As technology advances more business is conducted online — and resultantly so is more money laundering, financial crime, and fraud. Globally, lawmakers are passing regulations concerned with data privacy, digital identity, age verification, and the proper usage of artificial intelligence in establishing someone’s identity. How can a business keep up with the uptick in fraud and the changing regulatory landscape? The answer: through instituting robust and comprehensive AML and KYC processes.
What is AML and KYC compliance?
AML, meaning anti-money laundering, refers to the processes and policies that businesses use to monitor their customers for illegal money laundering activities. Know your customer (KYC) processes are an essential part of AML that is specifically focused on verifying customers’ identities. AML compliance and KYC compliance is the process that businesses must follow to adhere to the regulations and laws that are applicable in their country.
What is AML and KYC in banking?
Because of the heightened risk of money laundering activities within financial services, global AML regulations and laws for financial institutions are common. These laws vary from country to country, but AML processes to meet these requirements often contain similar concepts like:
- Know Your Customer
KYC, meaning know your customer, involves making sure that your customer is who they say they are. It is important to draw on many data points, since creating a comprehensive fake identity is difficult; the more information businesses collect, the easier it is to spot inconsistencies. This can often include information like:
- ID number
- Tax ID
KYC can also create a holistic view of each customer — building a customer profile that examines their economic activities and financial status in order to understand what ‘normal’ activities are.
- Identity verification
Checking a government-issued ID like a passport, driving license, or national ID card is often the first step in a verification process.
Another important AML process is to identify any individuals that are considered a higher financial crime risk. Businesses screen customers against relevant PEPs, Sanctions, and Adverse Media watchlists.
- Customer risk assessments
Once all the above information is obtained and analyzed, businesses can then determine the financial crime risk of each customer. Depending on the risk level, a business may decide to not do business with that individual, conduct further due diligence before allowing them to onboard, or move the customer through to the next onboarding process if there are no red flags.
What is KYC in other industries?
Making sure the person on the other side of any transaction is who they say they are is important for a wide range of industries outside of financial services, whether or not KYC is required by regulations.
Restricting access for minors to comply with regulations is vital for the gaming industry. KYC is an important step to ensure that gamers are of age. KYC can also help prevent fraud activities like bonus abusers, multiple account registrations, and account takeovers that have a direct impact on revenue.
KYC helps healthcare, pharmacy, and telemedicine providers ensure the security of their patients and associated private health information. The ability to digitally verify patient identities helps to prevent fraud, safeguard health records, and meet compliance requirements.
Keeping drivers, riders, and assets safe, verifying that drivers are of a legal age, meeting regulatory requirements, and stopping fraud are benefits of KYC processes for the transportation industry.
- Sharing economy
Peer-to-peer platforms like ride-sharing or secondhand marketplaces have become common. In order to securely grow these global and local communities, accurate identity verification is key. KYC gives confidence that those onboarded are genuine, have the right credentials, and are there for the right reasons.
SIM swap fraud, impersonation attempts, loss of devices; the potential for scamming in this industry is high. Building KYC into the onboarding process, particularly automated digital verification processes, mitigates this risk.
What are AML requirements? What are KYC requirements?
AML and KYC requirements are the standards and laws set by local legislation. The specific requirements will vary from country to country, although the purpose is the same: to prevent money laundering and fraud.
We’ll take a look at a few KYC requirements for the financial industry in the United States, United Kingdom, and the European Union. Keep in mind that these laws are subject to change, and this is not a comprehensive coverage of all rules and regulations that your business may be required to follow for AML/KYC compliance.
United States AML/KYC requirements for the financial industry
In the United states, the rules and regulations that govern AML/KYC include:
- The Bank Secrecy Act (1970)
- Money Laundering Control Act (1986)
- Anti-Drug Abuse Act (1988)
- Annunzio-Wylie Anti-Money Laundering Act (1992)
- Money Laundering Suppression Act (1994)
- Money Laundering and Financial Crimes Strategy Act (1998)
- USA PATRIOT Act (2001)
- Intelligence Reform & Terrorism Prevention Act (2004)
- The Anti-Money Laundering Act of 2020 (AMLA 2020)
While some of these also include KYC, two laws that apply specifically to KYC in the financial sector are:
- FINRA Rule 2090 (Know Your Customer)
FINRA Rule 2090 requires broker-dealers to use reasonable effort when opening and maintaining client accounts. They must know and keep records on each customer’s profile and identify each person who has authority to act on the customer’s behalf. In general, a customer's investment profile would include details like:
- Customer's age
- Other investments
- Financial situation and needs
- Tax status
- Investment objectives
- Investment experience
- Investment time horizon
- Liquidity needs
- FINRA Rule 2111 (Suitability)
FINRA Rule 2111 states that broker-dealers must have a reasonable belief that a recommendation is suitable for a customer and that it is formulated for the client’s specific financial situation and needs.
United Kingdom AML/KYC requirements for the financial industry
In the United Kingdom, the rules and regulations that govern AML/KYC include:
- The Proceeds of Crime Act (POCA) 2002
- The Terrorism Act 2000 (amended through various subsequent legislation)
- The Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (often referred to as MLRs 2017)
In June of 2022, the UK government issued a forward-looking review of AML, concluding that there are no major changes required at the time. KYC is included as one of the steps of AML regulations in the UK.
