The KYC process explained

Know your customer (which is more commonly referred to simply as KYC) is a major part of any business’s fight against money laundering and financial crime. In many sectors, such as financial services, it’s a regulatory requirement. 

During the KYC process, a business must identify the potential customer and verify their identity. They must also ensure that the person who is attempting to open the account is exactly who they’re claiming to be. On top of this, the business involved must gain an understanding of that customer’s potential activities and the level of money laundering risk they pose. After the KYC onboarding process, the business must monitor the customer’s activities on an ongoing basis.  

Effective KYC procedures stop legitimate companies from conducting business with organizations or individuals involved in illegal activity, such as money laundering or terrorist financing. The process also gives the company an insight into the expected activities of the customer and the relationship they can expect.

Across the financial services industry particularly, KYC processes are becoming more and more rigorous. But, what are the key KYC steps that businesses must include in order to truly know their customers and stay compliant with regulations? Let’s take a look.

Why is KYC so important?

The mandatory nature of KYC processes ensures that financial institutions check their customers are real and are not linked to crime. These processes also ensure that these institutions are continually monitoring the level of risk that each customer poses.

When onboarding new customers, the KYC process makes sure that companies are identifying money laundering, terrorism financing, and other illegal corruption schemes. This means that companies can actively stop dirty money from flowing through the financial system.

As KYC is so important, heavy penalties can be applied to companies that fail to properly implement KYC procedures. Between 2008 and 2018, estimates suggest that businesses in the US, Europe, the Middle East, and the Asia Pacific were issued with fines totaling $26 billion for non-compliance.

3 steps in the KYC process

The KYC process includes three distinct steps: customer identification, customer due diligence, and continuous monitoring. For the KYC process to be complete and to ensure regulatory compliance, each of these steps must be followed closely. Let’s take a look at what each of the steps involves in greater detail, with a particular focus on KYC in banking.

Customer identification

The first element of any successful KYC process is a thorough customer identification program (CIP).

A CIP is vital for preventing fraud and identity theft. It’s also mandated by the Financial Action Task Force (FATF) and the Patriot Act in the USA. The process involves a business conducting a series of checks that identify and verify the identity of the user.

In order to pass the customer identification process, the customer in question must provide the business with a number of personal details. For example, in order to open a new individual finance account in the US, an individual must provide the bank with their:

• Full name
• Date of birth
• Full address
• An identification number

When this information has been gathered, the institution must then also verify the identity of the account holder ‘within a reasonable time’. This means that a business must not only verify that the information provided and the identity is real, but they also must verify that the person providing the information is the owner of the information supplied.

To be successful, the measures a business uses for CIP purposes must be consistent. Due to this, before implementation, the steps must be clarified and codified so they provide continual guidance to staff and executives. This will also help the business meet regulatory standards.

The exact CIP processes you’ll need to implement will depend on a number of factors, including:

• The type of account or service you offer
• The method by which accounts are opened or services are accessed
• The size of your company
• The location of your company
• Your customer base, including the types of products and services used by customers in different geographic locations

The process of conducting these checks used to be time consuming because individuals would need to schedule appointments to meet someone in-person. Now, however, the creation of the eKYC process means that KYC can be completed online.

As part of the verification process, pieces of software can be used to check supplied information across databases. Other pieces of software can be used to scan selfies supplied by the person providing the information. These images can be checked against the image on the supplied document and can determine whether the image matches. The same image can also be checked for liveness and realness in real-time.

The automation of these processes has reduced the time it takes to complete a customer identification program. While the onboarding process used to take days or weeks, it can now be completed in a matter of minutes or even seconds.

Customer due diligence

As well as verifying a customer’s identity, the business involved must also determine the exact level of risk posed by each customer.

In order to make sure that a customer is trustworthy and does not pose a substantial money laundering risk, a business must carry out the customer due diligence (CDD) process. In doing so, they can effectively manage risk and protect themselves from criminals, terrorists, and politically exposed persons (PEPs).

To save time and money, businesses can conduct customer due diligence on a risk-based basis. There are three levels of due diligence, which are:

Simplified due diligence (SDD)

This can be used in instances where the risk of money laundering or terrorist financing is particularly low. Instances where simplified due diligence can be used include a customer starting an account with very low transaction values. In scenarios such as this, it’s sometimes deemed that a full customer due diligence process is not required.

