RegTech Insight Knowledge Hub
KYC / AML
In a nutshell: Know Your Customer (KYC) is a process to which financial institutions must adhere in order to comply with global Anti-Money Laundering (AML) regulations. It requires the institution to verify the identity of its clients and to obtain detailed due diligence information in order to assess the potential risk of illegal activity.
Read on in our Knowledge Hub ‘Everything you need to know’ section to understand the full details of what KYC and AML is all about, who it impacts, the key requirements, the technical and data challenges it presents, and the outlook.
You can also take a look at all the latest content we have related to KYC and AML. And you can see a listing of key vendors delivering solutions to this regulatory challenge.
KYC identification specialist KYC Global Technologies has launched a new batch screening tool for customer identification, which it claims to be the first in the world to offer a 3D risk-based approach. In addition to customising how the searching of a customer’s name and meta-data should be carried out according to the customer’s risk profile,…
Client lifecycle management software provider Fenergo has launched a new cloud-based Rules-as-a-Service solution to futureproof financial instititions against evolving regulatory requirements. The plug and play solution will enable financial institutions to integrate Fenergo’s current regulatory rules capabilities into their existing digital platforms. A recent study by Fenergo suggests that the improvement of data and document…
By Kevin O’Neill, Global Head of Buy-Side Division, Fenergo Technology is advancing at lightning speed. Blockchain, AI and other cutting-edge technologies have completely disrupted the financial services sector in recent years. Now, as the global banking industry turns its attention to regulation and compliance, the newest kid on the fintech block, regtech, is set to…
A-Team Group recently held a webinar on the popular topic of The Data Management Challenges of Client Onboarding and KYC, discussing the data management challenges of client onboarding and KYC, and detailing new technology solutions that have the potential to automate and streamline onboarding and KYC processes. If you missed it, don’t worry! You can register…
Are you feeling the pressure from regulators to sort out your entity data but are frustrated knowing that the promised LEI solution is far from ready? What can you do in the meantime? Some financial institutions are meeting the regulatory requirements by establishing a single client view by cross-referencing data sources to help them achieve their entity data management…
There’s now a spotlight shining on the process of client onboarding due to regulations that are driving change in what is typically a fragmented and decentralised approach. While many firms recognise that getting their onboarding house in order is essential to achieving regulatory compliance and avoiding hefty penalties, addressing those functions in isolation is not…
You can listen to the recording of this webinar by registering on this page. How can ‘digitalising’ client onboarding help to speed up data processing and improve customer experience? How can you leverage digital capabilities to improve your Know Your Customer (KYC) and Anti-Money Laundering (AML) workflows, processes and checks? The task is not easy…
You can listen to the recording of this webinar by registering on this page. Are your client lifecycle management processes – including client onboarding, Know Your Customer (KYC), Anti-Money Laundering (AML) and most recently General Data Protection Regulation (GDPR) – up to the right standard for today’s pressing regulatory challenges? Early iterations of KYC and…
Don’t miss this opportunity to view the recording of this recently held webinar. Optimising client onboarding and Know Your Customer (KYC) processes continues to challenge banks operating in a highly regulated and competitive market. The challenge is exacerbated by increasing requirements to track and understand entity hierarchies and ultimate beneficial ownership. The webinar will discuss…
Welcome to the fourth edition of A-Team Group’s Entity Data Management Handbook sponsored by entity data specialist Bureau van Dijk, a Moody’s Analytics company. As entity data takes a central role in business strategies dedicated to making the customer experience markedly better, this handbook delves into the detail of everything you need to do to…
Data lineage has become a critical concern for data managers in capital markets as it is key to both regulatory compliance and business opportunity. The regulatory requirement for data lineage kicked in with BCBS 239 in 2016 and has since been extended to many other regulations that oblige firms to provide transparency and a data…
In a testament to the enduring popularity of the A-Team Regulatory Data Handbook, we are delighted to publish a sixth edition for 2018-19 of our comprehensive guide to all the regulations and rules that might impact data and data management at your institution. As in previous editions of the Regulatory Data Handbook, we have updated…
Everything you need to know about: KYC / AML
What is KYC/AML?
KYC regulations came into force following the creation of the Financial Action Task Force (FATF) in 1989. An intergovernmental organisation with 37 members, the FATF issued 40 recommendations to fight money laundering in the year of its launch. These were subsequently revised in 1996, expanded to include terrorist financing in 2001, and revised and tightened again in 2003 and in 2012. These recommendations require member states to:
- Implement relevant international conventions;
- Criminalise money laundering and enable authorities to confiscate the proceeds of money laundering;
- Implement KYC procedures such as customer due diligence, identity verification, record keeping and suspicious transaction reporting;
- Establish a financial intelligence unittohandle and process suspicious transaction reports; and
- Cooperate with international money laundering investigations and prosecutions.
