Dealing in the world of compliance two of the most common terms you will hear are KYC and AML; the former stands for Know-Your-Customer, while the latter in Anti-Money Laundering. While you might be familiar with both of those terms you may not fully understand the difference, a lot of people confuse the definitions of the two.
So, what is the difference between KYC and AML? In this article, we’ll look at the definition of both, the difference between the two and why both are so important to a business’ compliance program.
Why do we Need KYC & AML?
At their core, KYC and AML regulations exist to remove or at least mitigate the impact of money laundering, financial terrorism, corruption and other financial crimes.
Both of these protocols are mandatory for regulated entities that have been deemed at high risk of helping to enable financial crime.
KYC and AML are most often linked with financial institutions but, these regulations can apply in any sector, from gaming to art and commerce. AML regulations can vary vastly across the globe, some jurisdictions have far more stringent regulations than others, while some have no regulations at all. It is always important to know the specific regulations of the territory you’re working in.
AML regulations are mandated by both national and international authorities around the world and place a wide range of screening and monitoring obligations on businesses and institutions. These include KYC measures, which allow for the identification of customers and an understanding of their behaviour.
What is Know Your Customer (KYC)?
KYC is a financial regulatory requirement, mandated by different regulations, depending on the region it is being enforced in.
This requirement means that regulated entities must obtain personal information about a customer to ensure that they do not intend to misuse their services and that the people applying for those services are not sanctioned or on PEP lists, for example.
KYC procedures must take place at the account opening stage of a customer’s onboarding process, and periodically thereafter to account for any changes to the customer’s details or status. The specific information gathered differs globally based on regulation, risk appetite or the product/service involved, but businesses will always need at least the name, date of birth and address of the customer.
KYC may also include ongoing transaction monitoring, and a range of customer screening measures, including politically exposed person (PEP) screening, sanctions screening, and adverse media screening.
During the verification process, customers will usually have to provide businesses with certain credentials, such as their ID. It is then up to the businesses to ensure that the submitted documents are genuine and that customers are who they say they are.
It is estimated that KYC procedures cost the average financial institution nearly €60 million per year.
What is Anti-Money Laundering (AML)?
AML is a collection of measures and procedures carried out by regulated entities to prevent financial crimes, that covers everything from money laundering to financing terrorism.
For regulated businesses, this will include analysing customers and their transactions, recordkeeping, reporting any suspicion of money laundering to AML authorities (via a Suspicious Activity Report) and more. For most organisations, AML will begin with KYC, and will then continue through to monitoring financial activity and reporting suspicious behaviour.
Regulated businesses must develop their AML measures under the regulations of the territory that they are operating in, which varies from country to country, some of the most well-known are:
- The Money Laundering, Terrorist Financing and Transfer of Funds Regulations in the UK;
- The Anti-Money Laundering Act in Germany;
- The Payment Service Act (PSA) in Singapore;
- The Financial Crimes Enforcement Network (FinCEN) in the USA
National authorities also issue guidelines that help businesses understand their AML obligations. However, global AML standards are set by The Financial Action Task Force (FATF), and these are then adopted by individual jurisdictions.
KYC and AML…What’s the Difference?
To put it quite simply, AML is an umbrella term for a range of measures, protocols and processes that you must put in place to achieve regulatory compliance. KYC, on the other hand, is merely a component of AML, which specifically refers to the method by which businesses establish and verify their customer’s identities, and monitor their financial behaviour.
Which Do You Need?
To put it quite simply, both. As we said, KYC and AML regulations vary from jurisdiction to jurisdiction, but in the majority of these jurisdictions, they are compulsory. For example, in the USA KYC and AML compliance is enforced as compulsory under the Patriot Act of 2001.
Due to the fact KYC represents just a portion of AML compliance, it is impossible to have one without the other; you can’t comply with AML requirements without first having proper KYC controls in place.
Ultimately, money laundering is on the rise, and there is a lot of work to be done to keep up; these measures don’t only help prevent financial crime but also protect your business, its revenue and its reputation from irreparable damage.
Understand that KYC and AML regulations are to be taken very seriously, in 2020 alone, an astounding $10.6 billion in fines for non-compliance with KYC and AML regulations were levied on businesses and institutions globally, a 27% rise from 2019.
The relationship between an AML program and a KYC process should be one of continuous feedback. As a subset of AML, KYC should be used to tailor an AML program to your specific needs, with the intention of regularly refining customer risk profiles and enhancing compliance performance.
Organisations are under increasing scrutiny and using RegTech software can help you to manage the identity verification process, allowing automatic prioritisation of high-risk customers, while also reducing human error and false positives.
Find out how our solutions can help you protect your business and comply with even the strictest of regulations, visit www.sekuritance.com today, get in touch and we’ll show you exactly what we can do for you.
The Sekuritance RegTech platform provides a single platform for every eGRC need, including end-to-end AML/CTF, CECL, FCPA, vendor management, beneficiary onboarding, investor check, card processing MFA checks, blockchain wallet checks, cyber-risk assessments, and other RegTech or Business Process Management requirements.
Stay tuned for more info and follow us on: