What does know your customer (KYC) look like in the year 2022, some 20+ years after mandatory requirements for Customer Identification Programs? Knowing your customer, like all other requirements within the Bank Secrecy Act, has continued to evolve since it was enacted. Nowadays, KYC is so much more than collecting the four minimum pieces of identifying information required under the USA PATRIOT Act Section326 Customer Identification Program.
Throughout the evolution of knowing your customer, and applying that criteria to aid with accomplishing why the Bank Secrecy Act was established more than fifty years ago, more diligence is needed. It is more critical now than ever before to collect meaningful information that can be used to not only know your customer but truly understanding what their transactions are expected to look like, where they expect to send or receive transactions to/from, the types and volumes of transactions they plan to send or receive, among many other components.
The concept of knowing your customer begins during the onboarding process, at the time of account inception. The important minutes spent with the customer are vital to a strong know your customer process. This is the opportune time, when the customer is fully engaged, to inquire about how the customer plans to use their account or engage in their relationship with the bank. Trust is being established with the customer, and they should be informed of the importance of the bank understanding this information, and how the information serves many purposes, especially aiding the bank in protecting them and their accounts from potentially fraudulent schemes and activity.
Data integrity is of utmost importance when it comes to knowing your customer. If customer data is not accurate, it can skew the analytics for suspicious activity monitoring and initial / ongoing customer risk ratings, which are the key drivers of KYC and customer due diligence(CDD). Over the past few years there have been many discussions about time spent on higher risk customers, who actually is a high risk customer, or how often KYC information should be updated. The concept of reviewing and updating information changed with the implementation of the customer due diligence final rule, specifically in regards to updating beneficial ownership information when the guidance allowed a bank to recertify the information when risk-based triggering events occurred opposed to a scheduled recertification process. This change in mindset of a required timeframe for a review has further supported the concept of perpetual KYC (pKYC) for ongoing compliance.
pKYC can be very beneficial for an organization and help streamline the customer due diligence and enhanced due diligence process, but there are many components that have to work together to makep KYC successful. As previously mentioned, first and foremost is the importance of information collected at account inception for identity and also for expected activity and uses of the account or relationship.Thisinformationisusedtodevelopabaselineforactivityandforcustomerrisk.Applyingthatinformationthroughouttherelationshipofthecustomer,alongwithsuspiciousactivitymonitoringanalyticsallowsanorganizationtofocusresourcesonreviewingthosecustomersthatfalloutsiderisktoleranceparameters,as opposed to conducting voluminous blanket reviews of the entire customer population, absent of whether an event that causing an elevation in risk.
Additionally, with the shift in the financial industry to more intimately consider technology advances, and especially since the pandemic over the past two years, financial institutions have shifted focus to identifying ways to leverage technology that will allow them to become more efficient and to streamline processes, including making banking a lot faster for their customers. From a KYC perspective, it will be interesting to see how blockchain will be adopted in the future to accomplish the goals of KYC since this opportunity can be very beneficial if utilized appropriately; more to come as this concept becomes more socialized.
As always, KYC is the foundation to building robust BSA/AML/Sanctions and Fraud programs within an organization and will continue to evolve with the changes in the industry from regulatory focus and changing requirements to sophistication and deployment of technology.