What is the KYC process in banking?

In banking, know your customer (KYC) refers to the series of mandatory processes necessary to identify who a given client is when they’re opening an account so that the bank can confirm they are who they say they are. Even though the series of actions required to help a bank identify clients occur at the start of the relationship, KYC processes continue throughout the customer lifecycle.

They’re an integral part of a bank’s overall anti-money laundering (AML) efforts.

This article will look at:

• What KYC processes are in banking;
• Why they matter; and
• What banks can do to conduct these processes more efficiently and effectively.

Why does KYC in banking matter?

KYC processes play a vital role in the banking industry because they serve to protect both banks and the clients they serve. For banks, KYC processes represent a legal requirement to create and maintain records on the profile of every client (as well as those who may operate on their behalf) so that the bank knows who they’re working with and can report any suspicious activity should it arise.

In this way, it reduces the bank’s exposure to the risk of criminal activity, such as money laundering and terrorist financing, while simultaneously giving crime enforcement authorities the ability and notice necessary to prevent criminal behavior.

For clients, KYC processes ensure that the bank they’re working with is only making recommendations that are suitable for their specific financial situation and needs. They ensure banks are aware of the client’s existing financial standing before suggesting a sale, purchase, or investment of any kind.

In this way, they protect clients from predatory behavior and untoward practices that might threaten their overall financial health.

KYC regulations for banks

Banks are subject to KYC regulations and standards all over the world, though there are some differences in when different countries first enacted these requirements as well as in what they precisely stipulate.

Some notable examples of KYC regulations for the banking industry include:

• The Australian Transaction Reports and Analytic Center (AUSTRAC) first established KYC requirements in 1989 with the Anti-Money Laundering and Counter-Terrorism Financial Rules Instrument amending those prescriptions in 2007.
• The Financial Transactions and Reports Analysis Center of Canada (FINTRAC) established itself as Canada’s financial intelligence unit in 2000 and then updated its regulations in 2016 to enact new methods for client identification that comply with new AML requirements.
• The Reserve Bank of India (India’s central bank) introduced KYC guidelines and standards for the first time in 2002 with a particular focus on anti-money laundering compliance.
• Banca d’Italia (Italy’s central bank) set KYC requirements for banks in 2007 and oversees the regulation of all banks and financial institutions operating on Italian soil.
• The UK’s Money Laundering Regulations of 2017 are the latest underlying rules for KYC, with further guidance provided for banks by both the European Joint Money Laundering Steering Group and The Financial Conduct Authority (FCA).
• The US’ Financial Crimes Enforcement Network (FinCEN) enforces the Financial Industry Regulation Authority’s (FINRA) Rule 2090 around Know Your Customer and Rule 2111 around Suitability.
• The Financial Action Task Force of Latin America (GAFILAT) oversees the implementation of AML and CFT requirements for KYC processes in 17 Latin American countries across south, central, and North America.
• The Middle East and North Africa Financial Action Task Force (MENAFATF) oversees the implementation of FATF recommendations for KYC, AML, and CFT all across the region.

Penalties for Non-Compliance

Altogether, banks worldwide have been fined billions of dollars for failing to comply with KYC, AML, and CFT requirements over the past few years. In addition to these financial penalties, banks have also had to contend with severe reputational damage, threats to their charters, and sanctions that ‘blacklist’ them around the world. 

The three phases of KYC in banking

Around the world, regulations and guidelines for KYC in banking stipulate the need for three components, steps, or phases of vigilance. They are:

1. A robust customer identification program (CIP)

The need for KYC in banking starts when the relationship with the client starts. The first objective is to verifiably determine whether or not the client is who they say they are. This applies to all clients and, in the case of corporate clients, extends to the individuals identified as beneficial owners of the client business.

The documents and identity details required for this step include the client’s name, address, date of birth, and government-issued identification numbers found in passports and/or driving licenses. For corporate clients, this includes business licenses, articles of incorporation, partnership agreements, and financial statements.

