Why Do Businesses Need to Do KYC AML Checks?

Regulated firms undertaking certain financial activities are required to apply risk-based customer due diligence measures to prevent their businesses from being successfully targeted by money launderers or terrorist financiers. In this article, we discuss the importance of having robust Anti-Money Laundering and Know Your Customer processes in place to help meet stringent compliance requirements.

Posted on September 14, 2018
Written by Rebecca Angus

The UK is a major international financial and legal hub of the world, regulated by the European Union (EU) 5th Money Laundering Directive (5th MLD).

Although the UK left the EU on the 31st January 2020, the government is still committed to transposing the AML/CFT standards set out in EU’s 5th anti-money laundering directives.

To reduce your risk of non-compliance, if you are operating in the UK should understand UK anti-money laundering laws and familiarise with the relevant financial authorities and implement a suitable compliance policy.

The difference between Anti-Money Laundering and Know Your Customer

As we know, Anti-money laundering (AML) and Know your customer (KYC) are prevalent in the financial world and are often used interchangeably. But what do they really mean? And what are the differences between AML and KYC as they are often used interchangeably? however, there is a clear difference between the two. Watch NorthRow’s CEO, Adrian Black explain more below.

Know Your Customer (KYC) can be defined as the process of verifying a customer’s identity. KYC, each client is required to provide credentials such as ID documents in order to use a company’s service, every organisation should do to verify who their clients and employees are before they engage in a business relationship. KYC, or performing customer due diligence (CDD), should be performed regardless if AML regulations exist.

Anti-Money Laundering (AML) compliance is a regulatory requirement that applies to banks, building societies and credit unions. They also apply to other firms undertaking certain financial activities (see Schedule 2 of the regulations). The purpose of the AML rules is to help detect and report suspicious activity including the predicate offences to money laundering and terrorist financings, such as securities fraud and market manipulation.

In both cases, we need to know our customer to establish and verify facts and behaviours on an ongoing basis.

What is the current law concerning AML and KYC?

6th MLD Brexit

Early this year on the 10th January 2020, the EU’s 5th Money Laundering Directive (5thMLD) came into force in the UK and its effect was far-reaching. Building on the regulatory regime applied under its predecessor, 4MLD, 5MLD reinforces the European Union’s AML/CFT regime to address a number of emergent and ongoing issues

Following widespread tax evasion revelations in the Panama Papers and terrorist attacks in Nice and Brussels in the summer of 2016, the 5MLD proposals were made by the EU Commission. Both incidents highlighted gaps in the EU’s Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) strategy, including the lack of virtual currency regulation and the need for better cooperation between member states.

The main areas addressed by the 5th Directive include beneficial ownership transparency, Financial Intelligence Units’ (FIUs) access to information, cryptocurrencies and pre-paid instruments, communication between AML supervisors and the European Central Bank, high-risk third countries, and politically exposed persons. Download the summary guide of the 5th Money Laundering Directive below to learn more.

The 6th MLD is set to become the law late next year in December 2020. Whilst we anticipate that Brexit will affect regulatory compliance for many sectors, the full extent of the impact is somewhat unclear until negotiations have been finalised. Read our latest blog Anti-Money Laundering Compliance After Brexit.

When to perform KYC and AML?

When you establish a new business relationship with a customer and before any exchange of money you must perform the appropriate client due diligence to ensure AML compliance.

There are four primary objectives when gathering KYC information, using a risk-based approach:

  • Identify the customer
  • Verify the client’s true identity
  • Understand the customer’s activities and source of funding
  • Monitor the customer’s activities

While there are a number of high-quality free sources of information, such as search engines or public databases, finding exactly what you need from this vast range of resources is incredibly time-consuming. This simply isn’t a feasible long-term approach for any business that values speed, efficiency and scalability, which is why many regulated firms invest in Regulatory Technology (RegTech) to help deliver improved operational efficiency.

To continue to ensure you meet 5th MLD compliance regulations it is integral that you monitor changes in your clients’ risk status on an ongoing basis. Changes include:

  • New legal events, ie. the appointment of administrators
  • Change in credit rating
  • New beneficial ownership
  • Appointment of new directors
  • New adverse media

Client Due Diligence

To ensure that KYC and AML checks are performed thoroughly, companies need to undertake due diligence of new clients. Due diligence is the process of taking steps to identify your customers and verify that they are who they claim to be, in order to ensure compliance and to guard against money laundering scandals.

As part of the due diligence process, a thorough KYC audit serves to accurately verify customers and to help flag any warning signs of unusual activity. During the process, personal information and business data, such as the name, date of birth, residential address and photo identification, of the customer should be recorded and evaluated, and transactions examined to detect possible issues.

In cases where an individual is acting on behalf of another party in a transaction, or you need to establish the ownership structure of an organisation, you will also need to identify the ‘beneficial owner’. This will be the person behind the customer or the person on whose behalf the transaction is carried out.

Enhanced Due Diligence

There are also cases where due diligence will need to be particularly thorough, called enhanced due diligence.

In these cases, additional checks will need to be carried out, including; obtaining further information to confirm a customer’s identity, checking documents supplied by financial institutions with added care and making sure that the first payment is made from an account in the customer’s name.

You will also need to carry out enhanced due diligence when a customer is not physically present, when you deal with individuals from a high-risk third country, where there’s a higher risk of money laundering or when you enter into a relationship with a ‘politically exposed person’, such as an MP, head of state, or a government minister and their family and associates.

Politically exposed persons, or PEPs, are at particular risk of corruption and bribery and are thus subject to additional checks in the guise of PEPs and Sanctions checks. Therefore, before engaging in a business relationship with these people, companies must be particularly vigilant and ensure that senior management approves the relationship, establish the origin of wealth and funds, and strictly monitor the business relationship.

What Happens if AML and KYC checks are not carried out?

Failing to carry out the required checks can result in penalties by the Finacial Conduct Authority and Her Majesty’s Revenue.

The Financial Conduct Authority is the UK’s main financial services regulator with authority over banks, building societies, credit unions and other firms engaging in financial activities. The FCA oversees compliance with AML regulations in the UK and has the power to investigate money laundering and terrorism financing offenses in conjunction with other law enforcement agencies and authorities, such as the Crown Prosecution Service (CPS). All banks and financial institutions in the UK must register with the FCA.

Her Majesty’s Revenue and Customs shares the responsibility to investigate money laundering offenses with the FCA. In addition to the FCA and HMRC, the power to enforce money laundering regulations in the UK is shared by the National Crime Agency (NCA) and the Serious Fraud Office (SFO), both of which have the power of arrest and can seek warrants and court orders. UK AML/CFT authorities also have the power to freeze and confiscate assets that they suspect are involved in money laundering, terrorism financing or other criminal activities.

In summary

Achieving compliance with UK AML/CFT regulations requires significant administrative effort and the analysis of large amounts of transaction data. To avoid human error and potential compliance penalties, many firms automate AML processes with a range of smart technology tools. Automation not only adds speed, accuracy and efficiency to AML; it also helps firms adapt to new regulations and continue to deliver the highest standards of compliance.