KYC: 3 Steps to Know Your Customer
Republished: August 15, 2017, updated to reflect the latest industry news, trends and insights.
Know Your Customer (KYC) procedures are a critical function to assess and monitor customer risk and a legal requirement to comply with Anti-Money Laundering (AML) Laws.
Do you know your customer? You better, if you’re a financial institution (FI) or you face possible fines, sanctions and maybe even public ridicule if you do business with a money launderer or terrorist. More importantly, it’s a fundamental practice to protect your FI from fraud and losses due to illegal funds and transactions.
“KYC” refers to the steps taken by a financial institution (or business) to:
- Establish customer identity
- Understand the nature of the customer’s activities (primary goal is to satisfy that the source of the customer’s funds is legitimate)
- Assess money laundering risks associated with that customer for purposes of monitoring the customer’s activities
To create and run an effective KYC program requires the following elements:
1) Customer Identification Program (CIP)
How do you know someone is who they say they are? After all, identity theft is widespread, affecting over 13 million US consumers and accounting for 15 billion dollars stolen in 2015. If you’re a US financial institution, it’s more than a financial risk; it’s the Law.
The CIP mandates that any individual conducting financial transactions needs to have their identity verified. As a provision in the Patriot Act, it’s designed to limit money laundering, terrorism funding, corruption and other illegal activities. The desired outcome is that financial institutions accurately identify their customers:
A critical element to a successful CIP is a risk assessment, both on the institutional level and on procedures for each account. While the CIP provides guidance, it’s up to the individual institution to determine the exact level of risk and policy for that risk level.
2) Customer Due Diligence
For any financial institution, one of the first analysis made is to determine if you can trust a potential client. You need to make sure any potential customer is worthy; customer due diligence (CDD) is a critical element of effectively managing your risks and protecting yourself against criminals, terrorists, and corrupt Politically Exposed Persons (PEPs).
There are three levels of due diligence:
- Simplified Due Diligence (“SDD”) are situations where the risk for money laundering or terrorist funding is low and a full CDD is not necessary. For example, low value accounts or accounts where checks are being on other levels
- Basic Customer Due Diligence (“CDD”) is information obtained for all customers to verify the identity of a customer and asses the risks associated with that customer.
- Enhanced Due Diligence (“EDD”) is additional information collected for higher-risk customers to provide a deeper understanding of customer activity to mitigate associated risks. In the end, while some EDD factors are specifically enshrined in a countries legislations, it’s up to a financial institution to determine their risk and take measures to ensure that they are not dealing with bad customers.
3) Ongoing Monitoring
It’s not enough to just check your customer once, you need to have a program that knows your customer on an ongoing basis. The ongoing monitoring function includes oversight of financial transactions and accounts based on thresholds developed as part of a customer’s risk profile.
Up to now, regulations call for a risk-based assessment. However, as of January 1, 2017 The New York Department of Financial Services (NYDFS) requires specific measures of transaction monitoring and filtering.
KYC News Around the World
In spite of heavy investments, FIs have been unable to optimally counter the growing peril of money laundering. Regulatory fines on FIs for KYC/AML related violations continue to rise.
Aadhaar-enabled electronic know your customer (KYC) process should be “firmly established” as the acceptable KYC, a panel with representatives from all financial sector regulators has proposed.
Money laundering is an ever expanding problem for the American insurance industry. An increasing number of individuals are using insurance accounts to hide money from federal taxation agencies – and the industry needs to step up and tackle the situation head-on.
MAS to roll out national KYC utility for Singapore
The Monetary Authority of Singapore (MAS) is piloting a national know-your-customer (KYC) utility for financial services, based on the MyInfo digital identity service, jointly developed by the Ministry of Finance and GovTech, the lead agency for digital and data strategy in Singapore.
“The message to all financial institutions is clear: The cost of KYC checks is much too high, placing too much reliance on inefficient and error-prone manual processes,” says Steve Pannifer, COO, Consult Hyperion.
Alan Samuels, vice-president and head of product strategy for reference data services at Alacra, said: “There is a clear regulatory need for meeting high standards. This is creating more and more challenges for operational managers to build flexible, scalable processes and systems to be able to address use cases that have not yet even been articulated.”
