What is know your customer (KYC)?

Know your customer (KYC) is the process financial institutions (FIs) use to verify their customers’ identities and inform compliance risk assessments. KYC is a foundation of anti-money laundering and countering the financing of terrorism (AML/CFT) compliance in jurisdictions worldwide. Given its regulatory importance, firms should understand how to implement KYC effectively. 

With financial crime and the global cost of money laundering on the rise, KYC policies have evolved to detect criminal methodologies better and mitigate the risk of illegal transactions. Effective KYC protects financial service providers from costly compliance penalties, criminal liability, and reputational damage and safeguards individual customers who may otherwise fall victim to financial crime.

What is the KYC process?

The KYC process typically involves collecting and verifying certain information about individuals or entities, such as their identity, address, and financial history. This helps organizations assess the risk associated with a customer and ensures compliance with AML and other regulatory requirements.

The three components of the KYC process are a customer identification program, customer due diligence, and ongoing monitoring.

1. Customer identification program (CIP): 

Many FIs begin their KYC procedures by collecting basic customer data and information, ideally using electronic identity verification. Some countries call this process a Customer Identification Program (CIP). 

The basic KYC data requirements of a CIP include:

• Names.
• Addresses.
• Dates of birth.
• Social security or National Insurance numbers.

2. Customer due diligence (CDD): 

Once basic customer data is collected, FIs must accurately assess the level of criminal risk the entity presents. This stage is known as customer due diligence (CDD). CDD involves a more in-depth examination of customer information and risk factors, particularly for higher-risk customers, to mitigate financial crime risk.

Key aspects of CDD typically include:

• Source of funds: When onboarding a customer, firms will often investigate and document the individual’s source of funds and source of wealth to ensure they are legitimate.
• Risk assessment: To help establish a customer’s risk category, firms will consider factors like occupation, transaction history, and geographic location. To ensure the risk level is accurate, many firms will screen entities against some of the following lists and sources:
  • Lists of high-risk jurisdictions.
  • Global sanctions and watchlists.
  • Lists of politically exposed persons (PEPs).
  • Criminal registries of participants involved in bribery and corruption.
    

Recommended by the Financial Action Task Force (FATF), risk-based KYC allows firms to balance their compliance obligations in a proportionate, efficient way. Customers who present a higher risk may be subject to more intensive KYC measures, while lower-risk customers may receive the minimal necessary scrutiny. If a customer’s risk profile suggests the need for additional checks, the firm may be required to collect and analyze additional information before proceeding with the business relationship. This is known as enhanced due diligence (EDD) and may be particularly relevant for high-net-worth customers or those identified as high-risk, such as PEPs. 

Risk assessments also allow FIs to compare a client’s financial activity to their peers. When clients diverge from expected financial behavior, banks may use clients’ profiles with similar occupations, financial backgrounds, and industry connections to determine the likelihood of criminal activity.

3. Ongoing monitoring

Another essential component of the KYC process is ongoing monitoring – in this case, often referred to as perpetual KYC (pKYC). This involves regularly checking customers relative to their risk profile and behavior, which may have changed over time. For example, a change of address to a high-risk jurisdiction may flag a KYC alert. Specialist software and employee training can help firms stay ahead of changes in the KYC compliance landscape. 

Why is KYC important?

KYC is important for protecting both businesses and their customers from fraud and other financial crimes. It is also a legal requirement for many firms. 

Firms must always verify the identity of new customers before they are onboarded and continue to monitor them throughout the business relationship. As well as detecting and preventing criminal activity, KYC can help firms better understand and serve their customers. When firms around the world work together and share information, it can help slow the spread of financial crime.

