The KYC Process Today and Future Trends
What Is the Know Your Customer (KYC) Process?
A Know Your Customer (KYC) compliance process is a workflow used by companies to verify the identity of customers and identify what risk they may present to the organization. These risks include the potential for fraud and participation in illegal activities like money laundering, tax evasion, or terrorist financing.
In many countries, including the US, the EU, and Canada, KYC is mandatory by law. KYC regulations give companies the responsibility for confirming and assuring that the customers they work with are legitimate and not engaged in criminal financial activity.
KYC is commonly mandatory for financial institutions but may also be required for other businesses, such as those selling adult-only or highly regulated products. In addition, some companies adopt KYC practices voluntarily to improve their confidence that their customer base is legitimate and does not pose financial or security risks.
In this article:
- KYC Process Steps and Flow
- Who Regulates KYC Processes?
- Trends Affecting KYC Processes and their Development
KYC Process Steps and Flow
The KYC process involves assessing potential client risk during customer onboarding and throughout their lifecycle. The KYC process divides into three main steps:
Basic due diligence
These are due diligence activities performed for all customers during onboarding. In addition, you can assess risk using a combination of activities such as identification, fraud analysis, and automated screening for sanctions and politically exposed person (PEP) issues.
Enhanced due diligence
Enhanced due diligence is a more detailed analysis of the client if an individual or business risk may be at high risk. For example, if fundamental due diligence showed suspicious sources of wealth.
Monitoring is crucial for high-risk customers as a continuous component of enhanced due diligence. In addition, even if a client currently has low risk, risk profiles can change over time. Finally, there is also the chance of account takeover, where attackers compromise the account of a legitimate client and use it to perform a criminal activity.
It is essential to realize that just performing these steps is not enough. During audits and trials, you will have to explain your decisions during the KYC process and provide evidence to support those decisions. In addition, if suspicious activity has questionable data, your jurisdiction may be required to file a Suspicious Activity Report (SAR) or equivalent.
Related content: Read our guide to KYC requirements
Who Regulates KYC Processes?
There are several international bodies overseeing fraud and anti-money laundering standards, in addition to country-specific laws and regulations. National and international standards often mandate KYC and digital identity verification practices when onboarding customers.
US KYC Regulators
The Bank Secrecy Act (1970) and the Patriot Act (2001) stipulated the legal requirements for Customer Due Diligence (CDD), anti-money laundering (AML), and Know Your Customer requirements. In 2016, the Financial Crimes Enforcement Network (FinCEN), under the auspices of the US Treasury, expanded these regulations. State regulations may also be in effect.
Canada KYC Regulators
The Financial Transactions and Reports Analysis Centre (FINTRAC) is responsible for AML, anti-terrorist funding, and anti-fraud oversight in Canada.
European Union KYC Regulators
The new Payments Services Directive (PSD2) and the General Data Protection Regulation (GDPR) govern security standards for online payments and combat fraud. In addition, the 6th Anti-Money Laundering Directive (6AMLD) is also in effect in the EU.
Other regions, such as the Asia-Pacific (APAC), have introduced regulatory frameworks or adopted existing standards. In addition, many international bodies and nations have adopted the Financial Action Task Force (FATF) standards applying to politically exposed persons (PEPs) and terrorist funding.
Trends Affecting Development of KYC Processes
Digital Identity Verification
KYC processes require verification of the identity of new customers as a primary step of due diligence. In the past, the process was via physical documentation. However, this manual identification process was time-consuming and error-prone. It was also inconvenient for customers, making customer onboarding unnecessarily complicated.
During the COVID-19 pandemic, face-to-face identification was not feasible in many cases, and many financial institutions shut down physical branches, forcing a transition to identification via digital means. Innovative technical solutions can help financial institutions and other organizations identify customers in a way that is:
- Remote and does not create health risks
- Fast and automated, reducing labor on the organization’s side
- Highly convenient for customers who are used to digital processes
- Less expensive than previous solutions due to reduced work of in-house staff
Digital identification not only improves KYC processes and saves costs—it can even increase revenue due to the ease of customer onboarding and purchase of new services. It is not a temporary solution for the COVID crisis but a solution that will improve KYC processes in the long term.
Financial crime is moving to the Internet, new forms of financial crime are emerging, and organizations need to adapt. Manual collection and verification of KYC data is becoming difficult and does not support rapid onboarding, which customers expect.
Modern analytics technology can streamline and automate many aspects of the KYC process, improving accuracy and compliance and enabling a smoother customer experience. Such as:
- Gathering all relevant data from relevant datasets allows experts to investigate suspicious events rather than tedious manual work.
- Avoid requesting unnecessary customer information because many customer details are in official data registers, publicly available datasets, or actualized transactions.
- Analyze datasets using artificial intelligence (AI) techniques to identify trends and anomalies that may be difficult or time-consuming for human experts to identify.
- Customer data collected through analytics can also benefit commercial processes, supporting sales and marketing efforts.
The massive transition to remote work and customer service is changing KYC due diligence. However, it is impossible to perform face-to-face identification of customers in many cases. In addition, developing remote identification and data processing capabilities is not a core competency for many companies, and many are turning to managed services.
Here are a few types of managed services that can help digitize aspects of KYC to make remote KYC a reality:
- Data aggregation technology that can help analyze customer data across large datasets.
- Blockchain technology can help transfer customer information between different parties confidentially and securely.
- Digital identity verification services can use advanced technology like face recognition and video liveness checks to ensure a customer’s identity documents are authentic.
KYC Identity Verification with BlueCheck
BlueCheck helps financial institutions conduct KYC checks, including identity and age verification, to meet anti-money laundering regulations. Key features include:
- Multiple datasets to confirm information—a combination of proprietary and commercially available databases are queried to verify the information. BlueCheck can increase the likelihood of a successful verification using this combination of resources, streamlining the onboarding process.
- Smart Database Navigation—BlueCheck can automatically verify most customers using smart database navigation. Queries move through the most accurate databases commercially available to ensure a match.
- Quick Implementation—Using our DirectAPI or CustomJS framework, BlueCheck Identity Verification can deploy quickly, saving your business time and money.
- Set How Users Are Verified—BlueCheck offers a host of verification methods giving users a choice and alternatives when identifying themselves. For example, allow for name & address, last 4 of SSN, or Photo ID verification.
- Encryption & Security Standards—BlueCheck utilizes multi-layer data encryption to ensure data is securely transmitted and stored, protect against malicious actors, and safeguard the verification process.
- Developer & API Documentation—thoroughly documented REST API available in addition to the verification plugin.