Regulators need to be able to see that banks can promptly acquire and verify all this information using well-documented procedures that all staff are trained in.

2. A risk-based approach to customer due diligence (CDD)

The purpose of customer due diligence is to understand the extent to which any given client can be trusted. It’s about determining the degree of risk a bank should assign to their client so firms can administer the appropriate approach for different clients and circumstances.

To that end, most CDD programs are comprised of three distinct levels, each requiring greater diligence than the last.

• Basic (or standard) due diligence is what all clients will be subjected to and often includes steps to determine where the client is and what their typical patterns of transactions look like.
• Simplified due diligence (SDD) is for clients deemed to be of low-level risk. For these clients, banks need only undertake some of their diligence practices as long as they continue to monitor the client’s risk level over the course of the relationship.
• Enhanced due diligence (EDD) is reserved for clients deemed to pose a higher risk of criminal activity like money laundering or terrorist financing. It typically involves the need for more information from clients, external checks against publicly available data and internal investigations into the client’s accounts and transactions.

3. A continuous system for ongoing monitoring

The final phase of KYC in banking is arguably its most critical – the ongoing monitoring of all clients throughout the course of their relationship with the bank. The goal is to keep track of whether or not a client’s risk profile needs to be adjusted based on their activity. Banks are free to determine how frequently these checks are made as well as how many resources need to be dedicated to this.

However, regulators require banks to track changes in the frequency, location, type, and pattern of transactions they’re clients are part of. Banks also need to monitor whether or not there are notable changes in the client’s status. For instance, whether there has been adverse media coverage of them should adjust their risk level. Or if they’re included in publicly available politically exposed person (PEP) lists and sanctions lists.

Common KYC challenges for banks

Banks face a number of issues when trying to implement effective KYC programs. Chief amongst these are three common challenges with wide-ranging effects:

• The customer experience suffers. The longer it takes a bank to verify a customer’s identity and risk status, the longer a customer has to wait to achieve their own goals. This friction can motivate banks to take shortcuts in these critical processes, but it can also motivate criminals to try and abuse those very shortcuts.
• The workload is hard to scale. Because of the amount of analysis and investigation required to accurately determine what any given client’s risk level should be, compliance officers are often slowed down by convoluted workflow for false positives. Banks need to constantly improve the rate at which they’re able to conduct checks.
• The diversity of regulations can be overwhelming. Banks operating in multiple jurisdictions need to adopt divergent practices depending on the local regulations that govern them. Compliance teams often struggle to keep up with both the changes in these regulations and the complexity of clients operating in multiple places.

The influence of AI and machine learning on KYC for banks

Automation plays a crucial role in helping compliance teams at banks overcome all these challenges. AI and machine learning help teams by:

• Speeding up customer onboarding: Allowing compliance teams to complete more thorough checks more rapidly by traversing a vast number of data sources and flagging issues based on the bank’s specific risk-based approach.
• Replacing manual tasks: Allowing compliance officers to spend more time on exceptions and less time validating false positives by automating the processing of multiple cases more accurately and more promptly.
• Simplifying regulatory complexity: Allowing banks to deploy procedures and processes in new jurisdictions while still following their specific risk-based approach by ingesting more relevant data sources and adapting to local laws more quickly.  

Leading AML & KYC solutions for banks

Banks require intelligent solutions that can handle the complexity and scale of efficient AML and KYC processes. When evaluating vendors for KYC solutions, it’s important to consider the following key benefits: 

• Automation of ongoing monitoring, which delivers sanction updates up to seven hours earlier than official source emails, allowing compliance teams to identify critical changes in risk earlier.
• Seamless integration with a RESTful API that triggers immediate alerts and webhooks, enabling straight-through processing and the ability to instantly freeze any flagged transaction.
• Streamlined customer onboarding by reducing false positives and improving alert quality, based on a global and dynamic database of sanctions and watchlists.