AML and KYC Policies: A Complete Guide for Fintechs

What AML and KYC Actually Mean

Anti-Money Laundering (AML) is the legal framework designed to prevent the conversion of illegally obtained funds into legitimate assets. Know Your Customer (KYC) is the set of processes to verify customer identity. KYC is a component of a broader AML compliance programme.

Who Needs AML/KYC Compliance?

Obligations apply to payment institutions, e-money issuers, crypto asset service providers, lenders, and any business that handles money on behalf of customers. Operating without compliance is a criminal offence.

Customer Due Diligence: Three Levels

• Simplified Due Diligence (SDD): For demonstrably low-risk situations such as low-value prepaid cards.
• Standard Due Diligence (CDD): The baseline for most customers — verification of identity using reliable, independent documents.
• Enhanced Due Diligence (EDD): Mandatory for high-risk customers including Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, and complex ownership structures.

Suspicious Activity Reports

When you know or suspect money laundering or terrorist financing, you must submit a Suspicious Activity Report (SAR) to the relevant authority — the NCA in the UK, FinCEN in the US. Tipping off the subject of a SAR is itself a criminal offence.

Ongoing Monitoring and Record Keeping

You must continuously monitor transactions and update customer records. Records must be retained for five years from the end of the business relationship in the UK and EU.

Penalties for Non-Compliance

The FCA can impose unlimited fines. EU supervisors under AMLD6 can impose fines up to €5 million or 10% of turnover. US penalties can reach $1 million per day of violation.

UK, EU, and US Differences

The UK operates under the Money Laundering Regulations 2017 supervised by the FCA. The EU is implementing a new AML Regulation and establishing AMLA. The US operates across FinCEN, the OCC, and state regulators. Build your programme to the highest common denominator.