The importance of KYC and CDD in AML compliance: what your business needs to know
In this blog, we will explore the basis of Know Your Customer (KYC) and Customer Due Diligence (CDD) measures and how these processes support anti-money laundering (AML) functions. We will further delve into what businesses need to know and do to meet their regulatory responsibilities.
Dmytro Sashchuk
Do you remember the last time you went to the bank physically to send money somewhere?
While many 'yes' answers may be expected, it is undeniable that nowadays opening your bank account online and sending money on its way can be done in a matter of minutes - and all from the comfort of your home! The underlying causes for such a rapid digitalization may be plenty and complex, but clearly the COVID-19 pandemic and substantial increase in the number of FinTechs have certainly contributed to us moving our money online.
Katharina Cera, Allegra Pietsch, and Andrzej Sowiński in their article prepared for European Central Bank’s “Financial Stability Review, November 2023” observe this trend by showing that “digitalisation is progressing in both traditional banking and investment services”. At the same time, the same authors very appropriatedly address the digitalization as a double-edged sword - it brings plenty of benefits while simultaneously magnifying risks to the financial systems.
Subsequently, this led to the issue of tackling money laundering gaining much greater prominence among a wide range of stakeholders, from politicians, to supervisors, to consumers. Some cases have further contributed to the problem becoming a concern that requires regulatory intervention. The trend also appears quite wide as the overall number of money laundering cases has been steadily increasing, which is shown in the Eurojust Report on Money Laundering 2022 (see page 6)
However, this trend is not limited to the EU only and the number of money laundering cases in non-EU countries is quite high as well as can be seen from another image from the Report (see page 6).
At this point, it does not need to be explained that governments in the EU, the US, and all over the world really are rallying to pose more problems to those who wish to perpetrate money laundering and terrorist-financing crimes. It has become more important than ever for every business who is subject to anti-money laundering ("AML") obligations to assess their Customer Due Diligence ("CDD") measures and properly implement Know Your Customer ("KYC") processes. Negligent businesses risk becoming liable to considerable fines, but should also bear in mind that trust is like a paper - once crumpled it never goes back to its original form.
In this article, we aim to arm you with the most important knowledge when it comes to understanding AML obligations, specifically CDD measures and KYC procedures, their differences, and how they enable your business to ensure compliance with AML obligations.
Three fancy acronyms: what they are all about
Anti-money laundering obligations: where it all starts
First and foremost, it is important to understand the meaning of the term - AML, specifically when we are talking about AML obligations, which readers may often stumble upon when browsing articles and blogs on similar topics.
In the most basic form anti-money laundering obligations refer to a range of measures and duties concerning the prevention of money laundering that apply to some individuals and legal entities and are codified in the form of a law.
These individuals and entities (who are typically referred to as “obliged entities”) are designated on the margin of being able to identify money laundering and terrorism financing risks when providing their services or if their professional activity is at heightened risk of being used for money laundering and terrorism financing purposes.
Some of the AML obligations that obliged entities need to comply with include, but are not limited to:
- Performing risk assessments;
- Designing and implementing system of policies, controls and procedures to ensure compliance;
- Designating an employee who is responsible for monitoring and facilitating compliance;
- Implementing customer due diligence process taking into account identified risks;
- Retaining customer records; and
- Filing occasional and suspicious transactions reports.
When it comes to the sources of these obligations we are, of course, talking about laws. Countries have varied approaches in how they codify laws and so while one country may have all relevant provisions in a single law, another country can have them split among laws and regulations.
On the surface level, many AML obligations are quite similar from country to country as jurisdictions often draw inspiration for their AML frameworks from the Financial Action Task Force (“FATF”). It would not be an understatement to say that FATF Recommendations is a trend-setting instrument when it comes to understanding AML obligations on a high-level. At the same time, the local implementation of the specific requirement is often unique and depends on risks that are prevalent there. Subsequently, while blogs, overviews and authoritative guidelines are great in outlining what the requirements are, obliged entities must consult a specific country’s legislation to understand how to implement them.
For demonstrational purposes, we present some examples of laws that impose AML obligations for obliged entities:
- Spain has Law 10/2010 of 28 April and Royal Decree 304/2014;
- The UK has Proceeds of Crime Act 2002 and The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017;
- the US has Bank Secrecy Act (it is codified in the United States Code in different chapters within Titles 12 & 31) and Code of Federal Regulations (which are regulations implementing Bank Secrecy Act’s mandates by relevant supervisory authority, for instance see FinCEN’s regulations in the Title 31, Chapter X).
