AML v KYC v CDD FYI
Call me pedantic, but I like precision when I’m talking about compliance. Don’t get me started on 5MLD (which does not currently exist!).
Yesterday I was invited to speak at the Internet of Agreements conference on Identity. I was giving the legal perspective, specifically around AML/KYC.
The audience was, in the main, people working on blockchain solutions. It was absolutely fascinating to be in a room with people trying to solve issues with technology, and this group specifically were concerned with ensuring people involved in a blockchain contract could trust the other person was who they said they were.
Most of the technical content went over my head if I’m honest, I don’t know one end of code from another!
Of course identity from an AML perspective has a very specific meaning and purpose, and it became clear to me that having been immersed in this regulated world for 13 years, that perhaps other people don’t appreciate the nuances of it. If people are looking to create solutions, then they need to understand the problem.
The terms CDD/KYC/AML are used interchangeably by non AML people, to mean the same thing, that one approach to identity will work for all three, but I hope I explained yesterday that it’s not that straightforward, and on reflection, I think we should all be mindful of the difference.
AML – Anti money laundering, does what it says on the tin, an AML policy is a policy which sets out how you are going to prevent money laundering. An AML procedure will be something you have in place to prevent money laundering.
KYC – Know your client, this is understanding who your client is, what their goals are, so you can advise them properly.
CDD – this is a combination of identity verification and understanding the purpose and nature of the business relationship you have with the client, both at the beginning of the matter and ongoing.
CID – Client ID – this is identifying and verifying your client based on documents or information which is independent of the client.
The reason I think it is important to break this down into these 4 parts is that CID does not prevent money laundering. It might prevent identity fraud, but not money laundering. Baddies live somewhere. CDD does not necessarily prevent money laundering. Sure, if you are carrying out source of funds enquiries you might see something which might make you suspicious and withdraw from acting, but we don’t always, when conducting CDD ask for or have the full picture of the client’s affairs.
KYC is more likely to prevent money laundering. Getting to know your client, understanding how they have made their money is where you will detect money laundering. Understanding their past transactions and business activities is where you will spot suspicious circumstances.
Therefore, as I said yesterday, CID is important, it’s required by the law (so the Police know which door to knock on to find your client), but if we deploy AML policies which are just designed to comply with CDD requirements we will miss signs of money laundering. We should be looking to understand the client’s source of wealth as well as funds if we want to disrupt money laundering. We should understand how have they got to the position they are in today, and what are their plans for the future. This is not only good businesses sense in terms of ensuring your advice meets properly the clients needs, but will make it more difficult for the criminals to use you to launder money.
There are a lot of very interesting companies trying to provide Client ID solutions for AML, but if you’re one of those clever techy people I would urge you to consider what can be done to prevent money laundering rather than just making compliance easier – although that’s great too!