AML & KYC: What you need to know

Last modified date: March 29, 2024

Know your customer (KYC) checks help companies and financial institutions comply with anti-money laundering (AML) regulations. Learn the differences.

Anti-money laundering (AML) regulations require financial institutions to take specific measures to detect, prevent, and report financial crimes. Customer due diligence (CDD) rules—also called know your customer (KYC) rules—are a core component of AML laws: They require financial institutions to verify their clients’ identities and monitor their business activities for potential red flags.

What is money laundering?

Money laundering is a financial maneuver to disguise the origins or destination of unlawfully obtained funds. In other words, it’s when someone attempts to make “dirty money” acquired through criminal activity appear legal, or “clean,” by having it pass through one or more intermediaries, including investment funds or other legitimate businesses.

Money laundering is often associated with financial crimes like embezzlement, bribery, and fraud. This is because the recipient of the money needs to make the source of funds look legitimate to observers. Laundered money can also help finance large-scale criminal acts, like terrorism, drug smuggling, or human trafficking. For example, drug cartels have been known to launder money by placing the funds in U.S. banks or offshore accounts under the guise of revenue from various business fronts.

What is AML?

AML, or anti-money laundering, is a set of laws and guidelines designed to combat financial crime. The U.S. first established AML laws in 1970 as part of the Bank Secrecy Act (BSA), a piece of federal legislation that requires businesses and financial institutions to report cash deposits of more than $10,000, register foreign bank accounts, and take other measures intended to combat money laundering.

What is an AML program?

An AML program is a set of procedures designed to combat money laundering, terrorist financing, and threats to the integrity of the U.S. financial system. AML regulations assist government efforts to prevent financial crimes and limit the flow of illegally obtained money into the financial system. To comply with AML regulations, financial institutions must conduct due diligence on their customers.

What is KYC?

Know Your Customer (KYC) is a process designed to collect and verify the identity of customers or other stakeholders like investors. KYC is a central part of the due diligence that AML programs require. Beyond verifying customer identity, firms conducting KYC reviews on their customers look to see if a client has been the subject of negative news—such as regulatory enforcement actions—negative social media, or other publicity that might make a client undesirable.

KYC reviews may uncover politically exposed persons (PEPs) who are in positions of authority and potentially at risk for bribery or corruption. CDD may also uncover a connection to government sanctions from The Office of Foreign Assets Control (OFAC) or other governmental bodies. For example, recent additions to OFAC’s sanctions list relating to the Russia-Ukraine conflict require private equity funds with sanctioned Russian investors to restrict and report those clients’ investments. Financial institutions, like banks and credit unions, must determine an individual or institution’s risk profile and determine whether to go forward with that client.

KYC and AML compliance

The KYC process, and larger AML program, is designed to protect clients, advisors, and the company at large from fraud, complicity in money laundering, criticism, and potential enforcement by regulators.

Who is subject to AML and KYC regulation?

Federal law requires financial institutions, including U.S. banks and broker-dealers, to comply with AML regulations. The Financial Crimes Enforcement Network (FinCEN) oversees AML compliance in the United States.

The USA PATRIOT Act of 2001

Following the 9/11 attacks in 2001, Congress passed the USA PATRIOT Act, which mandates that financial institutions know their customers (KYC) both as they onboard and as they interact with the institution. The USA PATRIOT Act also strengthened the BSA by setting more stringent AML standards for financial institutions. The new standards require financial institutions to set uniform AML policies, educate employees via AML training, hire AML compliance officers, and conduct audits and other CDD measures.

Customer Due Diligence Rule

In another bid to strengthen the BSA, FinCEN released its Customer Due Diligence Rule in 2018. This rule requires financial institutions to create policies to:

  • verify customer identity
  • understand the purpose of the relationship with the financial institution
  • monitor accounts for suspicious transactions
  • develop risk profiles for clients

The CDD Rule also requires financial institutions to identify beneficial owners of business entities that open accounts with them. Beneficial owners are those individuals who stand to gain from ownership of an asset, even if it’s legally owned by an entity with another name. For example, all investors in a venture fund are beneficial owners of the fund, even if they invest through another entity, like a trust.