Navigating the landscape of compliance terminology, with its myriad of acronyms, may at times seem just as complicated as ensuring adherence to the various emerging laws and regulations.
An Overview of AML, KYC and CDD
When it comes to Anti-Money Laundering (AML) compliance requirements, it is not uncommon to hear the terms AML, Customer Due Diligence (CDD), and Know Your Customer (KYC) used interchangeably. However, there are notable differences between the three concepts. Understanding these distinctions can help compliance professionals formulate and implement more effective policies and procedures, provide better training to staff, and enhance AML compliance at their financial institution.
AML: A Framework for Fighting Financial Crime
Criminals launder illicit proceeds to break the link between the funds and the underlying illegal activity. Rather than a single event, money laundering is a process that involves a series of transactions routed through financial institutions. This process can typically be separated into three steps: placement, layering, and integration.
Placement is the first step, which involves introducing the “dirty” funds into the legitimate financial system. This is the riskiest step for the criminal because it is the most prone to detection. Next, the funds are layered, or moved around through a series of transactions, usually of varying complexity, to create confusion. Lastly, the funds are integrated into the financial system through additional transactions, ultimately appearing as income from a seemingly legitimate source.
In order to prevent criminals from misusing the financial system in this manner, Congress passed the Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, in 1970. The BSA was the first piece of legislation aimed at fighting money laundering in the U.S. Originally a record-keeping and reporting statute, the BSA has been amended and expanded over the years, most notably by the USA PATRIOT Act in 2001. These laws continue to form the primary basis of the AML legislative framework in the U.S.
More specifically, the BSA requires covered financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions over $10,000, and report suspicious activity that may indicate money laundering, tax evasion, terrorist financing, and other crimes. The BSA also requires financial institutions to establish a risk-based BSA/AML compliance program consisting of five pillars. These pillars include: 1) a designated BSA/AML compliance officer; 2) written internal policies, procedures, and controls; 3) independent testing and review; 4) ongoing compliance training; and 5) customer identification program (CIP) which includes conducting ongoing customer due diligence and compliance with beneficial ownership requirements for legal entity customers.
AML, sometimes also denoted as BSA/AML, refers to the framework of laws, regulations, and policies aimed at preventing criminals from using the financial system to disguise illegally obtained proceeds as legitimate income. AML compliance requirements are meant to help financial institutions detect and prevent money laundering and other criminal activity, assist U.S. government agencies in combating financial crime, provide valuable information to law enforcement through reporting requirements, and provide safeguards against illicit activity by promoting transparency within the financial system.
CDD: Customer Verification and Risk Evaluation
According to the FFIEC Manual, CDD policies, procedures, and processes are the cornerstone of an effective BSA/AML compliance program. The objective of CDD is to enable banks and other financial institutions to understand the nature and purpose of their customer relationships, which may also include understanding the types of transactions in which a customer is likely to engage.
More specifically, CDD is a comprehensive evaluation of a customer, performed by financial institutions prior to establishing a business relationship. A business relationship is formed when two or more parties agree to engage in regular business or conduct a “one-off” transaction. As a result, when conducted properly, CDD enables financial institutions to assess the extent to which a customer exposes the institution to a range of risks, including money laundering and terrorist financing (ML/TF) risks. In other words, CDD allows the financial institution to have a reasonable belief that the customer is who they say they are. When performed correctly, CDD processes can identify high-risk individuals preemptively and institutions can then adapt internal compliance controls accordingly or cut the business relationship short, as onboarding criminals could lead the institution to face reputational losses as well as fines and penalties.
FinCEN lists the four core elements of a CDD program as follows: (a) identifying and verifying the identity of customers, (b) identifying and verifying the identity of “beneficial owners” of customers that are legal entities, (c) understanding the nature and purpose of customer relationships, and (d) conducting ongoing monitoring to maintain and update customer information and identify suspicious transactions.
Properly conducted CDD not only helps protect the institution from AML fines and penalties, but it also protects the business from various frauds, such as identity theft. Furthermore, CDD provides the institution with valuable customer information that can be used to improve the quality of service provided to the customer.
For more information check out our CDD compliance webinar.
KYC: Managing Risk with Continuous Checks and Ongoing Monitoring
KYC refers to the standards and requirements that financial institutions in the U.S. and elsewhere must follow as part of an overall risk-based approach to better assess, manage, and mitigate ML/TF risk. Like CDD, the aim of KYC processes is to enable banks and other financial institutions to get a better understanding of who they are doing business with, and to help ensure that their customers are not acting illegally. To meet this end, both KYC and CDD entail the collection and evaluation of customer information. In fact, one of the core elements of a CDD program is a KYC requirement. Likewise, KYC is made up of three components, one of which is CDD.
More specifically, the three components of KYC are:
- Customer Identification Program (CIP), which consists of customer verification measures;
- CDD, which includes standard customer background checks; and
- Enhanced Due Diligence (EDD), which is a more detailed review or investigation that is performed on higher-risk customers. Consequently, it is not surprising that the two terms are often used synonymously.
Nonetheless, some distinctions have been made between KYC and CDD. Perhaps the most notable difference is that CDD is generally performed prior to establishing a customer relationship, while KYC also involves conducting reviews throughout the customer relationship, including ongoing monitoring and sanctions screening. For example, KYC would be initiated if doubts emerge due to unexpected transactions or unusual activity discovered in a customer’s account or detected during regular or periodic account reviews, or if a customer suddenly appears on an updated sanctions list after the customer has been onboarded.
KYC is a continuous process that takes place even after the customer’s account has been opened and services have been provided. In this regard, KYC supports the CDD process by helping the institution identify unusual or suspicious activity during the customer relationship, helps guard the financial institution against fraud and other financial crimes, as well as helps ensure compliance with relevant laws and regulations.
In summary, AML broadly covers efforts to detect and prevent money laundering. CDD and KYC are related requirements within the AML framework that help institutions manage risk through the performance of customer assessments and reviews.
Both CDD and KYC are crucial and necessary aspects of AML compliance. Financial institutions need to perform CDD to identify and verify anyone they work with to ensure they don’t become involved with a customer or business entity that has a history of financial crime and to continuously conduct KYC screening checks and monitor customer transactions for suspicious activity to prevent the institution from being used in furtherance of illicit activity.
The constantly evolving nature of AML regulations and the increasing complexity of CDD and KYC requirements can make compliance seem daunting. Schedule a demo today with a risk specialist and learn how Alessa can help your institution streamline its existing AML compliance processes to manage risk more effectively.