What is KYC and AML compliance?

Every year, somewhere between $800 billion and $2 trillion of money is laundered. Much of this comes from arms smuggling – as well as the trafficking of humans or drugs – and a lot is funneled to aid the efforts of terrorists, both at home and overseas.

To ‘wash’ their money criminals often enlist the unwitting help of organizations that move, loan, or handle large volumes of money: such as financial institutions, securities firms, and online gaming platform providers. Which, in turn, means these businesses – businesses like yours – have a role to play in combating this wide range of financial crime.

How? Through complying with Anti-Money Laundering (AML) regulations.

Below, we’ll unpack the five pillars of AML compliance, and what Know Your Customer (KYC) checks – a subset of AML regulation – means for your business. We’ll also explore the difference between AML and KYC, explain why they’re both vital parts of your organization’s compliance and fraud-fighting strategy, and take a look at how Checkout.com can help.

What are AML and KYC checks?

AML stands for Anti-Money Laundering. It’s a set of laws, regulations, and procedures designed to combat not only money laundering (the process of concealing the source of illegitimately gained funds, and making it untraceable), but a wide range of financial fraud, too.

All obligated firms must be AML compliant, especially if your business operates in industries such as real estate, financial services, gambling, accountancy, or the art market, which are recognized for having a higher risk of money laundering. This involves verifying your customers’ identity, evaluating the risks they might pose, and monitoring their transactions and activity with your business going forward.

KYC (Know Your Customer) checks are a part of AML compliance. Basically, KYC checks require you to prove that the customers you’re working with are who they say they are.

That could involve verifying their identity through biometric means – for example, via fingerprint or facial recognition technology – or by authenticating documents like their driver’s license or passport.

When you take on a new customer or are transacting with an existing one, KYC checks constitute crucial customer due diligence. And they’re not just about verifying your customer’s identity, but about building up a risk profile on them: helping you ensure that the customer isn’t involved in any illegal activity, and that you understand the risks of doing business with them.

Why AML and KYC regulations are important

AML and KYC regulations are important for a whole host of reasons, including:

• Preventing financial crime: Despite the name, AML regulations aren’t designed to fight money laundering alone – they also combat bribery, corruption, collusion, and the financing of terrorists. By remaining AML compliant, you’re helping disrupt the flow of illicit funds and stop criminals from manipulating the financial system for their own gain.
• Promoting financial integrity and transparency: By requiring businesses such as banks and financial institutions to verify their customers’ identity and assess their risk profiles, AML measures such as KYC help prevent fraud and identity theft: protecting businesses and consumers.
• Ensuring regulatory compliance: Since KYC and AML are mandated by governments and regulatory authorities around the world, non-compliance comes with hefty legal – and reputational – repercussions: including fines, sanctions, and negative press.
• Advancing international cooperation: Because money laundering and other types of financial crime tend to transcend national borders, any attempts to stop them require a cooperative approach. By facilitating countries, governments, and international organizations to work together, AML regulations enable this: allowing these bodies to share intelligence, compare information, and coordinate their efforts globally.

What is the difference between AML and KYC?

The best way to distinguish the two concepts is to remember that KYC is part of AML.

If AML is the wider, overarching umbrella dedicated to combating financial fraud, then KYC falls under that umbrella as one of the measures that contribute to AML compliance.

We’ll unpack these concepts and how they differ in more detail below.

AML compliance

AML compliance spans the entire customer lifecycle, starting even before a firm decides to establish a business relationship. KYC (Know Your Customer) checks are conducted at the outset to determine whether a potential client should be onboarded, based on their risk profile and the firm's risk appetite. These initial checks set the level of due diligence required and continue throughout the entirety of their interaction with your organization.

AML compliance includes:

• Identifying your customer by collecting details such as their name, date of birth, address, passport number, and driver’s license number.
• Verifying those details through a KYC check.
• Running a risk assessment, which takes into account the customer’s location, financial history, background, and business activities to determine their eligibility and suitability for your services.
• Implementing customer due diligence (CDD) – which we’ll explain more shortly – as a suite of additional checks for customers with a higher risk profile.
• Monitoring transactions, in which you keep tabs on activity that could suggest money laundering or terrorist financing. (Typically, this is done through machine learning algorithms, which detect patterns and then flag deviations from them as suspicious.)
• Filing a suspicious activity report, should you detect any serious anomalies through these checks: submitting detailed information about the activity, the individual involved, and the nature of the transaction to the authorities.
• Doing all this not merely as a once-off, but as part of a regular, ongoing AML process.