In Europe, a common framework was introduced in May 2015 through the 4thAnti-Money Laundering Directive (AMLD4), the Directive (EU) 2015/849of the European Parliament and Council, which requires each member state to take appropriate steps to meet the AML requirements including the creation of a national body or regulatory authority to coordinate the national response to AML enforcement. KYC forms part of this AML legislation, and encompasses customer identification, acceptance, transaction monitoring and risk management. This can include the collection and analysis of identity documentation, the cross-checking of customer identities against global known-party lists, and the monitoring of transactions and account activity against expected behaviour.
?The 5th Anti-Money Laundering Directive, which amends ALMD4, entered into force on July 9, 2018. Member States must transpose this Directive by January 10, 2020. The new Directive, coming so soon after the earlier regulation, highlights the EU’s commitment to combating money laundering, particularly in response to a number of recent scandals including the late 2015 leaking of the Panama Papers. Rather than replace the previous directive, the new rules amend certain aspects: including the regulation of virtual currencies, information on beneficial owners, the use of prepaid cards, powers of financial intelligence units (FIUs) and supervisors, and due diligence for high risk countries.
The EU is also currently discussing the possibility of a Directive on countering money laundering by criminal law, which is expected to come into force shortly.
The primary AML legislation in the UK is included under the Proceeds of Crime Act 2002 (which requires businesses to report any suspicious activities to the authorities), and the Money Laundering Regulations Act 2007. The EU AMLD4 was transposed into law through the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, which came into force on June 26, 2017 and repealed/replaced the 2007 Act.
In May 2018, the UK Government passed the Sanctions & Anti-Money Laundering Bill, which lays out the UK’s intended approach to AML regulation following the UK’s departure from the EU in 2019. The bill also requires overseas British territories to establish public registers of the beneficial ownership of firms in their jurisdictions by 2020, and as such is being legally challenged by local governments in offshore tax havens including the Cayman Islands and the British Virgin Islands, who claim that the legislation violates their constitutional sovereignty.
The US criminalised money laundering in 1986 under the Money Laundering Control Act, which prohibited individuals from making financial transactions using the proceeds of crime. In 1998 the Money Laundering and Financial Crimes Strategy Act was introduced, spurring the creation of the National Money Laundering Strategy and the High Intensity Money Laundering and Related Financial Crime Area (HIFCA) Task Forces to coordinate enforcement at Federal, state and local level.
Under the USA Patriot Act of 2001, the US Treasury made KYC mandatory for all US banks. Title III of the Act requires a standardised customer identification programme (CIP) and appropriate customer due diligence (CDD) policies, procedures and controls.
Who are the regulators?
KYC and AML laws can differ by jurisdiction, but most jurisdictions operating within the global financial market have enacted some form of legislation to ensure compliance. On an international level, FATF publishes a blacklist of countries that do not cooperate with the guidelines or which represent a high AML risk. While this blacklist carries no authority under international law, it can bring significant international financial pressure to bear on non-cooperative markets and acts as a strong deterrent.
The European Banking Authority (EBA) is in charge of the integrity, transparency and orderly functioning of the European financial markets. As part of this, it is the EBA’s responsibility to ensure that competent authorities and credit and financial institutions within its scope apply the provisions of European Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) legislation effectively and consistently. It does this through the support of competent AML/CFT authorities within EU member states, and through a Joint Committee with the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA) to deliver its mandates under Directive (EU) 2015/849.
The Financial Conduct Authority (FCA) is the supervisory authority for all FCA-authorised entities including credit and financial institutions, money service businesses, trust or company service providers, electronic money institutions, auction platforms and recognised investment exchanges. Professional bodies such as the Law Society or the Association of Chartered Certified Accountants act as the supervisors for their own members. HMRC acts a the supervisory body for money service businesses not supervised by the FCA, along with high value dealers, trust or company service providers not regulated by the FCA or a professional body, accountancy service providers not regulated by a professional body, estate agency businesses, bill payment service providers not supervised by the FCAand telecommunications, digital and IT payment service providers not supervised by the FCA.
Professional guidance, approved by the UK Treasury, is provided by a number of industry groups including the Joint Money Laundering Steering Group, the Law Society and the Consultative Committee of Accountancy Bodies (CCAB).
