KYC (know your customer)

What is the primary purpose of KYC, and why is it important?

While the primary purpose of KYC may vary from one industry to another, the KYC process generally consists of distinct steps designed to verify customer identity. Identity verification platforms help you verify customer identities and assess fraud risks on an ongoing basis. This is especially important (and a legal requirement) for financial institutions, which are highly regulated.

KYC builds trust between these institutions and their clients, benefitting both. By implementing robust identity verification processes and developing an understanding of customer behavior such as transaction patterns, businesses can spot suspicious activities and remedy them in a timely and ongoing manner.

How do know your customer and know your business requirements differ?

Know your customer checks are conducted when a business wants to establish a business relationship with an individual person. Know your business checks are conducted when they want to establish a business relationship with another company. KYB checks typically involve identifying the ultimate beneficial ownership (UBO) in order to ascertain who might be benefiting from the financial activity of the business. They also often include identifying if a business is subject to sanctions, exposed to political corruption, or has been linked in the media to illicit activity.

Is KYC a legal requirement?

Yes, KYC is a legal requirement in many industries. The financial services industry is highly regulated with regulations applicable to starting new customer relationships as well as managing and monitoring customer accounts on an ongoing basis. Only through diligent and consistent KYC processes can these organizations counteract illegal activities like money laundering, corruption, and more.

In the United Kingdom (UK), AML regulations are outlined in the Terrorism Act (2000), Proceeds of Crime Act (2002), and Money Laundering, Terrorist Financing and Transfer of Funds Regulations (2017). Additional regulations and guidance are related to biometrics regulation, cryptoassets technology, and evolving AML rules.

Companies operating in the European Union (EU) must abide by regulations set forth in the Fifth and Sixth Anti-Money Laundering Directives (also known as 5AMLD, 6AMLD). Additional EU regulations concern AI best practices and AML reforms that have been developed to include specific guidance related to various use cases like gambling services and stringent remote identity verification procedures.

As it relates to Know Your Customer, the Patriot Act of the United States was designed to “deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and other purposes.” While Section 326 of the USA Patriot Act doesn’t represent the origin of KYC regulations and compliance across the United States, it certainly signifies an important development. The Know Your Customer rule in the USA Patriot Act requires that financial institutions enact safeguards against money laundering, terrorist financing, identity theft and other forms of fraud. 

Ultimately, whether companies are operating in the UK, EU, US, or elsewhere, KYC requirements effectively serve to:

• Strengthen domestic measures for preventing, detecting, and prosecuting international money laundering and financing of terrorism.
• Subject foreign jurisdictions, foreign financial institutions, and classes of international transactions or types of accounts that are susceptible to criminal abuse to special scrutiny.
• Require all appropriate elements of the financial services industry to report potential money laundering.
• Strengthen measures to prevent the use of financial systems for personal gain by corrupt foreign officials (and facilitate repatriation of stolen assets to the citizens of countries to whom such assets belong).

You can learn much more about how Onfido empowers organizations to satisfy global compliance requirements in our compliance manager’s guide, or by reading about global compliance use cases.

Benefits of knowing your customer

In addition to compliance, the benefits of knowing your customer also include:

• Fraud and money laundering prevention: Robust KYC processes contribute to strong confidence regarding customer identity, helping to protect against exposure to threats like identity theft, as well as various types of financial crime—all of which can be costly to remedy once it’s occurred. 
• Cost savings: Comprehensive, properly-implemented KYC/AML processes help organizations avoid fines and other penalties that could have financially severe consequences. When these processes can be automated and digitized, they’re even more cost-efficient.
• Increased customer trust: Many customers are savvy to the various threats the modern world presents, including the risk of identity theft or other forms of fraud. When organizations implement dependable solutions that mitigate those risks, customers will know they can trust working with them.

Onfido’s platform helps companies maintain compliance and provide a consistent and trustworthy customer experience.

How does KYC prevent money laundering?

As mentioned above, one key objective of KYC adherence is detecting and preventing suspicious activity, including money laundering. Anti-money laundering (AML) practices refer to specific procedures that financial institutions leverage to prevent criminal activities, such as any attempts to deposit or transfer funds generated through illicit or illegal activities. When you consider the prevalence of financial fraud, the importance of AML in KYC is difficult to overstate. 

