KYC AML: explaining the importance and difference

What Is KYC and Why Is It Important? How Is It Part of AML?

March 9 2022

At their core, Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations exist to limit or mitigate the impact of money laundering, terrorism funding, corruption, and other forms of financial crime. 

KYC and AML are mandatory for regulated entities deemed at high risk of facilitating financial crime. While Financial institutions (FIs) are typically associated with KYC and AML, the regulations can apply to anything from a casino to an art gallery. Some countries do not yet have AML regulations, and some jurisdictions’ regulations are far more stringent than others — so you should always refer to your country’s specific regulations (such as AML6 in the EU and the Bank Secrecy Act in the US).

Essentially, KYC is the process organizations use to verify the identity of customers, and it falls under the wider AML framework. One major problem for organizations is being able to quickly and accurately verify the identity of a new customer through a remote online channel while providing a positive customer experience.

That’s where iProov comes in: our technology aids organizations to be compliant with KYC and AML through secure online identity verification and authentication, which is the first port of call against online criminal activity. The first and most crucial step in KYC/AML efforts is to verify who your customers actually are. 

What is Know Your Customer (KYC)?

KYC is a financial regulatory requirement which is mandated by different regulations depending on the region. In the US, for example, it’s generally known as Customer Identification Program (CIP) and is mandated by the USA Patriot Act.   

KYC is a requirement by which regulated entities must obtain personal information about a customer to ensure that their services are not misused and ensure that people applying for financial services are not on sanctions or PEP lists. These KYC procedures take place at account opening and periodically thereafter, or when a customer changes their details. The personal information gathered differs globally based on regulations, the organization’s risk appetite, and the product.

Today, it’s important to be able to verify a person’s asserted identity on an online/remote channel. With iProov’s Genuine Presence Assurance®, you can verify a customer against their asserted identity in a way that delivers the highest level of security while being easy to use and inclusive. Genuine Presence Assurance uses biometric face verification, because it is the most secure, convenient, and inclusive method of supporting KYC compliance remotely.  

Currently, KYC costs the average bank in Europe $60 million per year. Using a face verification solution such as iProov can help mitigate some of this burden by enhancing efficiency and customer experience during onboarding. 

What is Anti-Money Laundering (AML)?

AML is a framework of laws and policies aiming to prevent and identify financial crime, including everything from terrorist financing to money laundering. For most institutions, AML will start with KYC knowing your customers and will then continue through monitoring financial activity and reporting suspicious behavior. 

Therefore, AML can refer to a large pool of techniques employed to meet stringent requirements and avoid liabilities. 

iProov face verification can help organizations with specific parts of AML, but not all. The areas where iProov can help include…

  • Preventing bad actors from gaining access to your services at the point of enrollment.
  • Verifying that a user is the right person using their asserted identity during onboarding and returning authentication.
  • Protecting against financial crime by verifying that customers are who they say they are.

More on how iProov helps protect against money laundering can be found here.

Is there a difference between KYC and AML?

In short, KYC and AML are not to be positioned against one another. This is because AML is an umbrella term for several techniques and regulations, and KYC falls within this. KYC is one of the many mechanisms that can facilitate compliance with the wider AML framework.

KYC refers specifically to identity verification and risk assessment, whereas AML could refer to a much wider range of techniques (such as transaction monitoring, enhanced due diligence, sanctions & PEP screening, and more) to monitor risk during and after KYC checks.

Ultimately, KYC is a part of AML. 

Which do you need: KYC or AML? 

KYC and AML regulations vary according to jurisdiction, but in the majority they’re compulsory. For example, KYC and AML compliance has been compulsory for US banks since 2001, when the US Patriot Act was enacted.

Due to the overlap, it would be impossible to comply with AML requirements without first having proper KYC controls in place. 

Ultimately, money laundering is on the rise, and financial institutions have a  lot of work to do to keep up. That’s why solutions such as iProov, which can securely verify the identity of a remote customer in jurisdictions that allow remote automated onboarding, have become essential.

What about Customer Due Diligence?

KYC is a fundamental part of the anti-money laundering framework, and Customer Due Diligence (CDD) is a subset of KYC processes.

