KYC and AML: Guide for startups (not just fintechs)

Know Your Customer (KYC) and Anti Money Laundering (AML) are frameworks for verifying your customers, investors and third parties. You should comply with KYC requirements and AML regulation whenever you take an investment, and run the checks when you go into business with anyone new.

In this post, we explain what UK startup founders need to know about KYC and AML and how to carry out checks to verify your investors and customers.

Contents

• What is Anti Money Laundering (AML)?
• What is Know Your Customer (KYC)?
• Are AML and KYC checks obligatory?
• Anti Money Laundering checklist for startups
  – Investment from an individual
  – Investment from an organisation
• KYC checklist for startups
  1. Ask for ID documents
  2. Run checks
  3. Assign the customer a KYC risk rating
  4. Carry out ongoing KYC checks
• Stay on top of KYC and AML with Themis
• Protect your startup

As a startup founder, when you’re considering taking money from investors, you’ll need to be aware of the regulations and due diligence processes, including AML, KYC and KYI (Know Your Investor). These regulations and checks are in place to prevent financial crimes such as money laundering and terrorist financing and to make sure the funds being invested are legitimate.

Startups in certain sectors have more obligations, for example fintechs must run KYC checks to verify every new customer.

What is Anti Money Laundering (AML)?

The AML framework is designed to combat money laundering, terrorist financing and threats to the integrity of the financial system.

The group of AML laws, regulations and processes help prevent illegally-obtained money from entering the financial system and other financial crimes from occurring.

What is Know Your Customer (KYC)?

Whereas AML checks are designed to ensure that money you receive hasn’t come from criminal or terrorist activity, KYC checks specifically verify the identity of your customers and investors, and their financial activities and any risks they might pose to people transacting with them.

Are AML and KYC checks obligatory?

If your company operates in any of the sectors below, you have an obligation under UK law to carry out AML and KYC checks:

• financial institutions
  For example, banks, building societies, payments providers
• money service businesses
  For example, remittance services and foreign currency exchanges
• virtual currency service providers
• credit institutions
• auditors
• insolvency practitioners
• accountants
• tax advisers
• independent legal professionals
• estate agents and letting agents
• gaming and casinos
• trust or company service providers
  For example, company formation agents, professional trustees, mail holding and forwarding services, accountants and solicitors
• high value dealers
  Any sole trader or business that accepts or makes cash payments of 10,000 euros or more (or the equivalent in any currency) in exchange for goods.
• art market participants
  Any sole trader or business, including intermediaries, that trade in buying and/or selling works of art, in deals worth 10,000 euros or more (or the equivalent in any currency)

If your business falls under one of these regulated categories, seek advice from the authority that regulates your sector.
For other companies, there’s no legal obligation to carry out AML and KYC checks, but you should carry out due diligence checks for money you receive to help protect your business from financial crime and other unethical business practices. We explain the risks of financial crime in more detail in our post about due diligence for startups.

Anti Money Laundering checklist for startups

Investment from an individual

Before you receive an investment, ask the investor for:

• Proof of identity
  For example, a passport or national ID card, showing photograph, name, date of birth and nationality (and if they’ve changed their name, the document confirming their name change)
• Proof of address – residence and (if different) permanent address
  For example, a copy of a utility bill or bank statement issued within the last three months and displays name as per registration. PO Box addresses aren’t acceptable
• Proof of the source of the money
  Information about the investor’s occupation and the source of the funds for the investment. For example, a signed High Net Worth Investor Certificate and/or their bank statement showing the funds.

When you have confirmed an individual’s identity and business activities, run checks for potential financial crime risks related to this person. This due diligence is an important element of managing your risks and protecting your business from bad actors. Screen all individuals and their network connections for financial crime exposure, including sanction exposure, PEPs status, adverse media and litigation history, and other factors that could increase an individual’s financial crime risks.

Investment from an organisation

Before you receive an investment, you should ask for copies of:

• Certificate of incorporation or equivalent
  And if the company name has changed, the certificate about the change of name.
• Memorandum and Articles of Association (or equivalent)
• List of company directors and proof of residence for two officers
• Confirmation that the investment is made by the company, not on behalf of any other party
  or
• Confirmation that the investment is made by a nominee company on behalf of others
• Confirmation about the source of funds for investment

When you’ve obtained this information from an organisation, run the same due diligence checks on the organisation and its senior leadership as you would on an individual investor. Screening for potential links to criminals and illicit activity helps you verify that an organisation has no hidden connections to financial crime.

KYC checklist for startups

1. Ask for ID documents

If your startup needs to run KYC checks on customers and investors, you’ll need to ask for:

• Proof of identity
  For example, passport or national ID card, showing photograph, name, date of birth and nationality (and if they’ve changed their name, the document confirming their name change)
• Proof of address – residence and (if different) permanent address
  For example, a copy of a utility bill or bank statement issued within the last three months and displays name as per registration. PO Box addresses aren’t acceptable
• Date of birth
• National Insurance number
• Company incorporation documents
  (if the application is for a company)

2. Run checks

Check the customer’s identity against these lists and registers:

• global sanctions and watch lists
• high-risk jurisdictions
  Running checks to see if an individual is from a country considered high-risk will help to decide whether enhanced due diligence (EDD) is necessary. EDD involves collecting additional information for higher-risk customers to provide a deeper understanding of customer activity to mitigate associated risks.

• PEP registers
  Lists of ‘politically exposed persons’
• crime databases and registers
  Including lists of people involved in bribery and corruption
• adverse media and litigation history

3. Assign the customer a KYC risk rating

The calculation for this risk assessment is based on a range of factors, including how likely it is that the customer is involved in financial crime.

If the risk assessment determines the customer is high risk, you should carry out more intensive AML checks, including:

• enhanced due diligence
• investigate the source of the customer’s money
• check for adverse media

If the risk assessment determines the customer is low risk, the AML checks can be less intensive and you’ll be able to onboard the customer faster.

4. Carry out ongoing KYC checks

After onboarding, continually monitor your customer’s activity and review their risk rating.

• Screen payments
  Check the customer’s transactions. Who are they sending money to? And in what regions?
• Monitor transactions
  Does the customer’s behaviour match what you’d expect based on their risk rating?
• Check registers and databases
  Run regular checks to verify the customer does not appear on PEP or sanctions lists etc.

Companies which need to carry out KYC checks automate the process, using specialist software such as Themis Search for KYC/AML.

Stay on top of KYC and AML with Themis

To make it easier to protect your business, you can integrate KYC, AML and ongoing due diligence as a standard business process with a tool such as Themis Search & Monitoring.

The Themis platform makes it easy for startups to check all investors for red flags and potential criminal behaviour. The software is a simple way to carry out screening, KYC onboarding, risk mapping, enhanced due diligence and automated monitoring.

Protect your startup

No-one should have their hard work undone by criminals or illegal behaviour. That’s why we’ve partnered with Themis. With our legaltech services and the powerful Themis Search & Monitoring platform, you can speed up investment deals and protect your company. With experts taking care of your legals and due diligence, you can maintain your focus on growing your business and achieving your goals.