Know Your Customer (KYC) requirements specify how organizations should validate the identity of customers and determine their risk score. Their primary aim is to prevent financial crimes, fraud, and the sale of products to those who are not allowed to consume them. When implementing KYC, organizations are required to implement the three core components of KYC and location-based and industry applicable regulations.
The three core components of KYC compliance include establishing a customer identification program (CIP), performing customer due diligence (CDD), and implementing continuous monitoring. There are also location-based KYC requirements, including the Financial Crimes Enforcement Network (FinCEN), a core anti-money laundering (AML) regulator working in the U.S.
In this article:
{{cta('4e98f851-86a4-412f-97b5-dc3da3803811','justifycenter')}}
The three parts of KYC are as follows.
To meet the requirements of a Customer Identification Program, a financial organization requests that customers provide identifying information. Each financial organization carries out its CIP process according to its risk profile. Thus, asking a customer for different data according to the organization.
For an individual, this data may include:
For an organization, this data might include:
Information for further verification could include:
Financial institutions must check that this data is credible and accurate, using non-documentary verification, documentation, or both.
CDD is the process of collecting customer credentials to verify identity and evaluate their risk profile. Here are the two main tiers of CDD:
The financial institution is responsible for determining each customer's risk profile and then deciding whether to use SDD or EDD.
Financial institutions have to continually monitor their clients' transactions for unusual or suspicious activity. This is a risk-driven, dynamic approach to KYC. When unusual or suspicious activities are isolated, the financial organization must complete a Suspicious Activities Report (SAR) to FinCEN and other law enforcement organizations.
Each jurisdiction has specific laws to meet, depending on the various government-issued driver's licenses, identity cards, credit/debit cards, utility bills, and passports it has. Industries including online gaming, gambling sites, and finance have stricter KYC regulations and more significant AML compliance obligations—and they often have their specific, devoted regulatory authorities. Countries make use of government agencies to manage compliance regulations.
FATF is an international organization that deals with terrorist financing, felony, and money laundering. It includes 36 member states across multiple jurisdictions. FATF has been providing the global standard regarding anti-money laundering compliance. It does this by monitoring customers under CTF and AML guidance.
FATF has deemed it mandatory for financial organizations to undertake in-depth KYC processes, global sanctions screening, due diligence procedures, and risk assessments before onboarding businesses and customers.
Related content: Read our guide to KYC AML
The following regulations apply to financial activities in the U.S.:
Following Brexit, the United Kingdom is adhering to the Sanctions and Money Laundering Act of 2018. According to the law, the U.K. will conform to the United Nations sanctions to achieve national security and international policy objectives.
All organizations must maintain current money-laundering prevention and counter-terrorism financing (AML/CFT). Finally, the Act of 2018 has put forward that organizations carry out due diligence examinations on every entity to meet the international security standards and retain domestic security.
European law, generally speaking, features directives and regulations that are binding across the E.U. The two key aspects of European legislation relevant to KYC are the GDPR and the fifth AML directive (the GwG). By transposing AML rules into national laws, countries may put stricter requirements.
The most widely known example is the German use of the fifth AML, which requires a thorough video KYC process that stipulates what a customer has to do to pass verification and identification. While this process is relatively successful in the German market, it affects conversion in different European markets.
More instances of additional requirements incorporated into national law include:
The Australian Transactions Reports and Analysis Center (AUSTRAC) also changed the KYC/AML regulation following the pandemic outbreak. In addition, it has offered alternatives to ensure more robust compliance with identity verification protocols.
AUSTRAC demands that electronic copies of I.D. documents issued by the government and other proof of identity be utilized for verification. If any of these alternatives don't work, video KYC should be completed for identity verification.
BlueCheck's industry-leading identity verification infrastructure enables merchants to grow their business faster. As we serve a wide variety of industries, our solutions are custom-tailored to the unique needs of our customers, including PACT Act and eCommerce compliant offerings.
Schedule a call today with a BlueCheck specialist to learn more about our Age & I.D. Verification solutions.
{{cta('4e98f851-86a4-412f-97b5-dc3da3803811','justifycenter')}}