Your basket is currently empty!
All about “KYC”
KYC, or “Know Your Customer,” is a process that businesses and financial institutions use to verify the identity of their customers. The main objective of KYC is to prevent illegal activities such as money laundering, fraud, and terrorist financing, which can harm both the company and the client. KYC is not only a verification procedure but also a compliance standard that all companies have a duty to uphold. The KYC process typically involves the following steps:
- Customer Identification Program (CIP): Customers are required to provide their personally identifiable information (PII) for account registration. This includes their name, date of birth, email address, social security number, passport number, driving license, and financial information (e.g., credit/debit card details).
- Customer Due Diligence (CDD): The provided information is then verified by the company through various means, such as matching the data against official records and checking the authenticity of the uploaded documents.
- Enhanced Due Diligence (EDD): In some cases, additional verification steps may be required, such as conducting a face-to-face interview or obtaining more detailed information about the customer’s background and financial activities.
By implementing KYC processes, companies can reduce the risk of commencing relations with high-risk or illegitimate customers, avoid non-compliance fines, and uphold a positive image1. Additionally, KYC helps protect customers by preventing identity theft and fraud.
KYC (Know Your Customer) is a crucial process for businesses, especially financial institutions, to identify and verify the identities of their customers. It helps in the fight against financial crime, such as money laundering, terrorist financing, and corruption. Here’s why KYC matters:
- Preventing financial crime: KYC procedures involve collecting information about customers, such as their name, address, and date of birth, and verifying that information through various means, such as government-issued identification documents. By implementing effective KYC procedures, financial institutions can better understand their customers and the types of transactions they are engaging in. This can help to identify and prevent fraudulent activities, such as money laundering, terrorist financing, and other illegal activities.
- Complying with regulatory requirements: KYC is an important component of a broader anti-money laundering (AML) and counter-terrorism financing (CTF) framework. It helps financial institutions to comply with regulatory requirements, such as the Bank Secrecy Act (BSA) in the United States, which requires financial institutions to maintain customer identification programs (CIPs) and to report suspicious activities to law enforcement agencies.
- Enhancing risk management: KYC is a critical process for determining customer risk and whether the customer can meet the institution’s requirements to use their services. It helps financial institutions ensure that clients are not engaging in criminal activities while using their services, thereby reducing the risk of financial crimes leading to reputational and financial losses.
- Improving data management: Effective KYC processes are the backbone of any successful compliance and risk management program. With anti-money laundering (AML) and KYC compliance growing in importance as more stringent regulatory requirements come into force, banks and corporates are dedicating significant resources and time to KYC compliance processes.
- Facilitating trust and collaboration: KYC compliance also plays a critical role in real-time, cross-border payments, facilitating greater levels of trust, transparency, and collaboration while mitigating risk. A community approach is essential to overcoming the challenges of KYC compliance.
KYC regulations and legal foundations
KYC (Know Your Customer) regulations are mandatory practices in most countries, including the UK and Europe, and are a pivotal component of anti-money laundering (AML) and counter-terrorist financing (CTF) compliance efforts. The central legal basis for KYC checks and verifications in Europe, the UK, and the USA are mainly the following:
- The 3rd EU Money Laundering Directive (Article 8)
- The 4th EU Money Laundering Directive
- The 5th EU Money Laundering Directive in combination with eIDAS
- The 6th EU Money Laundering Directive
- The UK Bribery Act
- The UK Modern Slavery Act
- The Customer Identification Program (CIP) as part of the USA Patriot Act
Complementing EU directives, the regulations by the Financial Action Task Force (FATF) provide a legal framework for KYC activities in European markets and the UK. The FATF is an international intergovernmental organization focused on combating money laundering and terrorist financing. The UK is a member of the FATF, and it plays a crucial role in shaping and implementing AML and CTF policies. The UK Financial Conduct Authority (FCA) oversees KYC requirements for financial services, and UK businesses must ensure they can meet KYC procedures that are permissible in a particular country.
Who needs KYC?
KYC (Know Your Customer) procedures are relevant to almost all institutions that deal with money, including banks, credit unions, asset management firms, broker-dealers, financial technology apps (fintech apps), private lenders, and lending platforms1. Criminal activity in this sector can affect not just the financial institution involved but also other customers, and wider markets or economies1. KYC is a legal requirement for financial institutions and financial services companies to establish a customer’s identity and identify risk factors1. KYC procedures help prevent identity theft, money laundering, financial fraud, terrorism financing, and other financial crimes. Failure to meet KYC requirements can result in steep fines and penalties. KYC is also required for organizations in all industries, including Politically Exposed Persons (PEPs) who have relationships with politicians or government agencies, due to the increased risk of corruption and bribery.
