In this Creditro article, we lists 9 tips so you make sure that you have a fulfilling credit assessment on all of your customers.
The difference between KYC and AML
Although KYC and AML are often used interchangeably, they do not have the same meaning, and confusion can have costly consequences for your business. Get an overview of the differences and relationships between the two concepts.
KYC and AML are terms used in the financial sector regarding money laundering. However, the words have very different meanings and should not be mixed up.
AML: AML stands for "Anti-Money Laundering". The term AML refers to i.a. laws, regulations, and directives that help to combat economic crime.
KYC:KYC means "Know Your Customer." This term characterizes the process when companies want to verify the identity and business scope of their potential or current customers.
Companies must carry out a KYC process, one of the AML legislation's requirements.
Five steps of an AML-approved KYC process:
Customer identification and verification
Here, information must be obtained that can confirm the identity of your customers. If your customer is a legal entity, the identity of the entity's beneficial owner must be verified.
Determine the purpose of the business relationship
The company must understand why the customer wants to become your company's customer and how they intend to use your company's products. Based on this, the company can determine the customer's risk level.
Consider the purpose of the business relationship
Companies can determine each customer's risk level by, e.g., screening them for PEP and sanctions lists and then looking at the purpose of the business relationship. In other words, what the customer wants from being a customer of your company.
If the customer's risk level is high, additional information and documents must be collected so your company can feel secure in having this customer.
Review and update ongoing customer data
As customer relationships can change over time, companies should review and/or update customer information approx. Once a year, this must be done regardless of whether changes have occurred, if suspicious activity occurs, or if no changes have occurred.
Store KYC documents following the requirements for storage cf., the AML requirements
All customer information and documents must be kept for five years after the company has ended the business relationship.
As criminals can use legitimate companies for money laundering, a good KYC process can be crucial for companies tracking financial crime and ensuring compliance with AML requirements.
Contrary to what many people think, it is not only banks and financial companies that are vulnerable to money laundering or terrorist financing. Companies such as lawyers, accountants, and estate agents are also vulnerable to financial crime. These companies must thereby also comply with AML laws and perform KYC processes.
How your business ensure AML/KYC compliance
To ensure AML/KYC compliance, you must develop and implement some practical AML guidelines and policies in your company. See how it can be done down below:
Become familiar with the legal requirements that apply to the company
The obliged entities must comply with the requirements following their national AML laws. In addition to just the federal AML laws, the company must also follow the standards dictated by, e.g., international and local associations.
Carry out an internal risk assessment to evaluate the company's risk level
A compelling AML profile must be adapted to your company's risk profile. To determine this risk profile for your own company, an internal risk assessment should be carried out that takes into account, among other things: the sector in which the company operates, the size of the company, the countries in which the company conducts business and the company's customer knowledge.
Set up policies, procedures, and internal controls in the company
When the company has an overview of the legal obligations and the risk profile, your company is ready to prepare your AML compliance program.
Based on the results, the company can create a set of policies, procedures, and controls that can help regulate: KYC processes, ongoing transaction monitoring, and continuous management.