The success of your financial institutions depends on how well you Know Your Customer (pun intended).
The United Nations estimates the money laundered every year equals 2-5% of the global GDP, i.e., $800 billion, despite strict Anti-Money Laundering (AML) regulations and sanctions enforced worldwide.
Over the last couple of decades, global regulatory bodies have bet heavily on customer verification processes to tackle money laundering (ML) and terror financing (TF), and they expect financial institutions to play ball. Governments and independent regulatory bodies worldwide have levied fines of up to $26 billion against financial institutions for AML and other violations.
Read that again.
$26 billion in fines to financial institutions.
Financial institutions can avoid these fines and prevent these crimes from happening by instituting specific guidelines and processes known as KYC or “Know Your Customer”.
What is Know Your Customer (KYC)?
Know Your Customer or “KYC” is the process financial institutions (FI) like banks and fintech follow to verify customer identity, assess credibility, and monitor financial behavior. In simple words, KYC helps these financial institutions confirm their customers are who they say they are.
What FIs ask for can vary depending on the type of account, customer risk level, and location. But the purpose of KYC policies is the same everywhere — to verify the customer’s intentions and prevent illegal activities, be it financial or otherwise.
What is the KYC verification process in banking and fintech?
The Know-Your-Customer Verification Process is what stands between financial organizations and heavy losses due to illegal activities. Aside from protecting against financial crimes, KYC provides some additional benefits to the organization, such as:
- Ensuring regulatory compliance throughout onboarding, transactions, etc.
- Establishing customer identity
- Understanding the customer’s activity and ensuring everything is sound
- Qualifying the customer's source of funds is legitimate
- Assessing the risk associated with the customer
Hence, a robust KYC Verification Process consists of the following:
- Customer Identification Program
- Customer Due Diligence
- Ongoing Monitoring
Customer Identification Program
A Customer Identification Program (CIP) helps the banking industry confirm, to a certain extent, that their customers are who they say they are. It is the foundation stone of an effective KYC process.
To open an account, customers have to provide the minimum information required by law, like their name, date of birth, and address, along with the documents needed to authenticate the information. It is the responsibility of the financial institution to verify and confirm this information in the fastest possible time.
Financial institutions can implement a CIP that may include:
KYC Document Requirements
The KYC document requirements change based on the client's risk profile. It can range from the customer’s passport, driver's license, and utility bills to a comprehensive transactional history of the individual or organization.
The minimum KYC document requirements for customers are:
- Full name
- Date and place of birth
- Address information
- Identification number
The minimum KYC document requirements for businesses are:
- Company name
- Business address
- Corporation date and issuance documents
- Ultimate Beneficial Ownership (UBO) information
- Company registration number (CRN)
Customer Due Diligence
Customer Due Diligence (CDD) helps assess the risk posed by the customer to your organization. Implementing a simple CDD can protect you from criminals, terrorists, and Politically Exposed Persons (PEPs).
There are two levels of CDD:
- Simplified Due Diligence (SDD) - This is the most common and used for low-risk accounts where the risk of money laundering or terror funding is quite low.
- Enhanced Due Diligence (EDD) - This is for higher-risk customers to assess potential risks based on the customer's transaction history and standing in society.
It's the financial institution's job to identify the appropriate level of due diligence that a customer should be subject to. To ensure no stone is left unturned, it is the job of the financial institution to develop a holistic, step-by-step approach which may include:
- AML watchlists screening
- Customer income verification
- Bank account verification
- Criminal and legal records check
The information required for KYC verifications depends on the institution and type of account.
There is a possibility that customers that currently pose lower risk transition into high-risk customers. The reasons for this could be a change in profession, location, transaction behavior, or anything that would raise some eyebrows. Periodic customer activity monitoring can help financial institutions identify if and when this happens.
Depending on the customer’s risk profile and the financial institution's policies, indicators could range from suspicious financial activity to unfavorable news online. If necessary, institutions may have to take further action and file a Suspicious Activity Report (SAR).
As long as you comply with the KYC laws and have established internal controls and systems, you can flag illegal activity as they happen and take necessary action. Depending on the region, KYC compliance laws are different. In the next section, we have summarized the KYC laws and regulations in some of the major regions around the world for your benefit.
Understanding KYC laws and regulations around the world
The KYC verification process is governed by the laws and regulations defined by the state and financial institutions are required to comply with these laws. Hence, it is vital that these organizations understand the local KYC guidelines thoroughly, or they risk incurring heavy fines.
In the digital age, there are four major regions bringing about major changes to their KYC guidelines: the U.S., Europe, Latin America, and Africa.
KYC laws in the USA
Just weeks after the September 11 attack, the United States signed the Patriot Act. This act enforced strict anti-money laundering laws that affected both domestic and international financial institutions and introduced extraterritorial organizations to monitor and assess suspicious activity and encourage the exchange of information between government and financial institutions.
The Patriot Act states that financial institutions should maintain records of customer information and transactions exceeding $10,000. It also requires them to report any suspicious activity that could point toward financial crimes like money laundering, fraud, tax evasion, etc.
Financial institutions must implement comprehensive Customer Identification Programs (CIPs) for new customers and stricter regulations surrounding Customer Due Diligence (CDD), especially for private banking and correspondent bank accounts involving foreign citizens.
