Know Your Customer: What is KYC, how it Works, Regulations, and Compliance

As the global economy flourishes, the risk of illegal criminal activities also increases. Know Your Customer (KYC) regulations are created to protect financial institutions against corruption, terrorist financing, money laundering, and fraud. KYC helps establish customer identity, assess money laundering risks, understand the nature of the client’s activities, and confirm that the source of money is legit.

International rules affected by standards such as the Financial Action Task Force (FAFT) are now being implemented in national laws that include directives like KYC.

What is KYC (Know Your Customer)?

Know Your Client (KYC) is a standard in the investment sector that ensures financial advisors can confirm a customer’s identity and know their financial profile and investment knowledge. It is a mandatory step when opening a financial account and regularly over time.

In simpler words, it is a tool for banks to ensure that their clients are who they claim to be. Banks and other financial institutions may refuse to activate an account or block a customer relationship if the client fails to satisfy KYC requirements. The customer is also periodically made aware of the need to follow all the regulations and laws of the security industry.

Why is KYC important?

KYC is a legal requirement for financial services companies to verify customers’ identities and ensure there is no fraud risk. KYC processes help prevent money laundering, identity theft, terrorism financing, and other financial crimes. Failure to comply with KYC standards can lead to heavy penalties and fines.

Current KYC requirements embrace a risk-based approach to tackle the following:

• 💰 Money laundering: Both formal and informal criminal sectors use fake bank accounts to secure funds for drugs, smuggling, human trafficking, and more. KYC restricts its ability to circumvent suspicion by keeping the money across multiple accounts.
• 🪪 Identity theft: KYC enables banks to establish proof of a client’s legal identity, thus preventing dummy accounts and identity theft cases arising from stolen or forged documents.
• 📑 Financial fraud: KYC prevents deceitful financial activities like using stolen IDs for loan applications and receiving funds with fake accounts.

KYC: How does it work?

A country’s regulations and laws highlight the main requirements for KYC. The specific requirements (such as KYC documents) differ based on the industry, with banks and financial institutions usually having to implement the strictest processes.

Since the process of KYC has become more digitalized, the verification is done through various technologies or methods, including AI and NFC; security features such as holograms; and different security checks like liveness and biometrics. It can consist of the following processes or stages:

• Document confirmation: The government-issued ID card is confirmed for fraud or other issues.
• Face verification: This process identifies any spoof attacks on time to ensure the client’s live presence.
• Address confirmation: Proof of address is acquired that confirms the address on the government-issued ID card.

The benefits of a KYC process

Banks and other financial organizations are more exposed to illegal activities in an increasingly global economy than ever. KYC regulations are made to safeguard these institutions against financial crime and bring the following benefits.

Rapid availability

After a thorough KYC check, clients generally get instant access to services and products. Any issues or delays in purchasing or signing a contract between users and organizations can be drastically minimized via digital KYC processes, thereby improving customer experience and satisfaction.

Easy Accessibility

Customers can be subjected to KYC verification processes anywhere and anytime via remote automated solutions. Digital KYC identification is very user-friendly, meaning it does not inconvenience customers.

Cost-effective

Businesses benefit from increased conversion rates and improved client acquisition costs, specifically with automated and AI-driven KYC solutions. These processes also help them avoid huge losses and damaged reputations by avoiding fraudulent activities, thereby giving their clientele a sense of security and confidence. Companies using the KYC process are also considered credible, increasing their trustworthiness and reputation.

Compliant with Industry Standards

KYC procedures are typically modular and can thus be combined with extra security checks and add-ons for regulatory compliance.

KYC Compliance: what is it all about?

KYC compliance is a supervisory obligation of both financial and non-financial institutions. Obliged organizations are expected to create customer identification standards and confirm their clients periodically per the regulatory guidelines. Compliance with KYC processes allows businesses to avoid penalties and loss of reputation, tackle fraud, and minimize the risk of financial crimes.

Various organizations from different sectors execute KYC compliance laws. Common entities that are subjected to KYC compliance include:

• Financial industry. This includes insurance companies, banks, mortgages, brokerage houses, etc.
• Fintech companies. These include crypto companies, mortgage providers/digital loans, online payment services companies, etc.
• The real estate sector
• The healthcare industry includes drug providers, hospitals, POM sellers, online care, in-home care providers, etc.
• The legal sector, including law firms
• The gaming industry, including lottery/poker businesses, e-gaming channels, etc.
• Art and precious metal companies

Two rules surrounding KYC include Financial Industry Regulatory Authority (FINRA) Rule 2090 and FINRA Rule 2111.

