KYC / AML
Know Your Customer + Anti-Money Laundering. The compliance backbone every UK alt-lender runs before disbursing a loan.
Definition
KYC (Know Your Customer) is the verification of a customer's identity. AML (Anti-Money Laundering) is the broader regulatory regime that requires KYC plus ongoing transaction monitoring, sanctions screening, and reporting. For SME lending, the corporate-customer form of KYC is often called KYB (Know Your Business).
UK regulatory frame
The UK rules live in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ("MLR 2017"), amended in 2019, 2022, and 2024. Enforced by the FCA for FCA-regulated firms; HMRC for accountants and money service businesses.
What a typical UK SME lender runs
For a £50k unsecured working-capital application:
- Companies House verification — confirms the borrowing entity exists, is active, registered office matches application, current directors and PSCs reconcile.
- Identity verification on PSCs + signing directors — passport or driving licence + utility bill / bank statement. Most lenders use Onfido or Yoti.
- Sanctions and PEP screening — every named individual against UK + EU + US + UN sanctions lists, plus Politically Exposed Persons. Vendors: ComplyAdvantage, Refinitiv World-Check, Dow Jones.
- Adverse media check — open-source media database for fraud / financial-crime hits.
- Bank-statement analysis — open-banking pull via Plaid / TrueLayer / GoCardless / Yapily. Used both for CDD (proves the bank account is operated by the company) and for credit decisioning (revenue trend, expenses).
- Source of funds — for facilities above £100k, the lender asks for narrative + supporting documents on where any deposit or pre-existing balance comes from.
- Ongoing monitoring — repayment-pattern monitoring; flags unusual transactions; quarterly re-screen on sanctions databases.
Enhanced Due Diligence triggers
Standard CDD (Customer Due Diligence) becomes EDD (Enhanced) when one of the following applies:
- Customer is a PEP or family member of one
- Customer or beneficial owner located in a high-risk third country (FATF lists)
- Customer involved in higher-risk sectors (cash-intensive retail, used-car trade, jewellery, cryptocurrency, gambling)
- Unusual ownership structure (offshore trusts, opaque corporate chains)
- Application contains red flags (mismatched address, recently changed director, dormant accounts then sudden activity)
EDD adds: source-of-funds and source-of-wealth questions, senior-management approval to onboard, more frequent ongoing review.
Common UK provider stacks (2026)
| Function | Common providers |
|---|---|
| Identity verification | Onfido, Yoti, Veriff, Persona |
| Sanctions / PEP / adverse media | ComplyAdvantage, Refinitiv World-Check, Dow Jones, Sayari |
| Open-banking | Plaid, TrueLayer, GoCardless Open Banking, Yapily |
| End-to-end orchestration | Persona, Alloy, Trulioo, FintechOS |
| UK SME data + KYB | Companies House (free), Endole, Creditsafe, Experian Pulse |
Typical UK alt-lender stack: Onfido (ID) + ComplyAdvantage (sanctions) + Plaid (open banking) + custom in-house workflow.
Where Borrowsignal fits
Borrowsignal does NOT do KYC or AML — we are a top-of-funnel data provider, not a credit broker. The leads we deliver pass identity verification against Companies House (the company is real, active, and has a verified registered office) and director identification at name level — but the borrower-side KYC/AML when an application is submitted remains the lender's responsibility, as it must under MLR 2017.
Common mistakes
Single-point-of-failure on PSC data. Companies House PSC data is self-declared at incorporation and not independently verified. UK alt-lenders that rely on CH PSC alone (without follow-up identity verification at application) have been the target of MLR enforcement action.
Forgetting the ongoing monitoring side. KYC is not a one-off check at onboarding — MLR 2017 requires ongoing review. Many smaller alt-lenders treat the application as a single point and never re-screen. Annual re-screen is the working minimum.
Skimping on EDD documentation. When the FCA reviews a lender's AML, they look for the EDD audit trail. Verbal "we discussed source of funds with the director" is not sufficient — the conversation must be documented.
Related
- FCA-regulated lender
- Companies House — primary KYB source
- Data residency — relevant for sub-processors
- FCA Consumer Duty and SME lending in 2026
Frequently asked
What's the difference between KYC, AML, and KYB?
KYC = individual identity verification. AML = the broader regulatory regime (KYC + monitoring + reporting). KYB = KYC applied to a corporate customer. For UK SME lenders, all three apply.
What are the UK Money Laundering Regulations?
MLR 2017 (amended 2019/2022/2024). UK transposition of EU AML directives plus UK-specific provisions. Requires customer due diligence, enhanced due diligence for higher-risk, ongoing monitoring, NCA reporting.
What KYC/AML checks does a UK alt-lender typically run?
7 steps: CH verification, ID-verify PSCs + directors, sanctions/PEP, adverse media, bank statements via open banking, source-of-funds for £100k+, ongoing monitoring.
Which UK KYC/AML providers do alt-lenders use most?
Onfido / Yoti / Veriff (ID); ComplyAdvantage / Refinitiv / Dow Jones (sanctions); Plaid / TrueLayer / Yapily (open banking); Persona / Alloy (orchestration).