Exploring the Role of KYC in the Prevention of Financial Crime

Know Your Business (KYB) is the process of verifying business entities during the onboarding process to understand risk factors, financial information, credit, and beneficial ownership.

KYB exists to serve regulated entities in painting a clear picture of their corporate clients to ensure that there is minimal risk when establishing business relationships.

The KYB process involves collecting key information from a business including name, registration number, incorporated date and address, and then verifying this information against data sources to understand how the business is performing financially and understand the ownership structure to verify there is no risk of money laundering or fraud.

To access the information required for comprehensive KYB, businesses seek KYB software which can automatically aggregate the required data from several trusted data sources to improve efficiency and enhance regulatory compliance.

Why is KYB important for banks and FinTechs?

Know Your Business (KYB) checks are essential for banks and FinTech companies when working with corporate clients. Here’s why KYB is so important:

• Regulatory compliance: KYB helps banks and FinTechs comply with Counter Terrorist Financing (CTF) and Anti-Money Laundering (AML) regulations. Regulatory bodies require thorough verification of businesses to prevent illicit activities and verify that the required due diligence has been performed.

• Risk management: Identifying and verifying the businesses banks and FinTechs are working with helps manage risks. KYB checks ensure these institutions are not inadvertently supporting fraudulent activities or high-risk entities.

• Reputation protection: Engaging with unverified or dubious businesses can damage a financial institutions reputation, something that is especially pertinent for banks and FinTechs who rely on reputation heavily. KYB processes help protect against such risks by ensuring that all corporate clients are legitimate and trustworthy.

• Enhanced trust: Particularly important for FinTechs, who don’t have the same legacy of reputation as traditional banks, demonstrating robust KYB processes can enhance credibility and trust among customers and partners. This is crucial in building long-term business relationships.

Know Your Business (KYB) regulation for banks and FinTechs

Banks and FinTechs must adhere to various KYB regulations to ensure they are not only identifying risks but are operating within legal frameworks. Key KYB regulations include:

• Anti-Money Laundering: AML regulations, such as the 6th Anti-Money Laundering Directive (6AMLD) and the USA Patriot Act require financial institutions to verify the identity of their business clients, including directors and key shareholders, to prevent financial crime. This involves understanding the client’s business operations, financial information, and ownership structures.

• Counter-Terrorist Financing: CTF regulations, including the Financial Action Task Force (FATF) recommendations, mandate that banks and FinTechs identify and prevent funding for terrorist activities. This has crossover with AML checks at the point of onboarding including PEPs, sanctions, adverse media, and watchlists, and transaction monitoring of directors to detect any suspicious transactions.

• Customer Due Diligence (CDD): Under regulations such as the Bank Secrecy Act (BSA) in the United States and 6AMLD in the European Union, CDD processes involve assessing the risks associated with business clients by verifying their identities and understanding their financial behaviours. Enhanced Due Diligence (EDD) is applied for higher-risk clients.

• Beneficial ownership: KYB regulations often require banks and FinTechs to verify the Ultimate Beneficial Owners (UBOs) of corporate clients. This can be a complicated process as it can be difficult to identify the UBO, let alone verify their identity, which is why more financial institutions are turning to advanced KYB software to assist this process.

• Data privacy laws: It’s not only important that banks and FinTechs comply with KYB regulations, but that they also ensure that personal and business data is handled securely and responsibly during the process to adhere to GDPR and CCPA data protection regulations.

KYB processes and procedures

KYB in banking and FinTech involves collecting and verifying business information to identify signs of risk or factors that may lead to non-compliance.

In banking and FinTech, it is particularly important to gather a comprehensive report of information about all business clients due to the financial nature of these industries.

To perform a KYB check, firstly banking and FinTech regulations should be considered and understood. Then they must collect identifiable information such as business name, address, date of incorporation, and registration number if possible. By gathering this data initially, it cuts down the amount of time required to find relevant information about the business being screened.

Once the initial information is gathered, banks and FinTechs then have a few options to perform the KYB check:

1. KYB Software

Utilising KYB software, such as FullCircl, can be the most efficient method to performing a KYB check. This method will automatically build a report covering general business information, financial records, credit, beneficial ownership, and company structure.

By utilising KYB software, banks and FinTechs can save hours, and in some cases days, on manually finding out the relevant information required to screen a business. By having access to an automated report which pulls information from multiple data sources, businesses can then make informed decisions on the next steps to take.

This method can also be combined with automated KYC and AML checks to ensure that beneficial owners can be screened effectively against global PEPs, sanctions, adverse media, and watchlist data.

2. Manual screening

A potentially cheaper, but more time-consuming method to performing KYB checks is manual screening.

This will require more human input to gather and verify data from an array of sources to build a report of the business being screened.

Banks and FinTechs can use data sources such as Companies House to extract the information they require and then upload this information into a centralised system. Whilst this method can be more time consuming and less efficient, it does give banks and FinTechs more freedom to research clients themselves.

The method chosen to perform KYB checks is entirely subject to the situation of the business. For example, some banks will have built up compliance teams and in-house systems to make performing KYB manually a better option, whereas for smaller FinTechs or banks that are striving for digital transformation, adopting KYB software might be a more effective choice.

How FullCircl can help

FullCircl works with 700+ businesses including 7 out of the top 10 UK banks and financial services challenger brands such as Soldo and GoHenry to provide a full suite of compliance software.

