The complete list of regulated entities that are impacted by KYC requirements varies from one country to another. This is because different countries are governed by different rules relating to AML and KYC. For example, in the US, firms must comply with the Bank Secrecy Act and the USA Patriot Act. Meanwhile, in Europe, KYC and AML are governed by the AMLD regulations.
KYC stands for know your customer. In essence, KYC is a due diligence process that financial companies must follow in order to verify the identities of their customers and assess risk.
KYC laws aim to reduce fraud, money laundering, and terrorist financing. But, what are the main KYC requirements and how can companies ensure they comply with KYC laws? Let’s take a look.
KYC laws used to only target financial institutions. However, today KYC is considered to be an obligatory requirement for a number of financial and non-financial entities.
The complete list of regulated entities that are impacted by KYC requirements varies from one country to another. This is because different countries are governed by different rules relating to AML and KYC. For example, in the US, firms must comply with the Bank Secrecy Act and the USA Patriot Act. Meanwhile, in Europe, KYC and AML are governed by the AMLD regulations.
However, generally speaking, the list of regulated entities includes:
That said, KYC regulations are becoming increasingly critical for any institution that interacts with money. This is because, while banks are required to comply with KYC to limit fraud, they also pass down those requirements to all organizations they do business with.
KYC processes greatly reduce the risk of fraud. Plus, KYC is essential for preventing money laundering and the financing of terrorism. For this reason, KYC procedures should be at the heart of any company’s AML efforts.
The KYC process contains three legal components, which are often referred to as pillars. These are:
A customer identification program (CIP) became compulsory in the US in 2001 under the USA Patriot Act. This piece of legislation made it mandatory for all banks to implement written CIPs based on their size and customer base. It also made it mandatory for banks to implement CIPs into their larger AML policies.
As part of a CIP, a company must gather basic pieces of information from the customer, including their:
As well as gathering this information during the account opening process, the institution must also verify the identity of the account holder within a reasonable time. The procedures for verifying customer identities include checking the customer’s official identity documents and comparing the information provided with data from consumer reporting agencies and public databases.
The exact CIP processes a financial institution must put in place depend on:
To meet legal requirements, these processes must also be clarified and codified.
The second pillar of KYC compliance is customer due diligence (CDD). When conducting CDD, a business must verify the customer’s identity and evaluate the level of risk they pose.
There are three levels of due diligence:
As part of your customer due diligence program, you should:
But, checking a customer once and then never reviewing their activities and transactions again isn’t sufficient to ensure security and regulatory compliance. For this reason, ongoing monitoring is the third pillar of KYC.
Financial institutions must understand each customer’s typical account activity. By taking this step, the institution can catch irregularities and eliminate risks as they arise. If a customer’s risk profile changes or their transaction volumes and amounts start to shift dramatically, this could be a sign of fraudulent activity. Your business has an obligation to spot this and report it.
There are two main types of KYC document: proof of identity documents and proof of address documents.
During the KYC process, customers must provide an updated, unexpired government-issued identification document that proves their nationality or residence. This document must include a photograph or a similar safeguard. The company can then use the information in this document to decide whether the user should be able to open an account.
Generally speaking, customers are asked to provide one of the following forms of ID:
On top of this, in some instances, individuals may be asked to provide further verifying information, such as:
Once the business has received the required documentation, they will check that the information is valid and credible. They will do this by verifying the authenticity of the document and using digital identity verification processes.
Once the authenticity of the document has been established and the business has ascertained that the information is credible, the individual will be asked to provide a selfie. This will first be checked for realness and liveness. If the image passes these checks, biometric authentication methods will be used to confirm that the person in the image is also the person pictured on the identity document.
Once a customer’s identity has been verified and they’ve passed due diligence checks, they can be onboarded. However, this does not mark the end of the KYC process. On occasion, you may need to re-verify customers and pass them through an updated KYC process.
The triggers for KYC re-verification change on a business-by-business basis. However, common triggers include:
For example, a bank may onboard a customer who they believe poses a minimal level of money laundering risk. However, six months into the relationship, they may notice that the customer has suddenly started to complete frequent wire transfers and international transfers.
As a result, this account now poses a much higher level of money laundering risk and needs to be monitored more closely. As part of the re-verification process, the customer may be asked to explain their actions. Other KYC-related information may also need to be updated to reflect the change in circumstances.
Of course, implementing KYC processes is costly for businesses. Estimates suggest that, in 2021, financial institutions spent more than $37 billion on AML and KYC-related tools and operations.
On top of this, the cost of KYC compliance extends far beyond tools and pieces of software. This is because the creation of KYC processes also requires an increased time investment. Plus, if the processes are too burdensome, they’ll lead to an increase in customer churn and a decrease in conversions.
That said, although implementing KYC can be both challenging and costly, it’s a legal necessity. On top of this, the cost of not complying with KYC requirements can be astronomical. This is because fines for non-compliance are continually increasing.
In 2013 and 2014, $4.3 billion in fines was levied against financial institutions. For context, this was quadruple the amount that was issued in the previous nine years combined.
Since then, monitoring has increased further and requirements for financial firms have also become even stricter. In the first half of 2021 alone, 80 banks were fined almost $3 billion for AML and KYC-related violations.
Plus, although the financial penalties for non-compliance are high, it should also be noted that financial institutions that fail KYC checks also face a number of other penalties for non-compliance, including a loss of trust from customers and irreversible reputational damage. As a result, although it can be costly to implement KYC processes, this cost should be viewed as non-negotiable.
If your business needs to comply with KYC requirements, we can help. Here at Veriff, we’ve developed an AML and KYC screening solution that can help you satisfy regulators. As an added bonus, it can also help you increase customer conversions.
By deploying our online identity verification service alongside politically exposed persons and sanctions checks as well as adverse media screening and ongoing monitoring, it reduces risk for your business at every turn.
By increasing accuracy and simplifying the onboarding process, it can also increase conversions by up to 30% and reduce false positives by up to 70% (when compared with legacy technology).
Interested in learning more about how our AML and KYC screening solution can help your business meet its regulatory requirements? Book a personalized demo with our experienced team today. We can show you exactly how our software can help you achieve compliance.