Know Your Customer (KYC) is a method that financial institutions use to verify their clients’ identities and determine the potential for fraud. The idea is that getting to know your customers — doing identification checks, evaluating their financial transactions, and assessing their risk characteristics — can help prevent money laundering, terrorism funding, and other sorts of illegal financial activity.
For decades, the US Treasury has had legislation mandating financial firms to help the government discover and prevent money laundering. KYC procedures were established in 2001 as part of the Patriot Act, which was a development of these laws. In 2016, the US Treasury’s Financial Crimes Enforcement Network (FinCEN) issued rules on customer due diligence that bolstered them even more (CDD).
Why Do Banks and Financial Services Companies Need KYC Regulations?
If there’s one thing the last decade has taught us, it’s that a person’s online persona isn’t necessarily what it seems. Data breaches, phishing tactics, identity theft, money laundering, and other digital scams have wreaked havoc on businesses across the economy, from fintech to dating sites to sharing economy players.
According to the Financial Action Task Force (FATF), criminal proceeds from illicit monies generated by drug trafficking and organized crime accounted for 3.6 percent of global GDP in 2009, with 2.7 percent (or US$1.6 trillion) being laundered to conceal their illegal origin.
Furthermore, according to Juniper Research, business losses from fraudulent online transactions are estimated to exceed $25.6 billion by 2020.
Add to that an amount of identification information stored online, and fraudsters have a goldmine. Specific data (e.g., Social Security numbers, email addresses, passwords, credit card information, and medical records) fetches anywhere from 25 cents to $60 per record, making digital identities a commodity on the web. Bad actors are taking advantage of every opportunity to collect and use this information to their advantage.
Process of Know-Your-Customer (KYC) and Compliance Requirements
When a customer opens an account (either in person or online) or begins doing business with an organization, KYC compliance begins. They also play a role when the customer logs into the account. There are a few key elements to establishing KYC compliance.
Due Diligence for Customers
Conducting extensive customer due diligence (CDD) for all customers is a cornerstone of an effective KYC compliance program. Financial institutions must know their consumers and safeguard their financial ecosystems from criminals, terrorists, and politically exposed persons (PEPs) who could constitute a threat.
Because business clients range in terms of transaction kinds, customers, locations, scale, and business lines, CDD initiatives will vary as well, ranging from basic to standard to advanced CDD. CDD will entail verifying customers’ identities, understanding the monetary thresholds for required reporting and record retention, as well as the specific FinCEN rules governing various types of transactions.
When assessing the right level of due diligence, a corporation should check for red signs related to:
- Beneficial proprietors of an account or client are identified.
- Information about the customer’s various personal and professional relationships
- Salary or yearly sales estimate
- Policies and procedures for anti-money laundering are in place.
- Documentation from a third party
- Review of media sources to determine the reputation of the local market
Program for Customer Identification
The construction of a Customer Identification Program (CIP) as part of the onboarding process is the second component of KYC compliance since it “forms a reasonable belief that (the firm) knows the genuine identity of each customer.” To put it another way, every individual or business customer who wants to open an account must have their identification verified by the financial institution.
Online identity verification is a must-have for CIP when it comes to online customer onboarding. New verification technologies are assisting businesses in meeting KYC and data privacy regulations, as well as connecting with back-end and customer-facing platforms. The online identity verification process for institutions that rely on a government-issued ID document and biometric verification typically entails:
- To extract data from the ID document, use optical character recognition (OCR).
- To guarantee that the ID is authentic and unchanged, it must be verified.
- To boost identification assurance, take a selfie and compare it to an ID card.
Customer Experience and KYC
Because KYC adds a burden to the onboarding process as consumers go through the requisite identity verification stages, emerging technologies for online identity verification are crucial. Long wait times are costly for banks and inconvenient for consumers who demand speedy responses. In fact, according to Signicat data, more than half of retail banking clients in Europe have given up trying to sign up for new financial services. What is the primary cause?
Monitoring of Transactions
Ongoing monitoring necessitates a review of all information about clients on a regular basis, including oversight of their financial transactions and accounts based on risk thresholds established as part of a customer’s risk profile. Organizations are being urged to adopt clear, auditable systems for managing these ongoing checks.
The monitoring’s key goals are to:
Detect and boost anti-money laundering efforts by detecting suspicious financial transactions (e.g., activity surges).
Maintain a current record of client identification, beneficial ownership information, and the purpose and nature of the commercial connection.
After new account onboarding, check to see if clients are on any politically exposed individuals (PEP), sanctions, or adverse media lists (i.e., when the initial vetting occurred)
Unusual cross-border activity should be identified.
These activities, which were once deemed “best practices,” have now become legal, reflecting a growing expectation from both global authorities and stakeholders that businesses should always be mindful of customer risk.
Who is in charge of KYC compliance?
Mandates are being used by oversight authorities all over the world to bring digital identity verification and Know Your Customer to the forefront of enterprises’ thoughts. KYC and AML standards (together with their accompanying CDD requirements) were enacted in the United States by the Bank Secrecy Act of 1970 and the Patriot Act of 2001, respectively. The US Treasury’s FinCEN and even new state regulations, such as California’s CCPA compliance rules, increased them in 2016.
Wrapping up
The optimal KYC solution must be scalable for firms with an international presence or global goals, in addition to securely satisfying these technological criteria. This means, for example, that depending on where the organization does business, the solution can accommodate a wide range of national identification documents. Second, the solutions must be efficient – both in terms of cost and in terms of creating a great client onboarding experience.