Having proper KYC controls in place will then allow you to conduct the appropriate due diligence on a customer or account according to their risk level.

iProov does not provide customer due diligence checks. We provide trusted identity verification during onboarding and ongoing authentication using face biometrics. However, identity verification is part of CDD. Once verified, FIs can then determine which accounts require further due diligence. 

How does iProov support KYC and AML?

With a brief facial scan, iProov’s highly secure face verification can assure the genuine presence of a remote user and support compliance with KYC and AML regulations effortlessly.

Trusted remote identity verification depends on linking the physical person asserting their identity to an identity document. The only way to do that is with biometrics. Government-issued photo ID enables an individual to assert their identity online and iProov enables an organization to verify that the physical face of the person asserting that identity is indeed the genuine holder of that ID document. iProov also delivers liveness/Genuine Presence checks to ensure that the document and the applying ‘face’ are authentic and not spoofed. 

Our market-leading biometric verification is deployed across the world in conjunction with document verification to create an end-to-end KYC solution, which can then support further AML compliance.

This has a number of key benefits:

  • Improve the accuracy and efficiency of onboarding new customers remotely: iProov research in 2020 showed that while half of the top 20 US banks enabled a new customer to open an account in 30 minutes or less, almost half took 2 days or longer. iProov technology solves this problem by removing the need for in-person checks or manual verification, which  increases accuracy and reduces costs. It also speeds up the process, enabling customers to quickly get access to their new accounts, while maintaining high levels of security. 
  • Mitigate the risk of fraud and financial crime: iProov enables you to ensure that new customers are who they say they are with a high level of assurance.
  • Reduce the risk of compliance penalties and reputational damage from negative publicity: iProov enables FIs to meet regulatory guidelines while reassuring customers and protecting the organization’s reputation.

This ultimately reduces the costs and time taken for KYC and identity verification, removing much of the burden associated with the KYC/AML ecosystem. 

Why do you need to assure liveness in KYC & AML?

Liveness refers to technologies that verify a face presented to a device is a live human being. But not all liveness solutions are equal. 

Genuine Presence Assurance uses an effortless, passive face scan to assure that an individual…

  • Is the right person, using face matching by matching the identity to a trusted photo identity document.
  • Is a real, live person, and not a presentation attack (a physical or digital artifact presented to the device sensor, like a photo or mask).
  • Is authenticating right now, and not a digitally injected attack using a deepfake or other synthetic media (ensured by GPA’s one-time biometric delivered by Flashmark).

Liveness for KYC and AML infographic - explaining Genuine Presence

iProov also offers Liveness Assurance™ for lower-risk scenarios. However, GPA is recommended for KYC/AML because initial user onboarding is a high-risk action–you don’t know anything about the user or their risk until you have onboarded, so it’s important to start off securely as trust established at onboarding will carry through the customer lifecycle. GPA assures users are authenticating in real-time and comes with iSOC active threat management in addition to liveness detection, which enables response to new and emerging threats.  

KYC and AML: a summary

  • KYC is the requirement for financial organizations to obtain personal information about their customers to ensure that services are not misused. 
  • KYC is part of the larger AML framework, which refers to a set of regulations and techniques aiming to minimize money laundering.
  • Financial institutions are spending billions of dollars annually to combat financial crime. These organizations face significant regulatory and reputational risks if they do not comply with KYC and AML.
  • iProov supports KYC and AML compliance through two methods: customer verification during remote onboarding and ongoing authentication of returning customers. This means that you can be confident that your customers are who they say they are. 
  • Using iProov to assist with KYC and AML can cut costs, enhance and streamline regulatory compliance, reduce onboarding times and minimize frustrations, and delight customers.
  • Remember that these points are dependent on country and jurisdiction. Be sure to check your jurisdiction’s directive for more specific information. 

Understand that KYC and AML regulations are no empty threat: in 2020, a staggering $10.6 billion in fines were imposed globally for non-compliance with AML and KYC regulations, rising 27% from the year before. Organizations are under increasing scrutiny and iProov can help. 

If you’d like to know more about how iProov can support your KYC and AML initiatives, book a demo here.

Back to Resources

Get a demo