So - how do you become KYC compliant, and why would you need to be? Let us tell you all about it.
Nino Gabrielashvili, July 14th, 2020
ShareLove this blog? Why not share it with the world?
In this article, we’ll cover the ins-and-outs of Know Your Customer (KYC) compliance and how to comply with KYC requirements in your organization. As a bonus, you’ll become an expert at identifying some of the endless KYC-related acronyms, like CDD, CTF, CIP, PEP, and PII.
KYC means conducting background checks on customers for pre-onboarding risk assessments. It is done by businesses to identify and verify the identities of clients to meet regulatory compliance. In other words, it ensures that you know your customers. Meeting KYC or Customer Due Diligence (CDD) standards is a cornerstone of modern Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CTF) policies.
Corporate KYC is an expansion of standard KYC regulations. Instead of focusing on verifying individuals, corporate KYC covers a set of procedures to verify businesses. It plays a crucial role in identifying fake companies and as such, corporate KYC regulations are a modern shield against worldwide money laundering. Corporate KYC plays a significant role in fulfilling KYC and AML compliance and it’s also often referred to as KYB (Know Your Business).
On Facebook, you see our “alternative” KYC definition from Veriff’s “identify verification industry glossary”:
Initially, the regulations on KYC procedures only targeted financial institutions. Nowadays, however, KYC is considered a key obligatory procedure not only for financial but also for various non-financial institutions. The complete list of regulated entities that are impacted by KYC requirements varies from one country to another. Typically, the list of regulated entities includes:
Well-structured KYC processes greatly reduce the risk of fraud. Proper knowledge of KYC requirements and the associated procedures are becoming an increasingly important tool of survival in the complex world of anti-money laundering. But what exactly is the role of KYC in anti-money laundering? Let’s find out.
The term AML refers to different regulations from governments and international organizations. The main purpose of the existing AML regulations, such as the latest Anti-Money Laundering Directive (AMLD5) regulatory framework, is to address the following two types of crimes:
KYC is an essential component in the combating of these kinds of crimes, making KYC compliance an integral process for AML purposes. After all, organizations need to pay attention to who they onboard as a customer, and proper customer risk assessment through a well-functioning KYC process can filter out customers that are linked with money laundering or terrorism.
In short, KYC and AML are two very closely related sets of regulations. And, it’s nearly impossible to have one without the other. This means that if you want your organization to be fully compliant with either KYC or AML, you’ll inevitably have to learn the ins-and-outs of both of them.
The value of KYC was also highlighted during the COVID-19 pandemic. In a survey from the Global Coalition to Fight Financial Crime, 95.5% of respondents believed that due to the pandemic, financial crimes would increase. Any financial crime is closely tied together with AML, and KYC can play a significant role in the prevention of such crime by conducting precautionary measures. Considering all the worrying worldwide statistics of fraud, illicit activity, economic crimes, and money laundering, it’s no wonder why KYC regulations are becoming increasingly important.
So, what about the actual KYC process itself? What does it look like?
1. Customer Identification Program (CIP)
The KYC process includes obtaining and checking Personally Identifiable Information (PII). This phase is referred to as a Customer Identification Program (CIP). CIP is necessary to curb money laundering, counteract terrorist financing, and to combat various other criminal activities that could arise from improper identification of customers.
However, as is often the case with KYC regulations, there’s no one-size-fits-all type of solution to CIP. While CIP provides general instructions, it’s up to each company to decide which PII they choose to request according to their policy.
Some of the more commonly requested examples of PII include:
To verify PII, the clients might need to introduce official documents such as a Passport, ID card, Driver’s license, or Residence Permit. However, besides these three examples, various other types of PII can be requested from clients, and the PII verification processes should be adjusted accordingly.
For verification purposes, verifiers may also run PEP (Politically Exposed Person) and Sanctions checks against worldwide watch-lists. Veriff offers both PEP and Sanctions checks as one of its optional services.
2. Customer Due Diligence (CDD)
In the European Union, KYC process requirements are determined by the AMLD5 framework. According to the AMLD5, obliged entities must ensure that they know who their customers are. In legal policies, this process is referred to as “Customer Due Diligence (CDD)”, and it is an integral part of financial institutions and other designated non-financial businesses and professions. Read more in our in-depth article on 6 key AMLD5 guidelines to examine the topic in-depth. And, here’s a visual explanation of AML guidelines from the European Commission.
In the United States, on the other hand, CDD requirements are enforced by the Financial Crimes Enforcement Network (FinCEN). FinCEN is authorized by the Bank Secrecy Act (BSA) to impose AML requirements on obliged legal entities and they require all obliged entities to be compliant with four main CDD rules. These rules bolster CDD requirements for financial institutions in the United States, and they apply to entities such as U.S. banks, mutual funds, securities brokers, and futures commission merchants, among others.
Examining both the four CDD rules from the FinCEN and the CDD recommendations from the Financial Action Task Force (FATF) reveals that the two sets of rules are nearly identical. According to them, obliged entities must:
An organization that abides by these sets of rules and recommendations is one step closer to becoming KYC compliant. However, the process of performing CDD is a continuous one, and it varies case-by-case depending on the results of the initial customer risk assessment. That is why there are three different levels of CDD, each meant to be used for different clients depending on their risk levels.
These are the three primary types of CDD procedures
Now that you’ve had a chance to glimpse into the abbreviation-rich and oftentimes complicated world of KYC and AML, you might already be pulling your hair out from all these regulations and requirements. While it’s true that becoming legally compliant with all KYC and AML requirements is no easy task, it is a task that can be simplified through the use of online identification services.
In the 21st century, most regulators and organizations already acknowledge the reliability and ease of use of Electronic Know Your Customer (eKYC) and online identification services. This means that all the complicated and time-intensive processes involving personal data, customer identification, and verification can be reduced to a matter of minutes, if not seconds.
Through machine learning, artificial intelligence, and identity experts, Veriff provides organizations with the tools necessary to provide best-in-class online identity verification in seconds. Veriff collects more data points than any other identity verification provider. Many large-scale companies have chosen Veriff as their KYC and fraud prevention service provider. We hope you’ll also consider doing the same if you’re looking for someone reliable to help you achieve KYC compliance without losing your sanity in the process.
EDD in banking involves gathering information in order to verify the identity of customers and calculate the exact level of money laundering risk each customer poses. During the EDD process, the customer is asked for a much greater amount of information than they are during the CDD process, as this information can be used to mitigate the risks involved.
When carrying out due diligence, a financial institution must determine whether they should perform customer due diligence (CDD) or enhanced due diligence (EDD). This is because FATF guidance suggests that companies should adopt a risk-based approach to due diligence that reflects the specific level of risk that each individual customer presents.
Synthetic fraud is incredibly dangerous and is a major problem facing the financial sector. Unlike third-party fraud, where an entire identity is stolen and used to defraud enterprises and victims, synthetic fraud frequently has no specific consumer victim.