KYCC - Know Your Customer's Customer

A front. A shell. A dummy corporation. While there are many ways to name it, the purpose is the same; to shield another company from liability or scrutiny. In many cases, there are legitimate reasons to setting these up, such as protecting privacy or limiting liability.

Most of us suspect that, mainly, these really are just ways to hide or launder money or other nefarious activities.  There are fewer restrictions on shells; many countries having strict Know Your Customer (KYC) laws that don’t extend to shell corporations or similar entities. However, that is changing as the demand to close loopholes increases and countries start to regulate laws that fall under the heading ­­­ Know Your Customer’s Customer (KYCC).

KYC laws stipulate that financial institutions must:

  • Establish customer identity,
  • Understand the nature of the customer’s activities (primary goal is to satisfy that the source of the customer’s funds is legitimate),
  • Assess money laundering risks associated with that customer for purposes of monitoring the customer’s activities.

KYCC takes those requirements to the next level and look to who your customers are doing business with, their sources of funds and its legitimacy, and the risk that these third parties are laundering money.­­ One example, since the Panama Papers regulators now have a spotlight on beneficial ownership and the complex paths of hiding money it enables. Jurisdiction after jurisdiction is passing new laws or strengthening existing rules to combat layering of ownership to hide funds.

United States

In the US, the Customer Due Diligence (CDD) Final Rule goes into full effect May 11, 2018: “Specifically, the rule contains three core requirements: (1) identifying and verifying the identity of the beneficial owners of companies opening accounts; (2) understanding the nature and purpose of customer relationships to develop customer risk profiles; and (3) conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”


In Europe, the 4th AML Directive is coming into effect June 26, 2017 and has major new initiatives in regards to beneficial ownership. As the commission notes, “understanding the beneficial ownership of companies is at the heart of the risk mitigation of financial crime and of prevention strategies for regulated firms.”


In Canada, new regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) will come into full-effect June 17, 2017. Some of the changes include listing specific customer information requirements, updates customer ID requirements, and closes gaps in regard to AML and CTF (Counter-Terrorist Financing). Now, reporting companies must consider: “any new developments in respect of, or the impact of new technologies on . . . clients, business relationships, products or delivery channels or the geographic location of their activities”; and any risk resulting from the activities of an affiliated Canadian financial entity, amongst others.

It’s not just a legal compliance issue; to properly manage your institutions risk, to protect against infiltration by illicit funds, you need to know the beneficiary of your clients’ activities. Whether it be another entity, an owner, a partner, a customer, a supplier, or other relationship, each could be the source or destination of questionable funds. Extend the same steps and procedures you take to Know Your Customer to their entire network of connections.

Although this can be substantially more work and cost, depending on the circumstance, the alternative is worse; fines, losses and reputational damage due to allowing illegal funds to channel through your institution.

On the positive side, there are new technologies and processes available to cut the cost and workload, while still delivering effective KYCC risk management. One potential solution are KYC registries or, in Europe, a central depository. The concept is that instead on every institute doing their customer due diligence on their own, they’d pool their resources and share third-party registration data. There are already a few initiatives on this front, but it’s still early days for any final determination if these will become successful.

One solution currently powering compliance systems across borders is electronic identity verification (eIDV). Agile and fast-growing businesses in regulated industries are integrating eIDV for quicker, smoother and cost-effective identification for all parties of a proper KYCC analysis. Enabling digital processes to replace cumbersome, slow paper processes is a no-brainer when it comes improving KYCC compliance.

As the complexity and interconnection of financial relationships deepen and spread, the requirements to track and monitor these relationships will similarly expand. Regulators won’t accept the corruption and tax avoidance of money laundering and danger of terrorist financing. Financial institutions can’t accept the higher risk of fraud and non-compliance. KYCC is an unstoppable trend and smart companies need to craft an effective KYCC strategy now, to set themselves up for the new reality.