KYC & due diligence in AML compliance: what you need to know

With every passing year, regulations and compliance demands around finance get tighter and tighter all over the world. Companies and finance organizations are bearing increasing responsibility to ensure that they correctly and fairly deal with customers, and ensure that they are not accidental facilitators of crime or fraud.

Key parts of those compliance demands are Know Your Customer (KYC), and within that, due diligence. In this blog, we’ll explore the basics of KYC and due diligence, how they support anti-money laundering (AML) functions, and what businesses need to do to meet their responsibilities.

What are KYC and due diligence?

Firstly, it’s important to make the distinction between KYC and due diligence, as the two are often conflated and confused.

KYC is a legal obligation on financial institutions to conduct certain background checks on the identity, the financial status and history of a customer, and whether they are an individual or a business. Alongside this verification, KYC procedures assess the potential risks to the business of dealing with that customer, based on a detailed analysis of their financial activities.

Due diligence exists as one of the core sections of the KYC process, alongside the Customer Identification Program (CIP). This ensures that organizations accurately verify exactly who a customer is, and what they are doing from a financial perspective. As their activities can change over time, this process is a continuous one, so that financial bodies can ensure that malicious activity can be spotted if it emerges further down the line.

The range of entities that are required to conduct KYC and due diligence is extensive and may vary from one country to another. In the main, financial institutions (banks, credit unions and FinTech companies), cryptocurrency-related enterprises like wallet providers and exchanges, and gambling businesses will all be required to comply.

Why are KYC and due diligence important?

While financial impropriety, fraud and organized crime have been around for centuries, the advent of the digital age - particularly digital banking - has made these activities much more widespread. 

Many malicious organizations use financial institutions to launder money or to process funds that can be used to finance terrorism. Not only are these activities obviously illegal, but financial organizations also have an ethical and moral responsibility not to facilitate these activities, so that people, businesses and money can be kept safe and secure.

At a more individual level, fraud can have devastating effects on members of the public, whether they’re hit on their payment cards, checks or when banking online. In 2018, the cost of fraud in the United States reached more than $25 billion - approximately $75 for every person in the country.

The importance of KYC and due diligence procedures have been magnified by the impact of the COVID-19 pandemic. The resulting economic turbulence is likely to result in an increase in criminal financial activity, and both KYC and due diligence activities can play a leading role in shutting down that activity before it can have any harmful effects.

KYC and due diligence requirements

It’s worth noting that KYC and due diligence requirements vary (at least to a certain extent) between different countries and territories. For example, in European Union countries, the AMLD5 framework sets out rules and guidelines that businesses must adhere to. In the United States, a similar framework of rules and recommendations is set out by the Financial Action Task Force.

Although the rules themselves may vary, the principles that guide them are more or less the same. As a result, there are three main functions that are normally expected from a due diligence process:

• Verification: the collection of information about a particular individual or company, and then checking that it’s truthful and accurate. For an individual, this will involve at least their full name, residential address, and any tax or national identification numbers. For companies, business registration information and office addresses are also required. Passports, ID cards, utility bills and bank statements are used for these; automated technology can simplify and speed up this process, and increase accuracy.
• Processing: once an identity has been verified, organizations should then check to see if any potential risks or issues are associated with them. This means referencing their identity against government databases that may uncover sanctions, criminal records, or that they are a Politically Exposed Person (PEP). This confirms not only the level of risk, but also whether it would be legal for the financial body to facilitate a transaction with the individual or business in question.
• Monitoring: all of the above information — from names and addresses to criminal record status — can change at any time after the initial verification and processing are complete. For that reason, financial organizations should constantly monitor these key profile data points and transactions, and use technology to immediately flag up any changes that could cause problems.

Different types of due diligence in KYC

The level to which due diligence is carried out depends on the nature of the customer and business, and the level of risk that is likely to be posed. The normal customer due diligence (CDD) process encompasses a basic level of information and verification, including any beneficial ownerships and risk profiles, relationships with customers and ongoing transactions.

Where there is a minimal risk of money laundering, or money being used to finance terrorism, the due diligence process can be simplified. However, high-risk customers may have to be subjected to an enhanced process, where a more detailed level of information is collected and processed, to ensure any risks are identified and mitigated. In many cases, requirements around enhanced due diligence are enshrined in law by different governments and authorities.

For more information, check out our post on how to achieve KYC compliance.

KYC and due diligence checklist

When establishing KYC and due diligence procedures for a new organization — or reviewing the current effectiveness of an existing one — these four tips should help ensure that you’re on the right track:

• Check rules for specific territories: review your planned processes against the rules and regulations in place for the country or territory you operate in. If operating internationally, then ensure that every regulation in every territory is covered.
• Determine the level of due diligence needed: consider the type of customer you’re likely to be dealing with, and the level of risk they could potentially pose. This should then define whether you need to perform simplified, customer or enhanced due diligence checks, or a combination of them that’s stratified across different customer profiles.
• Establish exactly the information required: with the level of due diligence defined, it’s then possible to set out exactly which data points need to be collected. With this in mind, you can then explore how this information can be effectively collected and processed.
• Partner with an expert technology provider: conducting KYC and due diligence requires an accurate assessment of documentation, detailed processing and constant monitoring, which can be time-consuming and impractical if done manually. A technology solution powered by deep analytics and automation can ensure accuracy, consistency and security at every stage of the process.

Veriff’s identity verification technology is ideal for helping businesses like yours meet KYC and due diligence requirements. To find out more, book a consultation with Veriff today.