The FullCircl platform includes access to KYB, KYC, AML, and identity verification solutions in 240+ countries and territories globally and exists to remove the technical and verification roadblocks to drive revenue growth.

FullCircl’s FinTech and banking KYB software includes data feeds from 40+ suppliers in conjunction with proprietary technology to extract a full business report including financial information, credit, and beneficial ownership.

Contact us here for a free demonstration of the platform.

KYB Meaning - Know Your Business (KYB), otherwise known as corporate verification, is a B2B due diligence process of verifying and identifying the legitimacy of business entities. KYB provides the insights required when forming a new business relationship to decrease risk and comply with regulation.

Anti-Money Laundering (AML) is a regulatory process that works in harmony with KYB. Preventative measures to money laundering include checking for Politically Exposed Persons (PEPs), sanctions, adverse media, and watchlists. In the context of KYB, AML is often used to to verify directors or beneficial owners of a business or to verify that the business itself isn't sanctioned or subject to adverse media.

But how closely aligned are KYB and AML? In short, there are multiple crossovers between KYB and AML including the purpose of the processes, how to collect information, and how the information provided leads to a reduction in financial crime.

This article provides all the information required to understand KYB and AML and how to best approach combining the two processes for an enhanced compliance program.

Understanding AML and KYB regulations

In the realm of Know Your Business (KYB), compliance with Anti-Money Laundering (AML) regulations is paramount.

AML and KYB regulations serve as the cornerstone for preventing business from being associated with money laundering, terrorist financing, and other illicit financial crime. Understanding the intersection of KYB and AML regulations is crucial for businesses to uphold their integrity and remain compliant.

One of the most recent primary AML regulations relevant to businesses seeking KYB compliance is the 6th Anti-Money Laundering Directive (6AMLD) which placed a focus on changes to criminal liability.

Before 6AMLD, money laundering prosecutions only applied to individuals, whereas the new directive also expanded the scope to include ‘legal persons’ including organisations, companies, and partnerships.

This has led to regulated entities taking a stricter approach to business verification as businesses themselves are liable for any AML failings of their staff.

You can read our full guide on the latest AML regulations here.

What is the KYB process?

The KYB process involves collecting and verifying information on a business. The first step to this is to gather the business’s legal name, registration number, and date of corporation.

Other identifying information such as address and country of operation can also be helpful to reduce the work required when performing verification and risk assessment.

Once the relevant information about the client has been obtained, businesses have two main options to verify and onboard the client:

1. Automated KYB verification

Businesses can use KYB software to gain all the information they require on a business. This involves using a system that aggregates multiple data sources into one application, usually feeding into to data sources such as Companies House in the UK and the Securities and Exchange Commission (SEC) in the United States.

An advanced system will pull business information into an easily digestible report and will include key data such as the business overview, financials, credit, ownership structure, beneficial ownership, and adverse information.

This report can then be reviewed by a member of the compliance team to cross-check internal risk protocols and make recommendations or a decision on if the onboarding should be successful.

2. Manual KYB verification

Alternatively, businesses can manually verify information about the client by using sources such as Companies House, publicly available sanctions lists, credit reference agencies, and other specialist data providers to gather the information they need on financials, beneficial ownership, credit, and adverse media.

This method of verification is more time consuming as it requires a significant amount of human input to gather the relevant information and perform the verification. It also can lead to missed information or errors due being a manual approach.

Manual verification is preferred by businesses who have access to a large compliance team or rely on legacy systems and where changing to new software isn’t feasible.

AML in the KYB process

Once the initial KYB check has been completed and initial information returned, businesses can then perform an AML check on the client and its shareholders.

This involves checking the business and shareholders against global Politically Exposed Persons (PEPs), sanctions, and adverse media lists to obtain information that could impact the business relationship.

If a return is found, the first step is to conduct a manual review to verify the information matches against the business in question. Risk protocols should also be referenced here as it isn’t as simple as a yes or no to onboarding should a match be returned.

For example, if a shareholder of the business is politically exposed, this doesn’t necessarily mean that the onboarding attempt should be rejected. Ongoing monitoring frequency may be increased on the client due to heightened risk.

If the client or any of its shareholders are sanctioned, the onboarding attempt should be rejected as having a business relationship in this context will breach money laundering regulations.

There are various nuances to AML in KYB processes which is why regulated entities produce their own risk-based approach to include various thresholds for acceptance of onboarding or marking certain clients as high-risk.

What industries need KYB and AML compliance?

KYB and AML checks are essential across various industries and businesses, particular those that involve financial transactions or are susceptible to exploitation by criminals for money laundering. Some of the main industries who require KYB and AML include:

1. Financial institutions

KYB and AML in banking, credit unions, and other financial entities are at the forefront of implementing compliance. These institutions engage in large volumes of transactions with corporate clients, making them vulnerable to money laundering and fraud.

2. FinTech companies

With the rise of digital payment platforms, peer-to-peer lending services, and cryptocurrency exchanges, FinTech businesses often deal with high volumes of transactions and face unique challenges in verifying the identities of corporate clients.

3. Legal and professional services

Law firms, accounting firms, and other professional service providers frequently engage with corporate clients for various purposes including legal representation, financial advice, and compliance assistance. KYB checks help these service providers ensure that their clients are legitimate.

