The Hudson United Bank of New Jersey was one of the banks used by the airplane hijackers who perpetrated the deadliest attack ever on American soil on Sept. 11, 2001. According to the 9/11 Commission, money-laundering safeguards at the time were not designed to detect or disrupt the type of deposits, withdrawals and wire transfers that helped facilitate the attacks. As a result, Know Your Customer (KYC) laws were introduced as part of the Patriot Act as a means of deterring terrorist activity and financial crimes.
Because money launderers and other criminals tend to use fraudulent identities during the onboarding process to mask their true identities, KYC laws require financial institutions to “get to know” their customers by confirming to a high level of assurance that those customers are who they say they are.
With so much riding on getting KYC in banking right and with more customer onboarding taking place online, it’s no surprise that financial institutions are looking for effective technologies to verify customers’ identities remotely. In this blog, we’ll take a look at what some of those technologies are and how they’re being used to comply with KYC and enhanced due diligence requirements.
Why is KYC Compliance Mandatory?
The United States Department of the Treasury has had legislation in place for decades directing financial institutions to assist the government in detecting and preventing money laundering. The Bank Secrecy Act of 1970, for example, specifically requires financial institutions to keep certain records (e.g., cash transactions exceeding $10,000) and to report financial transactions that might signify money laundering, tax evasion or other criminal activities. More recently in 2016, the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a set of rulings to further clarify and strengthen Customer Due Diligence (CDD) requirements and Anti-Money Laundering (AML) efforts.
Requiring financial institutions to perform due diligence so that they understand who their customers are and what type of transactions they conduct is a critical aspect of combating all forms of illicit financial activity, from terrorist financing and sanctions evasion to more traditional financial crimes.
To satisfy KYC compliance and related regulations, banks spent more than $100 billion in 2016 and predicted those compliance costs would rise from four to 10 percent by 2021. Yet despite these huge investments, nearly $26 billion in fines were imposed against financial institutions for non-compliance with AML and KYC regulations in the last decade, according to research by Fenergo.
The KYC Process Undertaken by Banks & Financial Institutions
In order to clarify and strengthen CDD requirements and meet KYC in the financial sector, the FinCEN outlined four minimum elements needed for an effective program. They include:
- Identifying and verifying the identity of customers;
- Identifying and verifying the identity of beneficial owners of legal entity customers (i.e., the natural persons who own or control legal entities);
- Understanding the nature and purpose of customer relationships to develop a customer risk profile; and
- Conducting ongoing monitoring for suspicious transactions and, on a risk basis, maintaining and updating customer information.
What is required from customers during the onboarding process?
To meet these KYC requirements, financial entities must gather and verify identity information at the point of onboarding new customers. The requirements vary depending on whether the bank account is for an individual customer or a business customer.
Individual customers who visit a bank in person will bring some proof of identity, such as government-issued identification (e.g., driver’s license, passport), proof of address and whatever else might be required for the transaction. The banker checks the customer’s documentation to physically ascertain that they are who they claim to be. For business accounts, additional information verifying the identities of beneficial owners (e.g., articles of incorporation) and business activity (e.g., profit and loss statements) are required.
These processes are far more complex when customers create accounts online. Now financial institutions must verify that the customers’ digital identities match their actual, real-world identities. Establishing a trustworthy link between a digital identity and an actual person requires a robust identity verification process to prove the person is who they represent themselves to be. That process may include a combination of biometrics (e.g., facial recognition, fingerprints), machine learning and/or document or ID verification.
Technology in KYC Compliance
In its 2019 Guide to Identity Proofing and Corroboration, Gartner recommends that organizations move away from traditional identity proofing and authentication technologies that rely on something a customer knows (i.e., a password or security question) or possesses (i.e., an ID badge).
Instead, they recommend organizations turn to biometrics for in-person or eKYC identity verification. Biometric authentication technologies rely on what someone is, for example, by using their unique fingerprint or facial map, to verify a customer’s identity.
Companies are using biometrics, alongside more traditional ID verification, to strengthen their defenses against online fraud and maintain compliance with AML and KYC.
These technologies not only build trust among customers, but they also create a seamless, efficient onboarding experience.
The Future of Banking Technology
Many financial institutions are now using Jumio’s online identity verification process which ties the digital identity of a customer to an authenticated government-issued ID. Once a banking customer’s digital identity has been validated, it is further corroborated with a selfie photo and certified liveness detection to ensure that the legitimate customer is present during future transactions.
This powerful combination of verifying who someone is, binding that person to face-based biometrics, and further securing the transaction with certified liveness detection, allows banks and financial organizations to operate more securely and stay in compliance with the myriad of CDD regulations.
Learn more about Jumio’s identity verification solutions for AML/KYC compliance here.