Know your customer checklist: 4 steps to effective know your customer compliance

The Know Your Customer (KYC) process is an integral part of anti-money laundering (AML) regulation around the world, helping banks and financial service providers understand their customers’ financial behaviors and report criminal activity quickly. Accordingly, firms must ‘know their customer’ before they start doing business with them, and throughout the lifetime of that relationship. This means asking for detailed information from a customer in order to build an understanding of the level of criminal risk that they pose – specifically the likelihood of them being involved in money laundering and terrorism financing. 

The term ‘KYC’ is sometimes used interchangeably with AML, but while AML refers specifically to compliance rules and regulations, KYC is a set of tools that firms can use to enforce them. KYC actually underpins guidance from the Financial Action Task Force (FATF), which sets out a series of fundamental AML/CFT requirements for member states such as conducting customer due diligence (CDD) and establishing effective record-keeping systems – all of which must be transposed into domestic legislation. 

With that in mind, financial service providers must understand how to implement effective KYC by building suitable data collection and monitoring processes into their AML solutions. Stay ahead of your AML/CFT obligations, and ensure your organization is capable of combating financial criminals, with our Know Your Customer checklist: 

1. Collect basic information

The first step of the KYC process is to conduct appropriate customer due diligence (CDD) – which refers to the collection of basic identifying information about the customer. Ideally, firms should use digital CDD tools to capture and log the relevant data accurately and efficiently – while minimizing the potential for human error. The basic customer data required for the KYC process includes: 

• Names
• Addresses
• Dates of birth
• Social security numbers
• Company incorporation documents

The information that firms collect at this first stage of the KYC process will inform a subsequent risk assessment, and define the firm’s AML/CFT compliance response. 

2. Verify customer information

Firms must ensure that the basic data they collect as part of their KYC process is accurate and up to date. Accordingly, when firms obtain information such as names and addresses, they should corroborate that data with official documents such as driving licenses, passports, and birth certificates. 

Similarly, once firms have obtained identifying data, they must compare it to a range of relevant official lists which may affect the customer’s risk profile. These include: 

• High-risk jurisdictions
• Global sanctions and watch lists
• Politically exposed person (PEP) lists
• Criminal registries, including lists of participants involved in bribery and corruption

3. Assign a customer risk rating

The information collected and verified as part of the customer due diligence process represents the foundation of a customer’s KYC risk rating. The risk rating is a calculation that takes into account a range of factors, including the likelihood that an individual customer is involved in financial crime, and the wider operational compliance risk that a firm faces.

In jurisdictions that mandate a ‘risk-based approach’ to AML, firms assign a KYC risk rating by performing a risk assessment of each customer. Where the assessment determines a high compliance risk, firms should deploy more intensive AML/CFT measures, including enhanced due diligence (EDD), source of wealth inquiries, and adverse media searches. By contrast, lower-risk customers may be subject to simpler AML/CFT measures, which optimize the speed and efficiency of onboarding and transaction experiences (in contexts where that is possible).

4. Ongoing risk review

KYC is not just a ‘box checking’ task to complete during onboarding, but instead an ongoing process that extends throughout the lifetime of a customer relationship. When a customer changes their behavior or begins a new financial venture, effective KYC enables firms to detect any change in AML/CFT risk. With that in mind, firms must ensure they conduct ongoing reviews of their customers’ compliance risk ratings – and may implement the following processes in order to do so:

• Payment screening: Firms should screen their customer’s transactions for indications that they are sending money to high-risk counterparties. Those counter-parties might include customers on PEP lists and sanctions lists. 
• Customer monitoring: When a customer’s risk profile changes – by designation on a sanctions list, for example, or election to political office – ongoing KYC allows a firm to capture that information and adjust their risk rating. Similarly, firms might conduct ongoing adverse media checks to capture customers’ involvement in negative news stories.
• Transaction monitoring: Ongoing transaction monitoring is a way of checking whether customers’ financial behavior meets the expectations of their risk assessment. Where behavior diverges from expectations, it may be necessary to adjust their risk rating. 

Throughout: Evaluate KYC automation tools 

Given the scope of the administrative challenge, and the regulatory requirements of most jurisdictions, it’s important that firms automate the KYC compliance process. KYC automation should be constantly re-evaluated as the risk landscape changes. In practice, KYC software offers the following benefits: 

• Speed: Automated CDD, monitoring, and screening processes mean less administrative friction and enhanced customer experiences. Similarly, compliance employees may be informed more quickly when an AML alert is generated. 
• Accuracy: By automating KYC, firms reduce the potential for human error and costly compliance penalties. Further, by incorporating algorithmic analysis and machine learning systems, they may be able to account for unexpected customer behaviors and reduce the likelihood of false positive AML alerts. 
• Adaptability: Automated KYC systems enable firms to implement horizon scanning, becoming more agile in adapting to new regulations and to emerging technologies. Horizon scanning techniques may also allow firms to adjust to new risks and more sophisticated criminal methodologies. 
• Whitelisting: Customers that often trigger false positive AML alerts as a result of similarities to high-risk individuals (on sanctions lists, for example) may be added to whitelists. Firms may automate whitelist scanning to pre-verify their customers against whitelist databases and speed up the transaction processes.