In today’s business and regulatory climate, a business should not only be concerned with making profits — it should also attempt to know who it has business dealings with. This means identifying and verifying customers’ identities and meeting KYC guidelines. When a financial institution creates a new business partnership with individuals or organizations without fully knowing their past and present business dealings, it can expose them to hefty lawsuits and regulatory fines.
In fact, over the past 10 years, regulators across the U.S., Europe, APAC and the Middle East have levied nearly $26 billion dollars in financial penalties against financial institutions for AML/KYC and sanctions-related violations (Source: Fenergo, 2019).
But KYC compliance goes beyond ticking some regulatory checkboxes. KYC helps financial institutions better understand and serve their customers and their unique needs. Before exploring the non-compliance benefits of KYC, let’s set the stage and review some key definitions and processes that make up KYC.
The KYC process is usually carried out by financial institutions when opening new accounts with online users. Inherent within KYC is the notion of customer due diligence (CDD) which usually involves background checks to assess the risk they pose, before dealing with them. In the financial sector, this usually involves vetting the user for creditworthiness and ensuring that they are not on any money laundering or counterterrorism financing watchlists.
The good news is that much of this vetting and AML screening has now been automated to ensure they’re “sponge worthy” (for you Seinfeld fans) in minutes. With customer due diligence, financial institutions are performing important checks, but they’re not validating that the person purporting to be John Q. Public is, in fact, John Q. Public — and that John Q. Public is not on any government watchlists or poses a significant credit risk. This is the domain of enhanced due diligence.
What is Enhanced Due Diligence?
Enhanced due diligence (EDD) is a KYC process that provides a greater level of scrutiny of potential business partnerships and highlights risk that cannot be detected by customer due diligence. EDD goes beyond CDD and looks to establish a higher level of identity assurance by obtaining the customer’s identity and address, and evaluating the risk category of the customer.
Enhanced due diligence is specifically designed for dealing with high-risk or high-net worth customers and large transactions. Because these customers and transactions pose greater risks to the financial sector, they are heavily regulated and monitored in order to ensure that everything is on the up and up.
There are several characteristics that distinguish EDD from regular KYC policies:
- Rigorous and Robust: EDD policies must be “rigorous and robust” which requires significantly more evidence and detailed information.
- Detailed Documentation: The entire EDD process must be documented in detail, and regulators should be able to have immediate access to enhanced due diligence reports. This demands more scrutiny when it comes to how data is captured and validating the reliability of those information sources.
- Reasonable Assurance: EDD requirements call for “reasonable assurance” when calculating a KYC risk rating. This means that the professionals responsible for making a “go” or “no go” decision must have completed all the necessary research steps and exercised professional skill and care in reaching their judgment.
- Special Attention for PEPs: Special attention must be paid to politically exposed persons (PEPs) — they’re viewed as being a higher risk because they are in positions that can be potentially abused for money laundering.
One of the challenges with EDD is knowing how much information about a customer is necessary to collect. Regulators have consistently favored approaches where financial institutions leverage documented policies and procedures (e.g., automated AML screening) that provide sufficient assurance while also enabling regulators to electronically audit decisions made by banking officials.
Increasingly companies are combining online identity verification and AML screening during the account onboarding process — effectively killing two birds with one stone — within a single, automated solution.
Short Commercial Plug: Jumio has embedded ComplyAdvantage’s automated watchlist/PEPs screening and monitoring into its online identity verification dashboard to create one central place for giving financial institutions the ability to drill down into specific sanctions matches for a streamlined compliance review. This means customers can leverage a single dashboard for identity verification and watchlist, adverse media and sanctions screening and be immediately alerted if there’s a watchlist, PEPs or adverse media hit.
EDD: Beyond Regulatory Scrutiny
So, what’s in it for the bank or financial institution beyond avoiding painful fines and unwanted regulatory scrutiny?
1. Better Serve Your Customers
The EDD and identity verification processes yield a bunch of useful information about your customers, including employment status, age and purchasing power which can be repurposed to offer bespoke solutions to better serve their needs.
2. Enhance your Own Brand Reputation
When you properly screen your customers with EDD, you can help prevent dirty money — money from corrupt politicians, criminals and terrorists — from sneaking into your ecosystem. This means taking the necessary precautions to know your customer at a more fundamental level — not just their company name and where they do business, but who owns the entity, the actual beneficial owner. Building in the necessary safeguards will help defend against fraud loss, compliance fines and loss of reputation.
3. Deter Financial Crime
The idea is that knowing your customers — verifying identities, making sure they’re real, confirming they’re not on any prohibited lists and assessing their risk factors — can keep money laundering, terrorism financing and more run-of-the-mill fraud schemes at bay. The ounce of prevention lets you focus more on business growth because more business is carried out within a positive legal climate.
4. Build Trust
Sadly, trust is evaporating quickly. As cybercrime headlines continue to break, banks need to focus not only on halting the flow of money laundering and corruption, but also on being seen as scrupulous custodians of their customers’ data and cash. Adopting KYC and EDD processes also telegraphs to your customers, and prospective customers, that your focus is on lawful business.
Thanks to emerging identity verification and screening technologies, banking customers can now identify themselves from anywhere in the world. But, if banks are to be sure the process of remote verification is failsafe so that funds — and sensitive data — are protected, they need to be a step ahead of every technological development and every hack.