Do you really know your customers? Do you have an accurate, efficient way to verify their identities before granting them access to your products, services and systems architecture? How much is it costing you to achieve that?
The expansion of digital economies and the evolution of cyber security threats make these questions more important than ever. Here, we’re going to discuss the meaning of KYC and its importance. We’ll also consider 6 ways to better-know your customer identity as a means of protecting your interests, and those of your customers.
How does KYC work?
Know Your Customer (KYC), also called Know Your Client, is a set of regulatory standards to which investments and financial services, businesses and organizations are held accountable.
The purpose of KYC standards is, first and foremost, to identify and verify the client and customer identity, plus their financial and fraud-risk profiles.
KYC verification starts from the moment users, customers and clients attempt to open an account for performing any financial transactions.
After initial KYC verification, re-verification can also apply at specific points in the customer journey as part of the KYC-regulated entity’s identity management processes.
This re-verification process ensures that attempted use of the originally-verified account and user identity remain consistent with the identity of the originally-verified user.
It also prevents cybercriminals and other bad actors from accessing and compromising customer accounts for fraud and data-theft purposes.
What are the steps of a KYC Compliance Program?
KYC verification starts with identifying who your customer is. To do this, the KYC-regulated party must verify customers’ digital and physical identities.
This personally identifiable information (PI) can include:
Names
Date of birth
Address
Identification number – i.e., social security number
Facial biometrics and physical features
To comply with KYC regulations in a globalized world, global identity verification is non-negotiable.
Exact policies may differ, depending on a variety of factors. These factors include the size and location of an institution, the types of accounts it uses, the methods of opening those accounts, and the information that’s available for identification.
Institutions will often verify these credentials through ID and other documents, or by comparing them to information shared by consumer reporting agencies, public government databases, or other measures.
What comes next?
Verifying a customer’s identity is just the first step.
Once this is done, institutions must do due diligence to manage risk and determine if a potential customer is trustworthy.
There are three levels of due diligence, stratified according to risk:
Simplified Due Diligence
This refers to situations where the risk of financial crime, money laundering or terrorist funding is considered low. As a result, there’s no need to investigate further.
Basic Customer Due Diligence (CDD)
Where there is a possibility of risk, organizations need to assess the nature and extent of that risk. To do this, they collect more information about the customer. This may include deeper identity verification, or information about the customer’s business activities.
Enhanced Due Diligence (EDD)
For higher risk clients, it’s necessary to go further. As part of EDD, an institution will collect more detailed information about the customer’s business activity, market engagement and even associated entities.
The final step in a KYC program consists of ongoing monitoring for irregularities. These include spikes in activity, adverse media mentions, unusual location behaviors, and more. The level of ongoing monitoring depends on the institution’s risk assessment of their client.
Why is KYC important?
KYC verification standards protect institutions and customers from various potential risks. For customers, KYC standards help to fight and prevent identity theft and other financial fraud that bad actors may try to commit in their name. For an institution, KYC standards help mitigate the risks of money laundering, financing of terrorism, and other forms of financial crimes that harm the institution, its customers, and its country. Additionally, failure to comply can lead to heavy penalties levied upon these institutions. Across the world, the adoption of KYC regulations is leading to greater transparency and better outcomes for all.
KYC vs. AML
The phrases Know Your Customer (KYC) and Anti-Money Laundering (AML) often occur together. In fact, they’re often used interchangeably, as if they mean the same thing. While they are closely related, it’s essential to distinguish between them. The key difference is that AML is a broad policy framework that includes a variety of regulations, policies and techniques, one of which is KYC.
The AML framework aims to detect and prevent financial crimes such as money laundering, tax evasion, and the financing of terrorist organizations. AML screening is one of the mechanisms that enables institutions to mitigate risks and detect fraudulent activity. AML screening software is designed to determine whether the customer is linked to negative media, or is subject to any bans or sanctions. These factors are essential elements of overall risk assessment.