FINRA Rule 2090 states that each broker-dealer should use reasonable effort when opening and retaining customer accounts. They are also required to be aware of and maintain a profile of every customer, along with the identity of every person who has the authority to act on the client’s behalf.

FINRA Rule 2111 says that a broker-dealer should believe that a recommendation is suitable for a client based on their financial needs and situation. This rule assumes that the broker-dealer has reviewed the current customer profile and facts, including their other investments and securities, before making a sale, purchase, or exchange of a security on the customer’s behalf.

What components make up KYC?

To understand KYC, it is essential to see how the different components work together to minimize illegal activity and fraud. The main components include:

Customer Identification Program (CIP)

This step ensures that the client is genuinely who they claim to be. A Customer Identification Program mandates that any person carrying out financial transactions should have their identity confirmed. Risk assessment is an important element of a successful CIP at the organizational level and the level of every account. The minimum requirements to open a financial account include the name, date of birth, and identification number.

Continuous monitoring

It is not enough to carry out an initial check on customers once. A company needs to have a program that monitors customers regularly. The ongoing monitoring function avoids any oversight of financial accounts and transactions based on criteria developed as part of the client’s risk profile.

Depending on the risk-minimizing strategy and the customer, essential factors to monitor include fluctuations in activities, out-of-area or cross-border activities, and negative media mentions.

Customer Due Diligence (CDD)

For financial institutions, one of the primary analyses is to decide if a customer can be trusted. CDD is a key element that helps companies manage their risks and prevent their operations against criminal activities.

Financial due diligence aims to verify customer financial records showcased in the Confidentiality Information Memorandum are correct. Due diligence as part of Know Your Customer seeks to give a detailed understanding of all the customer’s financial statements, such as audited financial records for the last three years, current unaudited financial statements compared to last year’s records, the client’s capital expenditure plan, debtors, and creditors,  etc.

KYC document requirements: what are they?

The main KYC documents help confirm a person’s identity when opening a financial account, such as a fixed deposit, savings account, insurance, or mutual fund. These include:

• Proof of identity (ID card, passport, driver’s license, member state ID card, and birth certificate)
• Current photographs
• Proof of address (utility bill, driving license, bank statement, local authority council tax bill, mortgage statement, current tenancy agreement, tax letter). Proof of residence should list the name of the individual and should be issued within the last three months.
• Proof of income (paychecks, income tax returns, current bank statement).

Companies and other legal structures require a copy of the certificate of incorporation, current audited accounts, accounts receivables and payables, and a list of trustees.

What is the cost of KYC for businesses?

Data suggests that in 2021, financial institutions spent approximately $3.1 billion on KYC-AML compliance operations and technology. In addition to executing these processes, KYC has other compliance costs, like increased time investment and greater customer churn.

However, companies that fail to comply with KYC standards end up paying more. In 2021, a total of $2.7 billion were imposed as penalties on organizations that didn’t report fraudulent activities.

What do KYC processes mean for banking?

KYC standards mean that practically any organization, platform, or company that deals with a financial institution to open a bank account or carry out a transaction must follow these strict regulations.

KYC standards have an all-encompassing effect on consumers and financial organizations alike. Banks must follow these regulations when interacting with new customers. Failure to follow these regulations can lead to fines, penalties, lost reputation, damaged customer trust, and even lawsuits. As the financial technology sector expands, more businesses will need to follow these rules.

Taking a risk-based approach to Know Your Customer helps mitigate the risk of suspicious activities and ensures a good customer experience.

Types of KYC

The main types of KYC procedures are as follows:

Mobile KYC

Mobile KYC combines conventional data sources with mobile data. This adds an extra layer of identity verification to help deliver an effortless and instant customer experience and mandatory compliance and fraud mitigation measures. Simply put, mobile data can improve KYC standards and offer a user-friendly experience to mobile-minded existing customers.

Corporate KYC

Similar to individuals requiring identity verification, corporate customer accounts must also be subjected to KYC processes. While the procedure is similar to one for individual clients, the requirements differ. Transaction amounts, transaction volumes, and other risk factors must be considered. These procedures are called Know Your Business or KYB.

KYB processes involve gathering and assessing data from other organizations, such as the company address, registration documents, licensed documents, and personal identifications of owners and senior managers.

eKYC

eKYC is a digitalized version of the Know Your Customer process that is both remote and paperless and created to cut costs and bureaucracy related to conventional KYC procedures. To ensure that eKYC follows the same safety standards as traditional ones, financial institutions must utilize electronic identification processes with high levels of security and dependability. eKYC allows employees and clients to verify their identity online via automatic video identification from anywhere in the world, sign for a loan, and open a bank account.

