A major concern among financial institutions is the possibility and ramifications of unknowingly becoming complicit in financial crime, such as by doing business with a client who is carrying out illicit activities.
To mitigate this risk, financial institutions have strengthened their internal control systems, resilience, and compliance with anti-money laundering (AML) efforts in recent years through the implementation of Know Your Customer (KYC) and Customer Due Diligence (CDD) best practices that form part of their wider AML strategies. AML & KYC are closely related, discover their differences in compliance.
What is KYC?
KYC, sometimes called Know Your Client, is a process that financial institutions use for identifying and verifying their customers and clients when they open an account with them, and periodically over time.
KYC essentially involves checks against several data points that ensure that your customers are who they say they are. The more data points that are checked against (e.g., name, address, tax ID, credit report, sanctions lists) that are checked against, the easier it is to spot inconsistencies and safeguard against illegitimate or volatile individuals from becoming a customer.
KYC processes also enable financial institutions to create a holistic view of each customer by building profiles that examine things like their financial status and activities to deduce what ‘normal’ looks like for that entity. This makes it easier to spot irregularities and take action if or when they arise.
What companies need KYC?
Many industries are compelled by laws and regulations to undertake KYC as part of a wider AML regime, and this usually takes place during the client onboarding phase of the customer journey. Exactly which industries these apply to depends on the jurisdiction but most businesses operating in the following areas will need to implement it:
Financial institutions: KYC requirements that focus on verifying customer identities and evaluating fraud risk factors are almost always in place for financial institutions such as corporate and institutional banks and commercial and business banks.
Insurance companies: Insurance providers must be able to quickly and thoroughly assess key risk factors and conduct ongoing monitoring of their customers’ transactions to ensure that they are who they say they are.
Payment institutions: KYC and AML are increasingly being used by payment institutions to verify the identities of account holders and their payment information when transacting. This is especially important as payment institutions have been accused of not doing enough to combat financial crime by the European Banking Authority.
Online gambling: Online betting and gambling platforms need to conduct KYC-compliant age verification to protect both themselves and their customers by identifying high-risk customers and signs of fraudulent activity.
This is of course not an exhaustive list; any industry can be subject to meeting KYC regulations and there can be significant jurisdictional variance.
What are the main elements of KYC?
All effective KYC regimes are made up of three key components: identity verification, customer due diligence, and ongoing (automated) monitoring.
1. Identity verification
Knowing who someone is forms the basis of any relationship involving trust. As such, verification sits at the core of any KYC regime. Indeed, businesses that provide regulated services such as financial and insurance services have a critical need to know that a customer is who they claim to be.
Identity verification is a process therefore a way of verifying who a customer is. As the KYC process has become overwhelmingly digitized, verification is often carried out by utilizing different technologies such as artificial intelligence (AI), security features such as holograms, and various security checks such as biometrics and liveness analysis.
A typical identity verification process will comprise the following steps:
Document verification: A government-issued ID or document provided by the entity subject to verification is checked for authenticity against government databases.
Face verification: Face scanning and liveness checks can be used to check for spoofing, ensure the live presence of the person being verified, and verify the live person against the image on any provided ID.
Address verification: Proof of address is provided by the customer, and this is verified against government-issued identity documents.
2. Customer due diligence
Once a customer’s identity has been verified, the next step is to carry out due diligence by using any available information to determine what risk, if any, they carry, and how this could be impactful against the business.
Customer due diligence (CDD) aims to unearth potential risk factors by analyzing information from a variety of sources, such as:
That provided by the customers themselves.
Sanctions lists published by governments and official authorities.
Publicly available data, such as company listings and media.
Private data sources from third parties.
CDD also involves collecting information about the identity of a customer, any activities that they’re involved in, the entities that they do business with, and how likely they are to be involved in activities that expose the organization to risk. Essentially, the CDD process helps regulated organizations protect themselves against being used for illicit activity.
Customers that are deemed to be high risk are typically subject to enhanced due diligence (EDD) checks, such as searches of litigation records, credit histories, PEP listings, watchlist screenings, and adverse media searches.
3. Ongoing monitoring
Just because a customer has been checked and onboarded as a low-risk entity, that doesn’t mean they can be forgotten about. Things can change very quickly. As such, it’s important to continue monitoring their activities and behavior so that their risk status can be regularly updated.
Ongoing monitoring involves carrying out periodic checks to inform risk status by watching out for things like:
Sudden, unusual fluctuations in transactional activity.
Unusual cross-border activity.
Adverse media references.
Unusually large deposits and withdrawals.
Transactions involving sanctioned entities or those on watchlists.
If suspicious activity is detected, this could change the nature of your relationship. Risk teams should therefore carry out enhanced due diligence and fulfil any obligations under local laws, such as requirements for completing a Suspicious Activity Report (SAR).
Why you should automate KYC
The nature of KYC and the scale of an organization’s operations can make it very difficult for regulated organizations to carry out efficient and robust KYC. After all, it’s not a straightforward process and many factors have an impact on the levels of KYC and due diligence that need to be carried out.
It is for these reasons that organizations are overwhelmingly opting to implement automated KYC within their workflows. Automated KYC technologies make it easy to quickly carry out multiple checks on new customers during the initial KYC process while simultaneously monitoring existing customers in the background.
This not only leads to a better customer experience because customers are onboard more quickly, but it also gives regulated organizations the tools they need to be confident in their approach to KYC and scale both at home and abroad.
Automate your KYC processes and create stronger journeys. Request a demo today.