What is KYC?
Know Your Customer (KYC) procedures are a critical function to assess customer risk and a legal requirement to comply with Anti-Money Laundering (AML) laws. Effective KYC involves knowing a customer’s identity, their financial activities and the risk they pose.
Customer Identification Program | Customer Due Diligence | Ongoing monitoring | Corporate KYC | eKYC verification | Mobile KYC | KYC requirements | Global KYC compliance | Some KYC laws around the world
Do you know your customer? At any rate, you ought to. If you’re a financial institution (FI), you could face possible fines, sanctions and reputational damage if you help enable money laundering or terrorist financing. More importantly, KYC process is a fundamental practice to protect your organization from fraud and losses resulting from illegal funds and transactions.
“KYC” refers to the steps taken by a financial institution (or business) to:
- Establish customer identity
- Understand the nature of the customer’s activities (primary goal is to satisfy that the source of the customer’s funds is legitimate)
- Assess money laundering risks associated with that customer for purposes of monitoring the customer’s activities
To create and run an effective KYC program requires the following elements:
1) Customer Identification Program (CIP)
How do you know someone is who they say they are? After all, identity theft is widespread, affecting over 16.7 million U.S. consumers and accounting for 16.8 billion dollars stolen in 2017. For obliged entities, such as financial institutions, it’s more than a financial risk – it’s the law.
In the U.S., the CIP mandates that any individual conducting financial transactions needs to have their identity verified. Provisioned in the Patriot Act, the CIP is designed to limit money laundering, terrorism funding, corruption and other illegal activities. Other jurisdictions have similar provisions; over 190 jurisdictions around the world have committed to recommendations from the Financial Action Task Force (FATF), a pan-government organization designed to fight money laundering. These recommendations include identity verification procedures.
The desired outcome is that obliged entities accurately identify their customers.
A critical element to a successful CIP is a risk assessment, both at the institutional level and at the level of procedures for each account. While the CIP provides guidance, it’s up to the individual institution to determine the exact level of risk and policy for that risk level.
The minimum requirements to open an individual financial account are clearly delimited in the CIP:
Date of birth
While gathering this information during account opening is sufficient, the institution must verify the identity of the account holder “within a reasonable time.” Procedures for identity verification include documents, non-documentary methods (these may include comparing the information provided by the customer with consumer reporting agencies, public databases, among other due diligence measures), or a combination of both.
These procedures are at the core of CIP; as with other Anti-Money Laundering (AML) compliance requirements, these policies shouldn’t be followed willy-nilly. They need to be clarified and codified to provide continued guidance to staff, executives and for the benefit of regulators.
The exact policies depend on the risk-based approach of the institution and may consider factors such as:
The types of accounts offered by the bank
The bank’s methods of opening accounts
The types of identifying information available
The bank’s size, location and customer base, including the types of products and services used by customers in different geographic locations