In this article, we’ll cover the ins-and-outs of Know Your Customer (KYC) compliance and how to comply with KYC requirements in your organization.
March 24th, 2022
ShareLove this blog? Why not share it with the world?
So, how do you become KYC compliant, and why would you need to be? Let us tell you all about it.
In this article, we’ll cover the ins-and-outs of Know Your Customer (KYC) compliance and how to comply with KYC requirements in your organization. As a bonus, you’ll become an expert at identifying some of the endless KYC-related acronyms, like CDD, CTF, CIP, PEP, and PII.
KYC means conducting background checks on customers for pre-onboarding risk assessments. It is done by businesses to identify and verify the identities of clients to meet regulatory compliance. In other words, it ensures that you know your customers. Meeting KYC or Customer Due Diligence (CDD) standards is a cornerstone of modern Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CTF) policies.
Corporate KYC is an expansion of standard KYC regulations. Instead of focusing on verifying individuals, corporate KYC covers a set of procedures to verify businesses. It plays a crucial role in identifying fake companies and as such, corporate KYC regulations are a modern shield against worldwide money laundering. Corporate KYC plays a significant role in fulfilling KYC and AML compliance and it’s also often referred to as KYB (Know Your Business).
On Facebook, you see our “alternative” KYC definition from Veriff’s “identify verification industry glossary”:
Initially, the regulations on KYC procedures only targeted financial institutions. Nowadays, however, KYC is considered a key obligatory procedure not only for financial but also for various non-financial institutions. The complete list of regulated entities that are impacted by KYC requirements varies from one country to another. Typically, the list of regulated entities includes:
Well-structured KYC processes greatly reduce the risk of fraud. Proper knowledge of KYC requirements and the associated procedures are becoming an increasingly important tool of survival in the complex world of anti-money laundering. But what exactly is the role of KYC in anti-money laundering? Let’s find out.
The term AML refers to different regulations from governments and international organizations. The main purpose of the existing AML regulations, such as the latest Anti-Money Laundering Directive (AMLD5) regulatory framework, is to address the following two types of crimes:
KYC is an essential component in the combating of these kinds of crimes, making KYC compliance an integral process for AML purposes. After all, organizations need to pay attention to who they onboard as a customer, and proper customer risk assessment through a well-functioning KYC process can filter out customers that are linked with money laundering or terrorism.
In short, KYC and AML are two very closely related sets of regulations. And, it’s nearly impossible to have one without the other. This means that if you want your organization to be fully compliant with either KYC or AML, you’ll inevitably have to learn the ins-and-outs of both of them.
The value of KYC was also highlighted during the COVID-19 pandemic. In a survey from the Global Coalition to Fight Financial Crime, 95.5% of respondents believed that due to the pandemic, financial crimes would increase. Any financial crime is closely tied together with AML, and KYC can play a significant role in the prevention of such crime by conducting precautionary measures. Considering all the worrying worldwide statistics of fraud, illicit activity, economic crimes, and money laundering, it’s no wonder why KYC regulations are becoming increasingly important.
So, what about the actual KYC process itself? What does it look like?
The KYC process includes obtaining and checking Personally Identifiable Information (PII). This phase is referred to as a Customer Identification Program (CIP). CIP is necessary to curb money laundering, counteract terrorist financing, and to combat various other criminal activities that could arise from improper identification of customers.
However, as is often the case with KYC regulations, there’s no one-size-fits-all type of solution to CIP. While CIP provides general instructions, it’s up to each company to decide which PII they choose to request according to their policy.
Some of the more commonly requested examples of PII include:
To verify PII, the clients might need to introduce official documents such as a passport, ID card, driver’s license, or residence permit. However, besides these three examples, various other types of PII can be requested from clients, and the PII verification processes should be adjusted accordingly.
For verification purposes, verifiers may also run PEP (Politically Exposed Person) and Sanctions checks against worldwide watch-lists. Veriff offers both PEP and Sanctions checks as one of its optional services.
In the European Union, KYC process requirements are determined by the AMLD5 framework. According to the AMLD5, obligated entities must ensure that they know who their customers are. In legal policies, this process is referred to as “Customer Due Diligence (CDD)”, and it’s an integral part of financial institutions and other designated non-financial businesses and professions. Read more in our in-depth article on 6 key AMLD5 guidelines to examine the topic in-depth. And, here’s a visual explanation of AML guidelines from the European Commission.
