KYC compliance

As technology advances, more business happens online — and resultantly so is more money laundering, financial crime, and fraud. Globally, lawmakers are passing regulations around data privacy, digital identity, age verification, and the proper usage of AI in establishing someone’s identity. How can a business keep pace with the uptick in fraud and a changing regulatory landscape? The answer: through a robust, comprehensive AML / KYC process. 

What is AML and KYC compliance?

AML, meaning anti-money laundering, refers to the processes and policies that businesses use to monitor customers for money laundering activities. Know your customer (KYC) processes are an essential part of AML that is specifically focused on verifying customers’ identities. AML compliance and KYC compliance are both guidelines to help businesses follow the regulations and laws that are applicable in their country.

What are the main reasons why KYC is important for AML compliance?

1. To satisfy global compliance needs
   Satisfying AML compliance needs is non-negotiable, and KYC is an important part of the AML process. Businesses are required worldwide by law to know who they are doing business with and to verify their customers’ identity to the best of their ability.
2. To enhance fraud protection
   Stopping fraud is another reason why KYC is vital for AML. If executed correctly, KYC can help businesses prevent fraud as illegitimate customers will be exposed and prohibited from doing business.

If institutions are using KYC processes to meet these goals, they must execute KYC in a cost-effective manner that does not impact customer acquisition. Onfido is here to help. We can help you lower your customer acquisition costs by reducing the number of customers who drop out of your KYC process and eliminating extraneous vendors. With our flexible, end-to-end identity verification platform, you can orchestrate award-winning document and biometric verifications, trusted data sources, and fraud detection signals.

What are KYC requirements for banks? 

Because of the heightened risk of money laundering activities within financial services, global AML regulations and laws for financial institutions are common. These laws vary from country to country, but AML processes to meet these requirements often contain similar concepts such as:

• Know your customer
  KYC, meaning know your customer, involves making sure that your customer is who they say they are. It is important to draw on many data points since creating a comprehensive fake identity is difficult; the more information businesses collect, the easier it is to spot inconsistencies. This can often include information like:
  • Name
  • Address
  • ID number
  • Tax ID

KYC can also create a holistic view of each customer, building a customer profile that examines their economic activities and financial status in order to understand what ‘normal’ activities are.

• Identity verification
  Checking a government-issued ID like a passport, driving license, or national ID card is often the first step in a KYC verification process.
• Screening
  Another important AML process is to identify any individuals who are considered a higher financial crime risk. Businesses screen customers against relevant PEPs, Sanctions, and Adverse Media watchlists.
• Customer risk assessments
  Once all the above information is obtained and analyzed, businesses can then determine the financial crime risk of each customer. Depending on the risk level, a business may decide not to do business with that individual, conduct further due diligence before allowing them to onboard, or move the customer through to the next onboarding process if there are no red flags.

What is KYC in other industries?

Making sure the person on the other side of any transaction is who they say they are is important for a wide range of industries outside of financial services, whether or not KYC is required by regulations. 

• Gaming & gambling
  In some cases, restricting access for minors is a vital function in the gaming industry. KYC ensures that gamers are of legal age to play. KYC can also help prevent fraud activities like bonus abusers, multiple account registrations, and account takeovers that have a direct impact on revenue.
• Healthcare
  KYC helps pharmacies, telemedicine, and other healthcare providers ensure the security of their patients and associated private information. The ability to digitally verify patient identities helps to prevent fraud, safeguard health records, and meet compliance requirements.
• Transport
  Keeping drivers, riders, and assets safe, verifying that drivers are of legal age, meeting regulatory requirements, and stopping fraud are benefits of KYC processes for the transportation industry.
• Sharing economy
  Peer-to-peer platforms like ride-sharing or secondhand marketplaces are commonplace. In order to securely grow these global and local communities, accurate identity verification is key. KYC gives confidence that those onboarded are genuine, have the right credentials, and are there for the right reasons.
• Telecommunications
  SIM swap fraud, impersonation attempts, and loss of devices; the potential for scamming in this industry is high. Building KYC into the onboarding process, particularly automated digital verification processes, mitigates this risk.

What are the requirements for KYC compliance?

AML and KYC requirements are the standards and laws set by local legislation. The specific requirements will vary from country to country, although the purpose is the same: to prevent money laundering and fraud. 

We’ll take a look at a few AML/KYC requirements for the financial industry in the United States, United Kingdom, and the European Union. Keep in mind that these laws are subject to change, and this is not a comprehensive coverage of all rules and regulations that your business may be required to follow for AML/KYC compliance.

