“Know Your Customer”, or KYC is a set of legally required procedures first implemented by banks to verify their customers’ identities. KYC is considered the first step in anti-money laundering (AML) compliance. Both KYC and AML were born from legislation preventing the financing of criminal activity. It is the responsibility of both financial institutions and businesses to ensure that their customers are not using their services to fund terrorism, theft, fraud, or other crimes. If compliance is not maintained, companies will be held liable for any illegal activity resulting from poor vetting and risk assessment of their customers.
If you are a business owner or head of a financial service entity, you need to have a thorough understanding of KYC and establish KYC policies that are effective and efficient, yet keep you in good legal standing. What do you need to know?
Three Phases of KYC:
There are three steps or phases in the KYC process: the customer identification program (CIP), customer due diligence (CDD), and customer monitoring. Here are basic requirements and suggestions for each KYC component.
For CIP banks and other entities must use customer documents to verify the customer’s identity. Acceptable documents usually include any form of photo ID such as a driver’s license, passport, and a U.S. social security card or another authorized national identity card. Once you have gathered the customer’s demographic information (name, date of birth, address, ID number) you can check public databases to verify the details. It can be time and labor-intensive to do this manually, but some companies offer automated solutions for ID verification for KYC.
The CDD phase of KYC requires banks and other businesses to evaluate their customers and assign a risk level based on how likely the person will finance illegal activity or become involved in money laundering. Your business is responsible for conducting a thorough investigation and risk assessment on each customer. To do this, you can split customers into two categories: simple due diligence (SDD) or enhanced due diligence (EDD). Simple and enhanced refers to the type and frequency of monitoring you will use. Ideally, you might assign risk based on the following:
- Customer occupation
- Type of account/s
- The average amount for transactions
- Frequency of transactions.
- Expected pattern of activity
- Expected method of payment
At this point in risk assessment, you might do a deeper dive into the criminal background or financial sanction lists to find out if a customer might need enhanced precautions.
Once you have your new customer verified and classified by risk level, you must continue to monitor them, and record when the monitoring took place. It might be helpful to use computer software to automate the monitoring process. One example might be doing a monthly or bi-monthly check on all of the customer’s accounts. When examining the customer’s account activity, look for the following:
- Unusual activity
- Spikes in purchases or withdrawals
- Out-of-area or over-the-border transactions
- Names of people on sanction lists
KYC Best Practice:
Instead of trying to manage everything on your own, you can outsource to companies specializing in ID verification for KYC and KYC solutions. They might be able to automate all of your KYC monitoring and streamline your customer onboarding. Thanks to tech advances, you have quick and user-friendly eKYC options such as auto fill-in (for demographic information), facial recognition, and liveness detection. Thanks to eKYC, you’ll also be able to interact with your customers remotely.
Due to the legal requirements and consequences of compliance violations, you can expect that KYC implementation will be challenging. However, there are strategies for making it easier, saving you time and money. Seek services offered by KYC solution companies and see how they can benefit your company.