In the United States, on the other hand, CDD requirements are enforced by the Financial Crimes Enforcement Network (FinCEN). FinCEN is authorized by the Bank Secrecy Act (BSA) to impose AML requirements on obligated legal entities and they require all obligated entities to be compliant with four main CDD rules. These rules bolster CDD requirements for financial institutions in the United States, and they apply to entities such as U.S. banks, mutual funds, securities brokers, and futures commission merchants, among others.
Examining both the four CDD rules from the FinCEN and the CDD recommendations from the Financial Action Task Force (FATF) reveals that the two sets of rules are nearly identical. According to them, obligated entities must:
An organization that abides by these sets of rules and recommendations is one step closer to becoming KYC compliant. However, the process of performing CDD is a continuous one, and it varies case-by-case depending on the results of the initial customer risk assessment. That is why there are three different levels of CDD, each meant to be used for different clients depending on their risk levels.
These are the three primary types of CDD procedures
According to recent findings, KYC processes cost the average bank $60 million annually. This is because each individual check costs between $10 and $100.
However, some companies can spend far more than this on KYC compliance. For example, in 2013 alone, JPMorgan added 5,000 employees to their compliance team and spent $1 billion on controls.
But, there’s no reason why KYC compliance needs to cost your business this much money. Here at Veriff, our starter plans cost as little as $1.49 per verification. Plus, you can enjoy a 30-day free trial. Book a consultation today to see exactly how we can help you. Alternatively, start by learning more about us.
If you’re running a regulated entity, then it’s important that you know what a KYC risk profile (also known as a KYC risk scale) is.
Essentially, a KYC risk profile is a calculation of risk. The risk profile is created when a customer relationship is established. It is then used as a baseline for detecting suspicious activities.
Generally speaking, if a client’s risk level is high, they will be consistently and closely monitored. Crucially though, even if the risk rating of a client is low, they will still be monitored, just not as diligently.
Although a KYC risk profile is useful during onboarding, it can also be used to make a prediction of what a client’s risk should look like in the future. This is useful for determining whether something is unusual, out of place, or suspicious. For example, if a client’s transactions suddenly begin to diverge from your predictions, this may indicate suspicious behavior that needs to be investigated further.
Now that you’ve had a chance to glimpse into the abbreviation-rich and oftentimes complicated world of KYC and AML, you might already be pulling your hair out from all these regulations and requirements. While it’s true that becoming legally compliant with all KYC and AML requirements is no easy task, it is a task that can be simplified through the use of online identification services.
In the 21st century, most regulators and organizations already acknowledge the reliability and ease of use of Electronic Know Your Customer (eKYC) and online identification services. This means that all the complicated and time-intensive processes involving personal data, customer identification, and verification can be reduced to a matter of minutes, if not seconds.
Through machine learning, artificial intelligence, and identity experts, Veriff provides organizations with the tools necessary to provide best-in-class online identity verification in seconds. Veriff collects more data points than any other identity verification provider. Many large-scale companies have chosen Veriff as their KYC and fraud prevention service provider. We hope you’ll also consider doing the same if you’re looking for someone reliable to help you achieve KYC compliance without losing your sanity in the process.
Simply give us a few basic details about you and your company, and we’ll provide you with a personalized demo of what Veriff can do for you.
EDD in banking involves gathering information in order to verify the identity of customers and calculate the exact level of money laundering risk each customer poses. During the EDD process, the customer is asked for a much greater amount of information than they are during the CDD process, as this information can be used to mitigate the risks involved.
When carrying out due diligence, a financial institution must determine whether they should perform customer due diligence (CDD) or enhanced due diligence (EDD). This is because FATF guidance suggests that companies should adopt a risk-based approach to due diligence that reflects the specific level of risk that each individual customer presents.
Synthetic fraud is incredibly dangerous and is a major problem facing the financial sector. Unlike third-party fraud, where an entire identity is stolen and used to defraud enterprises and victims, synthetic fraud frequently has no specific consumer victim.