What is KYC (Know Your Customer) in Banking?

“KYC”— you may have heard this term used in the context of banking and financial transactions. 

What does KYC in banking mean, and why is it so relevant in this age of digital transactions? 

KYC, or “Know Your Customer”, is actually an essential part of any reputable financial institution or payment company’s game plan. 

Without an understanding of KYC, KYC verification, and an action plan for executing the KYC process, financial institutions and payment companies can find themselves out of step with regulations and exposing themselves and their customers to risks.

What is KYC?

KYC is a set of regulations that control how a customer is identified and confirmed in order to have access to and control financial accounts. It helps an institution “know” its customer. 

From a practical standpoint, KYC makes it much harder to withdraw money from an account than to deposit it. This is so that the financial institution can confirm the identity of the customer and ascertain whether or not a transaction is legitimate.

KYC regulations exist in different iterations around the world. In the United States, KYC regulations did not exist until 2001 in the wake of September 11th. When the government realized that prominent financial institutions had been used to funnel money to these terrorist activities, it implemented laws that closely monitored how banks vet their customers.

Why is KYC in Banking Important?

From the perspective of a government, KYC in banking is so important because of the reasons stated above — it prevents terrorist or criminal funds from flowing towards terrorist or criminal activities. 

From the bank’s perspective, engaging in an effective KYC process is the best way to protect that institution’s interests and preserve its reputation by demonstrating that it is safe and in regulatory compliance.

There are also a bank’s financial interests to consider. Especially in the aftermath of 9/11, banks can face some serious fees if they are found slacking when it comes to KYC. 

In 2020 alone, it is estimated that banks incurred over 4 billion dollars in fines for KYC-related violations in the United States alone. Across the world, those fines totaled over 10 billion dollars that same year. Even the most seasoned banks can get in trouble; in fact, more than one-fifth of the banks fined during 2019 were on the list of the Top 50 biggest banks in the world.

KYC compliance is not a ‘maybe’ for banks or financial institutions in the digital age or in the wake of increased terrorist activity. It is a must. So, what does KYC involve? Let’s take a look.

The Components of KYC

KYC in the States addresses two main areas of concern: 

• a business’ Customer Identification Program, or CIP 
• and Customer Due Diligence, or CDD.

CIP, first and foremost, requires that financial institutions confirm a customer’s identity using official forms of identification, such as state or government-issued materials, including social security cards, driver’s licenses, and passports. 

Additionally, institutions need to enter into partnership agreements with any companies that are customers, request a proof of incorporation, and confirm the company’s identity via a government-issued business license. Financial institutions should feel free to request any additional data they may feel is necessary from either individuals or companies.

Many countries also require that financial institutions report any suspicious transactions to state or federal authorities. This involves doing some form of Customer Due Diligence. While financial institutions are not always required to conduct this due diligence, it is the easiest method by which they can flag suspicious activity and fulfill what is required — alerting authorities when suspicious activity takes place.

In essence, conducting CDD means asking a customer questions. These questions might include:

• What is the source of your funds?
• Why are you opening an account?
• What is the nature of your business?

These questions can serve as an essential first line of defense against fraudulent actors. Through these questions, financial institutions can ascertain how high a risk a customer is. 

If a customer is viewed as too high of a risk, they will not be allowed to open an account at that institution or payment company. When a high-risk customer is allowed to onboard, they are monitored on an ongoing basis. 

Any large wire transfers or offshore bank activity may trigger a red flag on that account, and the bank may freeze the account until the customer can clarify the legitimacy of the transaction.

KYC Guidelines

The exact requirements and KYC guidelines for banks and other financial institutions will vary from one country or region to the next, as previously discussed. 

Across the board, the goal with any KYC guidelines is to stop criminal or terrorist organizations from using a bank, financial institution, or payment company to engage in nefarious or criminal activities.

KYC guidelines typically suggest framing KYC policies around four areas of focus:

• A bank or business’ customer acceptance policy
• The procedures used to confirm a customer’s identity
• The procedures used to monitor transactions; and,
• How an organization manages risk

The overarching goal with all KYC efforts is to spot and flag criminal customers very early on in the customer relationship. In other words, KYC will help a business or financial institution flag a customer before they are ever able to make a fraudulent transaction.

What is a Customer under KYC?