To attain (and maintain) AML compliance, you’ll need to establish an AML compliance program for your organization. Scroll down to read more about what you’ll need to do that, and to learn about the five pillars of an AML compliance program.

KYC compliance

Broadly, KYC compliance involves two parts: initial verification and ongoing monitoring.

KYC verification is the process of ensuring your customers’ documents match the details they’ve provided when they initiate contact with your business. That could be the customer applying for financial products or services, setting up a marketplace or gaming account, or – in the case of acquiring new staff – signing a document to complete the hiring process.

KYC monitoring is just one aspect of AML monitoring: that is, the way you’ll keep tabs on your customers’ activity going forward. This could be watching for suspiciously large transactions or deposits, or sudden spikes in activity that go against established patterns of behavior.

There are several different types of KYC checks, including:

• Risk-based checks, which look at the level of risk associated with each customer based on factors such as their background, financial activities, and geographic location.
• Means-based checks, which attempt to verify the financial means or capacity of your customer to engage in certain transactions, or maintain a particular account. This includes looking at their income, assets, source of funds, and financial history.
• Certified-based checks, which rely on certified or verified documentation provided by trusted third parties – such as government agencies, lawyers, or notaries – to verify the customer’s identity.

Looking for a way to conduct KYC checks – without the friction, the hassle, and the sluggish pace they often come with? Checkout.com can help.

Our Identity Verification solution is fast and secure, and allows you to select the KYC procedure and the level of security that best fit your regional AML requirements. It supports risk-based, means-based, and certified-based KYC checks, and allows you to comply with every regulation under the sun: including GDPR, ETSI, and FATF.

Get in touch with our team of identity verification experts here at Checkout.com today to learn more, or read on as we explain the five pillars of an AML compliance program.

What are the 5 pillars of an AML compliance program?

The five pillars of an AML compliance program are the key practices your organization will need to adopt to avoid the penalties of AML non-compliance, and do your bit to fight financial fraud. These pillars include:

1. Designating a compliance officer
2. Implementing customer due diligence
3. Developing internal policies
4. Creating an employee training program
5. Ensuring independent testing and review

We’ll explain each pillar in more detail below.

Designate a compliance officer

Before you can begin implementing an effective AML compliance program, you’ll need to choose someone from your organization to take charge of the process.

This person – your AML compliance officer – will be your business’s go-to authority on AML, as well as remaining responsible for implementing and maintaining your AML program. This means evaluating your existing AML compliance processes and activities, devising new ways to meet your AML obligations, and sharing their AML expertise with your wider organization.

Implement customer due diligence

One of the core, and best-known, tenets of AML compliance is customer due diligence (CDD).

Once you’ve identified and verified the identity of the customers, stakeholders, and investors your business interacts with – which you’ll do through KYC checks – you may need to run additional checks if the customer’s risk profile presents more complex challenges. This is CDD.

A key part of CDD, then, is the concept of risk – or, more specifically, how much risk a prospective customer poses to your business.

Typically, businesses conduct CDD on a risk-based approach: so, formulating specific risk assessments and scores based on the perceived level of danger a customer poses. For example, customers from geographical locations where money laundering is rife, those engaged in high-value transactions, or politically exposed persons (PEPs), will have higher risk levels – and, therefore, require more comprehensive due diligence measures.

CDD applies at all stages of the customer’s interaction with your business – not just the beginning of it. You’ll need to monitor their activity ongoing to check for unusual patterns, strange spikes in activity, or anomalously high-value transactions, and regularly update your records to ensure you’re always working with the most up-to-date information.

Develop internal policies

The most AML-compliant organizations embed AML into their organizational fabric: developing policies to ensure compliance and stay on top of emerging AML trends and regulations.

