What does KYC/AML mean? What are the requirements to be compliant and how to mitigate risks as a FinTech?

Makes Compliance Easy

If you are reading this article, you are probably interested in FinTechs. There’s even a chance that you either work at a FinTech company or starting your own. However, just to be clear, Financial Technology or FinTech is an emerging industry that utilizes technology to improve financial services. Some of the examples of FinTech services are:

  1. P2P loans
  2. Online brokers
  3. Cryptocurrency projects
  4. Mobile payments
  5. Budgeting apps

The list can go forever. There are hundreds of industries that have been disrupted by FinTechs and there are thousands more yet to be revolutionized by the power of Financial Technology, especially thanks to the PSD 2 directive which came into effect in September 2019.

What’s compliance and why should you be familiar with it?

In order to reduce criminal activity financial regulators release sets of rules and guidelines for companies that handle finances or assets. Rules are usually based around identity theft prevention, Anti Money Laundering (AML) and Counter-Terrorist Financing. Compliance means being compliant with those regulations. If you are not, then be prepared to pay huge fines!

First things first. Who are the financial regulators? Financial regulators are different organizations that make sure banks and FinTechs do not break any laws and act in a responsible way.

Some of the financial regulators are SEC or U.S. Securities and Exchange Commission, MAS or Monetary Authority of Singapore, CySEC or Cyprus Securities, FATF, FINMA and Exchange Commission. All of them require some sort of a Know Your Customer (KYC) process when you are onboarding your users. I know, that’s a lot of acronyms and words to remember but hang tight, you will get them, I promise!

Let’s break it down.

KYC – What Does It Mean?

KYC is a step in client onboarding when users have to prove that they are who they say they are. This usually comes in 4 steps for a user:

  1. User creates an account and provides basic data about themselves (name, date of birth, country of citizenship, etc);
  2. Upload pictures of their documents;
  3. Take a selfie or record a video of their face;
  4. Wait for the result.

It seems like quite a hustle for a user, why should he/she go through this? Let’s take a look behind the scenes.

As mentioned earlier, our goal is to verify whether users are who they say they are. One of the most efficient ways to do that is to ask them to provide their documents and compare the data in the document to the data that was provided by the user.

Some of the companies do the verifications by hand. When a compliance officer receives a new profile, they have to first compare the name provided and the name on the document, verify the age of the person, country of citizenship and, finally, compare the picture on the document to the picture/video provided by a user. This is the trickiest part. We all know how passport pictures look like, right? It is very hard to recognize a person especially if the picture was taken 10 years ago.

That’s why companies like BASIS ID have delegated most of the verifications to powerful AI or ML algorithms. They are proven to be more accurate not only in comparing the biometrics but also in recognizing digitally altered photos of the documents.

Here is an example. Would you spot the edit?

KYC - What Does It Mean?

As you can see, algorithms are certainly more efficient and accurate than even professionals with 10+ years of experience.

How To Make Your Fintech Compliant With Regulations Cheap And Without Hustle?

The most common way to be compliant with regulations as well as mitigate fraud is by using an eKYC and AML provider.

Why so?

Imagine that you have to build all the KYC software from scratch, buy huge and expensive databases from providers like Experian and Thomson Reuters, hire additional software engineers, compliance officers, account managers, legal officers… Can you see the difficulty?

There are many eKYC providers to choose from. Here’s actually a guide on choosing one.

One of the most comprehensive, flexible and innovative providers is BASIS ID, whose web-and-mobile friendly widget can be integrated via html-code within minutes.

Let’s take a closer look at how BASIS ID does KYC.

The goal of the verification process is to know your client, not to scare him/her off. BASIS ID has perfected the customer journey and made it as seamless as possible.

Without Hustle

First, the widget takes a customer through some simple questions. Everything is very intuitive and creates a game-like feeling for a user rather than a sense that it’s a tedious process. This is achieved thanks to various gamification elements such as badges and progress bars.

Next users are asked to either use their camera to take a picture of their document or upload a photo that they already have. Guidelines on the screen help users position their documents correctly and hints allow them to take the best possible picture within seconds. BASIS ID supports documents from more than 190 countries.

After this step is complete users are asked to do the video check, during which they have to record a short video of themselves. In the video, users need to turn their head to the left and to the right.

Finally, clients need to wait only a few minutes to receive the result.