4. Gambling service providers

Game developers, platform providers, and casino specialists deal with corporate clients as gambling operators look to stand out in the competitive gambling market. Traditionally, gambling operators have been susceptible to money laundering and financial crime with $475 million+ in fines dished out in 2023 alone due to AML failings. It is critical for gambling operators to perform AML screening on their customers but also the B2B providers must employ KYB checks to avoid reputational damage and non-compliance.

KYB checks are essential across a wide range of industries and businesses that engage in financial transactions or provide services to corporate clients. By implementing robust KYB procedures, organisations can mitigate financial crimes, comply with regulatory requirements, and establish trust in their business relationships.

Benefits of KYB and AML Compliance

Ensuring KYB & AML compliance not only safeguards businesses from fines, suspensions, and reputational damage due to regulatory breaches but it also builds trust among stakeholders.

By conducting thorough due diligence on corporate clients and complying with global regulations, companies mitigate the risk of being associated with illicit activities and financial crime which, in turn, preserves reputation and integrity.

KYB and AML compliance also instils confidence in customers and partners, facilitates smoother onboarding, and enhances credibility.

Using technology to manage KYB and AML Checks

Business can leverage advanced KYB and AML solutions to streamline the process. This can involve utilising an identity verification platform which can automate the process of authenticating corporate clients and use multiple data feeds to enhance the authenticity of results.

FullCircl works with 700+ clients to verify & onboard clients, with powerful KYC, KYB, AML, and anti-fraud software including information on 365 million global entities, proprietary technology, and an agnostic approach to global data sources. By utilising FullCircl, businesses are safe in the knowledge their onboarding is compliant whilst building trust with their clients.

Contact us here for a free demonstration of the platform.

In this article:

1. Introduction to KYC in banking
2. KYC regulations for banks
3. Key processes of KYC in banking
4. Common challenges in KYC for banks

Introduction to KYC in banking

Know Your Customer is the process of identifying and verifying individuals at the point of account opening.

This includes collecting personally identifiable information including name, address, and date of birth and then verifying this against data sources such as credit or telco to find a match.

Where the option for verifying using data checks isn't feasible, businesses can also use other methods to verify customers such as document verification. This involves asking the customer to submit a Government approved identity document such as a passport or driver's license and then verifying that the document is real and hasn't been tampered with.

Ultimately, KYC serves to verify that the person attempting to onboard is who they claim to be.

KYC in banking is a regulatory requirement and all banks licensed by organisations such as the Financial Conduct Authority (FCA) must perform relevant Customer Due Diligence (CDD) at the point of onboarding to verify every customer.

Banks are required to use customer information to perform a KYC check during onboarding but must also use Anti-Money Laundering (AML) and anti-fraud checks to identify any customers who may be sanctioned, politically exposed, or where there is the presence of adverse media. Having KYC and AML work in harmony is one of the most critical elements to a complete compliance program.

Banks can then use the information obtained at onboarding and undertake a risk assessment on the customer to decide whether the onboarding attempt should be successful.

KYC regulation in banking

Banks operating globally must navigate a complex regulatory landscape. Ensuring adherence to a variety of KYC and AML regulation to mitigate financial crime.

Some of the key global regulation is as follows:

1. European Union Anti-Money Laundering Directives (EU AMLD)

The EU AMLD, now in its 6^th iteration, establishes KYC obligations for banks operating within the European Union. It outlines CDD measures, beneficial ownership identification, and reporting requirements.

2. Financial Action Task Force (FATF)

FATF develops policies to combat money laundering and terrorist financing. It's "40 recommendations" provide a comprehensive framework for KYC compliance, emphasising risk-based approaches and customer identification procedures.

3. Basel Committee on Banking Supervision (BCBS)

The BCBS sets global standards for banking regulations, including guidelines on Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures. Its recommendations influence KYC practices worldwide.

4. Dodd-Frank Act (USA)

Enacted in response to the 2008 financial crisis, the Dodd-Frank Act mandates stringent KYC requirements for banks operating in the United States. It includes provisions such as the Customer Identification Program (CIP) and imposes penalties for non-compliance.

5. Foreign Account Tax Compliance Act (FATCA)

Implemented by the U.S., the Foreign Account Tax Compliance Act (FATCA) aims to prevent tax evasion by requiring foreign financial institutions to report information about U.S. account holders. Compliance with the act involves a robust KYC procedure to identify and verify account holders' identities.

These are just some of the regulations that banks must comply with when operating globally, and whilst regulatory bodies all share the same goal of ensuring banks are correctly verifying the identity of their customers, there are also nuances to each regulation which, in turn, makes executing a global compliance program a challenge for banks.

How does KYC in banking work?

There are multiple considerations banks must make when designing their KYC checklist. A secure KYC policy is not only critical to regulatory adherence, but it can also be the difference between a new customer and someone dropping off the journey if its too complex.

Particularly in the last decade, customer expectations have increased, and it's no longer fit for purpose for verification to not be a real-time journey. Banks must therefore balance compliance with speed of onboarding to find the right balance.

However, a typical KYC process covers five main areas: identification, customer due diligence, risk assessment, onboarding, and monitoring.

1. Identification

The first stage of the KYC process is to obtain identifiable information from the customer, otherwise known as a customer identification program. this typically involves asking for name, address, and date of birth. Some banks will also choose document verification at this stage in the process depending on their risk-based approach or geographic location of the customer.

