deepidv
All AI Prompts
FinTechCryptoiGamingGenerator

Compliance Prompt for Writing KYC and AML Policies

This generator prompt produces a complete KYC/AML policy document skeleton with all ten sections regulators expect to see, from the Customer Identification Program and beneficial ownership thresholds through transaction monitoring, SAR/STR procedures, sanctions screening, and board governance, each populated with jurisdiction-specific requirements. It is designed for compliance leads at fintechs, crypto firms, and iGaming operators who need an examination-ready policy framework their team can finalize instead of starting from a blank page.

Compliance Prompt for Writing KYC and AML Policies

How to use this prompt

  1. 1

    Copy the prompt into your deepidv dashboard agent, Claude, ChatGPT, or Gemini, and replace [COMPANY TYPE] and [JURISDICTIONS] with your specifics, for example 'EMI licensed in Lithuania serving the EEA' or 'US money services business in 30 states'.

  2. 2

    Add context the model cannot guess: your products, customer segments, distribution channels, and whether monitoring is rules-based or ML-based, so sections 4 and 5 reflect reality.

  3. 3

    Expect a ten-section policy framework with jurisdiction-specific details such as beneficial ownership thresholds, SAR filing timelines, and record retention periods filled in for each market you named.

  4. 4

    Have legal counsel and your MLRO review every cited law and threshold, since these are the details examiners check first and statutes change.

  5. 5

    Adopt the verified document into your governance cycle with a named policy owner and annual review date, and re-run the prompt when you enter a new jurisdiction.

The prompt

You are a compliance documentation specialist. Generate a KYC/AML policy document framework for a [COMPANY TYPE] operating in [JURISDICTIONS].

The policy must include these sections (populate each with jurisdiction-specific requirements):

1. POLICY OVERVIEW — Purpose and scope, regulatory basis (cite specific laws), applicability, policy owner and review schedule

2. CUSTOMER IDENTIFICATION PROGRAM (CIP) — Required identity information by customer type, accepted identity documents by jurisdiction, verification methods, timing requirements

3. CUSTOMER DUE DILIGENCE (CDD) — Standard, enhanced, and simplified due diligence, beneficial ownership identification (thresholds by jurisdiction), ongoing CDD and periodic review

4. RISK ASSESSMENT — Customer, product/service, geographic, and channel risk factors, risk rating methodology

5. TRANSACTION MONITORING — Methodology (rules-based, ML-based, or hybrid), alert disposition, escalation, thresholds

6. SUSPICIOUS ACTIVITY REPORTING — SAR/STR filing criteria, procedures and timelines by jurisdiction, tipping-off prohibitions, record retention

7. SANCTIONS SCREENING — Lists screened (OFAC, EU, UN, country-specific), screening triggers, match disposition, escalation

8. RECORD KEEPING — Retention periods by jurisdiction, data storage requirements, retrieval capabilities

9. TRAINING — Required topics, frequency, role-specific requirements, documentation

10. GOVERNANCE — Compliance officer responsibilities, board oversight, audit schedule, examination preparation

Replace [COMPANY TYPE] and [JURISDICTIONS] with my specifics and generate the full framework with jurisdiction-specific details populated.

Pairs with on deepidv

Sources & further reading

FAQ

What sections should a KYC/AML policy document include?

A complete policy covers ten core areas: policy overview with regulatory basis, the Customer Identification Program, customer due diligence including beneficial ownership, risk assessment methodology, transaction monitoring, suspicious activity reporting, sanctions screening, record keeping, training, and governance. Each section needs jurisdiction-specific detail such as filing deadlines and retention periods, because examiners test policies against local law rather than generic templates.

Can I use AI to write my company's AML policy?

AI is well suited to generating the policy framework: the section structure, jurisdiction-specific requirements, and standard procedures that would otherwise take days to draft. The output must still be reviewed by qualified counsel and your compliance officer before adoption, because regulators hold the firm accountable for the policy's accuracy and for actually operating the controls it describes.

Related prompts

System PromptCompliance Prompt for AML Policy and Document ReviewsGeneratorAI Prompt for Vendor Due Diligence QuestionnairesGeneratorClaude Prompt for Compliance Risk Heatmaps (Copy & Paste)

Run it with live verification data

These prompts work in any LLM. Inside the deepidv dashboard, Luna, Arbiter, and Arc run them against your real sessions, screening lists, and audit trails.

Book a Demo