A brief guide to AML and KYC

Money laundering is the process by which criminals attempt to hide and disguise the true origin and ownership of the proceeds of their criminal activities and thereby have these funds enter the normal economy to make it seem as if they have been obtained legitimately. The thinking is that the “dirty” money becomes “cleaned” – ie legitimised – hence the term “laundering”.

Terrorist financing is the act of unlawfully and willingly providing or collecting funds (whether directly or indirectly) with the intention that they should be used or, in the knowledge that they are to be used, in support of an act of terrorism.

Both are global problems that compromise the security and effectiveness of all financial systems – whether traditional banking or insurance or new fintech or crypto services, undermine economic development and damage societies.

What is KYC? How does it help address money laundering and terrorist financing?

KYC stands for “Know Your Customer”. The purpose of KYC is to check that a customer is who they say are. Are they a criminal? Do they have proper legal ID? Are they safe? Is there any indication they have previously been involved in money laundering?

Companies are mandated to perform KYC checks by law. Companies who do not do these checks can get heavily fined, lose their licence and even be shut down. It has to be done because governments want to ensure all companies know who they are dealing with. No government wants to see financial companies trading with customers who are terrorists or criminals.

KYC is typically covered by three separate processes which start when a customer is on-boarded by the financial institution and continues until they exit. These are – 

– Identity Verification – confirming that the customer is who they say they are on their ID document

– Name Screening – confirming that the customer is not on any sanction lists or terrorist lists. Customers will also be screened against PEP (politically exposed person) lists – their presence on this will indicate they should be treated as high risk individuals.

– Risk Rating – based on certain attributes, an individual will be risk assessed by the financial institution. Such attributes can include their nationality, country of residence and job type. Based on this attributes the financial institution will risk assess the customer, this in turn will then drive how often the customer is reviewed by the institution.

In the past, I have had a KYC rejection, why is this? What can I do?

The vast majority of people in the world are of course not involved in money laundering or terrorist financing, but none-the-less sometimes get rejected by a financial institution for KYC reasons. The reasons provided by the institution are often hard to discern. Typical reasons for a rejection and what can be done about it are described below. 

  • Most KYC providers include some level of document verification. This requires you to upload a photo ID. If the photo ID is blurry or worn or old this could cause a rejection – especially if the provider is looking to extract information from the photo. Many providers then compare that photo with a recent selfie – if you are wearing spectacles in one photo and not in the other, this may also cause a rejection. 
  • The name used in the KYC registration is different from the ones in your ID photos. Many companies make sure that the details people provide is consistent. If you input your name as “Kate” but then provide your passport which says “Katherine” you may get rejected.
  • You have the same name as a terrorist or criminal. Of course, short of changing your name, you may think there is not much you can do about this. Most KYC providers however look at secondary factors when they uncover a customer with the same name as a terrorist. A middle name for example, or a nationality or date of birth. In some KYC forms filling in these details may be optional and so you may skip them. If you do see a number of rejections though, it may be worth spending a little extra time to ensure you fill these in.
  • You come from a high risk country. While countries such as North Korea and Iran are well known for facing sanctions, other countries are also considered high risk. FATF (Financial Action Task Force) is a global body which help coordinate efforts against money laundering. Countries such as The Bahamas, Botswana, Serbia and Sri Lanka are considered high risk because of the prevalence of money laundering in those places. So if you are a citizen of or resident in one of those places, it will count against you.

What is Transaction monitoring? How does it help address money laundering and terrorist financing?

Transaction monitoring is the process of checking for patterns of unusual behaviour in transactions which can indicate money laundering. For example, if an individual performs lots of high volume transactions over a short period of time, this behaviour would be considered suspicious. Similarly, if a company were to start trading in money which is out of kilter with its previous historical behaviour this would similarly attract attention. Software systems exist to monitor transactions automatically – flags are raised and investigated by compliance professionals in the event that suspicious behaviour is detected.

What is a KYC review?

KYC regulations set by governments require financial institutions to regularly review their entire book of clients and customers. FATF requires financial institutions to take a risk-based approach to reviews – to put it simply customers who are considered higher risk will be reviewed more frequently. While there is variation across the world, there are generally 3 tiers of customers who are reviewed depending on risk tolerance and regulatory guidance.

  • High-risk customers: they are reviewed on a bi-annual or annual basis.
  • Medium risk customers: they are reviewed around every 2-3 years.
  • Low-risk customers: they are reviewed every 5-10 years.