Before we dive in, let's quickly define a few acronyms in the finance world:
KYC = Know Your Customer
AML = Anti-money Laundering
ATF = Anti-terrorist Financing
The process typically involves the following steps:
Customer identification: Financial institutions and businesses need to gather sufficient information to identify their customers and verify their identities using banking apis. This might include obtaining personal information such as name, date of birth, address, and government-issued identification with an accompanying ID and Selfie check.
Customer risk assessment: Once a customer's identity has been verified, the organization will assess the customer's potential risk level through an account appropriate assessment. This might involve evaluating factors such as the customer's country of origin, their transactional history, and their business relationships.
Customer due diligence: If the customer is deemed to be high risk, the organization may need to conduct additional due diligence to assess the potential risk of money laundering or financing terrorism. This might involve obtaining more detailed information about the customer's financial history and business activities.
Ongoing monitoring: Even after the initial KYC process is complete, financial institutions and businesses are required to monitor their customers on an ongoing basis to ensure that their risk profiles do not change significantly. This might involve reviewing customer activity, such as transaction history, and updating customer information as needed.
In Canada, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) is responsible for enforcing the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations, which establish the framework for AML and ATF in Canada. These regulations require financial institutions and businesses to implement AML/ATF compliance programs, which include measures such as customer identification and verification (KYC) and ongoing monitoring of customer activity.
The PCMLTFA and its associated regulations apply to a wide range of financial institutions and businesses in Canada, including banks, credit unions, money services businesses, and securities dealers, among others. These organizations are required to report suspicious transactions and other prescribed transactions to FINTRAC, and to maintain records of their transactions and customer information for a specified period of time.
In the United States, the Bank Secrecy Act (BSA) is the primary law that imposes AML and KYC requirements on financial institutions and businesses, and their u.s. financial customers. The BSA was enacted in 1970 and has been amended several times since then, most recently with the passage of the Anti-Money Laundering Act of 2020.
The BSA requires financial institutions and businesses to implement AML programs that include measures such as customer identification and verification (KYC), ongoing monitoring of customer activity, and reporting of suspicious transactions. The BSA applies to a wide range of financial institutions and businesses, including banks, credit unions, money services businesses, securities dealers, and casinos, among others.
In addition to the BSA, other federal laws and regulations may also have AML/KYC provisions, including the USA PATRIOT Act, the Money Laundering Control Act, and the Money Laundering Suppression Act. These laws expand upon the BSA and provide additional tools for the U.S. government to combat money laundering and financing of terrorism.
Various federal agencies are responsible for enforcing AML/KYC requirements in the U.S., including the Financial Crimes Enforcement Network (FinCEN), the Federal Reserve, the Office of the Comptroller of the Currency (OCC), and the Securities and Exchange Commission (SEC).
For a high level overview of US crypto regulation, check out our blog post.
Want to read more? Check out our blog post about the Future of AML KYC Compliance.