What does Know Your Customer mean?
KYC verification is the process of gathering customers’ data and verifying their identity. Typically, companies conduct KYC checks in riskier scenarios, such as:
- When a customer makes a large transaction (AML regulations require financial institutions to proceed with KYC for security reasons)
- When a customer establishes a business relationship (for example, during the onboarding process or before opening a bank account)
- When a customer is flagged for suspicious person (for example, if they’re suspected of being linked to potential criminal activity, such as money laundering)
Identity verification or KYC compliance checks mean that a company is familiar with its customers and their financial transactions.
Automatically, that makes KYC-compliant companies more aware of suspicious activity, helping them reduce severe risks, including being exploited for money laundering reasons.
How does the KYC process work?
KYC involves checking new customers who provide identity documents, such as a valid ID card, passport, or driver’s license.
It helps businesses understand who they’re interacting with better. Typically, after the company collects the customer’s identity data, this information is verified through third-party resources, such as state authorities.
Once a customer finishes their identity verification procedure, the company can choose to keep the data for monitoring purposes in order to detect any potential fraudulent activity during other stages of the customer journey.
The customer may also be asked to provide additional documents for security reasons. For example, AML compliance involves asking the customer to provide proof of address (PoA).
That’s why KYC overlaps with AML compliance and can get tricky for some.
Usually, the KYC process involves:
- Verifying the customer’s identity
- Screening the customer against third-party databases
- Determining the customer’s risk profile
- Continuing with ongoing monitoring to prevent fraud
Customer Due Diligence (CDD)
While KYC helps companies understand the level of money laundering risks by verifying customers’ identities, standard CDD measures guide businesses to take a risk-based approach to AML.
That means businesses need to follow due diligence to assess customer risk levels, as FATF recommends.
If the customer is low-risk, businesses must follow standard CDD measures which include:
- Identifying and verifying customers’ identities
- Identifying and verifying beneficial owners (anyone who owns 25% or more)
- Conducting ongoing due diligence and developing risk profiles
- Continuously monitoring customers and their transactions
Depending on the risk level of each customer, you can choose the type of CDD measures:
Basic Due Diligence (BDD)
When the company must collect and verify basic information to decrease risk. For example, when a business deals with a new customer, it applies BDD to verify their identity and assess the risk associated with the customer.
Simplified Due Diligence (SDD)
When there’s a low risk of fraud, money laundering, or terrorism. For example, if a customer opens a savings account with a small balance, the bank may choose to apply SDD.
Enhanced Due Diligence (EDD)
When the company needs to gather additional data for higher-risk individuals, such as Politically Exposed Persons (PEPs).
For example, companies must apply EDD when dealing with high-value transactions, which indicates a higher risk of money laundering or terrorist financing. This could involve additionally verifying the sources of funds.
It is important to remember that customer due diligence is a flexible approach that allows companies to tailor their measures to the specific risk associated with the customer or transaction.
Continuous Monitoring
To ensure KYC and AML compliance, companies must monitor account activity throughout the whole business relationship. That said, continuous monitoring is the last yet most important component of any effective KYC program.
Monitoring customers, screening their transactions, and reporting suspicious activity are a must to stay compliant.
Watch out for the following indicators:
- Unusual transactions (such as a large cash deposit or a series of transactions that are outside the customer’s normal behavior)
- Suspicious behavior (such as frequent withdrawals of atypically large amounts or transactions in high-risk areas known for potential money laundering)
- Unverifiable information (such as submitting false information, fake identity documents, or being unable to provide proof of source of income)
- Sanctions and embargoes (such as identifying a transaction involving a sanctioned or embargoed entity, including new additions on PEP, adverse media, and sanctions lists)