- Business Protection 101
- Posts
- KYC & AML
KYC & AML
Whose job is it, really?
This week threw me some curveballs, and I bet you’ve had those moments too when your grind starts paying off in unexpected ways.
I got offered sponsored LinkedIn posts - crazy, right? I passed, but it’s wild to think that just a couple of years ago, I was begging people to care about legal operations, and now companies want to pay me to reach my audience.
Success takes time, and you’re probably feeling that in your fintech journey, building something real, step by step.
Most of my week was quieter - my co-founder and I were going through a shared Notion page for our legal services. It took forever, but it’s done, and it feels like a win.
I’ve also been writing more on Substack, and here’s what I’ve learned: people don’t want glossy perfection. They want clear, real, messy truth.
The raw stuff I share on Twitter gets the most love, and maybe you’re finding that too, connecting with your audience by keeping it honest.
That brings me to a lesson I see fintech folks miss too often: assumptions about KYC (Know Your Customer) and AML (Anti-Money Laundering) compliance.
Saying “That’s not our job” won’t save you when regulators knock. Let me help you understand why this happens and how you can protect your business.
The Compliance Trap You Didn’t See Coming
Let’s say you’re handling UPI payments or investor onboarding. You partner with a third-party provider for customer onboarding and ask, “You’re handling KYC, right?”
They nod, you nod, and you move on, feeling good. But months later, a fraudulent account slips through, or an ID check fails. Suddenly, your inbox is flooded with complaints or, worse, a notice from RBI or SEBI.
And the thing is, in fintech, you can’t just point to your partner and say, “They messed up.”
Regulators like RBI or SEBI don’t chase who made the promise - they go after who’s easiest to pin down, and if your contract’s vague, that’s you.
You might’ve assumed the partner’s API or workflow covered AML, but when gaps appear, you’re the one facing fines or a hit to your reputation.
In India’s tight regulatory landscape, with rules like the DPDP Act, those gaps can sting.
Why does this keep happening? Too many fintech founders treat compliance like a verbal agreement, not a contract clause.

They assume someone else is handling KYC and AML, but nods don’t hold up in court - clear terms do. The good news? You can avoid this with a few smart contract tweaks.
Three Steps to Fix Your KYC and AML Compliance Responsibilities
To keep your fintech business safe, you need to eliminate compliance assumptions with precise contract terms.
These steps are tailored for you as a fintech founder, and I’ll explain why each one keeps your platform protected.
1. Pin Down Who Does What
Don’t just say, “Partner handles KYC.” Spell it out in your contract:
“The Partner verifies KYC documents, stores data securely, and updates expired IDs per RBI and SEBI rules.”
This clarity protects you. Vague terms let partners dodge responsibility, leaving you liable if a fraudulent account triggers a regulatory search.
By detailing who verifies, stores, and updates, you ensure everyone’s on the same page.
This is important because regulators expect every fintech player to be accountable.
A clear contract proves you’ve done your part, saving you from fines or legal battles that could derail your growth.
2. Add Teeth to Accountability
Make sure your partner faces consequences for slip-ups with:
“The Partner provides monthly KYC audit logs. Failure incurs a 5% penalty on the current month’s invoice.”
This clause enforces accountability. If your partner skips KYC checks, you shouldn’t pay the price.
A penalty for missing logs ensures they stay on top of compliance, protecting you from regulatory fallout.
It’s key because it shifts the burden to them, keeping your platform clean and building trust with clients who expect you to be buttoned up.
3. Protect Yourself from Their Mistakes
Push for:
“The Partner indemnifies [Your Company] for any fines, penalties, or legal action from their KYC or AML failures.”
This is your safety net. If a partner’s error triggers an RBI fine, they cover the cost, not you.
In fintech, where penalties can hit six figures, this clause saves your cash flow from taking a hit. Without it, you’re stuck paying for someone else’s mistake, which can slow your growth or scare off investors.
Your Quick Checklist for Compliance Clarity
Here’s a rundown to make your contracts compliance-ready:
Detail duties: List who handles KYC and AML tasks.
Enforce accountability: Tie penalties to missed compliance.
Protect yourself: Add indemnity for partner failures.

With these, you will make sure you are clear on the compliance part quite well.
Clarity Beats Assumptions Every Time
In fintech, assuming your partner’s got KYC and AML covered is never a good move. Maybe you’re planning to scale with new partners or bigger clients.
A vague contract could leave you facing fines, legal fights, or angry customers if compliance falls apart. But with clear duties, consequences, and protections, you’re building a platform that’s ready for growth.
It’s like the consistent work you’ve put into your business - showing up, building quietly, just like my raw posts on Twitter or Substack. That’s what’s gotten you this far.
Now, apply that clarity to your contracts. Don’t nod and smile when a partner says, “We’ve got compliance.”
Send them the terms and lock it down. It’s a small step that could save you big.
If you’re curious about working together, I’ve set up two options
a) 30-minute Clarity Calls
Clients demanding extra work? Partners taking your ideas?
In 30 minutes, I’ll share proven strategies from 5+ years and 400+ projects to help you avoid these risks.
Get clear, actionable steps - book your call here
b) Legal Support Exploration
Need legal support for your business? Whether it’s Contracts, Consultation, Business registration, Licensing, or more - Pick a time here.
This 30-minute call helps me see if we’re the right fit. This is not a consultation, but a chance to discuss your needs.
Prefer not to call? Submit your requirements here.
Reply