Like KYC compliance, international and local anti-money laundering regulations are required for certain business types. Ongoing monitoring and risk management is crucial, since people can be sanctioned (or subject to restrictions by authorities) after they have already started a banking relationship. KYC and AML work hand-in-hand to set a framework for organizations to maintain legal compliance, protect customers’ identities and personal data, and prevent fraud. By adding identity verification at sign-up, companies can ensure customers are who they say they are, thwarting many scammers right out of the gate.

What are examples of KYC?

As an important component of any KYC/AML program, efficient and reliable identity verification adds value and trust at several distinct stages of the customer or client experience. These can vary widely, depending on the industry and use case, but two  examples include driver registration and age verification, as described below.

• Driver registration: Car rental companies face intense risk if they don’t develop and adhere to strict KYC requirements. Know your customer regulations help to protect their vehicles against damage and insulate the company from legal and financial consequences. Many of these issues can be prevented with quick, effective driver verification during the onboarding process. Driver registration can be a fairly straightforward process: a user submits a photo of their driver’s license, and then their submission is scrutinized to ensure validity. This can be done manually, but it’s speedier (and more accurate) to use machine learning tools — like Onfido’s — to analyze the driver’s license photo and determine whether it is genuine or fraudulent.
• Age verification:  Many online services are governed by age restrictions — healthcare, gaming, or the sales of restricted products, for example. Simply asking users to check a box affirming that they are either 18+ or 21+ before they can access these services simply doesn’t cut it, and does not constitute age verification or due diligence. Onfido makes it easy to verify that an account creator or anyone making an online purchase is, in fact, over a specified age. In addition to extracting the user’s date of birth from submitted documents, biometric verification (like comparing a selfie or video with a presented ID) offers another layer of protection.

In addition to these overarching processes, some additional use cases include different applications where it’s important to verify that users are, in fact, who they claim to be. These include moments such as:

• Basic identity verification:Using a modern KYC platform like Onfido helps companies balance two essential directives:
  • Protecting the company’s reputation and revenue through timely identification and mitigation of fraud risks.
  • Providing a best-in-class customer experience, characterized by high levels of trust and minimal sources of friction.
• User verification: Building a global community through modern, digital means in itself isn’t necessarily difficult, but establishing client or customer trust is a must. By setting up profile verification measures, companies can more easily build a community of trust — and one that’s ready to scale when needed. Onfido helps companies set up positive user communities across the globe. This means no matter where your users are, they are safeguarded against fraudulent profiles, unauthorized transactions, identity fraud, and more.
• User onboarding: In many industries and applications, the user onboarding process can set the tone for a new user’s perception of a service. If the onboarding process is clunky or inefficient, or takes an unnecessarily long time, many users are likely to bounce (and consider a different provider). Generally speaking, client onboarding should balance the user experience with strong identity verification, and include:
  • Personal information, including full name, address, and contact details.
  • Supporting documents, including proof of address and proof of identity.
• Fraud prevention: Identity fraud presents a clear and near-constant threat to any business, endangering revenue and eroding customer trust. Onfido’s platform was built to root out potential fraud before it can wreak any havoc. This means smart identity checks at the start of the customer journey, at high-risk touchpoints, or both. In fact, Onfido’s document verification (powered by Onfido Atlas™AI) catches up to 98.7% of all identity fraud attempts, including forgeries and counterfeit documents both physical and digital.

What are the main KYC steps?

There are two primary ways to conduct KYC:  a manual (paper-based) process or an online (digital) process known as electronic know your customer (eKYC).

As you might expect, KYC started as a largely manual process but has since shifted to be mostly digital. Why the shift? It has a lot to do with the many challenges of manual or offline KYC, which include:

• Manual data entry, including information checks, error identification and correcting, and following up with clients or customers to collect additional information. These processes, when done manually, are exceptionally time-consuming and can be error-prone.
• High costs, including salary wages, third-party identity verification, and technology development or licensing costs, as well as the potential for hefty regulatory fines.
• A poor customer/client experience, driven by time-consuming and costly processes attached to activities like onboarding and account setup.
• Keeping up with industry regulations, which are constantly evolving and being updated in the face of sophisticated new threats around identity theft and financial fraud.
• Inconsistent, inefficient processes, which could benefit from streamlining or automation to reduce errors and provide a consistent experience.
• Security threats, including data breaches that can substantially erode client trust and result in hefty financial penalties for banks and other businesses.

What are the four key elements of KYC processes?