The UK in January 2018 established theOffice for Professional Body Anti-Money Laundering Supervision (OPBAS), a new regulator set up by the government to strengthen the anti-money laundering (AML) supervisory regime and ensure the professional body AML supervisors provide consistently high standards of AML supervision.OPBAS is housed within the FCA and facilitates collaboration and information sharing between the professional body AML supervisors, statutory supervisors, and law enforcement agencies. OPBAS has published a sourcebook for professional body AML supervisors about how they can meet their obligations in relation to AML supervision.
The Financial Crimes Enforcement Network (FinCEN), a bureau of the US Treasury, collects and analyses information on financial transactions to combat financial crime and money laundering, and serves as the US Financial Intelligence Unit. Its mission is to: “Safeguard the financial system from illicit use, combat money laundering and promote national security.” FinCEN manages and coordinates the other regulators for US financial institutions with regards to KYC: including the US Treasury, the Federal Reserve Board of Governors, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency of the US Treasury, the SEC, theIRS and the National Credit Union Administration.
The Financial Industry Regulatory Authority (FINRA), a private corporation that acts as a self-regulatory organization, in 2012 issued the Financial Industry Regulatory Authority (FINRA) Rule 2090 (Know Your Customer) and FINRA Rule 2111 (Suitability) to assist both broker-dealers and customers to meet KYC/AML regulatory requirements.
Who needs to know?
Any firm providing financial services to customers, or any firm in the UK that is regulated by the FCA, by a professional body or falls under the seven HMRC-regulated categories (as above) must comply with KYC/AML regulation.
Related job titles include:
- Money Laundering Reporting Officer
- Head of Financial Crime
- Financial Crime Manager
- Financial Crime Officer
- Financial Crime Analyst
- Head of Regulatory Control
- Compliance Officer
- AML Officer
- Head of Client Onboarding
- Client Onboarding Specialist
- Head of KYC
- Financial Investigator
What are the key requirements?
There are a number of key steps firms must take in order to satisfactorily comply with KYC/AML requirements.
- Under Regulation 18 of the UK Money Laundering Regulations 2017, firms must conduct a written risk assessment to identify and evaluate the risk of money laundering and terrorist financing they face.
- Firms must implement the appropriate policies, procedures, controls and internal processes to address AML risks and meet regulatory requirements. These must be proportionate to the size and nature of the business, approved by senior management, and communicated internally. They must be regularly reviewed and updated, and they must cover AML controls; customer due diligence; reporting and record-keeping; monitoring and compliance; internal communication; identification of suspicious transactions; measures to mitigate AML risk following the adoption of new technology; and the making of required disclosures under Part 3 of the Terrorism Act 2000 and Part 7 of the Proceeds of Crime Act 2002. These must be applied across the group, including any and all subsidiaries outside the UK.
- Under the UK’s Money Laundering Regulations 2007, all businesses within the regulated financial services sector are required to appoint a Money Laundering Reporting Officer (MLRO). In addition, firms must provide appropriate KYC/AML training to staff. Firms are also recommended to establish an independent audit function to monitor internal compliance.
- The UK’s new 2017 regulations introduced new customer due diligence (CDD) requirements that must be applied when financial institutions establish a new business relationship or carry out an “occasional transaction” with a client. CDD must also be carried out “at appropriate times” on existing customers on a “risk sensitive” basis. CDD involves identifying and verifying the identity of a customer, and obtaining and assessing information on the purpose and intended nature of the business relationship or transaction (a new requirement not included in he earlier 2007 regulation). Depending on the circumstances, Simplified Due Diligence (SDD) or Enhanced Due Diligence (EDD) may be appropriate – guidance on this is provided in the Joint Guidelines issued by the European Supervisory Authorities under AMLD4. Circumstances in which EDD measures must be imposed include any transaction or business relationship involving a person established in a ‘high risk third country’, any transaction or business relationship involving a ‘politically exposed person’ (PEP) or a family member or known associate of a PEP and any other situation that presents a higher risk of money laundering or terrorist financing.
What technological challenges does it represent?
Compliance with KYC/AML requirements is of paramount importance for banks and financial institutions, and the penalties can be severe. In December 2017 the US Office of the Comptroller of the Currency fined Citibank US$70 million for failing to address concerns around AML first flagged in 2012, while in February 2018 US Bancorp was fined US$613 million in state and Federal penalties for a faulty AML program. In the UK, the FCA fined Deutsche Bank £163 million in 2017, its largest ever AML fine, based on the bank’s failure to maintain an adequate AML framework between 2012-15 – most notably in the area of client onboarding. In December 2017, the FCA warned Commerzbank specifically around a deficiency in KYC controls, and insisted on immediate action including a freeze on certain customer accounts until screening processes were improved. In February 2018, the FCA fined Canara Bank £896,100 and imposed a restriction preventing it from accepting deposits from new customers for 147 days, due to a failure to maintain adequate AML controls.
