Know Your Customer FAQ: Guide to digital CDD, AML, KYC regulatory compliance
When it comes to Knowing Your Customer (KYC) compliance there are many regulations and acronyms to familiarise yourself with. This FAQ guide sets out to answer some of your questions and explain some of the most common acronyms and their meanings, such as AML, CFT and CDD, but first let’s start with KYC.
What is KYC?
KYC stands for Know Your Customer and can have different meanings depending on the context or jurisdiction. It is often used as synonym for Customer Due Diligence (CDD) but sometimes referred to as the wider range of regulatory obligations relating to Anti-Money Laundering (AML) tax, and general business conduct.
What is CDD?
CDD stands for Customer Due Diligence and is the process of taking ongoing risk-based measures to:
- verify the customer identity, its beneficial owners and its ownership and control structure
- perform screening for Politically Exposed Persons (PEP) and sanction status
- understand and review the purpose and the intended nature of the business relationship.
What is AML?
AML stands for Anti-Money Laundering. You might also hear this mentioned together with CFT, Countering the Financing of Terrorism. In the battle to fight money laundering (the act of hiding the criminal origin of funds), Anti-Money Laundering laws have been adopted in many countries. These laws require regulated companies, like financial institutions, to identify and check the background of their customers (the CDD measures) and report suspicious activity or transactions to the authorities. AML regulations are often combined with regulations to counter terrorist financing. AML and CFT regulations have turned regulated companies into the ‘gatekeepers’ of the legal financial system.
Who regulates AML?
In essence AML regulations are national laws, regulated by national authorities. In the EU and EEA, these laws are based on European directives (AMLD4, AMLD5 and AMLD6), which serve as blueprints at national level in European countries. These directives have contributed to the alignment between the AML laws across the EU, but the individual countries still have the freedom to define specific requirements where the directives leave space to do so. On a global intergovernmental level, AML legislation is aligned between countries via the Financial Action Task Force (FATF).
Who needs to comply with AML?
AML compliance is defined by local law so it can be slightly different in each country. In general, key actors who are at risk to be ‘used’ for money-laundering purposes have to comply to AML regulations. Examples of such actors for the three key phases of a typical money laundering process are:
- Placement phase: banks, card issuers, payment service providers, life insurers, crypto-currency actors, casinos, foreign exchange agents
- Layering phase: accountants/auditors, tax advisors, trust offices, notaries, lawyers, stockbrokers
- Integration phase: art traders, freeports, real-estate brokers, jewellers, pawnbrokers, car/ship dealers.
What is the difference between KYC and AML compliance?
KYC (or CDD) is a part of a wider set of AML recommendations as defined by the FATF. AML includes other recommendations as well, such as financial transaction monitoring, reporting to financial intelligence units, or recommendations related to reliance or correspondent banking.
How can you digitise AML/KYC?
The KYC and CDD obligations are often a burden for regulated companies. CDD processes take time, both for employees and customers. This can result in high costs and a painful customer experience. Digitisation of KYC means that the CDD process is made more efficient using digital services.
There are several key CDD steps:
- customer identification
- background checks
- risk analysis
- ongoing monitoring.
For each of these steps, digital services can replace manual and paper-based processes, resulting in lower costs and a higher customer conversion.
Can you automate AML/KYC?
Yes, but it’s important to remember the 80/20 rule. If you digitise the most time-consuming tasks (80%), the remainder of the process (20%), which is the hardest to automate, can often be made more effective.
How do you choose an AML solution?
Try not to think about AML as a stand-alone process, but as part of an overall customer onboarding process. Digital AML is achieved by digitising each step in a customer onboarding journey:
- background check
- risk profile
- defining customer need
- order confirmation.
What do I need for AML compliant digital onboarding of consumers/customers?
A typical digital KYC process requires a solution for:
- identity verification - confirming that an identity relates to an individual
- identity validation - checking the identity information/evidence against authoritative/reliable sources
- customer screening - PEP/sanction/adverse media
- documenting the customer agreement with collected CDD evidence.
What do I need for AML compliant digital onboarding of businesses?
Business onboarding, or KYB, requires all the solutions of the KYC process, but it also requires some additional information to be collected. This can typically include the validation of:
- the business identity itself
- the ownership structure and controllers
- ultimate beneficial owners (UBO)
- power of attorney.
What is digital identity verification in AML?
Digital identity verification allows you to confirm that an individual is who they say they are i.e. a certain identity relates to an individual ‘behind the screen’. This can be done using various digital services:
- an eID (electronic identity) secured with 2-factor authentication
- identity document verification services (passport scanning via mobile camera or NFC)
- via remote liveness checks (using facial recognition or video technology).
Signicat has the specialised services and knowledge to help you to digitise and automate your KYC process and continue to periodically check relevant CDD information, while ensuring you remain compliant with cross-border legislation. We provide the four key building blocks needed in a typical CDD process:
- identity verification
- identity validation
- periodic monitoring.
It’s simple: you tell us who, what and when to monitor, and we’ll notify you of any changes. This can be applied across many different data sources and countries.