Anti-money laundering (AML) and know your customer (KYC) regulations and best practices exist to protect financial institutions and customers from financial crime, fraud, and identity theft. Many countries have their own specific financial services AML and KYC compliance requirements.
In this article, we will further explore how AML and KYC impact financial institutions, what specific regulations exist in different areas, and what your institution can do to simplify the process.
What is AML and KYC? Are AML and KYC the same thing?
Anti-money laundering regulations involve a wide range of measures to prevent money laundering in financial institutions and other high-risk industries. KYC regulations are a specific subset of AML that are designed to confirm a customer's identity for purposes of crime reduction. The difference between KYC and AML is that KYC is one component of a broader AML compliance program.
Other components of AML vary by country and across industries, but often include:
- Customer due diligence (CDD)
- Risk assessment
- Monitoring accounts for suspicious activity
- Account activity reporting
What is KYC verification and compliance?
In general, KYC verification is required as a part of the broader AML compliance regulations. Usually KYC verification is needed at specific times during an institutions dealings with their clients, including:
- When first establishing a customer relationship, like when someone opens a bank account for the first time
- When a customer makes a large transaction, as defined by AML regulations
- When a customer shows suspicious activity, including being linked to potential money laundering activity
What are the 5 pillars of AML?
There are five main pillars of AML compliance in the USA, laid out as part of the Bank Secrecy Act. These are what a company needs to implement to fulfill best practices for reducing money laundering activities.
These include:
- Create company-specific policies for carrying out AML rules
- Develop a program for training staff in AML practices
- Select a compliance officer in charge of overseeing AML processes
- Implement independent auditing and testing for policies and staff
- Enact risk-based customer assessment processes for continuing customer due diligence
What is AML compliance?
AML compliance refers to following the regulations that apply within their jurisdiction to protect financial institutions from money laundering. KYC compliance, as a part of the wider AML process, is included within AML compliance rules.
In general, the following industries are required to be compliant with AML regulations, although the specifics vary by country:
- Banks and financial institutions
- Lenders and credit providers
- Insurance companies
- Payment processing companies
- Gambling and betting institutions
- High value retail businesses, like art dealers
- Virtual assets service providers
Because requirements vary by country and are subject to change, it isn’t possible to list all relevant rules. However, here is a list of the acts, rules, and directives for AML/KYC across the USA, UK, and European Union.
AML/KYC requirements in the USA
- Bank Secrecy Act
- Money Laundering Control Act
- Money Laundering Suppression Act
- Money Laundering and Financial Crimes Strategy Act
- USA PATRIOT Act
- Intelligence Reform & Terrorism Prevention Act
- The Anti-Money Laundering Act of 2020
- FINRA Rule 2090
- FINRA Rule 2111
AML/KYC requirements in the UK
- The Proceeds of Crime Act
- The Terrorism Act
- The Money Laundering, Terrorist Financing and Transfer of Funds Regulations
AML/KYC requirements in the European Union
Onfido: Making AML and KYC compliance easy
We know that AML/KYC compliance can be a challenge to implement, especially with regulations continuing to change. That’s why Onfido simplifies the process, giving your business access to an end-to-end solution with the Real Identity Platform. It includes our award-winning document and biometric solutions, global data verification including ID record, watchlist monitoring, and proof of address, and passive fraud detection signals to prevent sophisticated and repeat fraud.
- Document Verification
- Document capture. Clients use their smartphones to take a photo of an identity document.
- Automated ID verification. Atlas™ AI verifies the document by analyzing the visual capture and extracted metadata.
- Biometric Verification
- Biometric capture. Customers take a static or video selfie using their smartphone.
- Automated analysis. We confirm whether their facial biometrics match those seen in their identity document.
- Data Verification
- ID Record. Identity is compared to databases in 160+ countries looking at things like voter registration, credit card, and utility accounts.
- Watchlist Monitoring. Watchlists like adverse media categories, sanctions lists, and PEPs lists are constantly refreshed to scan your client list for potential high risk persons.
- Proof of Address. Supporting documents for address verification scanned and analyzed.
- Fraud Detection
- Phone and Device Intelligence. Phone data, IP address, and geolocation of customer devices help evaluate customer fraud threat.
- Repeat Fraud. Multiple attempts at account creation and known face recognition reduce repeat fraud.
Our compliance manager’s guide looks at the regulatory landscape in the EU, UK, and US — and breaks down the process of building best-practice identity verification workflows.