KYC within AML
But before AML screening can take place, you need robust KYC processes to make sure that you know who you’re dealing with. KYC uses the Personally identifiable information (PII) of humans interacting with a system to verify that they are who they say they are. For this reason, KYC is usually the first step in an organization’s AML process. Once you know who your customers are and are confident that their identities are genuine, you can adequately assess the risk you’re exposed to and implement further AML measures.
How Often Should KYC be Updated?
But KYC can only provide that foundation if it keeps up with changes in customers’ lives. Some of your customers’ PII can change, such as addresses, contact numbers, or document numbers. More importantly, risk profiles can change drastically over time. Institutions must also remain compliant when KYC regulations evolve to adapt to new forms of commerce.
As a result, knowing your customer doesn’t end with onboarding. It continues with ongoing monitoring, also known as KYC remediation. This involves bringing customer data up to date regularly.
The exact frequency varies, but the higher the risk, the more often this needs to happen. As a general rule of thumb, remediation should occur every 6 to 36 months.
What Does KYC Monitoring Look For?
The customer’s risk profile determines the exact parameters of the monitoring process. For higher risk customers, monitoring takes a variety of factors into account. They include, but aren’t limited to:
- Adverse media
- Sanction lists
- Erratic behavior or sudden changes in activity
- Transnational activity
When issues like this are flagged, a Suspicious Activity Report (SAR) may be filed in order for the bank or institution to make necessary adjustments.
How do KYC standards help prevent identity theft, money laundering, and financial fraud?
It’s impossible to prevent all the nefarious activity out there completely. But KYC standards provide institutions and their customers with safeguards against ever-present risks. Verifying customer identities and assessing their activities’ risk is essential to the institution-customer relationship. In addition, a detailed understanding of their customers’ identities and activities enables institutions to determine their validity, ultimately protecting both parties.
Gaining the edge over financial crime does come with a cost, however. LexisNexis’ Global True Cost of Compliance 2020 report showed that financial institutions spent significantly more on financial crime compliance in 2020 than in previous years – as much as $213.9 billion.
KYC for onboarding accounted for a large part of this cost, especially in the Asia Pacific region. Going forward, financial institutions will need to optimize KYC processes, at the lowest possible cost. Here are some ways that KYC processes can adapt to meet this challenge.
6 tips that will help you to know your customer better
Improving KYC processes means balancing technology and human resources to minimize cost, without compromising quality.
Embrace automation, intelligently.
Many of the processes involved in collecting and analyzing customer data can be automated. That doesn’t mean you can completely eliminate human input and the time cost it brings. But it does mean less redundancy and less error.
Focus on data quality
Your KYC process is only as good as the data collection that underlies it. Problems with data quality may account for over a quarter of operational costs. There are several steps you can take to ensure your data is correct, complete and timely:
- Data quality review by a third party
- Implement strict oversight on all manual processes
- Incorporate adverse media data into screening
Monitoring and remediation
KYC verification and onboarding are the beginning, not the end. Existing KYC data needs to be refreshed to ensure its accuracy and completeness. New information needs to be incorporated, whether this comes from media, or changes in a customer’s behavior and risk profile.
Create solid due diligence checklists
Customers call for different types of due diligence: individuals, businesses, high risk, and low risk. Accurate risk assessment helps institutions to allocate resources appropriately and develop more detailed profiles.
Use electronic identity verification
In a digital age, electronic identity verification is simply non-negotiable. Identity verification software makes identity theft much more difficult. It also helps institutions to scale operations while simultaneously reducing labor. In addition, quicker turnaround times lead to greater customer satisfaction. Crucially, the identity verification tools of the future are fully automated, with no human input.
Provide good customer experiences
Customers know that KYC regulations are necessary. But you should avoid frustrating them with lengthy, complex procedures. Simplicity is key to successful onboarding. Make sure your process is well-structured, clear, and easy to understand, even for people without technical skills.
As customers raise their standards and expectations, businesses need to keep up. Compliance teams can learn about creating friction-free journeys from the world of Customer Relationship Management (CRM).