2. Customer Due Diligence (CDD)

Once the information has been received, banks must then perform relevant CDD actions. This includes matching the information provided by the customer against data sources to find a a match, and checking against global Politically Exposed Persons (PEPs), sanctions, and adverse media lists.

If document verification is included in the onboarding journey, banks will verify the document is real and hasn't been tampered with to prevent the risk of successful identity fraud.

3. Risk assessment

Once the information provided by the customer has gone through the CDD process, banks must then perform a risk assessment to determine if the individual can be accepted as a customer.

This will include reviewing the returned information from CDD and matching it against the banks' risk thresholds. Banks will often use KYC software to automatically accept customers who pose no risk and then only perform a manual risk assessment on customers who have flagged as high risk.

In some cases, when a customer has been marked as high risk or requiring manual intervention, banks can then ask for more information including a document check, cross-checking other databases, or performing a manual review.

4. Onboarding

The banks can then make the decision on whether the customer should be onboarded or rejected, and all information provided by the customer should be stored securely for audit purposes.

5. Ongoing monitoring

The KYC process for banks doesn't stop when the customer completes onboarding. It is also required that banks routinely monitor their customers to understand if circumstances have changes.

For example, if John Doe signs up to a bank today and doesn't flag against any AML or fraud databases, that doesn't mean that the customer won't match as a risk of money laundering or fraud in the future. It is critical that banks re-screen the customers' identity to flag any potential issues.

Banks must also use a transaction monitoring system which analyses customer transactions including transfers, deposits, and withdrawals to identify any risk of fraudulent activity.

Common challenges in KYC for banks

One of the biggest banking KYC challenges, particularly 'traditional' banks who rely on manual processes or legacy systems, is digital transformation.

In the last decade, the emergence of digital challenger brands such as Monzo, Revolut, and Starling have based their business model on being entirely digital. The success of the new era of digital banks has been largely based on ensuring that the customer experience is seamless by providing a real-time onboarding journey.

This has also been coupled with expectations from customers rising due to a digitised world and brought real-time verification to the forefront of priority. Customers are no longer willing for verification at account opening to take longer than a few minutes and banks have had to develop their KYC systems to ensure they can deliver digital onboarding.

Another key challenge faced by banks is the increased risk of financial crime and money laundering. According the United Nations Drugs and Crime (UNODC), an estimates 2-5% of global GDP is laundered each year.

A significant proportion of this laundered money is targeted through banks. Not only have banks has to focus on real-time verification but also have had to double down on AML processes to identify customers who pose a risk to their business.

How FullCircl can help

FullCircl works with 7 out of the top 10 UK banks and 700+ regulated entities to support their KYC requirements.

FullCircl's identity verification platform includes access to a full suite of compliance services including, but not limited to, KYC software, AML (PEPs sanctions, adverse media, and watchlists), anti-fraud tools, automated document verification, and more.

To find out more about how FullCircl can support your KYC banking needs by delivering real-time verification through a single access point, book a free demonstration here.

In this article:

1. Why is KYC important?
2. What is a KYC checklist for companies?
3. KYC checks: customer identification
4. KYC checks: customer due diligence
5. KYC checks: ongoing monitoring

Introduction to KYC

Know Your Customer (KYC) refers to the policies and procedures put in place by businesses to manage risk and verify the identities of customers from the initial onboarding stage, and through the entire customer lifecycle.

These policies and procedures (or a Know Your Customer Checklist) are particularly vital to regulated industries, ensuring compliance with national and international regulations targeting Anti-Money Laundering (AML), terrorism financing, fraud, and other forms of corruption and bribery.  

In the UK, compliance with KYC & AML regulations is monitored by a range of regulatory bodies and government agencies including the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA), National Crime Agency (NCA) and HM Revenue and Customs (HMRC).

In today’s uncertain political and economic environment, it’s more important than ever that all regulated business, and particularly those operating in the banking and financial services markets, design and implement a KYC checklist approach to compliance. By leveraging Know Your Customer checks, businesses can streamline onboarding, continuous monitoring, and ensure real-time compliance with the evolving regulatory landscape.

Why is KYC important?

According to NASDAQ’s recent Global Scale of Financial Crime report, an estimated $3.1trillion in illicit funds flowed through the global financial system in 2023, with money laundering accounting for a large proportion of these funds. Likewise, fraud scams and bank fraud schemes totaled $485.6B in projected losses globally.

59% of organisations expect financial crime levels to rise in 2024. In a world where the risk landscape is constantly evolving, it’s never been more important for businesses to build resilience.

An effective KYC, AML checklist is the first step in identifying and verifying customers/clients and preventing the risk of unwittingly embarking upon a relationship with individuals or organisations involved in illegal activity.

It pays to be compliant – the cost of getting KYC wrong is high! According to data issued in January 2024, the value of penalties imposed on firms has surged by 57%, with penalties for non-compliance totalled $6.6 billion in 2023, up considerably from $4.2 billion in 2022 and $5.4 billion in 2021.

As well as preventing criminal activity and avoiding fines, getting KYC checks right is also key to understanding customer needs and preferences, establishing trust, providing superior service, and importantly reducing cost to acquire and serve customers.

What is a KYC checklist for companies?

The design and implementation of a comprehensive KYC checklist procedures are the foundation of best practice KYC compliance.  

A KYC checklist will vary across different industries and sectors, each of which will have varying risk levels associated with customer activities, as well as differences in term of the stringency of regulatory requirements.  

