KYC process steps

Know your customer (KYC) standards are required for any bank or financial institution. But what is KYC and its purpose? These standards help institutions establish their customers’ identities and enable them to determine the likelihood of a customer committing some sort of financial crime. This process protects banks, financial institutions, and their customers from such crimes.

The industries most vulnerable to financial crimes and, thus, the ones that most benefit from KYC regulations are financial services (for example, banking, payments, remittance, lending, and fintech) and gambling. Despite these industries differing from each other, the process of verifying a potential customer’s identity is similar. This guide goes over what the KYC process is, what is included in each step, and the legislation that directs it. This will protect your institution against financial crimes and keep it compliant with your national regulations. 

What is AML and KYC compliance?

Anti-money laundering (AML) and KYC compliance refers to whether financial institutions are meeting the AML and KYC standards and laws set by their local legislation. These standards may vary from country to country. For example, the USA PATRIOT Act that sets requirements for US-based institutions. UK-based institutions must comply with Proceeds of Crime Act 2002 and The Financial Services and Markets Act 2000 (FSMA), among others. Canadian financial institutions must follow the regulations set by the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

However, financial institutions across the globe should also comply with the requirements set by the Financial Action Task Force (FATF) to combat money laundering, terrorist financing, and other threats to financial systems. This body was established in 1989 and has 39 member countries.

Among the FATF’s recommendations for member countries are to:

• prohibit the creation and use of anonymous accounts or accounts in fictitious names.
• verify a customer’s identity using reliable, independent source documents, data, or information.
• conduct enhanced ongoing monitoring of business relationships with politically exposed people.

When countries require their financial institutions to comply with the recommendations set by the FATF, as well as the requirements set by the country’s legislation, the institutions maintain their financial integrity. A remediation process ensures that the institutions remain compliant with regulations set by legislation.

What is remediation in KYC?

The KYC remediation process is a financial institution’s way of ensuring that they stay compliant with government regulations related to verifying customers’ identities. This stretches beyond just onboarding and requires financial organizations to verify the identities of current customers as well. During this process, institutions clean up existing data on customers to make sure everything is up to date.

The remediation process has four steps:

1. Determine which customers to look into. It’s especially important to find out more information on customers who haven’t made a transaction in a while or those who have made multiple transactions. 
2. Update outdated information. Automating your KYC update can make it quicker and more efficient for both your organization and the customers.
3. Collect any missing data from a customer’s profile. Make sure to verify that any new information provided is accurate and authentic.
4. Add the updated data to the customer’s profile. Doing so will help you keep track of how well you’re keeping up with compliance requirements.

To aid you in your onboarding and remediation processes, you need the assistance of an identity verification company like Onfido.

What is the KYC onboarding process with Onfido?

The Onfido Real Identity Platform helps businesses satisfy KYC and AML compliance at onboarding without introducing unnecessary friction for genuine customers. We help businesses address these KYC process steps in four ways: 

1. Document capture: During the onboarding process, prospective customers take a photo of their government-issued identity document (such as a passport, driver’s license, or national identity card) using their smartphone. Onfido’s AI assesses the document for fraud, scanning for fraud markers with pixel precision in seconds.
2. Biometric capture: Protect your business from stolen IDs and impersonation fraud with facial biometric verification. All a customer is asked to do is take a selfie or short asynchronous video using their smartphone or webcam. Onfido’s Atlas™  AI assesses for liveness and sophisticated biometric fraud such as 2D and 3D masks, returning a facial match score in seconds.
3. Screening against trusted data sources and compliance watchlists: Using name, date or birth, and address data submitted by the customer or automatically extracted from a document, Onfido screens against global data sources such as credit databases and PEPs, sanctions, and adverse media watchlists, helping businesses to detect synthetic identities and potential compliance risks.
4. Layering in smarter fraud detection technologies: Onfido leverages passive signals such as device information, geo-location, and photoshop detection to provide an additional layer of protection against fraud at onboarding. 

Onfido provides actionable results at every stage of the onboarding process, giving businesses the flexibility to make informed decisions on whether to approve or reject prospective customers. 

