In 2024, the UK’s National Crime Agency uncovered a major money laundering scheme spearheaded by Russian socialite Ekaterina Zhdanova. Spanning multiple countries and involving Russian spies and cocaine kingpins, the scheme laundered money by converting cash into cryptocurrency.
The scale and success of this illicit operation was largely due to the growing connection between sanctioned states and organised crime — as well as the increased use of cryptocurrencies. Though unique in its particulars, the story is one of many examples showcasing how today’s financial and technological landscapes have become ripe breeding grounds for financial crime.
This is why it’s more important than ever for financial organisations to invest in robust Know Your Customer (KYC) and anti-money laundering (AML) solutions. But what are KYC and AML and what part do they play in the fight against financial crime? In short:
KYC is the process of verifying a client’s identity and assessing their potential risk. It's a company’s first line of defense, helping ensure a client is who they say they are.
AML is the framework designed to prevent criminals from disguising funds obtained from illegal activities. It provides ongoing monitoring and ensures intelligence is shared across organisations and regions.
To unpack this further, this article will explain:
What AML and KYC are
KYC vs AML: 3 key differences
How to achieve KYC and AML compliance
How Fourthline helps with AML and KYC
Prefer to talk directly to an AML and KYC expert and see our solution in action? Request a custom demo.
What is AML?
Anti-money laundering (AML) is a set of regulations, procedures, and tools designed to stop criminals from money laundering, i.e., disguising illegally obtained funds as legitimate income.
International AML standards are shaped by the Financial Action Task Force (FATF), which sets global standards via its 40 Recommendations for effective AML measures. Enforcement of these standards is carried out by national regulatory authorities in member jurisdictions.
Standard AML measures include:
Customer due diligence (CDD)
Screening against sanctions lists, PEPs, and adverse media
Filing Suspicious Activity Reports (SARs)
Cooperating with international agencies and adhering to cross-border regulations
Financial organisations must comply with the FATF standards, which countries implement and enforce through their own regulatory bodies. Organisations that fail to do so may face financial penalties or loss of licenses — not to mention reputational damage.
How does AML prevent financial crime?
AML systems help prevent financial crime by using tools like identity verification, sanctions screening, PEPs checks, adverse media screening, and risk assessments.
To comply with AML standards, financial organisations must:
These screening and monitoring standards make it harder for criminals to access legitimate financial systems. As such, it's essential in the fight against financial crime.
What is KYC?
Know Your Customer (KYC) is the process of verifying a client is who they say they are and understanding if they pose a potential risk. Crucially, KYC is not just a one-time action, but an ongoing process that continues throughout the client relationship.
There’s a common misconception that businesses can meet their AML obligations without implementing KYC. But KYC is actually a critical first step in any AML framework, and it’s essential for compliance with global AML regulations.
How does the KYC process work?
The KYC process involves the following steps:
Collecting key customer information, such as name, date of birth, address, and government-issued identification: You can do this using biometric verification offered by third-party services (such as Fourthline) to enhance security and accuracy. This step ensures compliance with identity verification regulations, such as those under FINRA in the U.S. or the EU’s AML directives.
Conducting a risk assessment: This determines whether the client poses a risk of money laundering or fraud. Clients flagged as “high risk” might include those with complex financial transactions or connections to politically exposed persons (PEPs). These high-risk clients may then be required to undergo Enhanced Due Diligence (EDD).
Ongoing monitoring and periodic review: Once the client is onboarded, KYC procedures continue to track their behaviour and transactions to spot unusual patterns. Clients may also be required to update their information periodically to ensure it continues to be accurate and up to date (a process known as re-KYC).
What documents are required for KYC?
In the EU, KYC requirements follow the EU Anti-Money Laundering Directive (AMLD), which has evolved through multiple iterations. It is currently in its sixth, though further changes are planned with the European Council’s approval of new anti-money laundering rules and the creation of a centralised AML Authority (AMLA) in 2024.
While the specific requirements (and methodology) may vary slightly from country to country, the following KYC documents are generally required for individual clients:
Government-issued ID (e.g., passport, national identity card, or driver’s license)
Proof of address (e.g., recent utility bill, bank statement, or official government correspondence)
Proof of income or source of funds, especially for higher-value transactions (e.g., salary slips, tax returns, or bank statements for high-value transactions)
The KYC document requirements for business entities generally include:
Business registration documents (e.g., a Certificate of Incorporation confirming a company's legal formation, a Memorandum of Association outlining its objectives and scope, and Articles of Association defining the rules that govern its management)
Proof of company address (e.g., a utility bill, lease agreement, or official government correspondence)
List of Ultimate Beneficial Owners (UBOs) (typically, the identities of individuals who own or control 25% or more of the company)
Identification of directors and key executives (e.g., passport or national ID)
Proof of business activity (e.g., financial statements, tax records, or contracts)
If EDD is required for either an individual or business client, you might need to request additional verification such as:
Certified copies of documents verified by notaries or lawyers
Face-to-face or video verification
Screening against sanctions and watchlists
Checks for PEPs and their associates
Adverse media and reputation checks
More frequent transaction reviews
More regular updates to customer information
AML vs. KYC: 3 key differences
AML and KYC are closely related but both have their own roles when it comes to preventing financial crime.
