KYC stands for ‘know your customer’, or ‘know your client’. Businesses employ KYC checks to establish their customers’ identities and assess and monitor any associated risks on an ongoing basis.
Put simply, businesses need to perform KYC to ensure a customer really is who they say they are. With more and more interactions taking place in a digital scenario, verifying the identities of your online customers is crucial. Confidence in your customers’ identities provides a solid basis on which to conduct further due diligence and customer risk assessments.
Who needs to do KYC?
KYC is a legal requirement for some organizations, mainly those in the financial industry. The goal of KYC checks within financial services is to limit money laundering, terrorist financing, corruption and other illegal activities.
While other industries might not have to do KYC by law, there are other reasons they might consider it. Regulations are tightening around the world, and as more interactions move online, knowing your customer is becoming increasingly important. The range of businesses that need and want to carry out KYC checks is widening.
Why is KYC important?
Meeting compliance requirements
Know Your Customer (KYC) procedures are crucial for preventing financial crime and money laundering. For financial institutions, it’s a legal requirement to verify the identity of their customers in compliance with laws and regulations. This includes Anti-Money Laundering (AML) laws.
Read our AML fines to know more.
KYC requirements differ by geography, so it’s important to check local regulations. In Europe, the two most relevant pieces of legislation for KYC are the GDPR and the AML5 directive (or 5AMLD). Businesses will also want to familiarise themselves with eIDAS regulation.
But individual countries can also impose their own additional requirements. In Germany, institutions must implement video KYC processes as part of their customer identity verification. Spain requires enhanced liveness detection, France a secondary identity document, and Italy seven additional risk checks.
In the US, the Financial Crimes Enforcement Network (FinCEN) is the main AML regulator. The Bank Secrecy Act (BSA) is the most important anti-money laundering law. The USA Patriot Act targets financial crimes associated with terrorism. The US is also a member of the Financial Action Task Force (FATF).
Failure to comply with KYC/AML laws and regulations can have serious consequences. The most serious violations can result in fines and imprisonment. Lax anti-money laundering and KYC compliance are some of the most common issues that result in fines. One example includes Westpac Bank (Australia) who were fined $900 million for AML breaches.
Not all industries are legally required to perform KYC checks. For some, it’s about building a trusted business relationship. More of our interactions are taking place online, KYC practices are especially relevant. They’re usually the first step in a customer relationship with a company.
In fact, a secure identity verification check increases trust in a business. 80% of users trust businesses overall when they use document and biometric checks as part of this process.
And this trust doesn’t just apply to business-customer relationships. It also applies in peer-to-peer environments, such as marketplaces or sharing communities. Customers want to know that peers they’re buying from, or drivers they’re sharing a car with, have been vetted.
Failing to meet customer expectations when it comes to trust can have detrimental consequences. From a reputational standpoint to losing your customers to competitors.
It’s obvious that fraud costs. In fact, it costs the global economy $5 trillion a year. And our own research shows that fraud is increasing, in both quantity and quality of attacks. The rate of ID fraud hit nearly 9% in August 2020, with financial services the hardest hit.
But traditional approaches to preventing fraud are no longer enough. Due to large-scale data breaches, huge amounts of personal customer data are now available to buy on the dark web.
This is where a robust identity verification approach as part of KYC comes in. It’s no longer enough to simply rely on names, passwords, or database checks for verification. Better KYC practices can help defend against bad actors who exploit weak methods of verification.
What do KYC processes include?
KYC processes usually involve three key components.
A customer identification program (CIP)
Customer due diligence (CDD)
Continuous or ongoing monitoring
Customer identification programs (CIP) collect information (such as name, date of birth and address) during the onboarding process or account creation. As part of this, organizations need to verify the identity of customers within a reasonable timeframe.
This verification process can include identity document (ID) verification, face-to-face or in-person verification, document verification (eg. utility bills as proof of address), biometric verification, or any combination of these.
KYC policies are decided based on the risk-based assessment strategy. Type of account, services offered, and customers’ geographic location among other things are usually considered.
Customer due diligence (CDD) is a key component in establishing trust between your business and your customer. Depending on the risks involved in the relationship, there are different levels of customer due diligence.
Simplified due diligence applies where the risk of fraud or other illegal activities is considered low. Basic CDD is the standard approach. And enhanced due diligence comes into play in higher-risk situations.
Read the difference between CDD and EDD on our blog post.
Some examples of CDD steps include:
Gaining an overview of a customer’s business activities
Determining the potential risks associated with the customer, for example politically exposed persons (PEPs) checks
Periodic assessments to determine if the existing risk category is still applicable
Continuous or ongoing monitoring applies when an initial check is not enough to establish long-term trust.
Situations that might call for ongoing monitoring include: unusual account activity (eg. spikes), upticks in fraud or illegal undertakings, and the inclusion of the customer on sanction lists. The level of monitoring generally depends on the risk-based assessment and strategy.
Verifying your customer identities as part of KYC solutions
As part of Customer Identification Programs (CIP) businesses need to take measures to verify the identity of their customers. In other words, have reasonable assurance that their customers are who they say they are.
This identity verification step usually happens at account opening, or within a reasonable time of the account creation. It can be done both remotely and in-person. When done digitally or as part of online KYC checks, it’s referred to as eKYC (electronic Know Your Customer).
A secure digital identity verification usually involves a mixture, or all, of the following:
OCR Autofill: automatically extracts data from documents and fills sign-up forms
Document/ID verification: checking that an ID is valid and genuine
Biometric verification (Selfie or Video capture): comparing a biometric signature with the ID document, to confirm the person is real and who they claim to be
Find out more about using Onfido’s identity verification solution as part of your KYC processes.
This approach to identity verification allows businesses to anchor customers’ digital identities to their real selves. It helps businesses offer a smooth customer onboarding experience that complies with KYC regulations and reduces the risk of fraud. The information captured at this stage can then be used to conduct further due diligence, risk assessments and ongoing monitoring.
As a result of the global pandemic in 2020, many companies have had to shift to a digital KYC approach. But adopting digital identity verification as part of an eKYC solution offers several benefits in its own right.
Speed and customer experience
In a Thomson Reuters survey, 30% of respondents stated it takes them over two months to onboard a new client. 10% indicate it takes over four months. This isn’t the best first impression to leave with your customer.
Some customers will even abandon the process (up to 43%), which in turn hurts revenue growth. A more efficient eKYC and identity verification solution can turn this around. And it’s not only quicker: a mobile or internet-first approach makes life easier for your customers.
Accuracy and automation
Mistakes, such as those made by human error, can slow down the process and add extra costs. By automating many of these processes, you can avoid errors and have more time to fix any mistakes.
Part of KYC checks will usually involve assessing an identity document to ensure it’s genuine. In an online environment, this becomes extremely challenging. Identity documents are complex - and there are hundreds of thousands in circulation, from different countries. To determine the validity of a large range of document types, you can’t rely on humans alone.
Digital systems do have costs. But their faster speeds and improved accuracy are better value for money. And in the long term or as your company grows, they’ll prove much more scalable.
Your compliance and legal teams are valuable resources. Removing some of the manual, day-to-day tasks they might usually have to complete will help drive their efficiency. They’ll have more time to dedicate to high-priority or time-consuming matters.