In all circumstances KYC checks must be clear, comprehensive, maintained and updated in line with all relevant jurisdictional regulatory requirements, and should encompass the entire customer lifecycle from customer identification, customer due diligence at onboarding stage, and ongoing monitoring.

Let’s explore each stage in more detail.

KYC Checks: Customer identification

Customer identification ensures regulated businesses can have confidence that the individuals and entities they are dealing with are who they claim to be.  

For individuals, these KYC checks typically involve the collection of distinguishing data from the customer including name, address, and date of birth. This will then be match against data sources such as credit or telco to find a match. Verification of a variety of official documentation (proof of address, photo identification, passport, driving license, employment information) can also be used for KYC where database checks aren’t valid or in data poor jurisdictions.

For entities, or producing a Know Your Client checklist, the process involves collecting and verifying a range of information and documentation, including company registration documents, business licenses, director information, proof of address, nature of business and ownership structure (ultimate beneficial owners, shareholders); as well as database searches for potential AML red flags such as sanctions and Politically Exposed Persons (PEPS) lists, and adverse media screening.  

It can be a complex and rigorous process, but a vital step in ensuring the integrity of the organisation and preventing financial crime.

KYC Checks: Customer Due Diligence (CDD)

Regulated businesses must carry out CDD measures when establishing a new business relationship, undertaking occasional transactions, when it suspects nefarious activity, or when it doubts the accuracy or adequacy of customer information.

When carrying out CDD measures a regulated business must verify the customer identity, identify and verify beneficial owners, understand the ownership and control structures, access and obtain information pursuant to the purpose and nature of the business relationship and build risk profiles based on an understanding of the nature and purpose of anticipated transactions.

In addition, for customers considered to be of high-risk, businesses should undertake Enhanced Due Diligence (EDD) - a risk-based approach to investigation and the gathering of more detailed intelligence.  High-risk customers might include, for example, those subject to economic sanctions or operating in countries without adequate AML controls, customers with complex ultimate beneficial ownership structures, companies managed by politically exposed persons (PEPs), businesses operating in countries with significant levels of corruption, criminal or terrorist activity. EDD measures include adverse media screening, obtaining additional identifying information, analysing the source of funds, scrutinising Ultimate Beneficial Ownership (UBO) and transaction screening.

KYC Checks: Ongoing Monitoring

Customer behaviour changes, and risk profiles evolve. Ongoing monitoring, or as it is often referred to Continuous Due Diligence, Ongoing Customer Due Diligence (OCDD) or Perpetual Due Diligence (PDD), refers to a risk-based in-life customer monitoring approach, based upon risk events and triggers to identify risk patterns, for maintaining KYC checks and monitoring customers for the risks they pose for AML and other financial crimes.

This involves monitoring and evaluating changes in customer profiles, business activities, ownership and organisation structures, legal status as well as sanctions and PEPs watchlists screening, adverse media screening, payment and transaction monitoring.

Need help with your KYC compliance checklist?

FullCircl goes beyond a standard know your customer requirements checklist. Using automated data collection, identity verification, data matching, execution of critical checks and watchlist screening, and adverse media monitoring, we assist regulated businesses to implement a best practice approach at every stage of the customer lifecycle - identify & acquire, verify & onboard, retain & grow.

FullCircl’s KYC capabilities deliver:

• Onboarding in seconds -  up to 94% faster through a low-code API integration and prepopulated onboarding forms
• Compliance with AML directives – develop a powerful compliance stack combining KYC software and AML services including PEPs, sanctions, and adverse media
• Agile customer verification - custom orchestration workflow, triggering different identity checks for different risk groups.
• Scalability - KYC verification designed to scale with your growth plans from 100 to 100,000+ customers per month.
• Ongoing monitoring - detect and respond to suspicious or unusual behaviour with routine re-screening of your customer base.
• Data powered by all major Credit Reference Agencies and global data sources for efficient identification and verification.
• Case management - a single customer view linking onboarding and monitoring in a real-time journey.

Enhance your KYC compliance checks - contact us today for a free demonstration.

Know Your Customer (KYC) and AML are processes in the Customer Due Diligence (CDD) framework to help regulated businesses identify customers at the point of onboarding and prevent illicit activities from taking place within a business.

Money laundering costs the UK alone more than £100bn a year. The need for a highly intelligent AML system whilst offering instant verification to align with rising customer expectations is one of the biggest challenges for compliance teams in 2024.

AML, KYC, CDD are all interconnected terms so it can sometimes be difficult to understand the similarities and differences between them. This blog will give you a clear definition of the terms, processes, and trends for KYC/AML.

AML and KYC meaning

Know Your Customer (KYC) is the process of verifying the identity of customers to ensure they are who they claim to be. Businesses must collect at least the name, address, and date of birth of customers at the point of account opening and then verify this data by using Credit Reference Agencies or other data sources.

Additional measures in the KYC process can include document verification which is used when KYC data is unavailable or Enhanced Due Diligence (EDD) where there is a high degree of risk. By collecting relevant information, businesses can assess the risk associated with each customer and monitor their activities accordingly.

Anti-Money Laundering (AML) refers to a set of laws, regulations and procedures aimed at detecting and preventing money laundering activities. Money laundering involves disguising the origins of illegally obtained funds to make them appear legitimate which helps fund financial crime and terrorist financing.