The four most important elements of a well-rounded and effective KYC/eKYC framework are:

1. Client/customer acceptance policies
2. Customer identification processes
3. Customer due diligence, including enhanced due diligence
4. Ongoing monitoring/risk management

1. Client/customer acceptance policies

Financial institutions and other organizations should outline client acceptance policies that determine the types of customer or client profiles that present different levels of risk. 

For example, an individual looking to open a modest, basic checking or savings account may not pose too great a risk to the institution, so KYC requirements are likely to be less intensive than those for wealthy clients (or those with complex needs). A bank wouldn’t necessarily benefit from applying extremely rigorous or lengthy review processes for these accounts — in fact, doing so might drive clients away in frustration. KYC automation — which we’ll cover a little later — expedites these processes without sacrificing accuracy.

By contrast, though, if another client has a particularly high net worth and the source of their funds is unclear, the financial institution would be wise to take a deeper look at the client’s financial picture in order to understand the potential risks and how they may be mitigated.

2. Customer identification programs

Who are your customers? True to its name, customer identification involves a series of steps designed to ensure that all customers or clients who do business with a financial institution are who they say they are (and that their business is legitimate). 

In the United States, financial institutions are required to uphold a Customer Identification Program (CIP), a mandate enforced by the Financial Crimes Enforcement Network (FinCEN), a bureau of the United States Department of the Treasury.

What are the main requirements of the CIP rule?

FinCEN’s CIP rule sets minimum requirements for onboarding new clients or customers. While these will vary somewhat depending on factors like the organization’s size and geographic location, it should always include identifying and verifying persons opening an account, organized and timely recordkeeping, and comparison with government lists to spot any discrepancies.

3. Customer due diligence

Customer due diligence (CDD) refers to a series of checks that work to verify customers’ identities and understand their unique risk profiles, which aims to “improve financial transparency and prevent criminals and terrorists from misusing companies to disguise their illicit activities and launder their ill-gotten gains.”

4. Ongoing monitoring and risk management

In the context of KYC, ongoing monitoring helps ensure that a company’s understanding of its customer or user base remains consistent and accurate over time. Ongoing monitoring is designed to detect any reasons why a banking institution might be prohibited from doing business with certain customers — due to newly-applied sanctions, for example. 

It also helps to protect company assets, provide a positive customer experience, and remain in regulatory compliance. To put it in simple terms, ongoing monitoring involves regularly revisiting steps one through three, as described above. This way, companies can assess whether their client/customer acceptance policies, CIPs, or due diligence procedures need to be adjusted or updated.

When paired with ongoing monitoring, KYC/AML risk management helps ensure compliance with local governments and regulators.

Where is KYC used?

Industries that benefit most from well-designed and consistently implemented KYC/eKYC procedures include:

Industries that benefit most from well-designed and consistently implemented KYC/eKYC procedures include:

Financial services

Due to factors like complex government and industry regulations, increasing reliance on online banking, and the growing threat of financial crime across the globe, financial institutions require rigorous KYC processes. 

Why is KYC important for banks? 

KYC enables banks and other financial institutions to verify customers’ identities and evaluate any relevant risk factors.. The primary importance of KYC in banking is that it maintains compliance with government regulations.  It helps to ensure that their services are not misused or otherwise compromised, and helps organizations to counteract identity theft, money laundering, and financial fraud. 

Anti-money laundering (AML) requirements are closely related to KYC, and financial services are legally required to conduct AML checks on potential applicants, both at onboarding and throughout their relationship. These practices prevent money laundering, criminal enterprise, and corruption. As launderers continue to innovate new ways to hide their crimes — through microstructuring, for example — AML requirements will continue to evolve.

Onfido’s platform enables financial institutions to verify customer identities and protect sensitive data in a way that’s both speedy and secure. We help address global KYC and AML requirements in addition to local regulations, supported custom configurations, and a full audit trail. With purpose-built AI solutions designed for KYC and AML requirements, vital processes such as customer onboarding can be automated, reducing operational costs without compromising the user experience.

What is the role of KYC in crypto exchanges?

In the United States, federal regulations categorize cryptocurrency exchanges as money service businesses (MSBs), KYC practices are mandatory for most of these exchanges. Like other developing KYC applications, regulators are always monitoring the landscape, identifying new vulnerabilities and threats, and providing revised guidance to protect crypto exchanges and their users. 

