The TrustID guide to Anti Money Laundering and Know Your Customer checks

• What is money laundering?
• Do Anti Money Laundering (AML) regulations apply to my business?
• What are the AML regulations?
• What are the requirements for AML checks?
• When should I perform KYC checks?
• Why are KYC checks important?
• What happens if I don’t perform AML checks?
• How can technology help with AML compliance?

What is money laundering?

Money laundering involves taking the proceeds of criminal activities, such as drug trafficking, fraud, and terrorism, and making them appear to derive from a legitimate source.

There are many types of money laundering – many involving the financial sector – which wittingly or unwittingly lead to hundreds of billions of dollars of criminally obtained money making its way back into the legitimate economy each year. In fact, it is estimated that money laundering crime accounts for 2 – 5% of global GDP annually.

Money laundering has far-reaching economic, security, and social consequences. It provides the fuel for criminals to operate and expand their criminal enterprises and can have serious financial repercussions for businesses as well as damaging their reputation and customer trust.

Anti-Money Laundering (AML) checks detect and prevent this activity.

Do Anti-Money Laundering (AML) regulations apply to my business?

Any business that could be vulnerable to money laundering should follow AML regulations. Whether or not your industry is regulated or legally obliged to perform Know Your Customer (KYC) and AML checks, you may choose to do so anyway. Comprehensive customer checks demonstrate due diligence, protect your business from fraud and show your commitment to preventing terrorism and modern slavery.

Some examples of regulated businesses include:
• Financial and credit businesses.
• Independent legal professionals.
• Accountants, tax advisers, auditors, and insolvency practitioners.
• Trust and company service providers.
• Estate agents and solicitors.
• High value retailers with the potential for a business relationship worth over £15,000.
• Art dealers.

What are the AML regulations?

AML regulations are designed to strengthen defences against money laundering and terrorist financing and prevent criminals from disguising the proceeds of crime as legitimate income. They require all regulated businesses to verify the identity of their clients, monitor relationships and transactions and report anything suspicious. The 5th Anti-Money Laundering directive specifies that electronic verification should be used whenever possible.

For many sectors, suggested AML guidance is published by a professional body – for example, CCAB publish guidance for the accountancy sector – and this guidance is derived from the latest laws including the Proceeds of Crime Act 2002 (POCA) and the 5th Anti-Money Laundering Directive.

What are the requirements for AML checks?

Businesses which are covered by AML regulations have a range of obligations that fall under four main headings:

1. Know Your Customer (KYC) checks

KYC checks are principally designed to distinguish between favourable and unfavourable clients. An ‘unfavourable client’ could be a person with criminal connections, or anyone that might be a risk to your company. It could also mean a Politically Exposed Person (PEP) – that is, a person with political connections that might make them susceptible to bribery or corruption.

KYC checks are a strong fundamental part of AML compliance and involve three steps:
I. Identification: verify the customer’s identity documents to ensure that they are who they say they are.
II. Customer Due Diligence (CDD): collect all available data on the customer and make sure they are not on any sanction lists – including PEPs. You may also need to establish who is the ‘beneficial owner’ if your customer is carrying out a transaction on someone else’s behalf.
III. Enhanced Due Diligence (EDD): if the customer is deemed to be higher risk, you should carry out further scrutiny by obtaining further proof of identity and address and closely monitor the customer relationship.

2. Defining an AML policy statement for your business

If your business is covered by AML regulations, you need to create an AML policy statement that explains how your business proposes to deal with the threat of money laundering. The content of your statement will vary depending on the nature of your business but should generally include:

• Details of individuals involved in implementing your AML processes
• Details of your procedures for identifying and verifying customers and your CDD measures.
• A summary of the monitoring measures in place to ensure your policies are being carried out.
• A commitment to ensuring all staff are aware of the risks of money laundering and recognise the importance of reporting suspicious activity.

You can ask a third party to help you define your AML policy, or search for a template online.

3. Internal controls and ongoing monitoring of your business

Internal controls are those parts of your AML policy that ensure that you, and other relevant people within your business, are aware of their responsibility and alerted to active money-laundering risks.

Ongoing monitoring also means that you monitor changing business relationships, including PEP lists, and determine whether customers’ activities are consistent with your risk assessments.