Yet compliance with KYC/AML requirements is not always easy or straightforward, especially for firms operating across multiple jurisdictions. Developing a standardised approach to managing regulatory change and facilitating KYC/AML requirements in tandem with overlapping regulatory requirements can present a substantial challenge, while firms must also balance KYC requirements with the new mandates under MiFID II and GDPR.
A lack of standardisation, data quality and data integrity issues, a legacy focus on traditional ‘rules-based’ methodology based on transaction filtering, and an over-reliance on paper-based verification are also challenges; while cost is another key issue – many financial firms have made enormous investments in AML compliance programmes that employ large teams, implement manual controls and utilise unwieldy point-in-time systems.
What solutions can be used?
Meeting KYC requirements can be expensive, time-consuming and labour-intensive – but done correctly and with a forward-looking strategy, an integrated KYC model can help firms to save time and money.
Client onboarding and client lifecycle management are the primary technological solutions for KYC compliance. This requires the construction of an efficient data model able to handle complex capital market relationships, coordinate a large number of activities, collect and store the correct client information, ensure ongoing policy adherence and provide transparency and accountability. Integrated platforms enable financial institutions to onboard new clients or new products efficiently in compliance with a broad range of regulatory obligations and supporting best practice.
With competing demands on data collection and resources, and with increasingly overlapping regulations across jurisdiction from global AML and KYC regulations to the growing number of tax (FATCA, CRS, UK CDOT), global entity classification and OTC derivatives-based regulations (such as Dodd-Frank, EMIR and Canadian and APAC derivative rules), as well as market reform rules (MiFID II),implementing a bank-wide source of consolidated data for due diligence can also help firms to use their customer lifecycle management technology from both the front and back office to optimise data, and onboard clients more quickly. A KYC utility is a central repository that collects, qualifies and stores KYC documents and related data, creating a synergy effect through the mutualisation of documents, data and KYC step.
Distributed ledger technology is helping to create new KYC solutions by allowing financial instiutions and regulatory agencies to communicate with each other in real time on a highly transparent basis. With current KYC processes lengthy and expensive, a shared ledger can allow this process to be monitored and adjusted more efficiently on an enterprise-wide basis, with information on client activity available in real time to all participants on the network, thus reducing overlap. Because end-to-end tracing and tracking of transaction and client activity is possible on blockchain, the identification and reporting of fraud would be improved, and the entire KYC process would become more efficient.
In addition, cryptographic/alternative verification holds the possibility of reducing/removing the need for paper/physical documentation and instead allowing the consolidation of sensitive client data onto a single network, accessible only by trusted sources.
Other innovative solutions such as biometrics, video KYC, data analystics, machine learning and AI are also being applied in this area to improve solutions.
However, the European Supervisory Authorities, in a January 2018 document entitled ‘Opinion on the use of Innovative Solutions by Credit and Financial Institutions in the CDD Process’, warned that while CDD “offers considerable scope for financial innovation that can improve the effectiveness and efficiency of AML/ CFT controls” there is also a risk that “innovation in this field, if ill understood or badly applied, may weaken firms’ safeguards and subsequently, undermine the integrity of the markets in which they operate.” Firms must be therefore be able demonstrate to their regulatory authorities that they have identified, assessed and mitigated all relevant risks before introducing innovative solutions to their CDD/KYC process.
Fenergo: Client lifecycle management including KYC onboarding
Domus Semo Sanctus: KYC provider with new AI functionality.
Etana Custody: Custodian firm offering standalone service for KYC risk management.
Equiniti: KYC technology and services provider for third party outsourcing
FortyTwo Data: Customisable ecosystem with KYC functionality and an AML Augmentation Platform.
Imeta: Client onboarding and data management platform.
Kyckr: A global business register to assist firms manage KYC obligations.
Lawson Conner: Regulatory infrastructure and managed compliance.
Northrow: Client onboarding and monitoring through a single integrated API
Opus: Risk management software for KYC compliance.
Pega: Scalable solution for KYC and AML across a unified platform
Refinitiv: KYC as a managed service.
Trulioo: Global identity verification service
If you want to appear on this page please contact Jo Webb at firstname.lastname@example.org or call us on +44 (0)20 8090 2055.