KYC & AML: Key Differences and How They Work Together

KYC and AML complement each other: They are both crucial measures to prevent fraud and each one involves stringent checks to help verify the legitimacy of a person or organization.

However, there are important differences you must know, especially if you wish to optimize both processes. We look at the key aspects that distinguish KYC from AML each other, as well as the nature of their processes, the benefits of combining the two systems, and much more.

KYC & AML: Key Differences

KYC stands for Know Your Customer. It’s a legal requirement for certain businesses that forces them to learn and confirm the identities of users and customers. It’s also a helpful process to reduce fraud and cybercrime because if you can confirm someone’s identity, they are less likely to get away with fraud.

AML stands for anti-money laundering. It’s also a legal requirement for businesses to learn more about users and customers and their source of funds. There is a stronger focus on understanding where customers get their money and how they spend it, in order to avoid doing business with criminals who may use your business to launder money.

In addition, AML checks require you to verify that customers’ names do not appear on PEP (Politically Exposed Persons) lists. This is to ensure they are less likely to be in positions of corruption or bribery, which could lead to money laundering.

Similarly, sanctions lists are designed to avoid doing business with individuals based in countries with known links to money laundering and terrorism financing. 

In short, both KYC and AML are legal requirements. Regulation for both processes is designed and monitored by governments. Both require businesses to learn more about their users in order to be compliant. However, KYC focuses strictly on understanding your customers’ identities. AML focuses more on understanding where their money is coming from.

How Does KYC Compliance Work?

To meet KYC compliance requirements, your company must gather information about its new customers, usually during the signup or onboarding process. The information must include:

• proof of full name using an ID document (passport, ID card, driver’s license..)
• proof of address (utility bill, lease…)

Optionally, you may also be required to verify their business activity or employment status. KYC for certain industries also requires an age verification check (e.g. for adult or iGaming companies).

Wherever someone is considered to be a higher risk individual, for reasons such as being a Politically Exposed Person (PEP) or looking to conduct specifically high-value transactions, an organization is often called upon to conduct Enhanced Due Diligence (EDD) rather than simple Customer Due Diligence (CDD). As one would expect, EDD scrutinizes a customer more closely and runs more checks than simple CDD.

The KYC Process in 5 Steps

Let’s now break down the KYC process into a few simple steps. 

1. A new user registers on your platform.
2. You ask for their full name and address.
3. You ask for an ID document.
4. You verify that the document and other information match.
5. You confirm the identity and allow registration.

In theory, it sounds simple enough. The problem, of course, is that manually verifying identities doesn’t scale for medium or large companies. 

To make matters worse, criminals and fraudsters have every intention to fool your KYC process. This is why most companies rely on third-party KYC software to perform identity verification for them. 

If you want to make sure you’ve properly followed the steps required for KYC you can have look at our downloadable KYC Checklist.

How Long Is the AML KYC process?

Running a KYC check for money laundering prevention and compliance purposes can take anywhere from a few minutes to weeks. This depends on local laws as well as the complexity of the situation. For example, when you need to run KYC on a company, you may need more time and expert help to define its ultimate beneficial owner.

However, if you are conducting KYC identity verification checks on an individual, the process may only take a few minutes – to run their name and details past a database – or up to an hour, if you have to also check their identity using official documentation.

What Is an AML Compliance Program?

Because of the complexities of understanding AML legislation as well as implementing it to avoid fines and other repercussions, AML measures and processes are often approached as AML compliance programs. For banks, fintech companies and other organizations required to follow regulators’ mandates, an AML compliance program ensures that all aspects of AML requirements are closely followed and any changes to customers’ circumstances or to the law are considered and swiftly addressed.

This, for example, will include KYC, some type of identity verification using documentation, checking the person or beneficial owner of a business is not on any watchlists or crime lists, ensuring whether they are considered high-risk individuals and would thus need EDD conducted, and so on. It even entails running such checks regularly as well as monitoring transactions for certain flags and thresholds.

How Do AML Compliance Programs Work?

Anti-money laundering compliance can be more challenging than KYC. This is because, on top of an identity verification step, you must also continuously monitor transactions and payments and get an idea of the source of your customers’ funds. 

We’ve created a complete AML checklist here, but let’s examine what a standard AML process looks like:

1. A new user registers on your platform.
2. You ask for their full name and address.
3. You ask for an ID document and verify it is authentic.
4. You check their name against PEP lists, crime lists, watchlists, etc.
5. You check their country of residence against sanctions lists.
6. You continuously monitor how much money they move through your company, and to whom.

As you can imagine, the last part is particularly challenging. Here again, this is why companies rely on transaction monitoring software to take care of all that data in a safe and compliant fashion.