One example of recently-revised guidance came in 2020, when the United States Treasury Department proposed new rules requiring users to provide FinCEN with additional information when attempting to transfer crypto assets worth over $10,000 from a centralized exchange to a user’s personal account.

Healthcare providers

The healthcare industry requires the maintenance and sharing of personal information, much of which is governed by HIPAA (in the United States) and other regulations. Specific regulations apply by region — in Europe, for example, these safeguards align with GDPR regulations. In fact, according to Reuters, a patient’s private medical information is worth at least 10 times more than their credit card number (on the black market). As far as KYC’s role in healthcare, there is a need for proper and secure patient verification — without it, large batches of personal data become vulnerable to criminal, for-profit enterprises and misuse.

What can hackers do with a person’s private medical information? According to the same Reuters study, patients’ data (including names, birth dates, policy numbers, diagnosis codes, and billing information) can be used in the creation of fake IDs — which can then be used to commit medical fraud. A scammer might, for example, use someone else’s information in order to illegally obtain and sell prescription drugs. 

Insurance companies

What is the importance of KYC in insurance? It’s largely a matter of assessing potential risks before signing new customers up for insurance policies (similar to onboarding new customers in financial services). Insurance companies are heavily interested in the types of risk posed by certain customer profiles, so establishing — and, ideally, automating — KYC and AML processes is a best practice worth applying. These companies rely on extensive CDD/EDD, sanctions list screening, and ongoing client monitoring to protect themselves and their customers against fraud.

Online marketplaces & communities

When someone considers joining a digital marketplace or community, they need to not only be able to trust that the hosting entity is reputable and trustworthy, but that their fellow users can similarly be trusted. Think about eBay, for example. When a user creates an account, they need to be able to trust that the website has enforceable protections in place to safeguard their identity and personal information. They also need to be able to trust that the user community as a whole is similarly protected against fraudulent user accounts and unauthorized transactions. 

Onfido’s quick, easy user verification empowers these communities to expand their global reach with minimal friction. Our platform is able to accept over 2,500 document types from 195 countries. It protects the community against identity fraudsters and scammers, leveraging AI technology in real-time to catch suspicious accounts or posts. By comparing ID photos with facial biometrics, for example, these sites can create trust and integrity — at scale.

Online gaming platforms & services

Online gaming is a popular target for identity thieves and scam artists. Similar to other online environments, identity verification and trust are vital. Onfido helps companies in the online gaming industry to achieve KYC and age verification requirements, provide efficient onboarding and a superior user experience, and protect their revenue against potential fraud by identifying and removing fake or duplicate accounts.

Retail and eCommerce

Today, online retailers have to balance the need for an efficient customer experience with the ability to ensure that account holders are who they say they are. This is especially important for age-restricted purchases. With Onfido, document verification is truly frictionless. The user can take a photo of their ID, and artificial intelligence provides quick detection of genuine vs. fraudulent documents.

Can KYC/AML be automated?

Yes, many KYC/AML processes can — and should — be automated. When done right, automation streamlines and speeds up onboarding and helps ensure ongoing monitoring and compliance. Among the technologies that help transform these processes are:

• Robotic Process Automation (RPA), which can automate the types of repetitive tasks, helping to save time and money as well as reduce errors.
• Intelligent Document Processing (IDP), which leverages Machine Learning (ML) as well as Natural Language Processing (NLP) to process documents, check their validity, and extract information.
• Artificial Intelligence (AI), which can analyze data much more efficiently than humans in order to recognize patterns in data, identify risk signals, etc.

With a good understanding of these concepts, you may be able to develop your own automated workflows and then piece them together into a comprehensive KYC/AML program. This approach, however, is time-intensive and subject to human bias and potential errors. 

Instead, we recommend giving our platform a try. Onfido’s Real Identity Platform (powered by Atlas™ AI) provides flexible, end-to-end identity verification—including document and biometric verifications, trusted data sources, fraud detection signals and more. Our platform:

• Reduces the cost of customer acquisition.
• Drives new customer acquisition.
• Enhances fraud protection.
• Satisfied global compliance needs.

What are the latest KYC compliance regulations?

KYC regulations depend on industry and geography – you can keep up to date with the latest developments in KYC, AI, and identity verification regulation in our OnPolicy blog series.

Learn more about Onfido’s KYC automation platform

Check out our Case Studies page or watch a product demo to learn more about how our all-in-one solution delivers positive results for companies across a range of industries. Or, sign up to get started with Onfido’s Real Identity Platform today.