Know your customer (KYC) is a process that is made up of an organisation’s policies and procedures that not only manage the potential risks posed by customers, clients and suppliers, but also verify their identities. This is a critical step in mitigating organisational risk, especially in the financial sector, as it ensures the institution is complying with the latest KYC regulations – both locally and internationally.
KYC processes are designed to help organisations comply with KYC legislation by targeting illegal activities such as money laundering, fraud, corruption and terrorism financing. So it’s no wonder KYC compliance requires due diligence on the part of the organisation and its appointed KYC specialists. They are required to:
- Pore over company data of prospective customers, and investigate high-ranking staff such as senior management and directors.
- Screen individuals and companies against the most recent sanctions lists and watchlists.
- Ensure individuals are not listed as a politically exposed person (PEP), which can potentially open them up to bribery and corruption.
In order to meet these requirements, robust know your customer rules must be outlined in a dedicated KYC policy. Typically, this document will include a number of key elements:
- Risk management: Outlining how customers are classified by risk level (i.e. low, medium or high).
- Customer acceptance policy: Used to determine whether to conduct business with a customer or client – or whether further due diligence is required.
- Customer identification program: Verifying KYC documents to effectively identify – or ‘know’ – your customer.
- Ongoing monitoring: KYC is not a set-and-forget strategy. There must be ongoing monitoring to ensure any unusual or illegal activities are spotted and brought to the attention of the proper authorities.
Why Does the KYC Procedure Matter?
Particularly for banks and financial institutions around the world, they are required to comply with a range of regulations that focus on illegal financial activities. Failure to comply with KYC regulations in your jurisdiction – such as those enforced by the Financial Crimes Enforcement Network (FinCEN) in the United States – can result in severe fines and even jail time.
However, approaching the KYC process as a way to benefit your organisation – rather than from a purely regulatory standpoint – is a more positive way to meet your obligations while minimising the risks. After all, a robust KYC procedure can help you better understand your customers and potential business partners, thereby making it easy to manage potential threats. And by conducting regular KYC checks, you can largely reduce any financial, reputational or regulatory damage that may be incurred by poor processes or non-compliance.
What is the Know Your Customer Rule Around Sanctions and Watchlists?
In addition to conducting ongoing KYC checks of your existing clients and any potential partners you wish to do business with, there are KYC regulations around checking national and international sanctions lists. Individuals and organisations may appear on these sanctions lists due to:
- Money laundering
- Terrorism and terrorist financing
- Drug trafficking
- Human-rights violations
- Arms proliferation
- Violation of international treaties
Because individuals and organisations may be listed or delisted without warning, it’s important you view the most up-to-date sanctions lists. Additionally, you should investigate the latest watchlists which include details on individuals, groups and businesses that require close monitoring and with whom it may not be recommended you do business.
Governments and certain authorities – such as the Office of Foreign Assets Control in the United States – establish and update these lists. However, managing these separately can be complicated, time-consuming and incur human error. That’s why it’s recommended you use a comprehensive screening tool like Nexis Diligence.
What is the KYC Regulation for Different Sectors?
While KYC procedures can be deployed across a range of industries, they are most commonly applied in the financial sector. This includes banking, financial services and even cryptocurrency.
KYC Processes for Banking
Banks that are arguably the largest and most vulnerable entities to money laundering activities, which is why KYC programs are so essential. As they provide a wealth of services to countless individuals, businesses and other financial institutions, as well as handling significant amounts of money and transactions, they must ensure their customers trust them to manage their finances – particularly as more banking activities go digital.
The good news is that while technology does raise new threat avenues to the banking sector, it is also improving KYC practices. Examples of this include faster identity verification, more accurate oversight of transactions, and greater reliability through APIs, artificial intelligence, machine learning, biometrics and optical character recognition (OCR), and more. With these valuable ID tools, financial services companies can gather the information they need in a more timely manner, and analyse it in real-time to help thwart illegal activities.
KYC Processes for Financial Institutions
While often lumped into the same category as banks, financial institutions may operate with less regulatory oversight – but that only means it is more vital that they deploy a robust KYC policy. It is ultimately up to each organisation to conduct their own KYC and to monitor the financial transactions of their customers to ensure no money laundering activities are taking place.
Some of these KYC monitoring duties include:
- Verifying where large sums of money originate from.
- Reporting any transactions that exceed the threshold limits
- Compliance with the latest AML laws
- Educating their staff and clients on AML policy.
As part of their due diligence, it’s advised that all financial services organisations keep thorough records on every financial transaction of significance.
KYC Processes for Cryptocurrency
Despite being a relatively new entrant to the economy, cryptocurrency organisations must comply with KYC legislation in much the same way as financial institutions – despite potentially less regulatory oversight.
Different countries tend to approach crypto differently, which makes developing a KYC crypto program more complex. The ultimate goal is to have a KYC verification process that shows regulators you have the internal tools to deter – and ultimately thwart – money laundering, terrorism financing, fraud and other financial crimes.
By ensuring your crypto company has effective KYC practices in place from the outset, money laundering will be less likely to occur on your platform. Collecting as much customer information as possible during onboarding will also strengthen your KYC monitoring process.
KYC Glossary Terms
To help clarify technical terms that you may find in KYC regulations or indeed within your own organisation’s KYC policy and processes, here is a glossary of some of the most frequently used terms.
KYCC: Know Your Customer's Customer
Beyond conducting KYC for your own customers, it’s important to recognise that they may have their own clients who could potentially raise money laundering risks. Shell companies, for example, can be used to protect the identities of criminals who wish to benefit from illicit transactions.
KYB: Know Your Business (KYB)
KYB is all about conducting due diligence on companies and the individuals within that comprise them, rather than traditional KYC which focuses on identity verification for individual customers. KYB should be carried out in the same way as KYC – that is, following policy for any businesses you plan on conducting business with.
eKYC: Electronic Know Your Customer
Particularly in a more digital and hyper-connected world, eKYC is a procedure that involves digitised KYC practices. In other words, a customer’s identity verification is done either electronically or online. Depending on your region, eKYC may be the norm rather than the exception. For example, 99% of adults in India have a digital identity that has been administered by the government (also known as an Aadhaar card).
How to Get KYC Processes Right
Nexis Diligence is a screening solution that contains AML, KYC and UOB data on millions of companies around the world. There is also additional data on blacklists, politically exposed people (PEP), sanctions lists, watchlists, and more, which means you can use the platform to perform your due diligence and find any and all ownership information in a single search to identify potential risks.