Overview: KYC and AML

In 2024, New Jersey-based TD Bank was hit with more than $3 billion in fines after investigators discovered it had inadvertently approved more than $470 million in illicit transactions for a Chinese money-laundering network. Financial institutions know that government know-your-customer (KYC) and anti-money laundering (AML) regulations and policies have been in place for decades. But criminals worldwide have still been able to funnel illegal funds through the global banking system.

With financial risks evolving and the potential costs high, financial institutions must establish rigorous KYC and AML programs. And they constantly need to keep those programs up to date.

Jump to ↓
KYC and AML: Similarities and differences

Regulatory landscape: Risks and challenges

Implementing effective KYC and AML programs

White paper

Fight against fraud and abuse

Access solutions ↗

KYC and AML: Similarities and differences

Know-Your Customer (KYC) and Anti-Money Laundering (AML) are protocols that banks and other financial institutions use to verify customer legitimacy and protect the institution and its customers from fraud, money laundering, terrorist financing, and other financial crimes. While these practices are essential for financial institutions, other organizations such as law firms and real estate agencies may need to incorporate KYC and AML controls.

KYC focuses on verifying a customer’s identity and assessing their risk at onboarding, while AML is the broader regulatory framework that uses KYC along with ongoing monitoring and reporting to detect and prevent financial crimes. Both work together to protect institutions from fraud and illicit activity. Customer identity verification is a fundamental part of any kind of fraud prevention.

• KYC processes: include gathering and confirming information from current and potential customers to verify their identities. Name, address, and government-issued identification are just starting points. Customer due diligence (CDD) is a risk assessment practice that includes checking a business customer’s ownership for any red flags, such as appearing on sanctions watchlists.
• AML processes: comprise laws, regulations, and procedures established to prevent criminals from hiding illegally obtained funds within the financial system and make them appear legal. AML rules require financial institutions to monitor customer transactions and report any activities that appear suspicious. To remain in compliance with these regulations, banks need to implement internal controls for identifying potential money laundering.

The current risks of fraud

KYC and AML programs are particularly crucial during the customer onboarding process. The practice of enhanced due diligence (EDD) can help banks identify and scrutinize potentially high-risk customers.

Why do financial institutions continue to be victims of money-laundering activity? In many cases, it’s because of a lack of rigorous KYC and AML controls within the institution. Fraudsters also are constantly developing new attack strategies—using AI to create deepfakes and phony documents, for instance.

Money laundering isn’t the only fraud risk that KYC programs can help prevent. Financial institutions must constantly protect themselves from data breaches. Criminals can use accounts to unlock banks’ IT networks and steal the valuable proprietary data they hold.

Regulatory landscape: Risks and challenges

TD Bank’s troubles aren’t unusual. In August 2025, U.S. Treasury Department investigators revealed Chinese money-laundering networks had made around $312 billion in illicit transactions via U.S. financial institutions over the course of the past few years. Those networks have been helping Mexican drug cartels and other criminal organizations worldwide disguise their sources of revenue.

Financial institutions have had to comply with government AML/KYC regulations for many years. Concerted worldwide efforts to combat money laundering and terrorism financing began with the establishment of the intergovernmental Financial Action Task Force (FATF) in 1989. After 9/11, the U.S. government passed the USA PATRIOT Act to expand investigative powers into these illicit activities. These regulations, along with European Union AML directives continuously enacted over the past three decades, have required financial institutions to establish stringent customer identification programs (CIPs), suspicious activity reporting, and other risk mitigation protocols.

Maintaining compliance with these requirements is a significant challenge. Regulations are constantly evolving because fraudulent activity is evolving. The fact that these activities cross borders and jurisdictions makes them wickedly difficult to track.

Implementing effective KYC and AML programs

In such a world, strong KYC/AML programs are not just compliance obligations. They protect a financial institution’s reputation, financial stability, and operational integrity. They also help safeguard legitimate customers from becoming victims of fraud themselves.

A robust, effective KYC/AML program includes these best practices:

• Following a risk-based strategy that focuses more due diligence resources on high-risk customers. This approach incorporates thorough risk assessments to identify those types of customers.
• Activating continuous monitoring of customers and transactions. This typically requires the use of digital technology that automates the monitoring process and delivers notifications when potentially suspicious activity is discovered.
• Leveraging regulatory technology (RegTech) solutions to keep current on compliance requirements.
• Conducting regular audits that systematically review internal policies relating to regulatory compliance. These audits can reveal gaps in compliance controls.

Even as they investigate risky identities and suspicious activities, financial institutions also need to efficiently onboard low-risk customers. Slow onboarding can drive potential customers to quicker competitors.

Building fast, reliable processes

A comprehensive KYC/AML program requires significant expertise and resources. Thomson Reuters Risk & Fraud Solutions streamlines this process for financial institutions by automating risk assessments, providing real-time monitoring, and maintaining regulatory compliance.