For example, KYC focuses on verifying customer identities and assessing risk levels. AML, on the other hand, is a broader framework that includes transaction monitoring, detecting suspicious activity, and ensuring compliance with financial regulations.
Three key differences between AML and KYC include their focus, timing and frequency, and general purpose.
Focus
KYC is the first line of defence. It ensures that financial organisations know who their clients are by verifying identities and assessing risks.
AML involves ongoing oversight. It continuously monitors financial transactions to detect and prevent financial crime.
Timing and frequency
KYC is cyclical. Businesses collect customer information at the start of the relationship and update it periodically.
AML happens in real-time. Transactions are continuously monitored using automated systems. If a transaction appears suspicious, it is investigated immediately.
Purpose
KYC is about client verification. Its goal is to verify clients' information to ensure they are legitimate and not using false identities.
AML is about crime prevention. It aims to protect the financial system from criminal activity, including money laundering, corruption, and terrorist financing.
KYC and AML compliance
Compliance with both KYC and AML regulations isn’t only a legal requirement. It’s also crucial for protecting the integrity of the global financial system. This is important because it ensures market stability for everyone and reinforces consumer trust, without which business becomes very difficult.
EU Anti-Money Laundering Directive (AMLD)
The EU’s Anti-Money Laundering Directives (AMLDs) provide a comprehensive framework that links KYC and AML requirements. These Directives ensure that businesses operating in the EU verify client identities, assess risk levels, and continuously monitor financial activity.
While the fourth and fifth AML Directives (AMLD4 and AMLD5) are currently the most influential, a new central AML Authority (AMLA) is being developed to standardise enforcement across member states.
Key provisions in the framework include:
Customer identification and verification. EU businesses must verify customers’ personal information before establishing business relationships. This is similar to the U.S. FinCEN Customer Due Diligence (CDD) Rule, though the legal bases differ.
Identification of beneficial owners. Under AMLD4, financial organisations must identify individuals who own or control at least 25% of a company.
Ongoing monitoring. As reinforced in AMLD5, businesses must continuously monitor customer transactions to detect suspicious activity. Businesses must report unusual or suspicious transactions to the relevant Financial Intelligence Unit (FIU) in each member state.
Risk-based approach. Both AMLD4 and AMLD5 encourage a risk-based approach to compliance. This ensures businesses can apply a deeper level of scrutiny (i.e., EDD) to high-risk customers.
How Fourthline helps with AML and KYC
At Fourthline, we offer solutions to streamline and automate KYC and AML for banks, fintechs, and other financial-service providers.
Our comprehensive platform addresses the core challenges of customer onboarding and ongoing compliance:
Identity verification: Our advanced technology uses AI, machine learning, and biometric verification to ensure quick and accurate identity verification, including digital proof of address checks.
AML screening: We provide comprehensive screening against sanctions lists and PEPs databases, as well as automated checks for negative news and criminal associations.
Risk assessment: Our risk-based approach allows our partners to customise due diligence procedures according to individual risk profiles, ensuring high-risk individuals are screened more thoroughly.
Ongoing compliance: We support continuous compliance through automated re-screening, re-KYC processes, and regular updates to customer risk profiles.
Remediation: For existing customer bases, we offer efficient remediation solutions to bring legacy customers up to current compliance standards.
But you don’t have to take our word for it. Put our AML screening technology to the test with a sample of your choice, or request a custom demo.
Frequently asked questions about AML and KYC
What if a business fails to meet AML or KYC requirements?
Failure to meet AML or KYC requirements can lead to fines, legal actions, and even sanctions. In some cases, it can also result in the loss of licenses or the ability to operate in certain markets. On top of that, you risk severe reputational damage, which can impact your revenue and long-term viability.
Can a business be compliant with AML without implementing KYC?
No. KYC is an essential part of AML. Without verifying a client’s identity and performing a thorough risk assessment, it’s basically impossible to successfully monitor and mitigate risks.
What does implementing KYC and AML compliance cost?
KYC and AML compliance can be costly, especially if it relies heavily on manual input. However, partnering with the right technology providers can significantly reduce expenses. By automating key processes, such as identity verification, transaction monitoring, and risk assessments, you can free your finance teams to focus on more strategic activities.
