In 2020, as many as 1.9 billion individuals worldwide actively used online banking services. This number is forecast to reach 2.5 billion by 2024. There is no denying the convenience of online access to financial services. However, with these benefits come the increased risk of fraud, thanks to easily accessible breached personal data that can be used maliciously.
As online banking continues to become more prevalent, the risk of fraud or identity theft increases too. In fact, in the United States alone, fraud losses increased by 70% to upwards of 5.8 billion dollars between 2020 and 2021. Therefore, it’s critical to ensure that you are actually conducting business with the right person, as opposed to a criminal or fraudster. That’s where KYC comes into play.
KYC, or know your customer, is a set of frameworks and guidelines used to verify the identity, suitability, and risks pertaining to a given business relationship. The whole idea essentially boils down to mitigating risk and protecting businesses and customers against financial crime such as money laundering and terrorist financing. Among the multiple institutions that require KYC protocols, banks are at the forefront. In the following article, we’ll discuss topics including:
- KYC meaning in banking
- The importance of KYC in banking
- KYC requirements for banking
- The KYC process in general for a bank
What is KYC in banking?
Know your customer (sometimes referred to as know your client) is just one initiative of a larger global effort to reduce financial crime and money laundering (AML, or anti-money laundering). KYC in banking consists of not just initially identifying a customer, but also verifying their identity periodically over time or when they make certain transactions. In simple terms, it means making sure your customers are actually who they say they are.
What are the basic requirements of KYC?
There are several KYC requirements for banks, with one main goal being proof of identity. In addition to acceptable KYC documents for proof of identity (e.g. passports, driver’s license, voter identity card, etc.), institutions may require facial or biometric verification, database searches, and other forms of documentation. Naturally, a bank would not want to rely on manual processes for all of the identification verification needs, which is where a platform like Onfido can make a real difference. But more on that later.
In addition proof of identity, some institutions will also require proof of address which may be determined with documents like:
- Utility bill
- Bank account statement
- Credit card statement
- House purchase deed
- Lease agreement and rental receipts
- Letter from a recognized public authority
What are other KYC requirements?
Additional KYC requirements, especially for banking and financial institutions, might also include a proof of income, also known as source of funds. This can be determined in a handful of ways, including tax returns, salary slips, and bank statements. It can be hard to know what it means to know your customer in the banking industry. One way to get started is to develop a know your customer checklist. At a minimum, you should include the following items on your checklist.
- Basic Info: Do you have their name, date of birth, address, and contact information?
- Proof of Identity: Have you acquired a certified ID that verifies their identity?
- Proof of Address: Have you acquired a certified document that verifies their address?
- Basic Company Info: Have you verified the company information like name, address, registration number, and contact details?
- Company Type: Do you know what the type, size, and status of the company is?
- Banking Information: Do you have all the relevant banking information such as the name of the bank and branch location, account number, and primary contact?
- Banking Contact Information: Do you have the full name, email, phone number and address for the banking contact?
Again, these are just a few of the basic KYC practices you should include on your own checklist.
What are the 4 customer due diligence requirements?
One form of KYC is customer due diligence. Essentially, customer due diligence (CDD) is the process of collecting and evaluating information provided by a customer. Generally speaking, there are four components to CDD.
- Customer identification and verification. This process has been pretty well-detailed already in the article, but again consists of ensuring your customer is who they claim to be.
- Understanding of the nature and purpose of the relationship between your business and the customer. This will help you understand what kind of activities and transactions the customer would carry out during the relationship, and of equal importance, which ones might seem out of the ordinary.
- Beneficial ownership identification and verification. This step is only really relevant in instances when the customer is acting on behalf of another beneficial entity. In this case it’s important to identify who that entity is in addition to their account custodian.
- Ongoing risk monitoring. Suspicious activity can occur at any time, that's why it’s important to continuously monitor the account.