What are KYC documents for a bank and other organizations?

Depending on the specific KYC framework a country is subscribed to, document verification mandates vary. Typically, financial  institutions require the submission of KYC documents that show:

• name
• date of birth
• address
• national identification number (like a social security number)

The proof of identity should have a photo of the customer as well. It’s important to note that customers must provide at least two different documents: one for proof of identity and one for proof of address. They cannot use the same document for both.

Some of the more universally supported documents include:

• passports
• driving licenses
• national identity cards
• visas

Onfido’s document verification allows financial institutions to verify over 2,500 separate proof of identity documents for over 195 countries, assessing for signs of fraud at a pixel-level with our proprietary Atlas™ AI.

As for proof of address, it should include both the customer’s name and their address. Common documents used around the world include:

• utility bills
• bank statements
• insurance policies

These documents typically need to be dated recently for institutions to accept them because the more recent it is, the more likely the customer still lives at that address.

How long is the KYC process?

There is no set amount of time that the end-to-end KYC process takes because customers are continually reviewed and monitored long after they are onboarded. Even the time it takes to complete the customer onboarding process will vary from institution to institution, depending on factors such as number of employees working through onboarding, the tool used to do verification, and the clarity of document images submitted.

That said, the onboarding process itself can take anywhere from minutes to several days or even a couple of weeks. With Onfido, you can shorten your onboarding time significantly. Onfido processes 95% of ID verifications in under 10 seconds, allowing you to make decisions about whether to approve a customer quicker. In fact, one Onfido customer, Chipper Cash, was able to reduce customer onboarding time by 35%.

What are the four pillars of KYC?

The four pillars, or four KYC elements, that banks and financial institutions look at when setting up their KYC programs are the customer acceptance policies and procedures, customer identification program and customer due diligence, risk management, and ongoing monitoring. Let’s take a closer look at each.

Customer acceptance policies and procedures

Before implementing KYC processes at your institution, you should have policies and procedures in place establishing what the process will look like. This includes the approval process, the documents that the customer should provide to be approved, and what factors to consider when deciding whether a customer should be approved. You should also define what types of customers are high-risk to your institution so that you may use extra caution when deciding whether to approve those customers.

Customer identification program and customer due diligence

Once your policies and procedures are in place and your KYC is set up, you will have to start verifying the identity of your prospective customers. When verifying a customer, most institutions will ask the customer for proof of four identifiers: 

• name
• date of birth
• address
• a social security or other sort of national identification number

These may be presented in the form of government-issued identification cards or official documents (more on that later). Your institution should decide which documents customers can submit as proof of identification as well as the number of documents they should provide. An identity verification company like Onfido can help your institution navigate the authenticity of documents submitted.

Risk management

Your institution should regularly check that all policies and procedures are being followed internally. You should also ensure that what you have set in place aligns with guidelines from regulating bodies within your country, for example:

• United States: US Financial Crimes Enforcement Network (FinCEN)
• United Kingdom: Financial Conduct Authority (FCA)
• Canada: Financial Transactions and Reports Analysis Centre of Canada (FINTRAC)

Your institution should also classify customers as low, medium, or high-risk. These levels indicate the likelihood that a customer will conduct a financial crime. Those who are low-risk are easily identifiable and won’t need much monitoring. Those who are high-risk will need a lot more monitoring should your institution approve them. Those who are medium-risk fall somewhere in the middle.

Ongoing monitoring

No matter the risk level of an approved customer, your institution should do regular monitoring of them based upon their risk level. Your institution should determine how often to verify with customers whether their income, occupation, address, or other information has changed.You should look into any sort of transaction that seems out of the ordinary for a customer. All of these steps will ensure that your customer is who they say they are.

Use Onfido for your KYC needs

If you want to make your KYC verification process quicker and more reliable, Onfido can help:

1. Satisfy global compliance. This includes everything related to KYC, AML, and age verification.
2. Enhance fraud protection. Our tools are award-winning and will help keep your institution protected.
3. Drive new customer acquisition. Quick and easy verification makes a great first impression on customers.
4. Reduce cost of customer acquisition. Save money with automated processes.