What is a difference between KYC and AML?
So KYC is one of a anti money laundering procedure or a small part of AML and Combating Financing terrorism (CFT). ... KYC stands for “Know Your Customer”. It is a term used to describe how a business identifies and verifies the identity of a client.KYC is part of AML, which stands for Anti-Money Laundering.
Although most likely immediately obvious to some, this is a question I have seen come up time and again. Compliance is an industry of acronyms; I recently pulled together a list that spanned into multiple pages as I noted down everything from OFAC and 4AMLD to SDD and EDD. First, then, a primer:
- AML – Anti-Money Laundering
- KYC – Know Your Customer
- KYCC – Know Your Customer’s Customer
- CFT – Counter Financing of Terrorism (sometimes seen as CTF)
I have often observed AML and KYC being used interchangeably, whereas there is a clear difference between the two. My answer to the question posed is that AML is used in the context of the overarching governance framework that a regulated entity constructs to meet its regulatory requirements. It is used in conjunction with CFT. KYC is a set of processes and tools within the AML / CFT framework.
Regulated entities will often talk of their AML/CFT obligations. Vendors, on the other hand, will frequently refer to KYC obligations. And, perhaps this distinction is correct as vendors will often supply content, software, and services that support the KYC elements of an AML/CFT governance programme.
The following graphic illustrates the difference. An overall AML/CFT governance framework includes elements that go far beyond KYC. At the Processes level, KYC could be limited to Client Risk Assessments, Screening, Due Diligence and, to a degree Transaction Monitoring (which also includes an element of KYCC).
When determining whether to do business with the Customer, or Client, we are essentially concerned with two elements:
- FACTS: What do we know about the customer? Can we verify that they are who they say they are? Can we verify their expected behaviours; both from what they tell us but also from our wider breadth of consolidated and profiled data across our customer base
- BEHAVIOURS: With the facts established (and periodically re-verified), we can then turn our attention to the customer’s behaviours. Their interactions with the regulated entity, alongside their transactions. Here, we are seeking to understand whether the behaviours align to the facts. If they do not then one of two situations holds true; either the facts are inaccurate and should be updated once verified as correct, or the activity is suspicious and warrants further investigation and possible escalation.
In both cases we need to know our customer to establish and verify facts and behaviours on an ongoing basis. However, when turning our attention to transactions it may go beyond our immediate customer to understanding who our customer is interacting with and in some cases preventing such transactions from taking place. This then is more than simply knowing our customer, because it may not be our customer who is knowingly involved in money laundering, but the recipient of the transaction. The KYC definition boundaries then begin to blur.
Payment Screening also introduces another aspect to the discussion on definitions and again is more aligned to AM/CFT than KYC. This is particularly true in the context of Correspondent Banking where a sending bank wants to send money to a receiving bank, and may use a sending correspondent bank to send a payment to a receiving correspondent bank who forwards the payment on to the receiving bank. In this example, the sending or receiving correspondent banks have little or no knowledge of the sending or receiving banks’ respective customers, but they still have an obligation not to be a channel for money laundering.
Trade-Based Money Laundering and Trade Finance also introduce further elements of expansion into the AML/CFT model. Although not specifically covered in the diagram above, consideration needs to be given to the goods being shipped, where they are being shipped, and how are they being shipped. For example, could they be dual use goods potentially used for proliferation? Is the port or the ship sanctioned? Is the recipient the customer, or a transit point? Is the value of the goods accurate? And, possibly one of the most interesting ones; does the shipment even exist? Some of these would fall into the facts and behaviours model discussed earlier, but elements will go beyond this and simply knowing your customer.
A final point worth mentioning is fraud. This aligns indirectly to behaviours monitoring and falls outside the traditional AML/CFT model, apart from the proceeds of fraud which would constitute money-laundering when placed or layered into the financial system. Fraud is not part of an AML/CFT governance framework. However, there is a growing overlap in techniques for behavioural monitoring and analytics, and in particular around machine learning, that may lead to a merging of approaches. Such techniques include anomaly detection in big data that may detect inconsistencies where traditional rule-based transactions systems would be unable to do so.