KYC and AML are acronyms for Know Your Customer and Anti-money Laundering and refer to the set of activities that both financial institutions and regulated businesses must perform to verify the identity of their customers and obtain sensitive information from them as well as prevent money laundering from illegal activities.
You can download our 5AMLD whitepaper by clicking here.
The terms KYC / AML are also used to define the different regulations governing these activities. With the KYC, it is no longer enough to verify the customer’s identity on a documentary level, but it is also necessary for the financial institution to ascertain the real identity of the customer and share its information with the Administration.
A deeper knowledge of the tricks used by money laundering networks, as well as a growing public concern about the subject, has resulted in a series of changes in international standards and legislation…
We are aware of the current concern about personal data privacy in order to prevent fraud and identity theft.
Therefore, there is a rising social awareness of the need to prevent all types of corruption and the financing of illegal activities such as terrorism or drug trafficking.
Preventing criminal organizations from using banking for money laundering purposes has led governments to legislate and establish procedures aimed at increasing security, both in the physical and digital world.
It is the ultimate responsibility of financial institutions or regulated companies to implement and adopt KYC solutions.
Nevertheless, if KYC in the financial sector was the origin at a regulatory level, affecting banks, insurance companies or export credit agencies, other sectors have echoed the need to verify the identity of customers to prevent identity theft fraud through new regulations.
Some of these sectors are the online gaming sector, cryptocurrency, betting, telecommunications … so we could also talk about the KYC in the online game or the cryptocurrency KYC.

KYC / AML regulations
KYC regulations are local and differ from government or country to country, being jurisdiction also on a country to country basis.
Among the different regulations, we have in Europe the Directive (EU) 2018/843 regarding the prevention of money laundering or the financing of terrorism. This directive would be the fourth (4) and amends Directive (EU) 2015/849 which already amends Directives 2009/138/EC and 2013/36/EU. It is a directive aimed at the financial sector and aims to establish the measures that will allow banks to protect themselves against these threats.
In Spain, we have Law 10/2010, of 28 April, on the prevention of money laundering and the financing of terrorism.
In addition, within the financial sector, SEPBLAC is the Supervisory Authority for the prevention of money laundering and the prevention of terrorism, while in the gaming sector it would be the DGOJ (Dirección General de Ordenación del Juego), responsible for issuing resolutions regulating gaming activity.
At SEPBLAC, (Spain’s Financial Intelligence Unit), you can find the main legal provisions regarding the prevention of money laundering and terrorist financing and capital movements and economic transactions with other countries. Regulations are classified into three areas:
At SEPBLAC, (Spain’s Financial Intelligence Unit), you can find the main legal provisions regarding the prevention of money laundering and terrorist financing and capital movements and economic transactions with other countries. Regulations are classified into three areas:
Due to its geographical situation, Spain is a gateway for illicit narcotics among Latam, Africa and Europe, as well as a major European money laundering activities where a huge percentage of drug trafficking proceeds were invested in Real Estate. For this reason, money laundering prevention policies were introduced at the end of the 1980s.
The following is a list of Know Your Customer entities covered by Spanish Law:
- Banks
- Mutual savings associations
- Credit companies
- Insurance companies
- Financial advisers
- Brokerage and securities firms
- Pension fund managers
- Collective investment schemes
- Postal services
- Currency exchange outlets
- Individuals and unofficial financial institutions exchanging or transmitting money
- Realty agents
- Dealers in precious metals, stones, antiques and art
- Legal advisors and lawyers
- Accountants
- Auditors
- Notaries
- Casinos
Documents for the identity verification process (KYC)
It is usually in the first phase of the commercial relationship with the client, known as digital onboarding, in which the client is registered in our system, when KYC measures are implemented and reinforced to verify his/her identity.
In some sectors, such as in the online game sector, the liability to perform a documentary verification by the game operators was made at a later stage when the player wanted to withdraw its prizes. Currently, regulations have become more restrictive, forcing new players toverify their identity during the onboarding process.
Therefore, depending on the sector and the regulations applied, the requirements demanded during the registration process may vary. KYC controls typically include the following:
- Collection and analysis of basic identity information (referred ID cards). Generally, a Passport, Driving License, National Identity Document or a Certificate of Citizenship.
- Verify the client’s physical address. This is usually verified by delivering some utility bill such as gas, electricity or telephone, tax receipts, bank statements, etc..
- Name matching against lists of third parties (police databases..)
- Determination of the customer’s risk in terms of propensity to commit money laundering, terrorist finance, or identity theft.
- Creation of an expectation of a customer’s transactional behaviour.
- Monitoring of a customer’s transactions against their expected behaviour and recorded profile as well as that of the customer’s peers.
Digital Onboarding
Digital Onboarding is the process that allows a customer to register for the first time completely online from any device (smartphone, computer) collecting its personal data, an ID document that identifies him/her and verifying that he/she is who they say they are.
Until a couple of years ago, to open a bank account it was necessary to go to a bank office so that an agent could verify the identity of the client, so it was a face-to-face onboarding model.
Gradually, the onboarding process has been digitized, allowing forms and contracts to be downloaded from the bank’s website, until the current model, in which the banks have the permission of the regulatory agencies and the technology necessary to allow the customer’s first contact with the bank to be 100% digital.
The kick-off was in May 2015 when SEPBLAC authorised the process of digital onboarding through a videocall in which the customer shows an ID document to the camera of his computer or mobile device.
The German bank N26 was a pioneer in the implementation of Digital Onboarding in Spain. Since then there are already many companies in multiple sectors that use document scanning technology to extract information and biometric recognition to verify the identity of the holder of an ID card, integrating into their own systems (ERP, CRM) all customer information generated during the process.
The challenge we face during the Digital Onboarding process is to apply the technology that allows KYC compliance without suffering the user experience and usability , keeping the processes 100% digital, paperless and without the need to do it face-to-face.
Our technology allows a 100% digital and automated registration process, scanning and verifying client’s identity documentation, but also enabling biometric authentication of customers at later stages prioritizing usability and user experience.
VAPT: Creating a Digital Identity Onboarding Process
What should we take into account from ID document verification point of view when doing a Digital Onboarding process? Well, that’s what Mobbeel calls VAPT (Validity, Authenticity, Property and Traceability):
- Validity, since the document must be automatically detected and its information correct.
- Authenticity, so it is not a fake document.
- Property: the person who presents it is its legitimate holder.
- Traceability: we comply with the Know Your Customer / Anti-money Laundering regulations.
The KYC solution we have developed at Mobbeel allows to automatically verify the identity of a client by scanning its identity document in both web and mobile environments, validating their identity, extracting information through OCR and complying with SEPBLAC when introducing unassisted videoconferencing for financial institutions, or with the DGOJ for online gaming and betting companies.
The KYC solution we have developed at Mobbeel allows to automatically verify the identity of a client by scanning its identity document in both web and mobile environments, validating their identity, extracting information through OCR and complying with SEPBLAC when introducing unassisted videoconferencing for financial institutions, or with the DGOJ for online gaming and betting companies.
If you are interested in our technology do not hesitate to contact us, and if you liked the article, share it and add value to your followers!

I am a Computer Engineer who loves Marketing, Communication and companies’ internationalization, tasks I’m developing as CMO at Mobbeel. I am loads of things, some good, many bad… I’m perfectly imperfect.
DISCOVER OUR KYC / AML GUIDES

KYC (Know Your Customer) guide
Find out our interactive guide about Facial Recognition and look into its history, how it works, regulations, applications and cybersecurity challenges.

AML5 Guide. Anti-Money Laundering
Download our AML5 guide and dive in to know about its implications and how it can affect your business.