“KYC”— you may have heard this term used in the context of banking and financial transactions.
What does KYC in banking mean, and why is it so relevant in this age of digital transactions?
KYC, or “Know Your Customer”, is actually an essential part of any reputable financial institution or payment company’s game plan.
Without an understanding of KYC, KYC verification, and an action plan for executing the KYC process, financial institutions and payment companies can find themselves out of step with regulations and exposing themselves and their customers to risks.
What is KYC?
KYC is a set of regulations that control how a customer is identified and confirmed in order to have access to and control financial accounts. It helps an institution “know” its customer.
From a practical standpoint, KYC makes it much harder to withdraw money from an account than to deposit it. This is so that the financial institution can confirm the identity of the customer and ascertain whether or not a transaction is legitimate.
KYC regulations exist in different iterations around the world. In the United States, KYC regulations did not exist until 2001 in the wake of September 11th. When the government realized that prominent financial institutions had been used to funnel money to these terrorist activities, it implemented laws that closely monitored how banks vet their customers.
Why is KYC in Banking Important?
From the perspective of a government, KYC in banking is so important because of the reasons stated above — it prevents terrorist or criminal funds from flowing towards terrorist or criminal activities.
From the bank’s perspective, engaging in an effective KYC process is the best way to protect that institution’s interests and preserve its reputation by demonstrating that it is safe and in regulatory compliance.
There are also a bank’s financial interests to consider. Especially in the aftermath of 9/11, banks can face some serious fees if they are found slacking when it comes to KYC.
In 2020 alone, it is estimated that banks incurred over 4 billion dollars in fines for KYC-related violations in the United States alone. Across the world, those fines totaled over 10 billion dollars that same year. Even the most seasoned banks can get in trouble; in fact, more than one-fifth of the banks fined during 2019 were on the list of the Top 50 biggest banks in the world.
KYC compliance is not a ‘maybe’ for banks or financial institutions in the digital age or in the wake of increased terrorist activity. It is a must. So, what does KYC involve? Let’s take a look.
The Components of KYC
KYC in the States addresses two main areas of concern:
- a business’ Customer Identification Program, or CIP
- and Customer Due Diligence, or CDD.
CIP, first and foremost, requires that financial institutions confirm a customer’s identity using official forms of identification, such as state or government-issued materials, including social security cards, driver’s licenses, and passports.
Additionally, institutions need to enter into partnership agreements with any companies that are customers, request a proof of incorporation, and confirm the company’s identity via a government-issued business license. Financial institutions should feel free to request any additional data they may feel is necessary from either individuals or companies.
Many countries also require that financial institutions report any suspicious transactions to state or federal authorities. This involves doing some form of Customer Due Diligence. While financial institutions are not always required to conduct this due diligence, it is the easiest method by which they can flag suspicious activity and fulfill what is required — alerting authorities when suspicious activity takes place.
In essence, conducting CDD means asking a customer questions. These questions might include:
- What is the source of your funds?
- Why are you opening an account?
- What is the nature of your business?
These questions can serve as an essential first line of defense against fraudulent actors. Through these questions, financial institutions can ascertain how high a risk a customer is.
If a customer is viewed as too high of a risk, they will not be allowed to open an account at that institution or payment company. When a high-risk customer is allowed to onboard, they are monitored on an ongoing basis.
Any large wire transfers or offshore bank activity may trigger a red flag on that account, and the bank may freeze the account until the customer can clarify the legitimacy of the transaction.
The exact requirements and KYC guidelines for banks and other financial institutions will vary from one country or region to the next, as previously discussed.
Across the board, the goal with any KYC guidelines is to stop criminal or terrorist organizations from using a bank, financial institution, or payment company to engage in nefarious or criminal activities.
KYC guidelines typically suggest framing KYC policies around four areas of focus:
- A bank or business’ customer acceptance policy
- The procedures used to confirm a customer’s identity
- The procedures used to monitor transactions; and,
- How an organization manages risk
The overarching goal with all KYC efforts is to spot and flag criminal customers very early on in the customer relationship. In other words, KYC will help a business or financial institution flag a customer before they are ever able to make a fraudulent transaction.
What is a Customer under KYC?
You may think you can easily define what a “customer” is, but it is more detailed under the auspices of KYC. A customer in the context of KYC can be:
- an individual OR an entity with an account
- an individual OR an entity with a business relationship with the institution or business
- an individual on whose behalf an account is opened
- any beneficiary of a transaction (e.g. stockbroker, accountant, attorney)
- any individual OR any entity associated with a high-risk transaction (e.g. a wire transfer of millions of dollars)
Getting KYC Right
When it comes to banking and financial systems, KYC is a must. Given that, how can a financial institution or payment company take the right approach to KYC?
The Ukrainian online bank, Monobank, takes a good approach, requiring that each user enters a wealth of personal data and presents identity documents to the bank, including a proof of address and a passport or license.
In other financial organizations, an additional step is added to these basic requirements. A customer might be asked to take a selfie, for example, or even a selfie with a written generated code or one that includes an up-to-date newspaper. Companies such as TIFO and Treezor ask for standard selfies, but will request selfies with rights, when necessary.
When are these efforts too much, however?
An overly complex KYC process can create pain points for the customer, preventing them from completing the registration or onboarding process. Considering the context is important. For example, a customer might be much more willing to go through a complex KYC process if they are to receive money at the end of that transaction.
There are also solutions out there for simplifying the KYC process, including those that leverage the power of Artificial Intelligence.
Whether performing KYC due diligence or KYB (Know Your Business), companies can use these so-called KYC “liveness” solutions to make KYC an easier process for customers. The customer sends a scanned image of their government ID along with a selfie to the financial institution.
The solution then uses auto-detection of forgery and spoofing to confirm the veracity of the selfie and the government-issued ID. While some of these solutions actually exceed standard regulatory requirements, they do offer the ‘above and beyond’ efforts that some financial institutions may need.
One such solution is ubble. This verification system based on AI technology lets the user submit a photo of a document, then uses that document to quickly fill out complex forms that would slow down the process if filled in by the human user.
These user-friendly solutions provide an innovative way for banks and financial institutions to onboard customers safely and within regulatory guidelines without creating too many pain points or too much friction.
Verification of customer identity and validation of transactions through the KYC process is not optional in today’s world of finance.
Taking the right steps to build an effective KYC process is not that difficult, thankfully, especially with the wealth of software solutions out there to help.
If you want to explore your own KYC process options, consult with development professionals who can help you customize the right KYC answer for your company.