYC falls within AML measures.
AML and KYC are not the same. KYC is just one component of an AML program, and is therefore encompassed by AML.
AML compliance is a regulated entity’s conformity to the requirements set by AML regulations. KYC compliance refers to the requirements for identification and verification of a customer.
An AML policy is a series of internal rules and measures for preventing money laundering and terrorist financing.
A KYC check verifies that the client is actually who they say they are. An AML check screens customers against sanctions, PEP lists, and watch lists.
Businesses must develop and effectively implement AML compliance programs, which include implementing Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures, risk assessment, AML policies and internal controls, ongoing monitoring, suspicious activity and transaction reporting, and more.