Customer due diligence: an "airport security scanner" for money laundering prevention
The CDD is a two-fold concept which stands as the central element of AML compliance and is especially important for all obliged entities.
From one side, the CDD can be characterized as a set of measures that obliged entities must implement to mitigate the risks of their services being exploited for money laundering, while on another side, it is also a process of continuous application of these measures.
Effective CDD is the underlying component in preventing illicit financial activity and ensuring compliance. We invite readers to check the video published by the Finansinspektionen (Swedish Financial Supervisory Authority) that explains the CDD process and measures.
Even though the video draws upon the Swedish AML framework, most of the elements brought out can be well applied in contexts of other countries. Below you may also find the flow chart demonstrating the typical CDD process and measures it’s composed off.
Smallest denominator: know your customer
Do not be misled by the name of this section because even though KYC stands as the smallest denominator, its importance is certainly not smaller than that of other CDD measures. This gets us to the first important point, which is that KYC is a core element of the CDD process and one of the CDD measures. For this very reason, it is rather easy to conflate or confuse the two concepts. At the same time, it is easy to understand KYC as the full name of this measure very accurately describes the material essence of the actions that obliged entities need to perform - getting to know their customers.
KYC revolves around identifying and verifying the customers’ identity - being the first substantial CDD measure that the obliged entity needs to perform when establishing a business relationship with their customers
On a high-level, the two underlying elements of KYC, the identification and the verification, are typically parallel processes. For the identification part, an obliged entity obtains the information about their customers, for example: name, date of birth, address, and nationality. After that the obliged entity verifies the data obtained against independent and reliable sources.
In order to implement proper KYC requirements, it is necessary for businesses to consult their applicable legislative framework. As we previously noted, the local implementation of the specific CDD measures are unique and will different depending on where the business is licensed to operate, this is especially true for the KYC process. For example, the US requires obliged entities to implement a Customer Identification Program (known as “CIP”) that is based on the KYC principle despite having a distinct name. Each country therefore will generally offer their own take on a set of steps that businesses need to take in order to identify their customers and establish means through which identity verification should take place.
It is worth stressing that compliance always starts from the smallest element, and indeed without having proper KYC process, businesses cannot claim to have addressed CDD measures, thus not achieving AML compliance. Therefore, there is an inherent inter-relation between all elements discussed in this blog.
Key steps to achieve AML compliance and mitigate risks
The obliged entities must strategically approach the necessary steps to meet their compliance with applicable AML requirements. We would like to provide some insights on which steps businesses need to consider in order to mitigate risks of their service being used for AML purposes.
Anti-money laundering risk assessment
Perform risk assessment identifying key risk metrics relevant to the business, such as customer types, product offerings, services provided, and location of operations. We encourage companies to take into account national risk assessments (some of which can be located on the FATF website). This piece of information may prove useful as obliged entities are mandated to take these assessments into account when producing their own risk assessments.
Design and implement effective customer due diligence measures
Completing of the risk assessment and getting a thorough understanding of the applicable legal framework are underlying elements of determining the proper design of CDD measures. For example, this means that understanding the applicability and the scope of the US CIP requirements for the US financial entities is just as important as it is for the EU financial entities to understand the requirements of the Member State where they are soliciting their services.
It is no-less important to implement effective measures that ensure regulatory compliance while preserving the users’ comfort. With Veriff, complying with CDD obligations doesn’t mean compromising the user experience. Veriff’s KYC onboarding solution enables you to meet regulatory compliance and onboard more genuine customers, helping to cut customer acquisition costs. With Veriff, you can also utilize optional anti-money laundering checks such as PEP and sanctions screening to make it even easier to establish and implement effective CDD measures.
Ongoing customer diligence measures
Every compliant business knows that CDD is not a one-time process - it requires continious application. Monitoring users' financial behaviors and ensuring that information stays up-to-date is just as crucial as initial onboarding. Veriff’s automated AML screening and ongoing monitoring solutions may be particularly useful to help keep your business compliant, mitigate risk, and keep out fraudsters while still creating a seamless experience for your genuine users.
Explore more
Get the latest from Veriff. Subscribe to our newsletter.
Veriff will only use the information you provide to share blog updates.
You can unsubscribe at any time. Read our privacy terms.