You may think you can easily define what a “customer” is, but it is more detailed under the auspices of KYC. A customer in the context of KYC can be:

• an individual OR an entity with an account
• an individual OR an entity with a business relationship with the institution or business
• an individual on whose behalf an account is opened
• any beneficiary of a transaction (e.g. stockbroker, accountant, attorney)
• any individual OR any entity associated with a high-risk transaction (e.g. a wire transfer of millions of dollars) 

Getting KYC Right

When it comes to banking and financial systems, KYC is a must. Given that, how can a financial institution or payment company take the right approach to KYC? 

The Ukrainian online bank, Monobank, takes a good approach, requiring that each user enters a wealth of personal data and presents identity documents to the bank, including a proof of address and a passport or license.

In other financial organizations, an additional step is added to these basic requirements. A customer might be asked to take a selfie, for example, or even a selfie with a written generated code or one that includes an up-to-date newspaper. Companies such as TIFO and Treezor ask for standard selfies, but will request selfies with rights, when necessary.

When are these efforts too much, however? 

An overly complex KYC process can create pain points for the customer, preventing them from completing the registration or onboarding process. Considering the context is important. For example, a customer might be much more willing to go through a complex KYC process if they are to receive money at the end of that transaction.

KYC Solutions

There are also solutions out there for simplifying the KYC process, including those that leverage the power of Artificial Intelligence. 

Whether performing KYC due diligence or KYB (Know Your Business), companies can use these so-called KYC “liveness” solutions to make KYC an easier process for customers. The customer sends a scanned image of their government ID along with a selfie to the financial institution. 

The solution then uses auto-detection of forgery and spoofing to confirm the veracity of the selfie and the government-issued ID. While some of these solutions actually exceed standard regulatory requirements, they do offer the ‘above and beyond’ efforts that some financial institutions may need.

One such solution is ubble. This verification system based on AI technology lets the user submit a photo of a document, then uses that document to quickly fill out complex forms that would slow down the process if filled in by the human user. 

These user-friendly solutions provide an innovative way for banks and financial institutions to onboard customers safely and within regulatory guidelines without creating too many pain points or too much friction.

Digital KYC (eKYC): Transforming Customer Onboarding

Financial institutions used to spend absurd sums on KYC every year, but that doesn’t have to be the case. In fact, even if spending isn’t an issue for your institution, why settle for outdated models that slow the process down, diminish its accuracy, and present challenges? This is not the S-PRO way, so let’s talk about eKYC, the new way forward for onboarding.

Banking can be slow to change at times, but eKYC is more than worth the effort. For example, it automated many of the typical processes, which are mainstay KYC requirements. Any modern financial business already uses specialized tools for identity verification and screening. So eKYC takes it further by introducing new technologies to completely remove the need for human intervention in these processes.

This eliminates any sort of capacity issues you may face, especially in times of a shrinking economy and workforce, while well-trained models handle assessments for you. Granted, this means spending a substantial sum to receive top-of-the-line tools, but you’ll make up for it in the end.

What this means for clients is the elimination of annoying wait times or unending rounds of check-ups caused by agents who may slip up in their initial judgments. After all, we’re all human, and the quotas set for KYC teams often push them to stretch their capabilities. This way, though, you let your team handle the more complex problems while the software deals with the rest.

Another critical point for banks is that eKYC can enhance their security practices, as all data processed through the tools is encrypted. This removes the human risk factor when handling sensitive financial information. Thus, you’re both staying compliant with the relevant regulations and guaranteeing customers a secure service.

AI and Machine Learning in KYC: From Automation to Risk Scoring

All of the above benefits of using digital KYC can be achieved in a few different ways, but we won’t surprise anyone by saying that most banking institutions nowadays opt to do so with AI. This technology has taken over most industries, and banks are no exception. However, it’s too often presented as some magic cure for every problem, which it certainly isn’t.

So, what do AI and ML actually achieve for banks seeking to improve their KYC? Let’s start with automation. As we pointed out earlier, you can set up systems that will check client IDs, verify their personas, and communicate basic onboarding info, all with minimal human input. Thanks to large language models, this will also be done in adherence with your company’s tone-of-voice and communication standards.

Then there’s the process of filling out other KYC requirements, such as ongoing monitoring and reporting. These shouldn’t be left entirely unmanned, but AI can actually be extra-powerful here. For one, it can spot even the tiniest discrepancies in activity or information, identifying potentially fraudulent transactions or customers with links to criminal activity.