European Union AML/KYC requirements for the financial industry
In the European Union, the rules and regulations that govern AML/KYC include:
- Anti-Money Laundering Directive, also known as 1AMLD (1991)
- 2AMLD (2001)
- 3AMLD (2006)
- 4AMLD (2015)
- 5AMLD (2018)
- 6AMLD (2020)
Each new directive expanded the scope of AML and Combating the Financing of Terrorism (CFT) requirements, and KYC is included under those umbrellas.
Why KYC is important for AML
The two main reasons KYC is important for AML are:
- To satisfy global compliance needs
Satisfying AML compliance needs is non-negotiable, and KYC is an important part of the AML process. Businesses are required worldwide by law to know who they are doing business with and to verify their customers’ identity to the best of their ability.
- To enhance fraud protection
Stopping fraud is another reason why KYC is vital for AML. If executed correctly, KYC can help businesses prevent fraud as illegitimate customers will be exposed and prohibited from doing business.
If institutions are using KYC processes to meet these goals, they must execute KYC in a cost-effective manner that does not impact customer acquisition. Onfido is here to help. We can help you lower your customer acquisition costs by reducing the number of customers who drop out of your KYC process and eliminating extraneous vendors. With our flexible, end-to-end identity verification platform, you can orchestrate award-winning document and biometric verifications, trusted data sources, and fraud detection signals.
What is the KYC process?
Every end-to-end KYC process will be different, although they typically include four steps for onboarding customers. You’ll often see:
- Customer verification
This step could include a two-step process, like document and biometric verification. Biometric captures, like those offered by Onfido, help to verify identity and prove that the potential customer is real, and submitting their rightful photo ID. These measures may include submitting a selfie or short video.
- Customer due diligence
Depending on the level of due diligence required, this step could include sanctions screening, PEPs screening, watchlists, and other KYC measures.
- Risk scoring/decisioning
Based on risk assessment, businesses will next determine whether to allow customers to continue onboarding, to complete further due diligence, or to reject the applicant.
- Ongoing monitoring
Throughout the customer journey, businesses will continue to monitor for any red flags or changes in their financial or political status.
What are three steps to know your customer better with Onfido?
The Onfido Real Identity Platform brings together a suite of verifications, no-code orchestration, and powerful AI so you can meet the specific AML/KYC compliance needs for your business. Rather than using multiple vendors for the plethora of verification services, you can access Onfido’s simple, configurable Verification Suite. Our Verification Suite includes:
- ID record validation
- Document verification
- Document check
- Biometric verification
- Facial check — selfie, video, and motion
- Known faces
- Data verification
- Proof of address
- Watchlist & watchlist AML
- Watchlist ongoing monitoring (Beta)
- Phone verification (Beta)
- AAMVA (US only)
- SSN check (US only, Beta)
- India tax ID (India only, Beta)
- Fraud detection
- Device intelligence
Onfido Studio is your mission control for identity, helping your business to build tailored, automated compliance journeys with no-code workflows. Here’s how to build your KYC journey in three simple steps.
- Build your onboarding flow
Easily map out your onboarding flow based on your unique market, geography, and customer profiles. For example, you could easily create an onboarding flow with different paths for US and non-US customers. This flexibility allows you to build sophisticated automated decisioning without complexity.
- Create the customer onboarding experience
Just as building the back-end should be easy, you also want to ensure that the front-end experience is smooth and effortless for your user. Our easy-to-use verification processes make it simple for the end user to complete KYC flows. Businesses can seamlessly integrate Onfido’s Smart Capture SDKs into their iOS, Android, or Web journeys, or they can go live with zero code using our hosted Smart Capture Link.
- Tweak and test
With Onfido’s dashboard, you’ll have a breakdown of all the results. You’ll see a clear picture of customer verifications and can understand why decisions have been made at every stage of the workflow. With this view, you’re empowered to analyze workflow performance and granular results in the dashboard. You can tweak and test your flows in response to market feedback, perfecting your AML/KYC processes.
Bonus: KYC compliance checklist
With so many considerations, KYC compliance can feel overwhelming. However, it doesn’t have to. By asking the right questions, you can select the solution that will help you meet your KYC compliance and feel confident in your onboarding processes. We’ve put together a short KYC compliance checklist to help you do just that.
- What current regulations does your business need to meet right now?
- What solutions will help you meet KYC compliance requirements both now and in the future?
- How does a potential vendor keep up with policy trends?
- What are the requirements in each of the regions that your business operates in?
- What are your expansion plans as a business, and how suitable is your current verification approach for other regions?
- Will this solution make future expansion easier?
- How does your risk tolerance vary by market, region, and customer?
- Does this solution support different levels of risk tolerance?
- How do your competitors handle identity verification, and how does your approach to verification/KYC compare?
- How easy is it to integrate a vendor versus build in-house?
Navigate AML/KYC compliance with Onfido
Explore our case studies to discover how Onfido’s technology can help your business navigate AML/KYC regulation.
Watch a product demo to learn how our platform helps companies in a wide range of industries meet their AML/KYC compliance requirements every day.
Or, if you’re ready to get started with Onfido, sign up today. We’re looking forward to helping you know your customers better.
Our compliance manager’s guide contains a summary of key regulations around the world, best practices of KYC programs, and what to look for in technology partners.