What is Know Your Customer (KYC)?
Know Your Customer (KYC) procedures are a critical function to evaluate customer risk and a legal requirement to adhere to Anti-Money Laundering (AML) laws. Effective KYC involves knowing a clients identity, their monetary activities and the threat they posture.
Do you understand your customer? At any rate, you should. If you’re a financial institution (FI), you could deal with possible fines, sanctions, and reputational damage, if you work with a cash launderer or terrorist. KYC is a basic practice to protect your organization from scams and losses resulting from unlawful funds and deals.
“KYC” refers to the actions taken by a financial institution (or company) to:
- Establish customer identity
- Comprehend the nature of the client’s activities (primary objective is to satisfy that the source of the customer’s funds is legitimate).
- Assess money laundering risks associated with that client for purposes of monitoring the client’s activities.
Developing and running an effective KYC program requires the following elements:
Step 1: Customer Identification Program (CIP)
How do you know somebody is who they say they are? After all, identity theft is prevalent, affecting over 16.7 million US customers and accounting for 16.8 billion dollars stolen in 2017. For required entities, such as financial institutions, it’s more than a financial danger: it’s the law.
In the US, the CIP mandates that any individual performing monetary deals needs to have their identity verified. Provisioned in the Patriot Act, the CIP is designed to minimize money laundering, terrorism financing, corruption and other illegal activities.
Other jurisdictions have comparable provisions; over 190 jurisdictions all over the world have committed to suggestions from the Financial Action Task Force (FATF), a pan-government organization designed to combat money laundering. These recommendations include identity confirmation procedures.
The desired result is that obliged entities accurately identify their customers.
A critical element to an effective CIP is a danger assessment, both at the institutional level and at the level of treatments for each account. While the CIP provides guidance, it’s up to the individual organization to figure out the specific level of threat and policy for that risk level.
The minimum requirements to open a specific financial account are clearly delimited in the CIP:
- Date of birth.
- Identification number.
While gathering these details throughout account opening is enough, the institution should validate the identity of the account holder “within a reasonable time.” Procedures for identity verification consist of files, non-documentary techniques (these might consist of comparing the details supplied by the consumer with customer reporting companies, public databases, among other due diligence steps), or a mix of both.
These treatments are at the core of CIP; similar to other Anti-Money Laundering (AML) compliance requirements, these policies should be followed strictly. They require to be clarified and codified to supply continued guidance to personnel, executives, and for the advantage of regulators.
The specific policies depend upon the risk-based approach of the organization and might consider elements such as:.
- The kinds of accounts offered by the bank.
- The bank’s approach to opening accounts.
- The types of identifying information available
- The bank’s area, size, and customer base, including the types of services and products utilized by clients in different geographical locations.
Step 2: Customer Due Diligence
For any banks, among the first analysis made is to figure out if you can rely on a potential customer. You require to make sure a potential client is reliable; consumer due diligence (CDD) is an important aspect of successfully handling your dangers and securing yourself versus bad guys, terrorists, and Politically Exposed Persons (PEPs) who might provide a risk.
There are three levels of due diligence:
Simplified Due Diligence (SDD)
SDD are scenarios where the danger for money laundering or terrorist financing is low and a complete CDD is not needed. For example, low value accounts.
Customer Due Diligence (CDD)
CDD is info acquired for all customers to verify the identity of a consumer and assess the dangers associated with that client.
Enhanced Due Diligence (EDD)
EDD is extra info collected for higher-risk clients to supply a much deeper understanding of client activity to alleviate involved risks. In the end, while some EDD aspects are specifically enshrined in a country’s legislations, it’s up to an FI to identify their risk and take steps to ensure that their consumers are not bad actors.
Some useful actions to include in your Customer Due Diligence program include:
- Determine the identity and place of the prospective consumer, and acquire a mutual understanding of their organization activities. This can be as basic as locating documentation that confirms the name and address of your consumer.
- When confirming or validating a prospective client, categorize their threat category and define what type of customer they are, prior to saving this info and any extra paperwork digitally.
- Keeping records of all the CDD and EDD carried out on each consumer, or possible client, is necessary in case of a regulatory audit.
- Beyond basic CDD, it’s crucial that you carry out the appropriate processes to establish whether EDD is needed. This can be an ongoing process, as existing clients have the prospective to transition into higher risk classifications gradually; in that context, carrying out regular due diligence assessments on existing customers can be helpful. Aspects to consider to determine whether EDD is required, consist of, but are not limited to:
- Location of the person.
- Occupation of the individual.
- Type of transactions.
- Anticipated pattern of activity in regards to transaction types, dollar worth and frequency.
- Expected payment method.
Step 3: Ongoing Monitoring
It’s insufficient to simply inspect your client just once, you need to have a program to monitor your customer on a continuous basis. The ongoing monitoring function consists of oversight of monetary transactions and accounts based on thresholds developed as part of a consumer’s risk profile.