Plus, as your model of choice learns from existing data, it will be able to filter out bad actors with higher precision and address them proactively. This will also help you follow regulations by submitting timely and comprehensive reports to the relevant authorities.

Those reports can also be handled by AI, aggregating data over a given period and breaking it down into concise documents with visualizations and all relevant information summarized. As a result, you free up employees from routine report-making while still ensuring due diligence.

Lastly, AI can be very useful for internal training and knowledge base access, providing employees with quick consultations on legal questions. This will help avoid false positives and slowdowns while your staff consults with experts or reviews internal documentation.

KYC Requirements for Banks: Navigating National and International Regulations

At the international level, Know Your Customer (KYC) requirements are regulated through a number of international organizations and standards. For example, Financial Action Against Money Laundering (FATF) Recommendations set general standards to prevent money laundering and terrorist financing. These recommendations form the basis for many national regulatory frameworks.

Let's talk about KYC in banking and other sectors for specific regions.

In the European Union, members have a significant degree of autonomy, which affects KYC requirements. However, the EU is slowly moving towards a more unified approach. 

For example, the EU introduced the Fifth and Sixth Anti-Money Laundering Directive (AMLD), setting out rules to combat money laundering and terrorist financing. The guidelines require the implementation of CDD (сustomer due diligence) procedures, the identification of beneficial owners, and the establishment of risk-based monitoring procedures.

The United Kingdom has its own Money Laundering, Terrorist Financing, and Transfer of Funds Regulations. The Financial Conduct Authority (FCA) recommends institutions apply the FATF approach and use a five-point framework for identity verification. It includes gathering evidence, checking its validity and activity, detecting fraud with personal data, and verifying identity.

What about the United States? Here, KYC requirements are regulated through the Bank Secrecy Act (BSA) and the USA PATRIOT Act. Financial institutions follow the Financial Crimes Enforcement Network (FinCEN) customer identification programs and assessment rules.

It is worth noting that the KYC rules are constantly updated. With digitization, they include digital identity verification methods such as blockchain or biometric authentication. Started with KYC requirements for banks, today, the regulations are extended to other sectors, from legal services and real estate to virtual asset service providers. At the same time, regulators introduce stricter requirements for companies to use KYC data only as intended.

KYC in Banking: Best Practices for Ensuring Compliance and Enhancing Security

To improve KYC in banking, we recommend the following practices:

• Consider the constant changes in the regulatory environment. Actively monitor updates and changes in laws, directives, and guidelines — and modify your compliance programs.
• Forget the one-size-fits-all approach to risk assessment and use different methods and tools. For example, use the analysis of the client's ability to pay, a check of the previous history of transactions, or an assessment of the client's geographical origin.
• Use robust security measures such as encryption, two-factor authentication, and access control. You must protect customer information from unauthorized access and misuse and ensure compliance with KYC requirements for banks.
• Try biometrics, facial analysis, and optical character recognition (OCR) for fast and accurate customer identification during KYC.
• Collaborate with other banks and financial institutions to share customer data through various platforms and initiatives. This allows for efficient information allocation and reduces the need to re-verify customers.
• Implement artificial intelligence and machine learning algorithms to automate and optimize KYC processes. You will be able to identify behavior patterns and detect potentially suspicious transactions or activities.

Here's how the world's largest banks excelled in the Know Your Customer policy:

• Following “the Global Laundromat” scandal, HSBC, the world's seventh-largest bank by assets, has partnered with AI tech startup Ayasdi. This allows them to more effectively monitor AML transactions, as well as better know customers and their relationships with related parties.
• JPMorgan Chase, Bank of America, Citigroup, and HSBC were among the first to join the Swift KYC registry. This register, which currently has 7,000 financial institutions, allows the exchange of customer data with counterparties to reduce the risks of fraud and money laundering.
• In 2017, the Spanish bank BBVA, through a partnership with Samsung, became the first to integrate the iris scanning function into a mobile application.

Conclusion

Verification of customer identity and validation of transactions through the KYC process is not optional in today’s world of finance. 

Taking the right steps to build an effective KYC process is not that difficult, thankfully, especially with the wealth of software solutions out there to help. 

If you want to explore your own KYC process options, consult with development professionals who can help you customize the right KYC answer for your company.