Both KYC and AML are terms commonly used in anti-money laundering practice. However, the two have different meanings and should not be mixed up or used interchangeably.

AML or Anti-Money Laundering refers to all the laws, regulations, and directives intended to fight financial crime.

On the other hand, KYC, aka Know Your Customer, is the process of verifying the identity of your clients. Conducting a KYC process is one of the requirements set out by AML laws.

However, on top of KYC, obliged entities must fulfil additional legal obligations to ensure AML compliance. Therefore, they should develop and implement AML compliance programs that detail all the measures that they are taking to meet these legal obligations, including the KYC process.

Purpose Ensuring that companies only do business with legitimate entities Preventing money laundering and terrorist financing
  • Customer due diligence
  • Risk assessment
  • Record-keeping
  • Customer due diligence
  • Risk assessment
  • Record-keeping
  • Transaction monitoring
  • Detecting and reporting suspicious activity
  • Policies, procedures, and controls


What should you include in your AML compliance program?

An effective AML compliance program should include:

  • A description of the ML/TF risks that the business is exposed to
  • The steps and rules to be followed when conducting the KYC process (assessing the customers’ risk level, conducting client due diligence, establishing the nature of the business relationship, and how properly monitoring the business relationship)
  • The maximum level of risk that the company will tolerate
  • Instructions on how to detect and report suspicious activity
  • Rules regarding record-keeping, including the type of information the company should retain, for how long, and how to protect it
  • Internal control measures
  • Distribution of relevant material to all staff and periodical training to ensure all employees are up to date and aware of the company’s AML obligations


What are the steps of the KYC process?

The five main steps of an AML-compliant KYC process are:

1. Customer identification and verification

During this step, you must collect information and official documents that can verify the identity of your customers. If your customer is a legal entity, you need to verify the identity of its beneficial owners.

2. Establish the nature and purpose of the business relationship

You need to understand why clients want to use your products or services and how they intend to use them. This will help you determine their risk level and identify suspicious transactions later.

3. Assess the risk level of each client

You can determine each client’s risk level by screening them against PEP and sanctions lists and looking at the nature and purpose of the business relationship. If the customer’s risk level is high, you need to collect additional information and documents.

4. Continuously review and update customer data

Customer circumstances can change. Therefore, you should review and update customers’ information at least once a year regardless of whether any changes or suspicious activity occurred.

5. Store KYC documents in compliance with the AML data retention requirements

Finally, you should store all customer information and documents for five years after the end of the business relationship or occasional transaction.

Because criminals use legitimate businesses to launder ill-gotten money, KYC processes are essential in fighting financial crime and ensuring AML compliance.


Which companies need to comply with AML laws and perform KYC checks?

Contrary to popular belief, banks and financial institutions aren’t the only entities exposed to money laundering risks. Companies in various industries, including legal, auditing and accounting, and real estate, are also vulnerable to financial crime. Therefore, they need to comply with AML laws and conduct KYC processes.


How to ensure AML/KYC compliance

To ensure AML/KYC compliance, you need to develop and implement an effective AML compliance program. Here’s how.

Get familiar with the regulatory requirements that apply to your company

Obliged entities need to comply with the requirements laid down in their national AML laws. Therefore, you need to ensure that your AML compliance program is designed to meet these obligations.

Besides national AML laws, companies also need to follow the standards and best practices dictated by local and international industry associations.

For example, a Belgian accounting firm should meet the requirements set out by the latest version of the Belgian law on the prevention of money laundering and terrorist financing and on the restriction of the use of cash. Moreover, the firm should comply with the standards and regulations published by:

  • the Financial Action Task Force (FATF)
  • the European Central Bank (ECB)
  • the National Bank of Belgium (NBB), especially the Regulation of 21 November 2017 on the prevention of money laundering and terrorist financing, which applies to the Belgian financial institutions falling under its supervisory competence
  • the Financial Services and Markets Authority (FSMA) which supervises AML/CFT compliance in Belgium
    the IASB and IFRS in Europe
  • National Professional Organizations, such as l’Institut des Experts Comptables and l’Institut des Reviseurs d’Entreprises

Conduct an internal risk assessment to evaluate your risk level

An effective AML compliance should be customized based on your company’s risk profile. To determine your risk profile, you should conduct an internal risk assessment that takes into account:

  • the sector in which the company operates
  • the nature and complexity of the business
  • the size of the company
  • the countries where the company does business
  • the customer base of the company
  • the organization’s distribution channels

Naturally, the higher the risk of money laundering for your business, the more comprehensive your policies, procedures, and controls need to be.

Since threats evolve over time, you need to periodically review and update your internal risk assessment and update your AML compliance program accordingly.

Set up policies, procedures, and internal controls

Once you have an overview of your company’s legal obligations and risk profile, you’re ready to start working on your AML compliance program.

Based on your findings, you must create a set of policies, procedures, and controls to regulate:

  • KYC processes, including CDD measures, risk assessment, periodical reviews and updates, and record-keeping
  • Ongoing transaction monitoring
  • Internal controls


How Penneo KYC can help

Equip your business with a digital solution that helps you automate the KYC process and simplify AML compliance.

You can use Penneo KYC to collect information and official documents, perform a guided risk assessment, and have all your actions registered in activity logs. Penneo KYC periodically checks official business registers and sanctions and PEP lists and notifies you of any changes regarding your customers’ circumstances.

The platform uses end-to-end encryption, so you can securely collect and store your clients’ information and documents. Moreover, the system automatically deletes KYC data after five years from the end of a business relationship or occasional transaction to ensure compliance with AML and GDPR data retention rules.

Get a free trial of Penneo KYC today and facilitate AML compliance in your organization!



If you're looking to learn more, we have a few suggestions for you

Electronic document signing

The Ultimate Guide to Electronic Document Signing

Enhanced due diligence (EDD)

Enhanced Due Diligence for High-Risk Customers

BankID: Sign documents online in Norway

BankID: Sign documents online in Norway