KYC and AML online onboarding: where identity verification breaks

TL;DR: KYC is the onboarding-stage identity check within AML, while AML runs continuously through monitoring, rescreening, and reporting, according to iProov’s analysis of regulated customer verification. The real pressure point is remote identity binding, where document checks alone cannot prove a live person is present and fraud risk concentrates.

NHIMG editorial — based on content published by iProov: KYC and AML identity verification and compliance guidance

By the numbers:

• Global financial penalties for AML, KYC, sanctions, and customer due diligence failures reached $4.6 billion in 2024.
• iProov face verification achieves completion rates of 98% compared to the 30-50% drop-off typical of document-based refresh workflows.

Questions worth separating out

Q: How should teams handle remote identity verification in KYC onboarding?

A: Teams should use controls that prove both document authenticity and live presence, because a valid ID alone does not establish that the presenter is the real holder.

Q: Why do KYC controls matter to AML programmes?

A: KYC matters because AML depends on knowing who the customer is before monitoring can be calibrated effectively.

Q: What breaks when customer risk classification is wrong?

A: When classification is wrong, the organisation applies the wrong level of scrutiny for the rest of the customer relationship.

Practitioner guidance

• Separate identity proofing from AML monitoring Map which controls establish customer identity at onboarding and which controls continue through the lifecycle.
• Strengthen live-binding at remote onboarding Use biometric liveness and face verification where regulations allow remote onboarding, because document authenticity alone does not prove the presenter is the real identity holder.
• Link risk tiers to monitoring thresholds Make customer risk classification drive sanctions rescreening, enhanced due diligence, and refresh frequency so higher-risk accounts receive the correct level of scrutiny.

What's in the full article

iProov's full article covers the operational detail this post intentionally leaves for the source:

• A stage-by-stage breakdown of KYC onboarding checks and how they map to remote identity verification workflows.
• Jurisdiction-specific discussion of how KYC and AML obligations differ across the UK, EU, and US.
• Examples of biometric verification as applied to onboarding and returning-user refresh in regulated environments.
• The article's FAQ section, which expands on KYC versus AML, due diligence, and compliance obligations.

👉 Read iProov's analysis of KYC and AML identity verification →

KYC and AML online onboarding: where identity verification breaks?

Explore further

View Full Forum →  |  NHI Foundation Course →