Anti-money laundering obligations: API solutions for customer due diligence
Anti Money Laundering (AML) refers to all activities that financial institutions and intermediaries are required to carry out to prevent illicit funds from being reintroduced into the economic system.
To comply with AML regulations, obligated entities must perform proper customer due diligence, actively monitor their transactions, and report any suspicious transactions.
The anti-money laundering system, which in Italy is regulated by Legislative Decree 231/2007, was created to prevent and combat the risk of money laundering from illegal activities, which is "cleaned" by reintroducing it into entirely legal channels.
Banks, financial institutions, insurance companies, and various other entities, including securities brokerage firms and accountants, are required to carry out anti-money laundering activities.
This means, among other things, that they are required to identify clients and the beneficial owners of legal entities performing financial transactions and to report any suspicious transactions.
Anti-money laundering regulations consist of several levels: at the core are the international standards of the FATF, which serve as AML guidelines and are reflected in EU regulations and national legislation.
To summarize, the AML regulatory framework consists of:
With the Fifth Directive, the European Union tightened the regulations, including cryptocurrency exchange providers, art dealers, and digital wallet service providers among the obligated entities.
Intermediaries and entities engaged in financial activities are required to follow AML provisions as defined by national and international regulations.
Some of the main AML obligations are as follows:
Additionally, there is an obligation to establish training and internal control measures to monitor customer identification, data recording and retention, and suspicious transaction reporting.
One of the most important obligations under AML regulations is proper customer due diligence, as expressed in Article 17 and subsequent articles of Legislative Decree 231/2007.
Customer due diligence is implemented through a set of measures that include the following operations:
Failure to obtain or verify the relevant identification data may result in monetary penalties, which, in the case of serious violations, can reach up to €50,000 (Art. 56).
AML regulations also apply to online banks, financial operators exchanging cryptocurrencies, and digital wallet service providers. Many AML-related operations, therefore, take place online.
As established by Article 19 of Legislative Decree 231/2007, the identification requirement is considered fulfilled even without the physical presence of the customer, provided they have a digital identity with a significant level of assurance, or their identity is confirmed by qualified certificates used to generate a digital signature.
Except in exceptional cases, any digital onboarding process at a bank or cryptocurrency platform requires customer due diligence through KYC (Know Your Customer), which is the process of identifying and verifying the customer’s identity.
The KYC process aims to gather information that enables evaluating the money laundering or criminal financing risk for each customer.
In addition to customer identification and document verification, KYC requires the collection of information to assess the actual risk factors and constant monitoring of transactions.
Based on risk profiles, customer due diligence may be simplified or more thorough. It typically follows this pattern:
When the customer is a company, customer due diligence requires further information about the company: in addition to the beneficial ownership, the business model, revenue, size, and any export activities must be known.
Openapi's AML service was designed for this purpose: it allows access, through APIs, to over 300 enriched data points on all individuals (private or legal) involved in the company, starting with just the customer's VAT number. It is intended for all companies seeking certified data for AML verification.
As part of Customer Due Diligence, regardless of the risk level, it is also necessary to verify that the person performing the online procedure matches the individual whose identity documents are provided.
Some operators require the upload of the document, while others ask for a selfie with the document or participation in a live video call with an operator.
Openapi’s Video Identification APIs allow businesses to choose the video identification mode that best suits their needs, ensuring compliance with customer due diligence requirements while creating a secure and customizable user experience.
Carbon free energy for Our Cloud Low CO2
© 2024 Openapi SpA, a single-member company, under the direction and control of Open Holding Srl.
Viale Filippo Tommaso Marinetti 221 - 00143 Rome - Business Register: 1378273, Share Capital: €50,000.00, VAT Number: IT12485671007, Recipient Code: 'USAL8PV' - Certified Email:
Openapi is certified in: Quality System - **UNI EN ISO 9001:2015** - Data Quality **ISO 25012:2014** - Security Management **ISO/IEC 27001:2022**
All prices are net of any VAT, stamp duty, registration fees, or other taxes that may be due. All logos listed on the portal are copyrighted and owned by their respective owners.