A Guide to Anti-Money Laundering for Crypto Firms

Anti-money laundering (AML) regulations are mandated by both national and international authorities around the world and place a wide variety of screening and monitoring obligations on financial institutions. Those AML obligations include the Know Your Customer (KYC) process, which enables firms to identify their customers and understand their financial behavior. Given the proximity of the terms KYC and AML, however, and the fact that they are often used interchangeably, it can be difficult to understand how they differ in a regulatory context. 

The legal importance of the compliance function means that firms must be familiar with the difference between AML and KYC and, similarly, understand how both relate to each other during the regulatory process.

What is the Difference Between AML and KYC?

AML (anti-money laundering) is an umbrella term for the range of measures, controls, and processes that firms must put in place in order to achieve regulatory compliance. By contrast, KYC is a component part of AML, and refers specifically to the means by which firms establish and verify their customers’ identities, and monitor their financial behavior. 

Typically, the KYC process involves the collection and verification of a range of identifying information from customers including: 

  • Name
  • Address
  • Date of birth
  • Company incorporation documents

KYC may also include ongoing transaction monitoring, and a range of customer screening measures, including politically exposed person (PEP) screening, sanctions screening, and adverse media screening. 

Enhanced Due Diligence, KYC and AML

KYC allows firms to take a risk-based approach to AML so that they can both identify their customers, and understand what level of money laundering risk they present. A recommendation of the Financial Action Task Force (FATF), risk-based AML requires firms to assess their customers individually in order to determine their risk levels: customers that are deemed to present a high AML risk should be subject to more intensive AML scrutiny, while low risk customers may be subject to simpler, less intrusive measures. 

The risk-based approach to AML is a way for firms to balance their regulatory obligations with budgetary resources – and, crucially, with the need to provide a positive customer experience. By assessing customers individually, firms can ensure only a minority are subjected to onerous KYC measures that negatively affect their experience. Ideally, firms implement risk-based AML processes to strike a balance between their compliance obligations, their resources, and customer service experiences.   

Accordingly, where a customer presents a particularly high risk of money laundering, the KYC process should involve Enhanced Due Diligence (EDD). The EDD process may involve:

  • Collection of additional customer identification materials
  • Verification of the source of customer funds
  • Close scrutiny of the purpose of transactions or the nature of business relationships
  • Implementation of ongoing monitoring procedures

Are you an early stage FinTech and need a KYC and AML solution?

Discover ComplyLaunch™, our automated solutions package for early stage FinTechs.

Learn more

AML KYC Compliance Innovation

The balance between implementing suitable KYC controls and continuing to enhance the customer experience has been complicated recently by digital disruptors such as FinTechs and challenger banks

FinTech innovations have both positive and negative effects on the KYC process: while most add speed, reducing the time taken to perform due diligence, those same advances also reset expectations around onboarding times – making any gains contingent on a firm’s ability to continue to implement KYC measures efficiently. Solutions that send multiple automated requests for information from customers, for example, are likely to create more negative experiences than services with a lighter touch. 

With that in mind, many financial institutions continue to rely on tried-and-tested methods of performing KYC. A 2021 study by the Wolfsberg Group demonstrated the effectiveness of KYC measures that are designed and implemented to mitigate risk while supporting the objectives of government authorities. However, while the effectiveness of traditional KYC measures endures, firms can still take advantage of FinTech innovation by integrating new technologies such as advanced data analysis and artificial intelligence. Technologies like these represent a way to gain a deeper, more nuanced understanding of customer behavior, while enhancing decision-making in an increasingly complex compliance environment. 

KYC in an AML Solution

In most jurisdictions, AML regulations require firms to develop and implement an AML program that is tailored to their business needs, and capable of managing the specific risks that their customers or business sectors present.

A firm’s AML program should facilitate the practical screening and monitoring processes required by the AML legislation under which it operates. It’s important to remember that the monitoring and screening processes associated with AML regulations may change depending on prevalent trends in financial crime and the legislative needs of financial authorities.

When to Implement KYC Measures

The KYC process should take place during onboarding to ensure that customers are being truthful about who they are, and about the business in which they are involved. The identity verification process should involve an assessment of a customer’s personal information, and the nature of their business relationships. Where an entity is acting on behalf of an individual, firms should seek to establish the beneficial ownership of that entity.

KYC should also take place throughout the business relationship in order to establish that a customer’s risk profile continues to match the firm’s previous assessment of them.

Evolving AML KYC Compliance

The KYC process relies on the collection and analysis of customer data – but in a complicated, fast-paced regulatory landscape that requirement can present significant challenges. As customer numbers grow, new criminal methodologies emerge, and FinTech innovations such as digital and mobile banking change the risk landscape, firms must find new ways to obtain and analyze the data they need to fulfill their regulatory responsibilities. 

With that in mind, firms should seek to integrate KYC measures that reflect their customers’ technological habits. In particular, firms may use biometric KYC measures, such as photo or ‘selfie’ uploads, fingerprints, and voiceprints as ways to accurately identify and verify their customers. Those KYC innovations both allow firms to remove friction from the customer experience and provide rich data for regulatory compliance purposes. 

Ultimately, the relationship between an AML program and a KYC process should be one of continuous feedback. As a subset of AML, KYC should be used to tailor an AML program to a firm’s unique needs, with compliance teams tasked to regularly refine customer risk profiles and enhance compliance performance.

Specialized KYC software is available to help firms manage the identity verification process, allowing them to automatically prioritize high-risk customers, while reducing human error and false positives.

Request a Demo

See how 1000+ leading companies are screening against the world's only real-time risk database of people and businesses.

Demo request

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).