United States AML/KYC requirements for the financial industry

In the United States, the rules and regulations that govern AML/KYC include:

• The Bank Secrecy Act (1970)
• Money Laundering Control Act (1986)
• Anti-Drug Abuse Act (1988)
• Annunzio-Wylie Anti-Money Laundering Act (1992)
• Money Laundering Suppression Act (1994)
• Money Laundering and Financial Crimes Strategy Act (1998)
• USA PATRIOT Act (2001)
• Intelligence Reform & Terrorism Prevention Act (2004) 
• The Anti-Money Laundering Act of 2020 (AMLA 2020) 

While some of these also include KYC, two laws that apply specifically to KYC in the financial sector are: 

• FINRA Rule 2090 (Know Your Customer).

FINRA Rule 2090 requires broker-dealers to use reasonable effort when opening and maintaining client accounts. They must know and keep records on each customer’s profile and identify each person who has authority to act on the customer’s behalf. In general, a customer's investment profile would include details like the customer’s:

• • Age 
  • Other investments
  • Financial situation and needs
  • Tax status
  • Investment objectives
  • Investment experience
  • Investment time horizon
  • Liquidity needs

• FINRA Rule 2111 (Suitability)
  

FINRA Rule 2111 states that broker-dealers must have a reasonable belief that a recommendation is suitable for a customer and that it is formulated for the client’s specific financial situation and needs. 

United Kingdom AML/KYC requirements for the financial industry

In the United Kingdom, the rules and regulations that govern AML/KYC include:

• The Proceeds of Crime Act (POCA) 2002 
• The Terrorism Act 2000 (amended through various subsequent legislation)
• The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (often referred to as MLRs 2017)

In June of 2022, the UK government issued a forward-looking review of AML, concluding that there are no major changes required at the time. KYC is included as one of the steps of AML regulations in the UK. 

European Union AML/KYC requirements for the financial industry

In the European Union, the rules and regulations that govern AML/KYC include:

• Anti-Money Laundering Directive, also known as 1AMLD (1991)
• 2AMLD (2001) 
• 3AMLD (2006) 
• 4AMLD (2015) 
• 5AMLD (2018)
• 6AMLD (2020)

Each new directive expanded the scope of AML and Combating the Financing of Terrorism (CFT) requirements, and KYC is included under those umbrellas. 

What are the four components of the KYC process?

Every end-to-end KYC process will be different, although they typically include four steps for onboarding customers. So, what are the 4 steps of KYC verification and compliance?

1. Customer verification
   This step could include a two-step process, like collecting KYC documents and performing biometric verification. Biometric captures, like those offered by Onfido, help to verify identity and prove that the potential customer is real, and submitting their rightful photo ID. These measures may include submitting a selfie or short video.
2. Customer due diligence
   Depending on the level of due diligence required, this step could include sanctions screening, PEPs screening, watchlists, and other KYC measures.
3. Risk scoring/decisioning
   Based on risk assessment, businesses will next determine whether to allow customers to continue onboarding, to complete further due diligence, or to reject the applicant.
4. Ongoing monitoring
   Throughout the customer journey, businesses will continue to monitor for any red flags or changes in their financial or political status.

Onfido’s Real Identity Platform provides a comprehensive and streamlined solution for each of these essential KYC process steps, making KYC compliance easier and more efficient for organizations across a wide range of industries.

What are three steps to know your customer better with Onfido?

The Onfido Real Identity Platform brings together a suite of verifications, no-code orchestration, and powerful AI so you can meet the specific AML/KYC compliance needs for your business. Rather than using multiple vendors for the plethora of verification services, you can access Onfido’s simple, configurable Verification Suite. 

Our Verification Suite includes:

• ID record validation
• Document verification
  • Document check
  • Autofill
  • NFC
• Biometric verification
  • Facial check — selfie, video, and motion
  • Known faces
• Data verification
  • Proof of address
  • Watchlist & watchlist AML
  • Watchlist ongoing monitoring (Beta)
  • Phone verification (Beta)
  • AAMVA (US only)
  • SSN check (US only, Beta)
  • India tax ID (India only, Beta)
• Fraud detection
  • Device intelligence

Onfido Studio is your mission control for identity, helping your business to build tailored, automated compliance journeys with no-code workflows. Here’s how to build your KYC journey in three simple steps.

1. Build your onboarding flow
   Easily map out your onboarding flow based on your unique market, geography, and customer profiles. For example, you could easily create an onboarding flow with different paths for US and non-US customers. This flexibility allows you to build sophisticated automated decisioning without complexity.