Home Why Harmoney + Overview End-to-end compliance Modules overview Integrations HarmonAI, the AI compliance orchestrator What sets us apart Solutions + Overview Digital onboarding KYC remediation Client lifecycle management Third-party risk management Managed compliance services Industries + Overview Corporate banking Insurance Wealth management Investment Funds Car and asset leasing Law and audit firms Real estate The Harmoney Circle + Overview Seen in Compliance blog The Harmoney Circle event calendar Research reports & white papers Use cases Customer stories About us + Overview Partners A demo?
  1. Home /
  2. KYC, AML, CDD:…

KYC, AML, CDD: what’s the difference & why it matters?

In the world of financial compliance, three letters pop up constantly: KYC, AML, and CDD. They’re closely linked, often used together, and sometimes even used interchangeably. But each plays a distinct role in protecting the financial system from abuse. So what exactly do they mean? How do they relate to each other? And who needs to care?

Let’s break it down.

Kyc aml cdd

1. Defining KYC, AML, CDD

What is KYC (Know Your Customer)?

KYC stands for know your customer. It refers to the process by which businesses verify the identity of their clients. This verification is crucial for assessing potential risks of illegal intentions, such as money laundering or financing terrorism.

It typically involves:

  • Collecting identification info (name, address, ID documents)
  • Verifying that info using trusted sources (e.g. passports, utility bills, electronic identity checks)
  • Checking risk indicators, like whether the person is politically exposed or on a sanctions list

Why it matters: KYC helps businesses confirm that their customers are who they say they are, and not involved in shady or illegal activity.

Example: a bank asks you for your ID and proof of address when opening an account.

What is CDD (Customer Due Diligence)?

CDD, or customer due diligence, takes KYC a step further. It’s not just about identifying the customer. It’s the broader process of assessing a customer's risk profile and monitoring their financial activities. It is a fundamental aspect of AML compliance

It involves:

  • Verifying identity (KYC)
  • Assessing risk based on factors like country of origin, type of transactions, business model
  • Monitoring activity over time

There are three levels:

  • Simplified due diligence: applied to regular customers with no apparent risk factors. Usually done for those that qualify as low risk.
  • Standard due diligence: this is the standard due diligence done for most of the customers.
  • Enhanced due diligence (EDD): implemented for high-risk customers, such as politically exposed persons (PEPs) or those from high-risk jurisdictions, e.g. PEPs, crypto exchanges, offshore accounts…

Example: a law firm must collect and verify details about a corporate client’s ownership structure before handling a large real estate deal. A bank may conduct EDD on a customer who is a foreign public official, requiring additional information and ongoing monitoring.

What is AML (Anti-Money Laundering)?

AML stands for anti-money laundering, it refers to the wider set of regulations, policies and controls used to prevent, detect, and report suspicious financial activity. It is used to prevent criminals from disguising illegally obtained funds as legitimate income.

AML includes:

  • KYC and CDD checks
  • Transaction monitoring
  • Sanctions screening
  • Suspicious activity reporting (SARs)
  • Record-keeping
  • Training for staff

Example: a payments platform spots an unusual pattern of small transactions linked to high-risk countries, triggers a flag and files a report to the local Financial Intelligence Unit (FIU).

2. Who needs to perform KYC & comply with AML legislation?

The terms KYC, AML, and CDD originated from the need to manage financial risks and comply with strict regulations. Across the EU and globally, any business considered a ‘regulated entity’ must comply with KYC and AML obligations. That includes:

Even non-financial sectors may need to comply if they handle large sums of money or pose a money laundering risk.

For the official EU list of obliged entities, see Article 2 of Directive (EU) 2015/849 (4AMLD).

3. AML Obligations in the EU

AML compliance in the EU is governed by a series of evolving directives, currently up to the 6th Anti-Money Laundering Directive (6AMLD).

Core EU AML obligations include:

  • KYC/CDD procedures for all customers
  • Screening for PEPs and sanctions
  • Ongoing transaction monitoring
  • Suspicious activity reports (SARs) to the FIU
  • Record retention (usually 5–10 years)
  • Internal controls and independent audit
  • Training for relevant staff
  • Risk-based approach to compliance

A new EU AML Authority (AMLA) is also being created to supervise and harmonise enforcement across member states.

As a reminder these were the previous policies:

  • 4th AML Directive (EU) 2015/849: Introduced a risk-based approach to AML, emphasizing the importance of KYC and CDD.
  • 5th AML Directive (EU) 2018/843: Expanded the scope to include virtual currencies and enhanced transparency of beneficial ownership.
  • 6th AML Directive (EU) 2018/1673: Harmonized the definition of money laundering offenses and extended criminal liability to legal entities.

More on EU policy: European Commission – AML/CFT

4. How EU AML laws compare to the US & Asia

While AML rules are globally aligned in principle , thanks to the FATF (Financial Action Task Force), implementation varies across regions. We're sharing the key differences:

European Union

  • There is a strong focus on data protection and the identification of beneficial ownership.
  • The directives must be transposed into national laws (leading to some differences).
  • Regulatory expectations are particularly high for crypto, ESG risk, and legal entity transparency.

United States

  • Anti-money laundering (AML) in the United States is governed by the Bank Secrecy Act and the Patriot Act.
  • Enforcement is carried out strictly by agencies such as FinCEN, OFAC, and other federal authorities.
  • There is a strong emphasis on enforcement and the imposition of penalties for non-compliance.
  • Financial institutions are required to file Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs).

Asia (e.g. Singapore, Hong Kong)

  • In Singapore, AML regulations are enforced by the Monetary Authority of Singapore (MAS), which is known for its clear and risk-based guidelines.
  • In Hong Kong, the regulatory framework is overseen by the Hong Kong Monetary Authority (HKMA) and the Securities and Futures Commission (SFC), with a strong emphasis on anti-money laundering in the private banking sector.
  • Across the Asia-Pacific region, the level of AML implementation varies significantly from country to country.

In short: the core principles are similar, but practical obligations, enforcement intensity, and penalties differ. This makes cross-border compliance especially challenging, and where platforms like Harmoney make a difference.

Final reflection on KYC, AML and CDD

To stay compliant and protect your business, it's essential to understand how KYC, AML, and CDD fit together:

  • KYC = identity check
  • CDD = risk understanding
  • AML = the full rulebook

Together, they help regulated businesses meet their legal duties , and prevent financial crime at the source.

If you're managing third-party risk, onboarding counterparties, or monitoring activity, make sure your workflows support real-time compliance with complete peace of mind.

Want to learn more about how Harmoney simplifies AML compliance with modular workflows? Get in touch with our team or explore our platform.