Know Your Customer (KYC) refers to the process institutions use to verify the identities of their customers and ascertain what fraud risks they may pose. The premise is that knowing your customers — performing identity verification, reviewing their financial activities, and assessing their risk factors — can keep money laundering, terrorism financing and other types of illicit financial activities in check.
What Is KYC Compliance?
KYC compliance is a set of regulations created by banks and other financial institutions to reduce criminal activity in real-time. These compliance regulations protect customer information, monitor customer activities, and increase the reliability of identity verification.
The ultimate aim of KYC is to confirm, with a high level of assurance, that customers are who they say they are and that they are not likely to be engaged in criminal activity. KYC is mandated for some organizations — primarily financial institutions — but for other businesses that voluntarily implement KYC procedures, it’s an important signal that the business is trustworthy and cares about protecting its customers.
The Impact of KYC Regulations on Banks & Financial Service Providers
If the last decade has taught us anything, it’s that a person’s online identity isn’t always what it appears to be. Data breaches, phishing schemes, identity theft, money laundering and other digital scams have wreaked havoc on organizations from every sector of the economy — from fintech services to dating sites to players in the sharing economy.
The intergovernmental Financial Action Task Force (FATF) estimated that in 2009, criminal proceeds from illicit funds generated from drug trafficking and organized crimes amounted to 3.6 percent of global GDP, with 2.7 percent (or US$1.6 trillion) being laundered to disguise their illegal origin. On top of that, corporate losses from fraudulent online transactions are expected to reach $25.6 billion in 2020, according to Juniper Research.
Add to this an abundance of identity information housed online and creating a goldmine for fraudsters. Digital identities act as a currency on the web, with specific data (e.g., Social Security numbers, email addresses, passwords, credit card numbers and medical records) fetching anywhere from 25 cents to $60 per record. Bad actors are exploiting all angles to obtain and utilize this data to their benefit.
To lessen the likelihood of these financial crimes, not to mention to protect their brand reputations, financial services organizations have a clear monetary incentive to accurately verify their users’ online identities through the use of KYC procedures.
Dig Deeper with a Free Resource from Fintrail and Jumio
Ongoing Customer Due Diligence and Remediations
KYC Process & Regulatory Compliance
KYC compliance begins when an account is created (either in person or online) or a customer starts doing business with an organization. They also come into play later, when the customer accesses that account. There are several important components to achieving KYC compliance.
Customer Due Diligence
One cornerstone of a strong KYC compliance program is conducting comprehensive customer due diligence (CDD) for all customers. Financial institutions need to know their customers and protect their financial ecosystems against criminals, terrorists and politically exposed persons (PEPs) who might present added risk.
Because business customers can vary in terms of their types of transactions, customers, locations, scale and business lines, CDD efforts will also differ, ranging from simplified to standard to enhanced CDD. In general, CDD will include verifying the identity of customers and understanding the monetary thresholds for required reporting and record retention, as well as the specific FinCEN rules governing different types of transactions.
In determining what level of due diligence is appropriate, a company should look for red flags relating to:
- Understanding of the customer’s customers
- Identification of beneficial owners of an account or customer
- Details of other personal and business relationships the customer maintains
- Approximate salary or annual sales
- AML policies and procedures in place
- Third-party documentation
- Local market reputation through review of media sources
Enhanced Due Diligence
Enhanced due diligence is another part of the KYC process, similar to customer due diligence. However, this process provides additional protection for high risk accounts. Oftentimes, enhanced due diligence can detect things that standard customer due diligence cannot.
EDD procedures are usually used on client accounts accounts like:
- Politically Exposed Persons (PEPs)
- Special Interest Persons (SIPs)
- Clients on sanction lists
- Clients with a high net worth
EDD procedures often require additional KYC verification in order for a customer to open up a bank account or do business with a financial institution.
Customer Identification Program
A second component of KYC compliance is the establishment of a Customer Identification Program (CIP) as a part of the onboarding process to “form a reasonable belief that (the business) knows the true identity of each customer.” In other words, a financial institution must verify the identity of every individual or business customer who wants to open an account.
Every CIP must have a risk-adjusted procedure to verify the identity of the account holder during customer onboarding. The minimum requirements to open an individual financial account include such personally identifiable information as the customer’s name, date of birth, address and the identification number. Other risks that may be assessed include the type of account in question, typical transaction size, the quality of the information offered by the customer, the characteristics of the organization as a customer and the location(s) where the customer’s transactions originate or end.
Procedures for identity verification include reviewing ID documents, non-documentary methods (e.g., comparing information provided by the customer with consumer reporting agencies, public databases) or a combination of both.
When it comes to online customer onboarding, online identity verification is a must-have for CIP. New verification technologies are helping organizations meet their KYC and data privacy requirements, as well as successfully integrating with their back-end and customer-facing systems. For institutions that rely on a government-issued ID document and biometric verification, the online identity verification process generally consists of:
- Optical Character Recognition (OCR) to extract data from the ID document
- ID verification to ensure the ID is valid and unaltered
- Selfie capture and comparison to ID document to increase identity assurance
It’s not enough to look at a customer’s risk profile only during the enhanced due diligence process of onboarding. Banks and other organizations must also look for signs of terrorist financing, suspicious activity or other high-risk behaviors throughout the course of the business relationship.