4. Record keeping

An essential part of your AML compliance: you must keep a record of all CDD activities, including KYC checks, policies, procedures, and training. In the unfortunate event that one of your customers is investigated for money laundering or other criminal activity, accurate record keeping can demonstrate due diligence and protect your organisation. You must keep records for five years after the end of a business relationship, or after a transaction is completed.

When should I perform AML checks?

You must check the identity of all your customers when you establish a new business relationship and before any exchange of money. In particular, you should perform CDD whenever you may be exposed to a risk of aiding money laundering or financing terrorism. A few examples include:

• When you first establish a business relationship with a customer.
• When you suspect money laundering or terrorist financing.
• When you have doubts about a customer’s identification information, even if you’ve verified their information in the past.
• When the circumstances of an existing customer change.

In situations where the risk of aiding money laundering or financing terrorism is unusually high, you must carry out “enhanced due diligence” checks – for example, where a business relationship involves a PEP, or is with a person from a high-risk country.

Why are KYC checks important?

KYC checks are a requirement for any business that is subject to AML regulations. However, they perform a very valuable function in their own right, and many companies that aren’t legally bound to do so perform KYC checks as part of good business practice. As well as helping you to meet compliance regulations, KYC checks offer the following benefits to your business:

Trust: performing robust KYC checks for new customers shows that you take compliance seriously and gives customers trust in your business.
Peace of mind: as well as guarding against money laundering and financing terrorism, robust KYC checks protect your own business against fraud. Fraud costs UK organisations around £190 billion a year – and the best way to protect your business is to know exactly who you’re dealing with.

What happens if I don’t perform AML checks properly?

Failure to carry out money laundering checks and to demonstrate that you have complied with AML regulations can have serious consequences for both you and your business.

Regulatory authorities (including the Financial Conduct Authority and HMRC) may impose financial penalties for AML breaches in any of the following areas of AML regulations: customer due diligence, risk assessment, policies, controls and procedures and record-keeping.

Other consequences can include warning letters, damage to your reputation, sanctioning and, in the most serious cases, criminal prosecution.

How can technology help with AML compliance?

Many organisations, particularly SMEs, rely on manual AML processes which can be time-consuming, inconsistent, and even based on outdated information. However, modern technology offers a straightforward, reliable, and affordable way to verify and onboard customers online, no matter what size your organisation. Automated AML systems can keep you compliant with the latest legislation, introduce more robust identity verification and even improve the on-boarding experience for your customers.

Here are just some of the ways that technology can help with AML compliance:

• Make compliance easier
An automated system with a straightforward way to capture customer information simplifies compliance and ensures a consistent, robust process, no matter who performs your customer onboarding checks. Clear, downloadable reports also make results easy to understand and enable you to easily demonstrate your AML compliance for an internal audit or visit from your regulator.

• Save time
Online AML platforms mean carrying out KYC checks can take just minutes. What’s more, with electronic identity verification, you no longer need to manually check, or store paper documents. Automated KYC services can continuously check and monitor your customers against PEP or Sanctions lists too.

• Enjoy greater protection
Industry-leading technology gives you greater protection from fraudsters. Look for a KYC provider that assesses the authenticity of global identity documents using a combination of AI, biometrics, and human expertise. This removes the need to train your staff in identity document verification, reduces the risk from fake documents and prevents customers using fraudulent identity from accessing your services.

• Make checks from anywhere
Online KYC check services are accessible on any smart device or PC. This makes capturing and uploading an image of a client’s ID quick and easy, wherever you meet them. Some KYC providers also offer additional features, for example, a remote-upload option for customers to submit copies of their documents over a secure link, or higher-level security checks, such as facial recognition software, which checks a candidate’s selfie against the photograph in their identity document to verify that they match.

• A service to scale with your business.
If investing in a new process feels risky, look for a service that offers a low minimum order and doesn’t tie you into a long-term contract. Some online KYC check services offer flexible, modular features which you can add over time as your requirements change or a pay-per-check pricing model which can scale up or down with your customer demands.

 


Watch our short video for more information on how the TrustID AML service works:

Find out more about AML and KYC checks

What being ISO27001 certified means

Our IS27001 accredited certification lets you know that we follow information security best practice, helping to eliminate or minimise the risk of a security breach, keep information secure and ensure compliance with data protection regulations.

ISO logo