Why is it Important to Know Your Customer?
KYC is more important than ever as financial institutions face increasingly stringent fines from regulators and more demanding regulatory calls to truly understand their customers.
As highlighted by Global KYC Trends in 2023, financial crime risk is on the rise and set to soar due to criminals' innovative approaches to laundering money and outsmarting the global financial system.
On one side are malicious threat actors who continue to take advantage of the dynamic nature of financial crime, engineering new ways to launder their proceeds of crime by exploiting inherent weaknesses in banking systems. Criminals in the financial space have become nefarious pioneers of a multi-trillion-dollar illicit industry.
On the other hand, compliance teams form the backbone of the defense framework against financial crime and fight back using a combination of technology, data, and human experience to detect, disrupt, and prevent criminal activity.
One of the most valuable weapons in any compliance team’s toolbelt is KYC reviews, a tried-and-tested anti-money laundering (AML) process that mitigates financial crime risk in banks and other financial institutions.
What is KYC?
KYC is the process of identifying and verifying customers. It is designed to protect banks and other financial institutions from fraud, money laundering, terrorist financing, and other economic crimes.
KYC achieves this by collecting and verifying a customer or entity’s identity and other information relating to them. The scope of identity information that’s collected varies between different jurisdictions, but, at a minimum, it typically includes a customer’s full name, address, and date of birth. Personal identifying information must then be verified.
Under most AML regimes, businesses must also risk assess and screen their customers and clients to ensure they can be trusted—that they’re not politically exposed persons (PEPs), subject to sanctions, financial criminals, or otherwise high-risk entities. This can be achieved by cross-referencing KYC data against global sanctions lists, watchlists, and adverse media reporting.
KYC vs AML: What’s the Difference?
KYC and AML are two terms often used interchangeably, but it’s important to be aware of the difference between them.
In short: AML is the overall process of which KYC is one component. AML encompasses a variety of processes and procedures in addition to KYC, including customer due diligence (CDD), transaction monitoring (TM), ongoing KYC reviews, and suspicious activity report (SAR) filing.
Check out our guide to the differences between AML and KYC to understand compliance further.
Who is KYC for?
KYC is primarily required of regulated organizations in industries that are subject to AML laws and so have to undertake KYC checks as part of a wider AML regime. The exact industries that KYC requirements apply to depend on the legal jurisdiction, but in most cases, it will always apply to:
Financial institutions:
KYC requirements focusing on verifying customer identities and evaluating money laundering risk apply to banks and other financial service providers, such as payments companies, asset management and asset servicing firms, and fintechs like crypto platforms.
Insurance companies:
Insurance providers need to be equipped to assess risk factors associated with clients quickly. Key risk factors might include claims history and whether a client has ever been convicted of any financial crime-related offenses or had an insurance policy canceled by another provider.
Payment institutions:
KYC and AML are used by payment institutions to verify the identities of account holders and their payment information when transacting.
This is just some of the industries that are typically subject to KYC regulations. There can be significant variance between different jurisdictions; though virtually any business that deals directly with money transfers can be subject to AML requirements.
How Banks Achieve Compliance Through KYC Checks
In many jurisdictions throughout the global financial system, banks and financial service providers are legally required to conduct KYC checks during the onboarding process and periodically throughout the lifecycle of the client relationship in accordance with individual client risk profiles.
For the majority of jurisdictions, KYC requirements are as laid out by the Financial Action Task Force (FATF) in its Recommendations and legally expressed by legislation such as the European Union’s Anti-Money Laundering Directive (AMLD) or the Banking Secrecy Act (BSA) in the United States.
The FATF Recommendations set out a comprehensive framework of AML measures for member countries to implement in order to combat money laundering and terrorist financing. Although the FATF Recommendations are just that—recommendations—the AMLD, currently in its sixth iteration as 6AMLD, enshrines AML requirements and responsibilities in European law. However, the consistency of these regulations varies across the EU as each Member State determines how the directive is transposed into regional law.
Failure to meet KYC requirements can lead to regulatory sanctions and reputational damage for regulated companies. In December 2022, a banking giant was fined more than US$2 billion as a result of a long-term investigation conducted by the U.S. Department of Justice into the bank’s failure to disclose deficiencies in its AML systems, such as inadequate transaction monitoring capabilities and high-risk offshore customers. Fenergo shares the extent of the damage caused by AML fines in a yearly report.
Know Your Customer (KYC) Checklist
The KYC process for banks can be broken down into three main areas:
- Identity verification
- Customer due diligence (CDD)
- Ongoing monitoring
The first two steps are completed during the initial customer onboarding stage while the third step, as the name suggests, continues throughout the lifecycle of the client relationship and is integral for banks to safeguard against the threats posed by the modern financial crime landscape.
