KYC Checklist: Creating a Compliant Know Your Customer Program

Designing an effective Know Your Customer (KYC) program is a critical component of an effective anti-money laundering (AML) program. KYC requirements are meant to protect your organization from doing business with — or becoming the victim of — financial criminals.

Without a well-designed KYC process, your organization is unlikely to be compliant with government regulations. This non-compliance can lead to severe penalties as well as a loss of reputation.

What Is KYC Compliance?

KYC compliance is adherence to a type of money laundering regulation central to your overall AML compliance strategy. All financial institutions and financial service providers are responsible for collecting customer information and verifying the identity of their customers during the onboarding process. However, these efforts do not stop there. KYC verifications need to be a part of an ongoing process.

KYC includes three main parts: customer identification, customer due diligence, and ongoing monitoring. These three program prongs are meant to identify the potential for and prevent financial crimes like drug trafficking, money laundering and terrorist financing.

Compliance with KYC and AML regulations is monitored by government agencies in various jurisdictions around the world, including the Financial Action Task Force (FATF) and Financial Crimes Enforcement Network (FinCEN), so any violations are likely to be detected.

Know Your Customer Checklist: KYC Documents & Customer Identification

Customer identification is the first step in a KYC program. Some common KYC documents include the following:

• A photo identity card
• Proof of address — utility bills and other official correspondence can be used
• Passport
• Voter’s ID card
• Driver’s license
• Official letter from a public authority or public servant
• Bank passbook with photograph
• Employee ID card
• University or Board of Education card

Your organization is also required to follow Know Your Business (KYB) practices. You need to determine that the business you’re dealing with is legitimate and learn about its incorporation details, business identification number, and Ultimate Beneficial Owners (UBO).

Illegitimate businesses frequently hide the true owners or beneficiaries of the business to insulate them from law enforcement. Finding this information is often more difficult than verifying individual identities through photo IDs and other documents, biometric methods (fingerprints, voice recognition, face-based biometrics, etc.), full names, and more.

Know Your Customer Checklist: KYC Procedures

A comprehensive KYC program must include these three parts:

• Customer identification program (CIP)
• Customer due diligence (CDD)
• Ongoing transaction monitoring

1. Customer Identification Program (CIP)

A customer identification program aims to verify the customer’s identity during account opening and determine that their funds are from legitimate sources. Otherwise, financial criminals can easily use your institution to launder the proceeds of their crimes.

The CIP usually takes place during the customer onboarding process for individuals and businesses. It is required by Section 326 of the USA PATRIOT ACT and must include the following:

• A written document of your program
• Four pieces of identifying information: customer name, date of birth, address, and official identification numbers
• Identity verification procedures
• Recordkeeping
• Comparison with government lists
• Customer notice of next steps

Your organization must ensure that all customer information and documents are legitimate. When allowing customers to open and access accounts online, it’s important to employ safeguards such as multi-factor authentication and biometrics to ensure customers are who they claim to be.

You must verify the source of customer funds and closely monitor high-risk ones, such as cash businesses, politically exposed persons and foreign individuals. You also need to determine the ultimate beneficial owners of an organization and understand the nature of their business relationship with the company. This verification is the key to staying KYC and AML compliant.

2. Customer Due Diligence (CDD)

According to FinCEN, the CDD Final Rule requires your financial organization to create and maintain written policies that will facilitate the following:

1. Identify and verify customer identity.
2. Identify and verify the beneficial owners of new company clients.
3. Develop customer risk profiles based on the nature of their business.
4. Perform ongoing monitoring to identify and report suspicious transactions and perform risk assessment to maintain and update customer information.

This stage requires investigating customers for past criminal and suspicious behavior to determine the level of trust you can have in them. Doing so means determining customer risk. FinCEN does not prescribe the risk levels, so your organization needs to create its own criteria for determining risk profiles.

The following customers are generally considered high risk:

• Money service businesses
• Cash-intensive businesses
• Nonresident aliens
• Foreign individuals
• Politically exposed persons (PEP) — These high-profile people are more likely to be exposed to corruption, blackmail and bribery.

You should also use government sanctions lists to screen for criminally compromised individuals.

Customer due diligence is not a one-size-fits-all proposition. Your organization will be using three types of CDD to determine customer risk:

• Simplified due diligence — If the customer is very low risk, you just check the customer’s ID and do not need to perform further verification.
• Standard due diligence (SDD) — Check the customer’s ID and further verify their identity using a reliable, independent source, such as a government database.
• Enhanced due diligence (EDD) — High-risk customers need to be identified and verified more thoroughly. You may ask for extra identification from the customer as well as information on the source of their money, the nature of business relationships and the purpose of their transactions. Higher-risk customers also require intensive ongoing monitoring.

3. Ongoing Monitoring

Financial criminals are savvy and are continually using new methods to escape detection. That is why ongoing monitoring is so essential. A sophisticated money launderer may keep things legal for some time before using their account for nefarious activity.
Your ongoing monitoring should include a standardized system aimed at spotting changes in risk. Of course, your high-risk clients may be operating in a completely legal manner, but AML regulations require that you treat them with a higher level of scrutiny.

Some low-risk clients may be guilty of improper financial activity, but you cannot perform enhanced due diligence on everyone. It’s essential for businesses to create a positive customer experience while also detecting suspicious activity.

Automate Your KYC Compliance Program With Jumio

For any financial institution, KYC compliance is essential to its success. Staying compliant requires constant vigilance and sophisticated verification processes. Jumio’s KYX Platform is a comprehensive solution that helps your organization with all aspects of AML and KYC compliance, including advanced identity proofing, risk scoring and AML screening. It helps you meet regulatory mandates and minimize your exposure to risk while providing a great customer experience. Contact us to learn how Jumio can help your business accelerate trust and fight financial crime.

Updated: March 13, 2023