KYC and AML - What is the difference?

Anti-money laundering (AML) regulations are mandated by both national and international authorities around the world and place a wide variety of screening and monitoring obligations on financial institutions. Given the proximity of the terms Know Your Customer (KYC) and AML, however, and the fact that they are often used interchangeably, it can be difficult to understand how they differ in a regulatory context. 

The legal importance of the compliance function means that firms must be familiar with the difference between AML and KYC and, similarly, understand how both relate to each other during the regulatory process.

What is the difference between AML and KYC?

AML is a set of measures that financial organizations must put in place to prevent financial crimes from happening. KYC is one of the AML measures used by the organizations to collect information about their customers and verify their identities.

The type of identifying customer information collected during the KYC process includes:

• Name
• Address
• Date of birth
• Company incorporation documents

KYC may also include ongoing transaction monitoring, and a range of customer screening measures, including politically exposed person (PEP) screening, sanctions screening, and adverse media screening.

What does the AML screening process looks like?

The AML screening process involves gathering customer data, assessing potential risks, and monitoring their transactions. 

When considering a customer’s risk level, numerous factors are evaluated, including the customer’s source of funds, geographical location, and history of suspicious activity. This helps to identify high-risk customers who may be involved in money laundering or other criminal activities.

Once the customer’s risk level has been determined, a monitoring process is set up to flag any suspicious activity. This may include tracking large transfers, sudden changes in account activity, or transactions involving high-risk jurisdictions. Any suspicious activity is then reported to the appropriate authorities. 

Finally, the customer’s ongoing activity is monitored to ensure compliance with AML regulations.

How does the KYC process work?

At the outset of the KYC process, new customers must provide documents such as a valid passport or driver’s license to prove their identity. Once identifying customer information has been collected, this data is then verified through third-party sources such as government records, credit bureaus, or other financial institutions.

Once a customer is verified, the organizations can store the customer’s data in a secure database and use it to monitor customer activity and detect any suspicious or fraudulent activity. The customer may also be required to provide additional documents or information in order to comply with AML regulations.

KYC, Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)

KYC allows firms to take a risk-based approach to AML so that they can both identify their customers, and understand what level of money laundering risk they present. A recommendation of the Financial Action Task Force (FATF), risk-based AML requires firms to assess their customers individually in order to determine their risk levels: customers that are deemed to present a high AML risk should be subject to more intensive AML scrutiny, while low risk customers may be subject to simpler, less intrusive measures.

The first phase of the KYC process includes collecting customer information during the onboarding process. During the second phase, this information is verified to confirm the customer’s identity. At this time, a customer risk rating is also assigned. If the customer is deemed low-risk, standard CDD measures take place. According to the FATF, standard due diligence for client onboarding should include:

• Identifying and verifying the customer’s identity using reliable, independent source documents, data, or information
• Identifying and verifying the identity of the beneficial owner
• Conducting ongoing customer due diligence throughout the business relationship and scrutinizing transactions undertaken throughout the relationship
• Verifying that any person claiming to act on behalf of the customer is adequately authorized

However, in situations where a customer is deemed high-risk, the KYC process should involve Enhanced Due Diligence (EDD). The EDD process may involve:

• Collection of additional customer identification materials
• Verification of the source of customer funds
• Close scrutiny of the purpose of transactions or the nature of business relationships
• Implementation of ongoing monitoring procedures

The primary goal of the KYC process is to determine whether a business relationship with a customer should be pursued or maintained. Once this has been decided and the customer is subject to appropriate due diligence measures, the next step involves monitoring the account on an ongoing basis to ensure its transactions align with the customer’s established risk profile.

Are you an early stage FinTech and need a KYC and AML solution?

Discover ComplyLaunch™, our automated solutions package for early stage FinTechs.

Learn more

Where are the AML and KYC solutions required? 

In most jurisdictions, AML regulations require firms to develop and implement an AML program that is tailored to their business needs, and capable of managing the specific risks that their customers or business sectors present.

A firm’s AML program should facilitate the practical screening and monitoring processes required by the AML legislation under which it operates. It’s important to remember that the monitoring and screening processes associated with AML regulations may change depending on prevalent trends in financial crime and the legislative needs of financial authorities.

When to implement KYC measures?

The KYC process should take place during onboarding to ensure that customers are being truthful about who they are, and about the business in which they are involved. The identity verification process should involve an assessment of a customer’s personal information, and the nature of their business relationships. Where an entity is acting on behalf of an individual, firms should seek to establish the beneficial ownership of that entity.

KYC should also take place throughout the business relationship in order to establish that a customer’s risk profile continues to match the firm’s previous assessment of them.

Evolving AML KYC compliance

The balance between implementing suitable KYC controls and continuing to enhance the customer experience has been complicated recently by digital disruptors such as FinTechs and challenger banks. 

FinTech innovations have both positive and negative effects on the KYC process: while most add speed, reducing the time taken to perform due diligence, those same advances also reset expectations around onboarding times – making any gains contingent on a firm’s ability to continue to implement KYC measures efficiently. Solutions that send multiple automated requests for information from customers, for example, are likely to create more negative experiences than services with a lighter touch. 

With that in mind, many financial institutions continue to rely on tried-and-tested methods of performing KYC. A 2021 study by the Wolfsberg Group demonstrated the effectiveness of KYC measures that are designed and implemented to mitigate risk while supporting the objectives of government authorities. However, while the effectiveness of traditional KYC measures endures, firms can still take advantage of FinTech innovation by integrating new technologies such as advanced data analysis and artificial intelligence. Technologies like these represent a way to gain a deeper, more nuanced understanding of customer behavior, while enhancing decision-making in an increasingly complex compliance environment.

The KYC process relies on the collection and analysis of customer data – but in a complicated, fast-paced regulatory landscape that requirement can present significant challenges. As customer numbers grow, new criminal methodologies emerge, and FinTech innovations such as digital and mobile banking change the risk landscape, firms must find new ways to obtain and analyze the data they need to fulfill their regulatory responsibilities. 

With that in mind, firms should seek to integrate KYC measures that reflect their customers’ technological habits. In particular, firms may use biometric KYC measures, such as photo or ‘selfie’ uploads, fingerprints, and voiceprints as ways to accurately identify and verify their customers. Those KYC innovations both allow firms to remove friction from the customer experience and provide rich data for regulatory compliance purposes. 

Ultimately, the relationship between an AML program and a KYC process should be one of continuous feedback. As a subset of AML, KYC should be used to tailor an AML program to a firm’s unique needs, with compliance teams tasked to regularly refine customer risk profiles and enhance compliance performance.

Specialized KYC software is available to help firms manage the identity verification process, allowing them to automatically prioritize high-risk customers, while reducing human error and false positives.