Know Your Customer: Guide to digital CDD, AML, KYC regulatory compliance
Financial services companies need to understand regulations around Anti Money Laundering (AML), Know Your Customer (KYC) and Customer Due Dilligence (CDD). We explain each in this guide.
What is AML or AML/CFT?
AML stands for Anti-Money Laundering and CFT for Countering the Financing of Terrorism. In the battle to fight money laundering (the act of hiding the criminal origin of funds), so-called Anti-Money Laundering laws have been adopted in many countries. These laws require regulated companies (like financial institutions) to identify and check the background of their customers (the so-called CDD measures) and report suspicious activity or transactions to the authorities.
AML regulations are often combined with regulations to counter terrorist financing (CFT).
AML and CFT regulations have turned regulated companies into the “gatekeepers” of the legal financial system.
What is KYC?
KYC stands for Know Your Customer and can have different meanings depending on the context or jurisdiction. It is often used as synonym for CDD (see CDD below), but sometimes referred to as the wider range of regulatory obligations related to AML, tax, and conduct of business.
What is CDD?
CDD stands for Customer Due Diligence and is the process of taking risk-based measures to (on an ongoing basis) (1) verify the customer identity, its beneficial owners and its ownership and control structure, (2) to perform screening for PEP and sanction status, and (3) to understand and review the purpose and the intended nature of the business relationship.
What is the difference between KYC and AML compliance?
KYC (or CDD) is a part of a wider set of AML recommendations as defined by the FATF. AML includes other recommendations as well, such as financial transaction monitoring, reporting to financial intelligence units, or recommendations related to reliance or correspondent banking.
Who regulates AML?
In essence AML regulations are national laws, regulated by national authorities.
In the EU and EEA these laws are based on the European directives (AMLD4, AMLD5 and AMLD6), which serve as “blueprints” for the laws in European countries. These directives have contributed to alignment between the AML laws in European countries, but countries still have the freedom to define specific requirements where the directives leave space to do this.
On a global intergovernmental level, AML legislation is aligned between countries via the FATF, the Financial Action Task Force.
Who needs to comply with AML?
This is defined in local laws, so can be slightly different per country. In general, key actors who are at risk to be “used” for money-laundering purposes have to comply to AML regulations. Examples of such actors for the 3 key phases of a typical money laundering process are:
Placement phase: banks, card issuers, payment service providers, life insurers, crypto-currency actors, casinos, foreign exchange agents.
The KYC and CDD obligations are a burden for regulated companies. CDD processes take time, both from employees as well as from customers. This results in high costs and a painful customer experience.
Digitization of KYC means that the CDD process is made more efficient using digital services.
How can you digitize AML / KYC?
For each of the key CDD steps (customer identification, background checks, risk analysis and ongoing monitoring) digital services replace manual and paper-based processes, resulting in lower costs and higher customer conversion.
Yes, but it’s important to remember the “80/20 rule”: the goal is not necessarily to digitize everything; the goal is to digitize the majority of the tasks which take most time (“80%”). The remainder of work -which is hardest to automate- can often be made more effective by digitizing some of the process steps.
How do I choose an AML solution?
Try not to think about AML as a stand-alone process, but as part of an overall customer onboarding process. Digital AML is achieved by digitizing each step in a customer onboarding journey: identification, background check, risk profile, defining customer need, and order confirmation. Signicat can provide many building blocks to build such journeys.
How can I automate AML monitoring of my customers?
Signicat has developed services which help you to periodically check all relevant CDD information. You tell us who, what and when to monitor, and we’ll notify you of any changes (across many different data sources and countries).
What do I need for AML compliant digital onboarding of consumers/natural persons?
A typical digital KYC process requires a solution for identity verification (confirming that an identity relates to an individual), identity validation (checking the identity information/evidence against authoritative/reliable sources), customer screening (PEP/sanction/adverse media) and a solution to document the customer agreement with collected CDD evidence. Signicat can provide these building blocks.
What do I need for AML compliant digital onboarding of businesses?
Business onboarding (sometimes called KYB) requires all of the above (for doing KYC on individuals in an organization) but requires additional information to be collected. Typical additional KYB validations are validation of the business identity itself, validation of the ownership structure, controllers, ultimate beneficial owners (UBO) and power of attorney. Signicat can provide all these validation services.
What is digital identity verification in AML?
Digital identity verification allows you to confirm that a certain identity relates to an individual “behind the screen”. This can be done using various digital services: by using an eID (electronic identity) secured with 2 factor authentication, via identity document verification services (passport scanning via mobile camera or NFC) and via remote liveness checks (using facial recognition or video technology). Signicat can provide all these verification services.