New technologies and KYC

The role of new technologies in KYC can make it significantly more effective, less costly, and more convenient than manual KYC. Some of the main KYC automation tools that will change the landscape of AML include:

• Facial recognition technology: This tool authenticates an applicant’s identity if they cannot come for verification in person. This technology is used to compare the individual’s face with their ID picture before the onboarding process can begin.
• ML: ML algorithms use past patterns and predict the possibility of future interactions.
• OCR: Optical character recognition is designed to read human language and convert it into a machine-readable format. This technology is helpful for written documents, where both applicants and bank personnel can scan their papers. The software will extract and put the information onto digital platforms for further use.

KYC requirements for industries

Different industries use different methods of KYC procedures. Below are some of the leading financial industries that require strict KYC procedures.

KYC for banking services

Banks are required to use KYC policies by incorporating the following key elements:

• Customer identification procedures, including data collection, identity verification, and checking the sanctions and politically exposed person list.
• Customer policy
• Risk management and assessment, including due diligence (EDD and SDD)
• Ongoing monitoring and record maintenance.

KYC for the financial industry

Most other financial services providers also have KYC requirements similar to banks. As part of the verification duties, these organizations generally use a customer identification and customer due diligence program to ensure they are not getting involved with a potentially dishonest party. Extensive records on each transaction should be maintained since very few methods are more effective than identifying financial corruption.

KYC for cryptocurrencies

Different countries have adopted cryptocurrency differently, which makes KYC crypto rather challenging. However, the main red flags, as noted by FATF, include the following:

• Creating different accounts under different identities
• Doing transactions from unsafe IP addresses
• Providing insufficient or incomplete information
• Changing identification information often

The KYC laws in some countries

The exact KYC regulations differ from one country to another. However, some regulations endorsed by the FAFT are mandatory in all nations.

Europe

From 2016 to the present, Europe has passed the 3rd, 4th, 5th, and 6th EU money laundering directives. These measures are designed to expand the scope of KYC obligations to new industries and the need for better CDD. These procedures include verification, collection, and record maintenance of personal information to avoid risks associated with every client.

India

KYC originated in India in 2002 as part of the Prevention of Money Laundering Act. The government then released a set of new rules called the PML Rules. Today, Aadhaar-based eKYC allows financial institutions to verify customers’ identities electronically.

Brazil

In 2016, Brazil put restrictions on opening an account through electronic platforms. To simplify the creation of KYC accounts and encourage enhanced information sharing, Brazil’s Central Bank has established an Open Data Portal. This portal enables clients with an authentic digitalized identity to open an account.

Canada

In Canada, regulated bodies report any financial crimes to FINTRAC and PCMLTFA. Changes were made to PCMLTFA in 2019 to fill substantial gaps in its execution of the FATF’s 40.

Mexico

Mexico upgraded its AML federal law in 2019. Regulated parties are forbidden from opening and maintaining anonymous accounts. Exceptions are made for individual accounts that do not exceed a certain deposit limit.

New Zealand

New Zealand is the leader when it comes to electronic identity verification technology. The RealMe system allows individuals to offer identity verification for simplified log-ins and online services to access government services. There are also requirements to carry out CDD on all accounts.

South Africa

The Financial Intelligence Center Act is the leading entity in South Africa that governs all KYC and AML regulations. The Financial Sector Conduct Authority was established to provide financial services and products, such as insurers, banks, retirement administrators and funds, and market infrastructures.

Australia

AUSTRAC is a government agency in Australia responsible for identifying, preventing, and intercepting criminal activity in the financial system. All reporting authorities must use various customer identification processes for all customer accounts. This includes gathering and confirming identity before offering any designated services to them.

UK

The United Kingdom has a strong framework for KYC regulations and laws. These include regulations for identity confirmation for businesses and individuals. The Financial Conduct Authority is known for its cutting-edge approach to innovation and encourages a risk-based method.

How Can Wallester Help?

Wallester is a licensed financial institution that develops digital financial technology to include payment cards into your company’s product portfolio or streamline your daily business operations. Both solutions are powered by our in-house built platform with revolutionary REST API integration, which acts as one of our main selling points. We provide various solutions catered to different industries, including banks, Fintech companies, travel agencies, business loan providers and the rest.

Our card-issuing API provides a 3D secure, full-featured back-end platform to create and manage both physical and virtual payment cards for any case. The state-of-the-art cardholder authentication technology scans the identity of customers and businesses, thereby mitigating the chances of any monetary fraud.

Depending on the requirements of your business, you can easily customize the verification methods, thus ensuring a user-friendly experience for your clients. You can also manage the 3D Secure settings to simplify cardholder identification without compromising the security of the payments. Lastly, all cards are issued by Visa and can be easily integrated without needing any security protocol via third-party suppliers.
For more information, get in touch with us today.