Depending on the consumer and your threat mitigation technique, some other aspects to keep track of might consist of:
- Activity spikes
- Out of location or uncommon cross-border activities
- Inclusion of individuals on sanction lists
- Adverse media mentions
There might be a requirement to file a Suspicious Activity Report (SAR) if the account activity is considered uncommon.
Periodic reviews of the account and the associated risk are also considered best practices:
- Is the account record up-to-date?
- Do the type and quantity of transactions match the mentioned function of the account?
- Is the risk-level appropriate for the type and quantity of deals?
In general, the level of transaction tracking relies on a risk-based assessment.
Just as individual accounts require identifying, due diligence and tracking, business accounts require KYC treatments too. While the procedure bears resemblance to KYC for private customers, its requirements are different; in addition, transaction volumes, deal quantities, and other risk factors are generally more noticeable so the procedures are more involved. These are often referred to as Know Your Business (KYB).
While each jurisdiction has its own KYB requirements, here are 4 basic actions to carry out an effective program:
Recover Company Vitals
Identify and validate an accurate business record such as details regarding register number, company name, address, status, and crucial management personnel. While the particular details that you collect depends upon the jurisdiction and your fraud avoidance standards, you’ll need to systematically collect the details and input it into your workflows.
Evaluate Ownership Structure and Percentages
Figure out the natural persons or entities who have an ownership stake, either through direct ownership or through another party.
Recognize Ultimate Beneficial Owners (UBOs)
Compute the overall ownership stake, or management control, of any natural-person and identify if it crosses the threshold for UBO reporting.
Perform AML/KYC Checks on Individuals
For all individuals that are identified to be a UBO, carry out AML/KYC checks.
It’s one concern to ensure KYC compliance, it’s an all-together far higher problem to provide compliance in a way that is economical, scalable and does not unnecessarily problem the customer. A Thompson Reuters survey exposes escalating expenses and complexities bogging financial organizations (FIs) down. 89% of business customers have not had a great KYC experience – 13% have actually changed to another FI as a result.
Besides the bad customer experience, the real cost of running a thorough KYC compliance program continues to increase. Amongst the 800 FI’s in the study, the average was $60 million annually while some firms were spending as much as $500 million. In the UK, a Consult Hyperion report approximates KYC compliance costs banks ₤47 million a year, while each check runs ₤10 to ₤100.
Compliance professionals will have no alternative but to bear the weight of these brand-new requirements and expectations going forward; having said that, it’s necessary to know that these regulatory strictures serve a vital function: Battling fraud, eliminating money laundering, terrorist funding, bribery, corruption, market abuse, and other monetary misconduct. While the battle is complex and often pricey, the worth is important, both in protecting consumers and the whole monetary system from being controlled by bad actors.
Electronic KYC Verification (eKYC)
All workflows, where possible, should make the most of digital procedures. There may be circumstances, such as out-of-date legislations or hard-to-change traditional requirements, where digital methods can’t be used for KYC. However, these are exceptions and are on their way out; complete digital KYC is the future and businesses that fight it, will find themselves on the losing side.
There are many reasons eKYC will prevail:.
The Thompson Reuters study shows that 30% of participants specified it takes over 2 months to on-board a new customer, while 10% indicate it takes over 4 months. This is damaging customer relationships, has an unfavorable effect on the brand name, and is injuring earnings development as some clients desert the procedure. Faster eKYC procedures enhance all these aspects.
Mistakes slow down the process and contribute to cost; eKYC can automatically inspect for mistakes and fix any mistakes quicker.
While eKYC systems do have costs, their faster speeds, improved precision and better utilization of compliance resources offer much better value for money and enhance scalability.
As guidelines constantly change, compliance systems require to change correspondingly. eKYC workflows can alter nearly on the fly; in lots of cases, just update a ruleset and you’re done.
eKYC, for the most part, is about using APIs to easily add functionality. With new APIs being added all the time, brand-new capabilities are a basic integration away.
Tracking & Reporting
Digital data is perfectly transferable in its native kind to analytics, auditing, tracking and reporting systems developing opportunities for optimization and strategic analysis.
Not only is eKYC a quicker procedure, it is simpler for the consumer. The whole process is frequently mobile or internet-only hence providing a smooth, practical experience.
Your compliance and legal groups are highly paid, valuable and smart resources. eKYC enables a better work environment resulting in a more engaged workforce.
New technological advancements continue to drive KYC services forward. From biometric information to AI, technology is providing better methods to identify clients, run due diligence checks and carry out continuous monitoring.
The mix of mobile information with traditional information sources can take KYC to the next level, adding an additional layer of authentication to help provide a practical, immediate and simple and easy consumer experience, together with the needed compliance and fraud-mitigation measures.
Linking with real clients and foiling fraudsters in the mobile world is a difficulty. While you have an array of confirmation techniques and information available to you, accessing mobile information and leveraging it to ensure that particular requirements are met by genuine consumers includes an additional layer of security. Simply put, it’s another tool to help in reducing fraud risk, improve KYC requirements, and just as crucial, secure an effortless experience for your mobile-minded customers.