Why AML & KYC Compliance is Fundamental

KYC and AML are important for both businesses and the economy. Regardless of whether you need KYC only or both KYC and AML, it’s in your company’s best interests to meet all the right regulations, for reasons such as these:

• Avoid heavy fines: Government regulators will make an example out of your company for failing to meet compliance.
  
• Maintain a better reputation: Compliance issues are never great for PR – either with customers or stakeholders.
  
• Make life harder for criminals: A more secure onboarding and monitoring process can, in theory, make life harder for criminals.
  
• Secure your business processes: There are a lot of overlaps between KYC, AML, and general safe business practices. Identifying bad actors can reduce fraud and cybercrime, and keep your business secure in the long run. 

How Much Do Companies and Banks Spend on AML KYC?

The answer depends on the type of organization and the country they operate from. Individual KYC checks for AML purposes can cost up to $130, especially when the organization has to check PEP and sanctions lists and verify documents, for example. Estimates by Consult Hyperion calculate the cost of KYC to $60 million annually for the average bank.

From there, to calculate the full cost of AML, one would have to add to KYC costs all software costs to carry out transaction monitoring and other additional aspects of AML, such as submitting a Suspicious Activity Report (SAR) and running PEP checks, among others. Also, legal resources, internal or external, required to keep compliant and update processes where needed should also be factored in.

The Benefits of Combining KYC and AML

It’s no secret that compliance is expensive and sometimes overwhelming. One KYC check can cost up to $130. 

This is why, if possible, most businesses will attempt to combine both KYC and AML checks into one process. Here are the advantages of such an approach:

• Save on operational costs: Instead of running multiple systems for KYC and AML, you streamline your operations, which saves you money in the long run.
  
• Reduce user friction: Getting the right data once means fewer prompts for your users, which improves the customer experience.
  
• Remove data silos: KYC and AML information tends to disappear into a black hole. The data is siloed and stored away until a regulator asks for it. However, by gathering all your KYC and AML data with one system (mutualization), you can get a lot more from it – for instance in terms of user segmentation, tailored financial products, or even marketing. 

To help you conduct your AML KYC checks, SEON provides a standalone AML API, which you can test below. This can be deployed on its own or made part of our Fraud API, which sources hundreds of data points about a person, their email address, their device, IP, etc. to create a complete, real-time picture of your customers, flag all AML risks and stop fraudsters.

Customer Behavior: The Link Between KYC and AML

While many companies focus their KYC and AML efforts on identity verification, there is another interesting angle worth considering: how to turn data into behavior analysis. 

In other words, it’s not just about acquiring user information, but being able to read and understand it to learn more about your customers. 

Having more data can help a financial institution or neobank in manifold ways:

• By gathering data at the onboarding stage, you can filter out junk users.
• Doing pre-KYC and AML checks allows you to save money on official checks.
• You can repurpose user data to tailor specific offers or segment your customers.
• Regulators can see that you understand your users, not that you just regurgitate the data.
• You can be more flexible with your AML and KYC rules.

The last point is worth expanding upon. To illustrate it, let’s look at an example of a standard AML rule: 

In this example, we’re simply flagging all transactions above $3000. This is a legal requirement, and we can review them. 

But what does that say about our customer? Not much. Besides, your compliance team is probably likely to be reviewing plenty of false positives, where the purchase is legitimate and from a trustworthy customer. 

This is where creating more sophisticated rules that look at user behavior comes in handy. For instance, instead of flagging every high-value transaction, why not look at a sharp increase over a set period such as a 200% increase in spend over 24 hours?

This is an example of an AML rule that helps understand user behavior.

When you see a dramatic increase in spending, it is reasonable to believe that something suspicious is at play. This is when you should be paying extra attention to that user and the money they move through your company.

Of course, such a rule can be set with a minimum threshold or combine with other rules to minimize false positives and provide more sophistication.

How SEON Complements the KYC & AML Checks & Process

At SEON, we gather data from far and wide to help you understand user behavior. As part of this, we also provide a fully-fledged AML API, which checks customer names and their variations against PEP, RCA, sanctions lists, crime lists and other watchlists.

Whether you need extra information for a KYC check or sophisticated transaction monitoring for AML, our API-based modules let you:

• gather real-time information on the user, such as social media accounts, type of device, IP connection details, and more
• see if a person appears on any AML lists, including PEP and relatives, crime lists, sanctions lists, etc
• see if that information matches that of your customer, or if you should raise red flags
• keep that data for your KYC checks, including to advise any manual checks
• continually monitoring the user to understand their online behavior
• conduct transaction monitoring
• source data to feature in any SARs you need to submit, as well as to help your compliance

All this will not only help you immediately filter out junk users but also allow you to deliver a better service in the long run. 

FAQ

Sources

• Consult Hyperion: Know Your Compliance Costs