KYC, otherwise known as “Know Your Customer” or “Know Your Client,” is a set of procedures for verifying a customer’s identity when doing business with banks and other financial institutions. Compliance with KYC regulations can help keep money laundering, terrorism financing, and more run-of-the-mill fraud schemes at bay. Financial institutions can more accurately pinpoint suspicious activities by verifying a customer’s identity and intentions at the time of account opening and then understanding their transaction patterns.
Financial institutions have become subject to ever higher standards regarding KYC laws. They must spend more money to comply with KYC—or be subject to steep fines. These regulations mean that almost any business, platform, or organization interacting with a financial institution to open an account is subject to standard KYC procedures.
KYC is a standard due diligence process used by financial institutions and other financial services companies to assess and monitor customer risk and verify a customer’s identity. KYC ensures that a customer is who they say they are.
Under KYC, clients must provide credentials that prove their identity and address. Verification credentials can include ID card verification, face verification, biometric verification, and/or document verification. For proof of address, utility bills are an example of acceptable documentation.
KYC is a critical process for determining customer risk and whether the customer can meet the institution’s requirements to use their services. It is also a legal requirement to comply with Anti-Money Laundering (AML) laws. Financial institutions must ensure that clients are not engaging in criminal activities by using their services.
Why is KYC important?
By law, KYC is required for financial institutions to establish the legitimacy of a customer’s identity and identify risk factors. KYC procedures help prevent identity theft, money laundering, financial fraud, terrorism financing, and other financial crimes. Non-compliance can incur heavy penalties.
The U.S. Congress introduced KYC requirements in the 1990s to fight money laundering. Following the 9/11 attacks, the U.S. passed stricter laws around KYC as part of the Patriot Act. These changes had been in the works before 9/11, but the terrorist attacks provided the political momentum needed to enact them.
Title III of the Patriot Act requires that financial institutions deliver on two requirements to comply with the heightened KYC obligations: the Customer Identification Program (CIP) and Customer Due Diligence (CDD). Current KYC procedures embrace a risk-based approach to counteract identity theft, money laundering, and financial fraud:
- Identity Theft: KYC helps financial institutions establish proof of a customer’s legal identity. This can prevent fake account creation and identity thefts from forged or stolen identity documents.
- Money Laundering: Both organized and unorganized criminal sectors use dummy accounts in banks to store funding for narcotics, human trafficking, smuggling, racketeering, and more. By spreading the money out across a spread of accounts, these criminal sectors seek to avoid suspicion.
- Financial Fraud: KYC was designed to prevent duplicitous financial activities, such as using fake or stolen IDs to apply for a loan and receive funding with fraudulent accounts.
KYC is required for financial institutions that deal with customers during the opening and maintaining of accounts. Standard KYC procedures generally apply when a business onboards a new client or when a current client acquires a regulated product.
Financial institutions that need to comply with KYC protocols include:
- Credit unions
- Wealth management firms and broker-dealers
- Finance tech applications (fintech apps), depending on the activities in which they engage
- Private lenders and lending platforms
KYC regulations have become an increasingly critical issue for almost any institution that interacts with money (so, just about every business). While banks must comply with KYC to limit fraud, they also pass down that requirement to those organizations with whom they do business.
What triggers KYC?
Triggers for KYC can include:
- Unusual transaction activity
- New information or changes to the client
- Change in the client’s occupation
- Change in a client’s business
- Adding new parties to an account
For example, as a result of initial due diligence and ongoing monitoring, a bank might flag certain risk factors like frequent wire transfers, international transactions, and interactions with offshore financial centers. The bank will monitor a “high-risk” account more frequently and might ask the customer to explain his transactions or provide other information periodically.
What are the three components of KYC?
The three components of KYC include:
- Customer Identification Program (CIP): The customer is who they say they are
- Customer Due Diligence (CDD): Assess the customer’s level of risk, including reviewing the beneficial owners of a company
- Continuous monitoring: Check client transaction patterns and report suspicious activity on an ongoing basis
How much does KYC cost?
Financial institutions have reported spending $60 million annually, based on research conducted by Consult Hyperion in 2017. Some are spending up to $500 million each year on KYC, according to a 2016 Thomson Reuters survey.
Beyond the immediate cost of implementing processes, KYC has other costs associated with time and customer churn. Onboarding can take as long as one to three months, and 12% of businesses reported changing banks due to KYC issues.
Non-compliance with KYC regulations can lead to steep fines, which increase over time. In 2013 and 2014, $4.3 billion in fines were levied against financial institutions, a sum that quadrupled the penalties of the nine previous years combined. For example, JP Morgan was fined more than $2 billion for a failure to report suspicious activities.
KYC regulations have far-reaching implications for consumers and financial institutions alike. Financial institutions must follow KYC standards when working with a new client. Congress established these standards to fight financial crime, money laundering, terrorism funding, and other illegal financial activity.
Money-laundering and terrorist financing often rely on anonymously opened accounts. The increased emphasis on KYC regulation has led to increased reporting of suspicious transactions. A risk-based approach with KYC can help eliminate the risk of fraudulent activities and ensure a better customer experience.