These sets of procedures and controls will define your business’s approach to AML, and ensure everyone in your organization knows how AML affects their role. Through this lens, your internal policies should encompass AML training and awareness – which we’ll unpack below – as well as how to check, track, and report transactional activity to the appropriate people.

Your AML internal policies should also outline your documentation and record-keeping requirements. This proof – be it evidence of your CDD efforts, transaction monitoring, suspicious activity reporting, or performance in previous audits – is how you’ll demonstrate your commitment to AML compliance when external auditors come along. So it’s vital!

Create an employee training program

Staff education is a key cog in all AML programs, and – while you can, and should, look to offer your employees external education – developing your own employee training program will provide tailored, customized learning that reflects your business’s and industry’s nuances.

This training program should provide your team with an understanding of AML laws, regulations, and sector best practices, as well as laying out your business’s internal AML policies. It’ll also need to cover the legal requirements around CDD, transaction monitoring, and suspicious activity reporting, and how to apply AML policies to their day-to-day roles and decision making.

Remember, too, that your business’s employee training program shouldn’t be a one-time event; some slide deck wheeled out every so often to ‘tick a box’. No – it should be a living, breathing, dynamic program that engages your employees, and which you regularly update to reflect the latest advancements in the AML compliance landscape.

AML compliance doesn't have to be a chore, or a checkbox – it can be a culture your whole team wants to buy into, and feels able to be an active part of.

Ensure independent testing and review

The final pillar of a robust AML program? Bringing in independent third-party entities to audit your AML efforts for potential vulnerabilities or blind spots.

No organization can – or, for that matter, should – rely on internal testing alone, so this is a crucial element of your AML program.

How regularly you should run these audits will depend on the specific needs of your business, and on your industry’s level of risk, but aim for once a year at the very least.

As demand for skilled labor and technology solutions remains high - as do governments’ expectations for regulated firms - ComplyAdvantage's Global Head of Regulatory Affairs suggests a layered approach to AML compliance is needed:

"Financial crime prevention teams must continue innovating and employing multi-layered approaches to fighting financial crime. This involves using more data, technology, and financial intelligence sharing to prevent, detect, and report illicit financial flows. Financial crime prevention teams must also continue to learn about emerging technologies, including threats and opportunities, and be able to support a workforce that should be trained continuously to remain able to detect financial crime and potential sanctions breaches."

Which types of businesses need an AML compliance program?

All businesses must comply with AML regulations. However, those involved in lending money, moving money, or dealing in large-scale, high-value transactions need to ensure they are particularly diligent in their AML compliance efforts.

Some of the main types of businesses that will require an AML compliance program include:

• Financial institutions like banks, credit unions, payment service providers, and insurance companies; money services businesses (MSBs) such as currency exchanges and check cashers; cryptocurrency exchanges and virtual asset service providers (VASPs) 
• Securities firms, broker-dealers, and investment advisors
• Real estate agencies, luxury goods dealers, and other high-value asset sellers
• Some professional service providers (for example: lawyers, accountants, and notaries)
• Casinos, online gaming platforms, and other businesses in the gaming or gambling industries

How to maintain AML compliance with Checkout.com

In today's interconnected and rapidly evolving financial landscape, the importance of detecting and preventing financial crime cannot be overstated. 

With regulators worldwide constantly enhancing their oversight and compliance requirements, businesses face the daunting task of staying one step ahead of emerging risks. Beyond Identity Verification, our clients want to simplify their onboarding with a solution that can protect their business through AML screening and ongoing monitoring. 

That is why we’re partnering with ComplyAdvantage – the industry’s leading source of AI-driven financial crime risk data – which helps over 1,600 businesses across more than 100 countries in assessing and monitoring risk from individual clients and company entities.

With this partnership, we offer clients the expertise and global capacity of a leader who facilitates compliance with an innovative approach. 

Integrate our API and get access to AML requirements for customer screening against a live global database of Sanctions, PEPs, Watchlists, Adverse Media, and more. Get all the benefits from a one-stop solution designed to protect your business and reduce the cost of compliance. Learn how to simplify compliance with Identity Verification.