Customer due diligence (CDD)

This is the most widely used level of due diligence. It involves businesses obtaining identifying information from a customer, verifying the identity of that customer, and using this to assess the level of risk they pose. To accurately assess the customer’s risk level, a business will usually check the information provided against third-party data sources, such as watchlists and government databases.

Enhanced due diligence (EDD)

If a customer is identified as posing a high level of risk, then they’ll be subjected to enhanced due diligence checks. These are more onerous than SDD or CDD checks and take longer to complete.

The aim of EDD is to gain a deeper understanding of the customer’s activities and why they pose such a risk level. Once these factors are known, the business can decide whether it can successfully mitigate the risks posed and onboard the customer.

Practical steps to include in a due diligence program

Implementing and conducting a due diligence strategy can be daunting. This is particularly true if you don’t know where to start or the steps you must include.

To help, here’s a quick explanation of the key steps you must include in your company’s due diligence program if you want to implement KYC best practices:

• Ascertain the identity and location of the potential customer
• Gain an understanding of the customer’s business activities
• Classify the risk category of the customer in question and define what type of customer they will be
• Digitally store all the above information and any documentation provided
• Create processes for ongoing monitoring and criteria for triggering additional due diligence measures

If SDD or CDD measures show that a customer poses a heightened level of risk, then you must follow the correct processes in order to establish whether EDD processes must be followed. Factors that show EDD may be required include:

• The location of the customer
• The customer’s occupation
• The customer’s purpose for opening the account
• The expected pattern of activity (including transaction type, volume, and frequency)
• Expected payment methods
• Whether transactions will be made across borders or with high-risk individuals

If you determine that an individual must be subjected to EDD, then you should keep records of the EDD performed on that customer (or potential customer). This is necessary in case there’s a regulatory audit.

Much like with SDD and CDD, you must also outline criteria for how and when the account will be subjected to ongoing monitoring.

Continuous monitoring

Although customers must be identified and verified before they can open an account or access a service for the first time, they must also be monitored on an ongoing basis. After all, a customer’s risk profile could change dramatically after the initial onboarding, and your organization has an obligation to respond.

By continuously monitoring each customer, you can ensure that their activities are consistent with their established risk profile. Some factors you may wish to monitor include:

• Sudden spikes in activities or transaction values
• Unusual cross-border activities
• Interaction with people on sanctions lists
• Adverse media mentions

If an individual’s activities are deemed to be particularly unusual, then you may be required to file a Suspicious Activity Report (SAR) with the relevant authorities.

The level of ongoing monitoring each account is subjected to will largely be determined by the level of risk posed by the customer. Those who pose a higher level of risk will usually be subjected to more regular and more comprehensive checks than low risk customers.

How Veriff supports with KYC monitoring and checks

Require help with your KYC monitoring and checks? That’s where we come in. Here at Veriff, we’ve developed an AML screening solution that can ensure compliance and boost customer conversions.

With our AI-powered AML solution, you can fight financial fraud and show regulators that you take financial crime seriously. The solution starts by providing an identity verification service. With its help, you can quickly and easily get real customers through the identity verification process, all while stopping fraud at the gates. Then, the solution screens sanctions and PEP watchlists globally while also identifying negative news for predicate offenses and potential risk. After conducting these checks, the solution can also provide ongoing monitoring. It continuously monitors watchlists and adverse media for changes.

With our AML screening tool, complying with KYC regulations and prioritizing user experience isn’t a compromise. We offer an automated AML screening and identity proofing solution that also provides users with a seamless customer experience. It can help you overcome KYC challenges and ensure your customers enjoy a smooth onboarding process that doesn’t feel burdensome.

See how Veriff’s KYC compliance solutions can help you - book a demo

Our class-leading KYC compliance solution can help you navigate regulatory challenges while also improving your customer conversion rates. We understand that KYC checks can be burdensome for customers and businesses alike. This is why our AML screening solution has streamlined the process for customers and can guide them through the KYC process step-by-step. Plus, it conducts checks in the background and automatically scans PEP profiles and sanctions watchlists. To make things even simpler, it even provides you with real-time updates.

With the help of our solution, you can reduce false positives by 70% and convert up to 30% more customers, all while stopping bad actors in their tracks. Interested in learning more? Contact our KYC experts today and book a free demo.