To combat money laundering, regulated entities use AML checks which include checking for Politically Exposed Persons (PEPs), sanctioned individuals and entities, adverse media, and watchlists to identify where there is a risk of money laundering.

It is illegal to do business with sanctioned individuals so it can be argued that this is the most important check in the AML process. However, identifying if the customer if politically exposed or has adverse media against them is also a critical aspect of preventing illicit activities.

Difference between KYC and AML

Whilst the AML and KYC difference is evident in their focus and scope, the processes work in harmony to deliver a complete compliance program. Regulated entities are required by law to use KYC and AML processes in their customer onboarding and ongoing monitoring procedures. However, there are some key differences to AML & KYC and the role they serve in customer due diligence.

KYC checks are focused entirely on identity verification. KYC is typically the first step in the identification process as it confirms that the individual or entity attempting to onboard are who they claim to be. Regulated entities achieve this by matching name, address, and date of birth against various data sources to find a match.

AML checks on the other hand are intended to prevent financial crime and illicit activities. By identifying PEPs, sanctions, and adverse media, businesses can begin to understand the risk associated with customers and perform manual intervention or, in some cases, reject the onboarding attempt.

Despite this, due to rising customer expectations and complexity of global KYC and AML regulations, the process has shifted away from being siloed and both are critical to achieving regulatory adherence.

How to combine KYC and AML

In an increasingly digitised world, the KYC, AML process has become more of a combined exercise as part of a wider identity verification function.

Customers expectations are constantly increasing and it’s no longer fit for purpose to perform manual verification which can take days to complete. Not only does using technology to perform real-time verification get to revenue faster but it also avoids the risk of human error.

The emergence of RegTech in the last decade has provided regulated entities with automated KYC and AML software to provide a seamless, real-time customer onboarding journey.

RegTech solutions also provide more detailed reporting and remediation functionality to ensure that compliance teams can not only provide a real-time solution but can also leverage the software to spend less time reviewing results or performing unnecessary remediation, and more time dealing with complex or high-risk cases.

KYC and AML processes

In the KYC process, several key pieces of information must be collected from customers. The critical elements that need to be collected are name, address, and date of birth. By having access to this information, businesses can then use data sources to such as credit or telco to find a match. Ultimately, that match will confirm that the customer attempting to onboard is who they claim to be.

However, as identity theft and fraud advance it has become easier for criminals to access the name, address, and date of birth of other individuals and begin to create fake accounts under that person’s name.

Therefore, the emergence of document verification is now also a popular choice during the KYC process. This typically involves asking the customer to take a photo of an official government issued document, such as a passport or driver’s license, and then perform relevant checks to ensure that the document is legitimate and hasn’t been tampered with.

Further to this, facial comparison is deployed in conjunction with the document verification check which will ask a user to take a ‘selfie’ and then match the image taken against the image on the identity document. Advanced facial comparison will include technology such as liveness, providing a strong degree of confidence that the person behind the camera is the person attempting to onboard.

To perform an Anti-Money Laundering (AML) check the only required field is full name although having access to date of birth will significantly cut down the number of returned matches.

The AML process serves a slightly different purpose to KYC in that its objective is to identify any suspicious customers who could pose a risk to the business. Entities must comply with global AML regulation as set out by organisations such as the Financial Conduct Authority (FCA) and the Financial Action Task Force (FATF).

AML at the point of account opening will check against global Politically Exposed Persons (PEPs), sanctions, adverse media, and watchlists to discover any risk of financial crime. Businesses are notified when a match is found and then advised to act on the decision to accept or reject onboarding.

Next steps will involve performing a manual review, asking the customer for more information, or in some cases (particularly if the customer is sanctioned), automatically rejecting the onboarding attempt.

Not only is it critical to perform AML checks at the point of onboarding, but businesses must also perform routine re-screening of their client base to understand if circumstances have changed. An individual attempting to onboard today might not pose a risk of illicit activities, but in the future the risk might have increased.

Overall, this demonstrates the importance of synergy in the AML, KYC compliance process. Whilst the data collected from customers is the same for both AML and KYC policies, there is a significant amount of work involved at the onboarding process to extract the relevant information. Real-time solutions can perform AML KYC checks instantly and trigger automatically leading to a more efficient onboarding experience.

How FullCircl can help

FullCircl exists to remove the regulatory and verification roadblocks that drive revenue growth through a leading IDV orchestration platform. The W2 by FullCircl platform offers AML, KYC software in 160+ countries to ensure regulated entities can satisfy regulatory requirements whilst improving the effectiveness of their customer due diligence and onboarding efforts.

“We were instantly attracted to W2 [by FullCircl] because it has continuity built in,” explained Alison Cleggett, Head of Compliance at Caxton. “W2 also fits with the ethos of Caxton and our focus on putting clients at the heart of everything we do. By partnering with W2 we’ve been able to satisfy the need for custom screening methods for different data sets. It’s a highly intelligent platform that support all of our needs, and the team delivers a dedicated level of service.”

FullCircl provides more than an off-the-shelf product. We collaborate with every client to understand their AML, KYC requirements and craft a custom solution to empower compliant growth.

Interested in hearing more? Contact us today for a free consultation and demonstration of the FullCircl platform.

In this article:

1. What is money laundering?
2. Core components of money laundering regulations
3. How does money laundering work?
4. Evolution of money laundering regulations
5. The impact of money laundering
6. The future of money laundering regulations
7. How FullCircl can help

What is money laundering?