In general, once a customer has been identified and verified, there is no requirement to re-verify their identity. The exception is when there is a trigger event, for example:
- A product or service that you supply the customer changes
- Concerns are raised regarding previous information collected and its validity
- Suspicions of money laundering are raised
By performing ongoing monitoring, businesses can implement a continuous risk assessment process that flags customers who may pose increased risks as circumstances change.
Ongoing monitoring calls for a periodic review of all information regarding clients, including oversight of their financial transactions and accounts based on thresholds developed as part of a customer’s risk profile. The emphasis is on organizations to develop clear, auditable processes to manage these ongoing checks.
The primary objectives of monitoring are to:
- Detect suspicious financial transactions (e.g., spikes in activities) and strengthen anti-money laundering efforts
- Keep client identification and the purpose and intended nature of the business relationship record up to date
- Determine if customers are included on politically exposed persons (PEP), sanctions or adverse media lists after new account onboarding (i.e., when the initial vetting occurred)
- Identify unusual cross-border activities
These activities, which were once considered “best practices,” have moved to law, reflecting an increasing expectation from both global regulators and stakeholders that firms should be more aware of customer risk at all times.
Who Regulates KYC Compliance?
Oversight bodies across the globe have begun using mandates to bring digital identity verification and Know Your Customer to the forefront of the minds of businesses. In the United States, KYC and AML mandates (and their associated CDD requirements) stem from the 1970 Bank Secrecy Act and the 2001 Patriot Act. They were expanded in 2016 by the U.S. Treasury’s FinCEN and even by new state regulations, including California’s CCPA compliance rules.
Elsewhere, the EU, Asia-Pacific countries (APAC) and other regions have built upon or created their own compliance frameworks. In addition to GDPR regulations, the EU has a new regulatory requirement, PSD2, to reduce fraud and make online payments more secure, as well as the 6th EU Anti-Money Laundering Directive (6AMLD). In Canada, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) oversees anti-money laundering and anti-terrorist funding regulations. And dozens of countries and international bodies follow the Financial Action Task Force’s recommendations regarding politically exposed persons terrorist financing.
How eKYC Can Benefit the Customer Experience
Emerging technologies for online identity verification are critical because KYC adds friction to the onboarding process as customers go through the necessary identity verification steps. Long wait times are expensive for banks and frustrating for customers who expect quick and easy interactions. In fact, research by Signicat found that more than 50 percent of retail banking customers in Europe abandoned their attempt to sign up for new financial services. The leading cause? The process simply took too long and was too onerous.
The challenge that every business faces, therefore, is how to balance KYC with the need for fast, efficient onboarding processes that deliver a positive customer experience.
Compliance with KYC Requirements through Identity Verification
Companies are striving to grow their customer base through faster, easier and lower-cost digital channels, yet the current regulatory landscape creates many barriers to achieving those ideals. Customers want the convenience of signing up through digital channels, and they want the process to be quick and painless. Institutions, on the other hand, have to manage the realities of complying with KYC regulations, which can mean sending new customers out of their preferred (digital) channel for identity verification or making customers wait for days or weeks as their identities are verified.
These competing demands have created a clear need for KYC technologies that can transform an organization’s manual KYC and customer onboarding processes into a streamlined online approach.
The right solution needs to have these fundamental identity verification capabilities:
- Ability to accurately extract data from a wide range of ID documents (e.g., passports, government-issued IDs, driver’s licenses)
- Ability to verify the authenticity and validity of the ID document
- Ability to capture biometric data from the customer (e.g., selfie, fingerprint)
- Ability to compare the biometric data and the ID document to validate the customer’s identity
In addition to securely meeting these technical objectives, the ideal KYC solution must be scalable for companies with an international presence or global ambitions. This means, for example, that the solution can accommodate a wide range of national identification documents, based on where the company does business. Secondly, the solutions must be effective — both in terms of its cost-effectiveness and its ability to create a positive customer onboarding experience.
KYC Frequently Asked Questions
What is eKYC?
eKYC is the electronic process in which customer identity documents and information are monitored and verified. eKYC allows financial institutions and banks to quickly and efficiently monitor transactions. It can also better secure customer data and speed up the document verification process.
What are KYC documents?
KYC documents are documents used to verify a client’s identity. Some popular KYC documents accepted by most major financial institutions include:
- Driver’s License
- Voter Identity Card
- PAN Card
- NREGA Card
- Aadhaar Letter or Aadhaar Card
How does KYC impact cryptocurrency?
KYC compliance can help improve blockchain and crypto systems by decreasing risk, improving fraud prevention and increasing AML compliance. Financial institutions often monitor the cryptocurrency blockchain to detect fraudulent activity, money laundering or other criminal activity.
Streamline Your KYC Compliance Workflows with Jumio’s eKYC & AML Solutions
eKYC has started to change the world of identity verification and securing customer data. It creates an easy and efficient way for banks and other financial institutions to monitor customer activity and detect fraud.
The challenge and imperative for KYC is clear. We invite you to learn how Jumio’s end-to-end identity verification and authentication solutions can help.
Originally published February 20, 2020