Know Your Customer (KYC) is a process by which organizations verify a customer's identity and evaluate the risk of fraud. The process includes conducting identity verification procedures, reviewing the customer's financial activity, and assessing relevant risk factors. The idea is that organizations can help prevent illicit activities such as money laundering and terror financing if they know their customers.
Financial institutions must help detect and prevent money laundering, as stipulated by decades-old legislation. Government regulations continue to evolve, and in the US, the 2001 Patriot Act introduced KYC processes, which were bolstered by the 2016 rulings of the US Treasury's FinCEN (Financial Crimes Enforcement Network) regarding customer due diligence.
The primary objective of KYC processes is to provide a sufficient level of confidence that customers are who they claim to be and that there is little risk that they are engaged in criminal activities. Some organizations, such as financial institutions, are obligated to apply KYC by law, while others may implement KYC processes voluntarily to signal their responsibility and protect their customers.
In this article, you will learn:
KYC compliance laws are enforced in many countries and affect companies from various industries. In most of the world, the following sectors are required to comply with KYC regulations:
In most cases, KYC laws are part of anti-money laundering (AML) systems and are shaped by Financial Action Task Force (FATF) recommendations. Here are some examples of KYC laws in force around the world:
Related content: Read our guide to AML compliance
The following steps will help you continuously establish organizational processes to achieve KYC compliance.
The Know Your Customer process includes the Customer Identification Program (CIP) phase, collecting and verifying personally identifiable information (PII). The CIP phase is essential for preventing criminal activities like money laundering and terrorist funding. In addition, inadequate customer identification can provide more opportunities for misconduct.
There is no ubiquitous solution for CIP, which provides general guidelines but leaves it to each institution to determine their policies and the type of PII they require when it comes to KYC regulations.
Examples of more commonly used PII include:
To verify their PII, customers may be required to submit official documents such as passports, ID cards, driver's licenses, and residence permits. However, in addition to these three examples, companies may request different types of PII, with the PII verification process adjusted accordingly.
Identity verifiers can also run checks against global blacklists of sanctioned figures and Politically Exposed Persons (PEPs).
Financial institutions must analyze potential customers to determine if they can be trusted. This process, known as customer due diligence (CDD), is essential for risk management and protecting organizations against criminals, Politically Exposed Persons (PEPs), and terrorists.
The three levels of CDD are:
CDD programs should include these steps:
It is not enough to check a customer once. Organizations must implement programs that continuously monitor their customers. Continuous monitoring includes threshold-based oversight of financial accounts and transactions and account monitoring that considers the customer's risk profile.
Depending on the particular customer and the risk management strategy, other factors that may need to be monitored include:
Organizations are often required to file Suspicious Activity Reports (SARs) on accounts with unusual activity.
A critical best practice is to review accounts and their associated risks regularly. The reviews should consider questions such as:
The scope of monitoring generally depends on the risk assessment of a particular transaction or account.
Implementing an intelligent KYC system allows organizations to fulfill compliance requirements, offering other benefits, especially for financial businesses. These include:
BlueCheck's industry-leading identity verification infrastructure enables merchants to grow their business faster. As we serve a wide variety of industries, our solutions are custom-tailored to the unique needs of our customers, including PACT Act and eCommerce compliant offerings.