A common tactic of criminals is to pass themselves off as another person or hide behind a company name – even if that person or company doesn’t actually exist. This makes it more difficult to trace crimes back to their true identities. For this reason, financial regulations in most parts of the world require institutions to “know your customer.”
Commonly referred to as “KYC,” this is a set of standards and practices for ensuring financial customers are who they claim to be. That includes checking if they have criminal histories or are in vulnerable political positions, thus presenting greater risks for abusing an institution’s services to commit financial crime.
We’ll start with a basic overview of KYC’s meaning, including what the acronym stands for.
“KYC” stands for “know your customer” or sometimes, alternatively, “know your client.”
Know Your Customer, or “KYC,” is a legal requirement for financial institutions to verify the identities of people and companies that open financial accounts. This includes assessing their risk of getting involved in financial crime by comparing their ID information against regulatory lists.
There are a few refined categories of KYC that are more focused: Know Your Business (KYB), dealing specifically in the identification of companies and suppliers; Know Your Employee (KYE), dealing specifically in the identification and ongoing status of employees; and Know Your Transaction (KYT), dealing specifically in examining and analyzing transactions for suspicious behavior that could amount to fraud.
For all intents and purposes, KYB is the same as KYC, as many financial institutions have businesses as clients. While KYE and KYT have less overlap, they are very similar in practice to KYC procedures.
KYC compliance is important because it protects financial institutions from being used as conduits for financial crime. If an FI allows a customer to open or operate an account, and the customer uses the account for activities like money laundering or terrorist financing, the FI can potentially be held responsible as well for failing to meet KYC regulations.
KYC checks are especially important when a financial institution brings on a new client. The FI likely doesn’t know anything about the person or what their financial objectives are, as they don’t have a history of dealings with the person to reference. So it’s critical to collect as much identifying information on the person as possible to compare against information sources related to financial risk.
A KYC check is a financial institution process that has two parts. First, it involves verifying a customer’s identity as them being a real person or company who is accurately representing themselves. Second, it entails checking a verified person or company’s identity against regulatory lists to determine how much risk of perpetrating financial crime they represent.
KYC and due diligence – also known as customer due diligence or CDD – are similar concepts in terms of minimizing the potential risks in business relationships between a financial institution and its clients.
The difference is that CDD is simply one component of KYC, which is a more comprehensive risk management process that also includes identity verification and ongoing financial activity monitoring.
CDD is the part of KYC that involves checking an individual’s identity against regulatory lists and other information sources (such as news media) that may contain evidence of suspicious or illegal activity. This allows a financial institution to assess the probability of a potential or existing customer committing a financial crime.
To explain further, we’ll next take a look at a simplified version of KYC procedures.
The KYC process typically involves four steps.
The first step in KYC verification is to collect identifying information about the customer(s) in question. There are two objectives in this step. One is to verify that each set of information corresponds to a singular, real person. The other is to verify that the identification provided matches the person being verified.
Also sometimes called name screening, this step involves checking any verified identities against information sources that could indicate a person represents higher financial risk.
These mostly consist of government-issued lists of trade-sanctioned individuals, politically exposed persons (PEPs), and wanted criminals. However, they can also include credible news outlets that have published stories about individuals exhibiting suspicious or unlawful behavior.
If a verified individual is found in one or more information sources indicating potential financial risk, enhanced due diligence (EDD) is required.
This involves conducting a more thorough background check on the individual, including if there is any mention of them currently being involved in any potentially illegal activity. Sometimes, it will be determined that a person presents too much financial risk and the business relationship cannot continue.
To comply with financial regulations, financial institutions must keep up-to-date records of their customers’ identifying information, as well as any due diligence checks performed on them.
They must also monitor their customers’ transactions to determine if the amount of financial risk they pose changes over time.
Generally, financial regulatory bodies around the world have similar KYC requirements that financial institutions and their customers must follow to help prevent financial crime. The following are some common elements of a compliant KYC policy.
In the US, the Know Your Customer section of the Patriot Act – Section 326 – established the requirement that all financial institutions have a CIP. This is an identity verification system that needs to collect the following pieces of information from a customer, at a minimum:
Corporate accounts may also need to provide proof that they represent legitimate businesses, such as business licenses or certified articles of incorporation.
This regulation is important to follow from a compliance perspective because it outlines the information necessary to check against government databases. This ensures a customer truthfully represents themselves as a real person or company. It also allows for checking whether or not a person or company is on any financial regulatory lists, like the Denied Persons List (DPL).
This is a relatively new Know Your Customer rule that was implemented in the US in 2016.
Financial institutions must not only collect identifying information from the person, company, or trust that will legally control an account; they must also collect identity information on anyone who holds significant ownership or decision-making authority over assets in the account, or over the company or trust that controls the account. These are known as beneficial owners.
Following this KYC standard helps to increase transparency about who makes decisions regarding – and benefits from – assets in an account. This is because the account’s legal owner isn’t always this person (or one of them). Without this regulation, corporations and trusts can potentially hide who’s really in charge of them and, in turn, conceal illicit financial dealings.
CDD involves determining a financial customer’s risk profile: that is, how likely they are to become (or already be) involved in financial crime. It typically considers aspects like the value of their accounts, how much identifying information is available on them, and if they are on any financial regulatory lists (including lists of PEPs).
These factors allow a financial institution to assign a customer a risk score, signifying how closely their financial activities should be monitored.
While specific Know Your Customer due diligence scoring systems can vary between institutions, they can generally be reduced to three tiers:
Just because a financial customer is high-risk doesn’t mean they will actually do anything shady. Conversely, a low-risk customer is still capable of committing fraud or other financial crimes, or of becoming a PEP.
That’s why it’s important for financial institutions to monitor transactions for suspicious activity, and keep ID information up-to-date, for each customer. It’s also why FIs should periodically run additional KYC procedures on customers to determine if their financial risk profiles have changed.
Unit21’s onboarding orchestration tool offers an operating engine with custom workflows and automation to combine KYC/KYB data with other data sources to onboard users. This allows compliance teams to create frictionless and custom user journeys at scale because they can bring in any data from a provider of their choice. The Onboarding Orchestrator also directly connects to case management to review alerts.
To see how this tool – and more of Unit21’s platform’s functions – can help streamline your organization’s compliance processes, get in touch with us to schedule a demo.