Money laundering is the process of disguising the proceeds of criminal activity as legitimate funds. This is typically done by moving money through a series of transactions to obscure its origin and make it appear as though it was obtained through legal means.

To prevent money laundering, law requires regulated entities to implement measures to detect and prevent money laundering. A variety of regulatory bodies such as the Financial Conduct Authority (FCA) enforce these measures to form money laundering regulation, requiring businesses to actively monitor money laundering, terrorist financing, and transfer of funds.

The United Nations Office on Drugs and Crime (UNODC) estimates that between 2 and 5% of global GDP is laundered each year, equaling between EUR 715 billion and 1.87 trillion each year. Therefore, the regulation of businesses to prevent money laundering is of paramount importance.

However, more stringent regulation correlates with increased friction so regulated entities must balance complying with regulation whilst ensuring that the customer journey doesn’t suffer.

Core components of money laundering regulations

There are many aspects to money laundering regulations which includes a significant amount more than the initial regulatory guidance. The entire process of money laundering regulation includes input from the regulatory bodies, through to regulated entities, auditors, and beyond.

The typical Money Laundering Regulations (MLRs) process is as follows:

1. Legal frameworks

Across the globe, countries have implemented laws and regulations to assist with Anti-Money Laundering compliance. Major legislation includes the USA PATRIOT Act in the United States and the EU 6th Anti-Money Laundering Directive in the European Union, setting stringent standards for regulated entities.

The Financial Conduct Authority (FCA) enforce the money laundering regulations and are primarily comprised of ‘The Money Laundering and Terrorist Financing (Amendment) Regulations 2023’ which builds upon the initial regulation set out in 2017. The amendment placed a focus on the requirement of Enhanced Due Diligence (EDD) on domestic Politically Exposed Persons (PEPs) to be less than in relation to foreign PEPs, which is a requirement by the Financial Services and Markets Act 2023.

The complexity for regulated businesses is that the FCA money laundering regulations are only applicable in certain jurisdictions. Whilst the FCA and other governing bodies are seeking to achieve the same goal, there are various nuances which complicates the compliance process.

The initial Money Laundering and Terrorist Financing Regulations 2017 required regulated entities to do the following:

• Conduct a money laundering and terrorist risk assessment.
• Implement systems, policies, controls, and procedures to address money laundering and terrorist financing risks and meet the requirements under the MLR 2017.
• Apply policies, procedures, and controls across a business’ group structure.
• Adopt appropriate internal controls.
• Provide training to staff.
• Apply for approval if someone is the Ultimate Beneficial Owner (UBO), officer, or manager of a firm.
• Comply with new customer due diligence, enhanced due diligence, and simplified due diligence requirements.
• Comply with requirements relating to Politically Exposed Persons (PEPs).
• Make sure record keeping and data protection systems, policies and procedures meet the requirement of the regulations.
• Comply with new obligations relating to record keeping and the provision of information about beneficial ownership if a business acts as a trustee of a relevant trust.
• Source - “Quick guide to the Money Laundering Regulations 2017”

2. Customer Due Diligence (CDD)

Identifying and verifying customer identities at onboarding is the first crucial obligation for regulated entities to prevent money laundering. The requirement for Know Your Customer (KYC) procedures includes identity verification and checking against Politically Exposed Persons (PEPs), sanctions, adverse media and watchlists. Some of these checks such as adverse media are optional but help build a better picture of a customer risk profile, whereas sanctions and money laundering go hand in hand as sanctioned individuals, entities, and vessels are solid indicators of potential financial crime. Enhanced Due Diligence (EDD) is also required for high-risk customers.

3. Transaction monitoring & reporting

As part of money laundering regulations, businesses are also required to monitor customers past the point of account opening. This includes re-screening customers against PEP, sanctions, adverse media, and watchlists to identify any changes to customers. Transaction monitoring is also required which is the process of monitoring transactions such as transfers, withdrawals, and deposits to identify suspicious behaviour.

4. Recordkeeping

Regulation requirements mandate the maintenance of transaction records and evidence of all AML checks performed for auditing purposes. This holds regulated entities accountable for all Customer Due Diligence (CDD) performed.

5. Compliance programs and internal controls

Regulated entities must establish robust AML compliance programs which is a set of responsibilities for both financial and designated non-financial businesses, and implement internal controls to actively prevent money laundering activities.

6. Training and awareness

The emergence of IDV RegTech businesses such as FullCircl has helped significantly to automate the majority of the AML identity verification process. However, AML training is also imperative for employees as Money Laundering Reporting Officers (MLROs) and compliance teams may need to perform manual intervention. Strategies to enhance awareness and foster a culture of compliance are emphasised.

7. Penalties and enforcement

Non-compliance with Anti-Money Laundering regulations can result in severe penalties enforced by regulators. In banking alone, there were $835 million+ in fines incurred in 2023, ranging from inadequate AML systems to acceptance of onboarded customers without the correct investigation. Enforcement agencies play a pivotal role in ensuring adherence to AML laws to safeguard financial integrity.

One of the biggest enforcement actions from 2023 was a fine given to Binance of $4.3million for failings related to money laundering. Upon investigation, Binance had let the flow of illicit funds from countries including Russia, Cuba, and Iran and multiple sanctions failings. This fine alone demonstrates the importance of a secure AML system.

How does money laundering work?