1. Standard identification: The client provides a government-issued ID or document and is first checked for authenticity against government databases
2. Liveness checks: Face scanning, biometrics, and liveness checks can be used to ensure that the client is a real, living person while also checking the client’s likeness against the photograph provided on the ID document
3. Address verification: The customer provides proof of address, which is verified against any government-issued ID and other documentation such as bank statements or bills
CDD uses all available data and information to determine what risk, if any, a client carries and how this could impact the business. CDD aims to identify risk factors by analyzing information from a variety of sources, such as:
- Anything provided by the customers themselves
- Sanctions lists published by governments and official authorities
- Publicly available data, such ask company listings and media
- Private data sources from third parties
Customers who are identified as high-risk following standard CDD checks may be subject to enhanced due diligence (EDD) checks. This might include searches of credit histories, litigation records, and Politically Exposed Person (PEP) listings, as well as screening of watchlists and adverse media checks.
Just because a client has been onboarded, verified their identity, passed CDD checks, and categorized as low risk does not mean that the KYC process ends there. Things can change quickly, particularly these days in our connected digital environment.
It’s therefore important to continuously monitor clients and their activity to ensure that changes to their risk status don’t go unnoticed and compliance teams can put in place the appropriate safeguarding measures if it does.
Continuous monitoring involves carrying out periodic checks to inform risk status by watching out for things like:
- Sudden, unusual fluctuations in transactional activity
- Unusual cross-border activity adverse media references
- Unusually large deposits and withdrawals transactions involving sanctioned entities or those on watchlists
You can read more about continuous monitoring in our Comprehensive Guide to Transaction Monitoring.
Digital Transformation and KYC
In the not too distant past, businesses would conduct their KYC journey through entirely manual processes. Some still do.
A business would first retrieve information from a potential client and then assign a human operator the task of verifying it. This approach is slow and expensive and error-prone; human employees are not infallible, after all.
Fast-forward a few years, and KYC has been digitally transformed through electronic KYC (eKYC) solutions and digital ID&V (identity and verification) as businesses' KYC needs have skyrocketed in response to the growing challenge posed by financial crime threat actors.
Although there are no fundamental differences between KYC and eKYC, and the behind-the-scenes processes are virtually the same—banks must still conduct identity verification, CDD, and ongoing monitoring—there are differences in the methods used to capture and check information.
Under the manual KYC journey, a client would have to visit a bank branch to open an account, taking along with them their identity documents which a human operator then manually checks against databases and watchlists.
This process has been reimagined through digital transformation into eKYC to be more digitally friendly and facilitate the client's needs, using technology that echoes the digital experiences that clients have come to expect from every service they use.
A client now simply needs to provide a digital copy of an identity document that can be analyzed and verified alongside a biometric test. This digital transformation of KYC and its newfound flexibility mean that banks can quickly and remotely onboard new customers, verify their identity documents, and check supplied information across countless data points in a matter of seconds.
It’s faster, more accurate, and can check a client’s information against more data points than is possible with a human operator, increasing the likelihood that risky clients are filtered out during the onboarding stage.
Discover the 6 benefits of KYC Automation here.
How can Businesses Improve the KYC Journey?
Banks and other financial service providers are some of the most highly regulated businesses in the world. KYC plays a significant part in their CDD processes. The nature and scale of modern banking operations, alongside the nature and scale of modern financial crime challenges, make it virtually impossible for them to carry out suitable KYC checks when relying on outdated methods.
The leaders at these financial institutions know this and are overwhelmingly choosing to implement automated KYC solutions within their workflows. Such solutions make their KYC processes agile and accurate, making it easy for compliance teams to run multiple checks on new clients during the initial KYC process while simultaneously monitoring existing customers in the background.
For more information or to see a demonstration of any Fenergo solution, please request a demo.
KYC Compliance in 2 Minutes
KYC is a huge challenge for every financial institution, so here’s a two minute explainer that will give you the overview you need to know where to go next on your journey. Digitalizing and automating KYC will help futureproof your business against any incoming regulatory demands.
Read More KYC Related Content
https://www.fenergo.com/know-your-customer-kyc-solution
https://www.fenergo.com/aml-report
https://www.fenergo.com/kyc-trends
https://resources.fenergo.com/reports/integrated-kyc-and-scaling-for-success
https://resources.fenergo.com/blogs/how-to-verify-a-business
https://resources.fenergo.com/blogs/enhanced-due-diligence-for-high-risk-customers
