KYC vs AML: What's the Difference?

KYC (Know Your Customer) and AML (Anti-Money-Laundering) are related but distinct compliance obligations: KYC establishes who your customer is at the point of onboarding, while AML determines whether that person — or their subsequent activity — creates financial-crime risk.

Regulated businesses need both. Getting the distinction right matters because they apply at different points in the customer lifecycle, use different data, and have different failure modes. This guide explains what each covers, how they interact, and how Didit's unified /v3/ API runs them in the same workflow.

Key takeaways

• KYC (Know Your Customer) verifies identity at onboarding: document, biometrics, and basic risk assessment.
• AML (Anti-Money-Laundering) screens verified identities against 1,300+ watchlists and monitors ongoing activity for suspicious patterns.
• KYC is primarily a point-in-time check; AML is a continuous obligation.
• They belong in the same workflow: KYC establishes identity, AML assesses and monitors risk. Running them separately creates compliance gaps.
• Didit's unified /v3/ API handles both in one session — KYC from $0.33, AML Screening at $0.20.
• Ongoing AML Monitoring is $0.07 per user per year, covering continuous watchlist surveillance post-onboarding.

What KYC covers

KYC is the identity-first layer. Its job is to answer one question: is this person who they say they are?

A KYC program has three components. CIP (Customer Identification Program) verifies the customer's identity at onboarding using documents and biometrics. CDD (Customer Due Diligence) assesses the customer's risk profile — source of funds, business purpose, expected behaviour. EDD (Enhanced Due Diligence) applies deeper scrutiny to high-risk customers such as politically exposed persons (PEPs) or customers from high-risk jurisdictions.

KYC produces a verified identity record with an associated risk classification. It tells you who your customer is. It does not, on its own, tell you whether their transactions are suspicious or whether their funds are clean.

What AML covers

AML is the risk-monitoring layer. Its job is to screen your customer against databases of known bad actors, and to detect suspicious patterns in their activity over time.

AML compliance has two sides. AML screening (also called sanctions screening or watchlist screening) checks an identity against lists maintained by regulators and law enforcement: OFAC, UN, EU, FATF, Interpol, PEP registries, adverse media databases, and more. A match means the customer or their counterparty appears on a list of sanctioned individuals, wanted persons, or high-risk entities.

AML transaction monitoring watches how money moves over time. Structuring deposits just below reporting thresholds, rapid round-trip transfers, high velocity from a dormant account, funds from high-risk jurisdictions — these are the patterns AML monitoring is designed to surface.

AML is a continuous obligation. The watchlists update. Customer risk changes. Monitoring never stops.

Where the two obligations overlap — and differ

The overlap is real: a customer's identity is the anchor for both KYC and AML. You cannot screen a watchlist without knowing who you are checking, and you cannot monitor transactions without knowing whose transactions they are. That is why the two are often discussed together.

But they operate differently:

	KYC	AML
Primary question	Is this person real and who they say they are?	Does this person pose financial-crime risk?
When it runs	At onboarding (CIP), plus periodic review	At onboarding (screening) + continuously (monitoring)
Data used	Documents, biometrics, database validation	Watchlists, sanctions lists, PEP registries, transaction data
Didit module	ID Verification, Liveness, Face Match	AML Screening, Ongoing AML Monitoring
Price	$0.33 (full core flow)	$0.20 per screening / $0.07 per user per year (ongoing)

Running KYC without AML screening leaves identity verified but risk unassessed. Running AML without KYC screens an identity you have not confirmed is real. Both gaps create regulatory exposure.

How they work together in a single workflow

The most practical setup combines KYC and AML in one onboarding session, then keeps AML running in the background.

At onboarding: ID Verification + Passive Liveness + Face Match ($0.33) confirms the customer's identity. AML Screening ($0.20) immediately checks the verified identity against 1,300+ watchlists. The result is a verified-and-screened customer record, ready for account approval.

Post-onboarding: Ongoing AML Monitoring ($0.07/user/year) subscribes the customer to continuous watchlist surveillance. If a match appears — because the customer is later added to a sanctions list, or new adverse media surfaces — an alert fires automatically.

In Didit's Business Console, you compose this as a single workflow. No separate AML vendor, no integration overhead. The same unified /v3/ API handles both.

Use cases

Neobank account opening — a user submits their document and face match (KYC), and AML screening runs immediately against their verified identity. PEP flags or sanctions hits surface before the account is approved.

Crypto VASP onboarding — FATF standards require both identity verification and sanctions screening before a VASP can accept a customer. Didit's combined session satisfies both obligations in a single flow.

Marketplace seller onboarding — a platform must verify that sellers are real and not on sanctions lists before they can receive payouts. KYC + AML screening together cover that obligation.

iGaming compliance — regulated gaming operators face both identity (age verification, self-exclusion checks) and AML (unusual deposit patterns, PEP status) obligations. Running both in one workflow reduces integration cost.

How Didit helps

In Didit, KYC and AML are composable modules in the same workflow. Add document, biometric, and AML features to your workflow in the Business Console, then start a session:

curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "your_kyc_aml_workflow_id",
    "vendor_data": "user_55512",
    "callback": "https://yourapp.com/webhook/compliance"
  }'

The session runs document + biometric KYC, then AML screening against 1,300+ watchlists — all in one user-facing flow. Results arrive via webhook or GET /v3/session/{sessionId}/decision/, with a risk classification for the AML component.

For AML screening on existing customers or counterparties, POST /v3/aml/ runs a standalone watchlist check without opening a session.

Frequently asked questions

Can I run AML screening without KYC?

Yes. Didit's AML Screening module works as a standalone check — useful for screening existing customers, counterparties, or businesses. But for new customer onboarding, running both in the same session is more reliable and more defensible.

How many watchlists does Didit cover for AML?

1,300+ lists, including OFAC, UN, EU, Interpol, national sanctions lists, PEP registries, and adverse media databases.

How much does AML screening cost?

$0.20 per check, pay-per-call, no minimums. Ongoing AML Monitoring for post-onboarding continuous screening is $0.07 per user per year.

Does KYC replace AML monitoring?

No. KYC is a point-in-time identity check. AML monitoring is a continuous obligation. A customer who passes KYC cleanly today can be added to a sanctions list tomorrow — only ongoing monitoring catches that.

Does Didit's AML screening cover crypto wallets?

Wallet Screening (KYT) is separate from identity AML screening and covers on-chain wallet risk via Crystal and Merkle Science. Both capabilities sit on the same unified platform.

Ready to get started?

• AML product page → AML Screening
• KYC product page → User Verification
• Pricing → didit.me/pricing — $0.20 AML screening, $0.33 KYC core flow
• Start free → business.didit.me — 500 free checks per month