In the last decade, financial transactions have become increasingly digitised, offering new avenues for laundering money through online platforms. Here’s how it typically works:

1. Placement

Financial systems accept illicit funds, often through small and discreet transactions to avoid detection. Cybercriminals may use techniques such as structuring, where large sums are broken into smaller ones, or smurfing, which involves using numerous individuals to make deposits.

2. Layering

The layering stage involves moving funds through various accounts or financial instruments to further hide their origins. Online banking services, cryptocurrency exchanges, and offshore accounts are commonly used for layering due to their anonymity and ease of access.

3. Integration

The final stage involves the laundered funds being reintroduced into the legitimate economy, appearing to be from legal sources. Online investment platforms, real estate transactions, and shell companies are used to integrate the laundered money back into the financial system.

As financial transactions have become more digitised, emerging threats have followed. Virtual currencies like Bitcoin offer pseudonymity, making them attractive for money laundering activities, online banking services provide avenues for rapid and global movement of funds, making tracking and detection more challenging, and the use of anonymising tools such as virtual private networks (VPNs) and encrypted communication further complicates efforts to trace illicit transactions.

The digital landscape has provided criminals with sophisticated tools to launder money through financial transactions online, requiring constant vigilance and collaboration between regulators, law enforcement, and financial institutions to combat illicit activities.

Evolution of money laundering regulations

Historically, money laundering emerged as a global concern in the 20th century with the rise of organised crime and the proliferation of illicit activities such as drug trafficking and smuggling. As criminal enterprises became more complex and sought to conceal the origins of their funds, the need for effective methods to launder money became apparent.

Milestones in the development of Anti-Money Laundering (AML) regulations include the establishment of the Financial Action Task Force (FATF) in 1989, which set global standards and guidelines for combating money laundering. The USA Patriot Act of 2001 in the United States initially introduced comprehensive AML measures, including enhanced due diligence requirements and the creation of financial intelligence units. More recently, The UK Government imposed The Money Laundering and Terrorist Financing (Amendment) Regulations 2023 to implement stricter requirements for regulated entities to track high-risk factors, e-money thresholds for due diligence, a closer focus on identifying Ultimate Beneficial Ownership, and reporting discrepancies to Companies House.

Due to the ever-evolving nature of complexity of money laundering, regulation is constantly developing, and the goalposts are moving for regulated entities to ensure they are fully compliant.

Key global organisations and initiatives to combat money laundering include the Financial Action Task Force (FATF), which coordinates efforts among member countries to prevent money laundering and terrorist financing through policy development, evaluation, and cooperation. Additionally, the United Nations Office on Drugs and Crime (UNODC) works to enhance global cooperation. These organisations underscore the importance of global collaboration in addressing the complex challenges posed by money laundering.

The impact of money laundering

Money laundering comes in many forms, ranging from drug trafficking and human smuggling to cybercrime and corruption. Drug trafficking remains one of the most lucrative criminal enterprises with organised crime syndicates funnelling massive sums of money through illicit channels.

Cybercrime, including hacking, identity theft, and online fraud has become increasingly prevalent in the digital age, providing criminals with more opportunities to launder money. Corruption, whether in the form of bribery, embezzlement, or illicit government contracts, also generate funds that require laundering to conceal their origins.

The consequences of money laundering for society and the economy are profound. Money laundering facilitates the growth and sustainability of criminal enterprises, perpetuating violence, exploitation, and global instability.

The flow of illicit funds distorts economic systems, undermining fair competition and fostering a climate of corruption. Money laundering enables criminals to evade taxes, depriving governments of vital revenue for public services and infrastructure. Therefore, the Defence Against Money Laundering (DAML) through stringent regulation aims to safeguard society and preserve the integrity of the global financial system whilst reducing and preventing financial crime.

The future of money laundering regulations

As digitisation of financial institutions continues globally, regulation is only going to become stricter and more complex. Criminals are becoming more intelligent, cross-border transactions are the norm, and the emergence of AI poses a serious threat. The importance of a strict compliance program has never been more important.

The future outlook of Anti-Money Laundering regulations and enforcement emphasises the necessity for a more collaborative approach. If regulators and regulated entities want to truly prevent money laundering over and above it being a tick box exercise, there cannot be a disconnect between the two. Global harmonisation of regulation, advanced technology to fight financial crime, and cooperation between regulatory bodies and entities can provide the balance needed to counter money laundering whilst ensuring regulated entities can maximise revenue by providing an efficient customer journey.

How FullCircl can help

FullCircl provides a full suite of AML screening and monitoring including global PEPs, sanctions, and adverse media to actively identify the risk of money laundering at onboarding and through ongoing monitoring. On top of that, we understand that service providers need to offer much more than AML checks alone. We offer a consultative and collaborative approach to understand your unique requirements, the regulation you must comply with, and have a core understanding of how best to balance regulatory requirements with great customer experience.

FullCircl removes the regulatory and verification roadblocks to drive revenue growth by providing a full IDV orchestration platform including KYC in 160+ countries, document verification with facial comparison, Know Your Business (KYB) checks, anti-fraud, and more. FullCircl is data agnostic and uses 20+ data suppliers delivered via leading technology to provide clients with the most secure AML compliance product on the market.

Clients trust FullCircl to keep ahead of evolving regulation whilst giving their customers the best possible onboarding experience to drive customer advocacy and revenue growth.

Interested in hearing more? Contact us today for a free consultation and demonstration of the FullCircl platform.