А вот и прикольная штука. Если ваш пользователь из Сингапура, он может использовать MyInfo, чтобы пройти процесс проверки, вместо того, чтобы делать это вручную. То же самое и с европейцами. Благодаря открытому банковскому обслуживанию в Европе проверка может осуществляться через платформу Tink, что опять же избавляет от необходимости заполнять формы, предоставлять документы и записывать видео.

Также стоит упомянуть, что все зашифрованные пользовательские данные распределяются между несколькими серверами AWS, а это означает, что даже если на одном из серверов есть нарушение безопасности, хакеры не могут получить какие-либо конкретные данные о пользователе, даже если они каким-то образом расшифруют файлы.

Now that you have an idea of how users go through the KYC process, let’s take a closer look, how their identity gets verified and try to understand, how such a complicated process takes only a few minutes.

At BASIS ID most of the processes are automated.

  1. Using Optical Character Recognition (OCR) algorithm, the platform pulls all the data from the user’s document.
  2. The data from the document gets automatically compared to the data provided by the user. Additionally, the program verifies that the person is old enough to sign up for a service and that his/her citizenship does not conflict with the terms of use of the platform.
  3. Special filters get applied to the pictures of the document to detect digital manipulation.
  4. The document gets compared to one of the thousands of real document samples in the database to spot fake documents.

An AI algorithm performs a liveness check by pulling hundreds of frames from a short video and comparing them to the photo in the document. Here you can read about this sophisticated process and about types of scams it mitigates.

You might have guessed that this is not the end because despite knowing who our client is, we cannot be sure that this person is innocent and will not commit any financial crimes.

How do we deal with this then?

The next crucial step in KYC is Screening our user against tens of thousands of databases. This is called Customer Due Diligence or CDD, the goal of which is to find out whether the user has committed any financial crimes in the past, laundered money or stolen identities of other people. Also, databases include Politically Exposed Persons (PEPs) and adverse media coverage. This is necessary because some of the legislations do not allow people who have the political power to use some of the financial services. In other cases, having this information about a person helps to mitigate fraud by keeping a close eye on their financial transactions.

Finally, if all of the steps verify that the information is correct, users get their approval and may start using the service.


The best way to integrate KYC into the user onboarding process is to make it in steps. Let’s say you have a trading platform, where users can complete just the basic registration form to view charts and practice trading with virtual money. Then they can provide their documents and do the video check to deposit money and trade small amounts. Finally, they can go through the Enhanced Due Diligence process, about which we will talk later in the article, to withdraw money and trade bigger amounts. This way of onboarding ensures that customers stay engaged and can access the service all the time, regardless of their stage in the verification process.

If, however, there are some red flags in the verification process, BASIS ID sends the user a notification to correct the information they have given or provide additional documents if more questions appear. In more complicated cases the verification process is passed on to a Compliance Officer, who can see in his/her dashboard places where algorithms have spotted red flags. Compliance Officer can now reassess the situation and either make the final decision or start a conversation with the user to help him/her complete the verification process.

This approach to KYC reduces the number of false positives, where a person is declined of service access, while actually being a regular trustworthy person, and mitigates the risk of having false negatives, where a person gets access to a financial service, while actually having criminal intentions.

A Few More Important Facts About Compliance

We have covered a lot in this article about KYC and AML but there are still some requirements that some legislations have. Here are the 2 most important ones:

  1. Baltic countries, Germany, Luxembourg, Switzerland and some other countries require you to actually call a user and ask them a series of questions to confirm that they are alive. This is usually a very inconvenient and expensive process. Fortunately, it can be performed through a recorded video. Here’s how it’s done.
  2. Some people may be required to go through additional checks as a part of Enhanced Due Diligence (EDD). The purpose of EDD is to gather the information that was not received in previous stages. For example, organization Financial Action Task Force (FATF) requires to perform EDD for all the PEPs. As PEPs may be involved in money laundering, it is important to understand their source of income. In order to achieve this, they are usually required to provide proof of address (such as a utility bill) and a statement of income.

Is It All Too Complicated?

Compliance, KYC, AML, CDD and so many other things to keep in mind while building a FinTech. It may all seem very complicated, however, a basic understanding of these topics is usually enough to understand what your company needs. In the modern-day there’s no need to hire teams of Compliance Officers, it’s much cheaper to outsource challenges like compliance and risk mitigation to other companies. This way the safety of you and your users is in the hands of professionals while you can focus your resources on building a financial solution that will disrupt an industry and improve lives of millions of users.

Fill the form and get the best price