Now that we have broken down the specifics of KYC in banking and how it works, let’s take a moment to examine why KYC is important.
Why do banks need KYC?
There are a number of reasons why KYC is important in a bank setting. For starters, KYC can enable banks to determine whether or not their customers are real or impersonating someone else’s identity. Beyond just that though, KYC also allows banks to assess and monitor risks associated with a specific customer. Together, these capabilities help to identify, reduce, and prevent things like:
- Money laundering
- Identity theft
- Terrorist financing
Issues like those mentioned above can not only leave a bank responsible and/or liable, but can actively diminish trust with their customers. In either case, the end result can mean lost business and lost revenue. In addition to these intrinsic motivators, there is another major reason why know your customer is important – it’s a legal requirement.
Is KYC mandatory?
Yes, KYC is mandatory for the financial services and banking industry. There are multiple governing bodies that enforce KYC compliance globally, but let’s start by discussing KYC regulations in the U.S.
The first set of regulations aimed specifically at stopping money laundering was released in 1970, but more stringent. KYC requirements were introduced in 2001 as a part of the Patriot Act within the umbrella of AML.
The goal of the Patriot Act is: “to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and other purposes…” The act goes on to state that a few of its purposes are to:
- Strengthen U.S. measures to prevent, detect and prosecute international money laundering and financing of terrorism
- Subject to special scrutiny foreign jurisdictions, foreign financial institutions, and classes of international transactions or types of accounts that are susceptible to criminal abuse
- Require all appropriate elements of the financial services industry to report potential money laundering
- Strengthen measures to prevent use of the U.S. financial system for personal gain by corrupt foreign officials and facilitate the repatriation of stolen assets to the citizens of countries to whom such assets belong
While the Patriot Act only applies to the United States, other countries and governing bodies have similar regulations in place. Some examples include:
- Australia has the Australian Transaction Reports and Analysis Center, which dictates client identification requirements for the country and has since 1989.
- Canada has the Financial Transactions and Reports Analysis Center of Canada, which has worked to establish and ensure compliance with KYC and AML regulations since 2000.
- India has the Reserve Bank of India which enacted KYC guidelines in 2002.
- Italy has the Banca d’Italia which set their KYC requirements in 2007.
- Japan has its own government laws regarding the identification of customers by financial institutions which were enacted in 2003.
- Mexico has the Federal Law for Prevention and Identification of Operations with Resources from Illicit Origin which came to be widely accepted in 2012.
- Namibia has a Financial Intelligence Act which was passed in 2012.
- New Zealand has KYC laws and requirements that were enacted in 2009.
- South Korea has the Act on Reporting and Use of Certain Financial Transaction Information, which regulates the mandatory due diligence within the country since 2011.
- The United Kingdom has The Money Laundering Regulations of 2017 that outline their KYC requirements.
- The European Union also has a set of AML Directives, including 5AMLD and 6AMLD which were recently updated.
It is important to note that some of these dates do not directly relate to the origin of these regulations but also more recent updates as well.
In addition to specific country’s regulations, there are some global and continental governing agencies as well, such as the European Joint Money Laundering Steering Group. To learn more about specific KYC compliance regulations, read our compliance manager’s guide to identity verification.
What is a KYC process in a bank that uses Onfido?
Best practice KYC programs can be tough to orchestrate. Traditional processes can include overwhelming amounts of manual data entry, not to mention high costs and poor customer experiences. On top of that, the more you rely on human processing, the more you open the door to error and ultimately security risks. The good news is that there is an easier way forward – through automation.
KYC automation can streamline efforts and speed up processes, while ensuring compliance for all parties involved. For example, with a platform like Onfido, you can:
Our Real Identity Platform offers flexible, end-to-end identity verification, including document and biometric verifications, trusted data sources, fraud detection signals and more.
Sign-up for a free trial of Onfido Studio — our no-code approach to identity verification workflows. Build journeys drawing on a library of checks and signals to meet your KYC requirements.