KYC regulations

KYC regulations can vary significantly from one jurisdiction to another and are subject to change over time. Therefore, it’s essential to consult the specific regulatory authorities and guidelines applicable to a particular region or industry. Key global legislation and the regulators responsible for overseeing compliance include:

• United States: In the US, KYC requirements are governed by various federal laws and regulations, including the USA PATRIOT Act, Bank Secrecy Act (BSA), and various rules and guidelines issued by agencies like the Financial Crimes Enforcement Network (FinCEN) and the Office of the Comptroller of the Currency (OCC). 
• European Union: The EU has implemented KYC regulations through directives such as the Fourth Anti-Money Laundering Directive (4AMLD), the Fifth Anti-Money Laundering Directive (5AMLD) and the Sixth Anti-Money Laundering Directive (6AMLD). Enacted in December 2020, 6AMLD expanded the scope of existing legislation, harmonized the criminal law across the EU, and improved cooperation between the member states.
• United Kingdom: The UK has its AML regulations and guidance issued by the Financial Conduct Authority (FCA). The UK also follows EU directives regarding KYC and AML, although Brexit has led to some divergence in regulations.
• Canada: Canada enforces KYC and AML rules through the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) oversees compliance. 
• Australia: In Australia, KYC regulations are governed by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act), with oversight provided by the Australian Transaction Reports and Analysis Centre (AUSTRAC). 
• Singapore: Singapore primarily operates its AML regulations through the  Payment Services Act and the Monetary Authority of Singapore’s (MAS) guidelines. MAS is the regulatory authority responsible for overseeing KYC compliance.

Risks and penalties for KYC non-compliance

Non-compliance with KYC requirements can have serious repercussions for firms. The risks to organizations include doing business with criminals and enabling fraud such as money laundering and the financing of terrorism. This can lead to reputational damage, financial losses, and decreased client confidence.

The penalties for non-compliance with KYC regulatory requirements include fines and even imprisonment. In 2022, firms were fined a total of $5 billion for sanctions breaches and issues relating to AML and KYC.

Who needs to comply with KYC regulations?

All financial services companies need to comply with KYC regulations. This includes banks, private lenders, fintechs, casinos, credit unions, digital wallet providers, wealth management firms, and broker-dealers. These are known as regulated entities.

The importance of automation in KYC

KYC compliance requires significant resources. Rising numbers of global transactions and increasingly complex regulations mean that manual KYC processes are often unable to meet compliance needs and subsequently expose companies to unacceptable levels of risk. Given the risks – which include financial penalties and criminal liability – it is crucial that companies implement an automated KYC solution. 

Automated KYC software – often known as electronic KYC (eKYC) – offers a range of significant compliance benefits, including:

• Improved speed: Automated KYC tools accelerate the KYC process, facilitating faster customer due diligence, transaction monitoring, and customer screening checks than would have been possible with manual teams.
• Increased accuracy: Software platforms increase the accuracy of KYC checks. Companies that collect large amounts of digital data as part of their KYC process may benefit from machine learning (ML) systems. Powered by artificial intelligence (AI) algorithms, ML-based systems enable companies to use established data to make decisions about the future behavior of their customers and then adjust their compliance measures without any need for further human input. In practice, ML systems may be used to further automate KYC transaction monitoring and spot when customers diverge from their expected behaviors. Similarly, ML may be able to enhance false positive remediation by using digital data to make faster, more accurate decisions about suspicious transactions.
• Adaptability: The AML/CFT risk landscape changes constantly as criminals develop new methodologies and governments introduce new regulations to counter them. Automated KYC tools help companies react to those changes. Companies may implement horizon scanning, react to compliance challenges quickly, and ensure new threats are addressed with minimal disruption to customers.
• Enhanced customer experience: Automated KYC reduces administrative friction and enhances customer experience during the compliance process. In particular, automated KYC software is capable of pre-screening customers against whitelists: databases of individuals and entities with risk characteristics that trigger AML alerts but that aren’t otherwise considered high risk.

As the AML/CFT landscape evolves, FIs need innovative software partners who understand the challenges of KYC. ComplyAdvantage’s automated KYC software uses a proprietary, consolidated risk database for automated screening and monitoring. Customizable matching technology means faster and more accurate KYC, reducing onboarding time and enhancing customer experience.