What are the requirements for KYC?
Bank account ownership verification requirements vary in different jurisdictions, but generally, account owners must provide a government-issued ID as proof of identity. Some institutions require two forms of ID, such as a driver’s license, birth certificate, social security card, or passport1. In addition to confirming identity, the address must be validated. This can be done with proof of ID or with an accompanying document verifying the address on record1. Here are some examples of verification requirements for different types of accounts:
- Publicly traded companies: Publicly traded companies are required to provide information for the business entity itself, and for the individual opening the account. When setting up an account for a publicly-traded company, you may omit providing your personal address, date of birth, and last four digits of your Social Security Number by using the business address and inputting dummy digits such as “01-01-1981” (date of birth field) or “1111” (last four digits of Social Security number field). All other information must be provided for the company.
- Beneficial owners: Financial institutions are required to identify and verify the identity of beneficial owners of legal entity customers when opening a new account. Beneficial owner refers to either an individual who directly or indirectly owns 25 percent or more of the equity interest of a legal entity customer, or a single individual with significant management responsibility such as a CEO or President. Verification of the beneficial owners has the same requirements as verification of members.
- Domain and account ownership: To verify the ownership of your account or domain, you may need to provide acceptable documents such as a driver’s license, passport, or utility bill.
Overall, the verification process is important for fraud prevention and compliance with regulatory obligations. There are many bank account verification methods that businesses rely on to validate their customers’ account information, including micro deposits, sending bank statements, and using open banking.
What’s the difference between AML and KYC?
KYC (Know Your Customer) and AML (Anti-Money Laundering) are often used interchangeably, which can lead to confusion. However, they cover different aspects of a financial institution’s efforts to comply with laws and regulations governing money laundering and financial crime. Here is a breakdown of the differences between KYC and AML:
- AML: AML refers to the framework of legislation and regulation that financial institutions must follow to prevent money laundering, fraud, and financial crime. It is a set of measures that financial organizations put in place to prevent financial crimes from happening. AML includes elements such as client and data protection, execution of KYC and AML rules, identifying, tracking, reporting, and monitoring for suspicious activities. AML is a broader concept that covers how companies align their people, processes, and technology to uncover money laundering across the enterprise.
- KYC: KYC is a risk-based approach to customer identification and verification that forms part of AML requirements. It is the process of obtaining information about a customer and verifying their identity. KYC allows firms to take a risk-based approach to AML so that they can both identify their customers and understand what level of money laundering risk they present. KYC includes elements such as collecting customer information, developing customer risk profiles, and conducting ongoing monitoring to identify and report suspicious transactions. KYC is a subset of AML and pertains to the activities companies engage in to vet their customer relationships.
In summary, AML refers to the overall framework of legislation and regulation that financial institutions must follow to prevent money laundering, fraud, and financial crime, while KYC is a specific process within that framework that focuses on customer identification and verification. KYC is a key component of an AML program, but AML covers a broader range of measures and responsibilities for financial institutions.
What is SDD and EDD?
Customer Due Diligence (CDD) has separate tiers reflecting the level of checks that should be carried out – Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD).
SDD is used for customers and accounts at low risk of money-laundering involvement and involves simpler identity checks.
EDD is used when a customer is determined to pose a higher risk of money laundering or terrorist financing activity. Extra checks must be carried out to more fully understand activity, including transaction monitoring and checking of sanctions lists.
Who regulates KYC?
FATF provides regularly updated guidance for both KYC and AML, but it is up to individual countries’ governments to implement them into law for banks to comply with. A government regulator then oversees this.
Over 190 countries follow FATF guidance, with KYC and AML regulations enforced by national financial regulators. KYC is enacted into law in the US through the Patriot Act 2001 and controlled through the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN).
In Europe, KYC and AML are governed by the AMLD regulations (first issued and 1991 and most recently updated in 2021 with 6AMLD) and the eIDAS Regulations. The UK has similar regulation to Europe, enacted via the Proceeds of Crime Act 2002 and the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019).