The Government of India has notified six documents as ‘Officially Valid Documents’ (OVDs) for the purpose of producing proof of identity. These six documents are Passport, Driving Licence, Voters’ Identity Card, PAN Card, Aadhaar Card issued by UIDAI and NREGA Job Card.
Under Republic Act 9160 or the Anti-Money Laundering Act (AMLA), banks and other financial institutions, including remittance centers and pawnshops, are mandated to institute “know your customer” (KYC) rules that ensure the legitimate source of funds.
AUSTRAC has revised Chapter 4 of the AML/CTF Rules in a few small but significant ways. These changes came into effect on 16 September 2016.
The Bank of Thailand (” BOT “) has introduced a new regulation to facilitate the Know-Your-Customer (KYC) process by using an electronic means (” e-KYC “) for account opening for deposit acceptance or fund acceptance from public.
The CDD Requirements to collect substantially more information to open financial accounts need not be a burden. By using intelligent, sophisticated identity verification methods, the process can be virtually automated while retaining full compliance and risk tolerance.
With the passing of the US Patriot Act in 2001, the concept of customer due diligence became law. Since then, the US has strengthened CDD requirements, and similar laws are now in place around the World. As of 2013, according to PwC, at least 74 countries have AML legislation with some form of CDD requirements.
Financial institutions have a lengthy list of Anti-Money Laundering compliance requirements. They face a mountain of risks from a large number of financial transactions, each of which can carry significant risks. AML compliance programs are built on a systematic review of a large number of financial transactions. The focus of this review has to be on triggers that identify suspicious transactions or customers.
KYC (Know Your Customer) is not just a compliance issue anymore. It’s a fundamental, bottom-line concern that impacts the number of banking clients, costs, margins and total profits. In terms of human resources, senior management is spending increasingly more on time on KYC and Customer Due Diligence (CDD), staff is getting bogged down on fulfilling compliance requirements, and customers are getting frustrated due to delays and difficult onboarding.
In recent years, there has been an increase in both the frequency and the magnitude of fines imposed by financial regulators against banks for failing to comply with anti-money laundering (AML) and know your customer (KYC) rules. A common response to this disciplinary action by a financial institution is to de-risk, reject or close the accounts of groups of customers considered high-risk based on increasingly strict AML standards.
What two words can strike fear in the hearts of chief compliance officers and their staff? Compliance audit. However, when compliance teams prepare ahead and put the right systems in place, there’s no need for a sense of dread.
Automate KYC to significantly cut time spent in manual functions. Customers can provide information electronically and their identity validation and screening conducted automatically; only the results need reviewing by BSA staff. This process will create a record ready for audit, notify customers for any additional information, and provide automatic reminders to make sure that registration and validation process is complete.
AML and KYC compliance can be especially challenging for companies that are looking to expand outside their home country. Being compliant requires staff to learn and understand the laws, regulations, rules, and standards applicable in each market to ensure adherence. Because regulations often vary between different jurisdictions, compliance departments may be faced with a heavy workload as they face a steep learning curve.
Is your financial institution (FI) set when it comes to operating a successful AML watchlist? Is your watchlist screening efficient, comprehensive, cost-effective and reliable? There is an “increasing development and focus of sanctions regimes introduced by governments around the world to target organized crime and stem the funding of terrorism.”
Due to recent developments in AML/KYC technology, significant cost savings are available, as well as ways to reduce risk, improve customer onboarding, and gather deeper insights into customer behavior. For banks that have taken advantage of these new opportunities, one huge benefit is revenue growth potential, meaning what was once considered a cost is now a competitive advantage.
Due to the speed and complexity of technical implementation, FIs that adopt a “wait and see” approach will find it increasingly difficult to keep pace and maintain market position. APIs offer a viable option for FIs needing to satisfy compliance requirements while securing a competitive edge.
All workflows, where possible, should take advantage of digital processes. Full digital KYC is the near-future and companies that fight it will find themselves on the losing side.
As these regulations are new, there are many questions that compliance staff and senior executives have about CDD and KYC requirements for AML rules, so we’ve rounded them up for your consideration.