Finally, financial institutions should enforce Enhanced Due Diligence (EDD) processes to monitor high-risk customers. EDD requires institutions to collect information on the source of funds, the nature of the business relationship, and the purpose of the transaction.
KYC laws in Europe
The European Union (EU) has waged war against money laundering for years. Although we can't say it's losing the war, regulatory bodies have had to adapt to the ever-changing world by introducing new laws and updating old ones.
These legislations address European financial institutions' painpoints over the past decade.
- The Fourth, Fifth & Sixth Anti-Money Laundering Directive (AMLD4, 5 & 6) introduced comprehensive checks and processes to tackle the influence of money laundering in the European Union, improve cooperation between nations, and enforce stringent action against wrong-doers.
- The Payments Services Directive (PSD2) encouraged banking innovation to protect customers from payment fraudand prevent the exploitation of online financial services and tools.
- The latest Markets in Financial Instruments Directive (MiFID II) primarily addressed the need for more transparency in financial investment operations.
- And finally, the General Data Protection Regulation (GDPR) directive is the EU's response to the widespread public request to give control of personal data back to the people.
KYC laws in Latin America
Latin America has also made significant advances by introducing organizations to tackle money laundering (ML) and terror financing (TF). Since the laws and regulations that govern each country are different, coordinating between them can be difficult. Take these regions, for example.
KYC in Brazil
Following a call by the Financial Action Task Force (FATF) concerning Brazil's inability to deal with ML and TF, the country has introduced enhanced AML regulations to tackle the problem, including the Open Data Portal to streamline account opening processes.
KYC in Mexico
In 2019, Mexico updated its AML laws to comply with FATF standards. It prohibited regulated parties from opening ormaintaining anonymous accounts. The regulations vary depending on the industryand regulator.
KYC in Argentina
Argentina has cracked down heavily on AML, making the Financial Information Unit (UIF) an independent entity and expanding the list of businesses that must comply with the regulations.
To help countries coordinate their AML efforts, the Latin American Financial Action Group (GAFILAT) was established. This intergovernmental task force is a part of the Financial Action Task Force (GAFI) and helps prevent money laundering and terrorist financing in the Latin American region.
GAFILAT recommended 40 best practices to prevent money laundering and terrorist financing in Latin America. Below are a few important takeaways:
- Implement KYC processes in financial institutions, such as due diligence duties, record keeping, and special measures in the case of politically exposed persons (PEP)
- Encourage cooperation between countries in the GAFILAT
- Create effective systems for monitoring client transactions and reporting suspicious activity
- Mutual evaluations ensure countries meet the criteria to prevent such illegal activities
You can find the complete report here.
KYC laws in Africa
An uptick in mobile money services in Africa has also brought an increase in financial crimes like money laundering and fraud. The regulatory framework in Africa is still at its nascent stage, with some countries having clearly defined KYC laws while others don't.
KYC in Nigeria
Until recently, Nigeria fell into the latter category. In May 2022, the country introduced the Money Laundering Prevention and Prohibition Act 2022. The new law provided financial institutions in the country with guidelines to limit money laundering and other financial crimes.
KYC in Kenya
The newly revised Proceeds of Crime and Anti-Money Laundering Act No 9 of 2009 states that Kenyan financial institutions in question must set guidelines to verify customer identity, maintain customer records, and report any suspicious transactional activity while adhering to the standards set by the FATF and the Kenyan government.
As you can see, the laws are not just different across regions but are also updated regularly to adapt to new technology and requirements. This helps governments maintain the financial health of the region.
In the battle against money laundering and terrorist funding activities, it is the responsibility of financial institutions to continuously evolve their KYC processes to keep up with these changes.
But change is not always easy, and even KYC implementation comes with its fair share of challenges.
What are the challenges faced during KYC implementation?
We can categorize the challenges faced during KYC implementation into three sections.
Customer data collection
In financial institutions, data collection is still mostly done manually because some of these organizations see KYC document collection as a menial task that anyone can do. Employees reach out to customers and collect the required documents and approvals, but this manual process can increase the chances of human error.
Implementing packaged solutions such as APIs and SDKs to comply with KYC requirements is a cost-effective solution that easily integrates with your existing infrastructure. Moreover, automating these tasks significantly improves the quality of data collected, creates accurate risk profiles, and frees up employee time to focus on more critical tasks.
Analyzing a customer’s transaction history can tell a lot about the person, making it one of the most essential parts of the KYC review process. Since organizations must be thorough, it is also the most time-consuming KYC activity. It can extend the review process to six months or even three years.
The absurdly long timeframe is because the bank did not invest in financial risk management software that can flag suspicious activity and provide quick insights. Instead, they manually sift through thousands of lines of Excel data to derive insights. Automating these menial tasks is worthwhile as it improves operational costs by 20-30 percent and considerably reduces errors.
Sources of wealth
Understanding a person's source of wealth helps assess customer risk during the onboarding process. Any suspicious income is a serious red flag, increasing the risk to the bank, as it may indicate involvement in illegal financial activities.
Assessing the source of wealth can be difficult and time-consuming when financial institutions don’t have access to categorized information or insights. Also, the guidelines and documentation requirements pertaining to the investigation are often insufficient. Using digital tools for AML screening and income verification can help consolidate the required information quickly and in one place.
Risk management goes hand in hand with KYC as it is an entirely risk-based solution. Financial institutions are expected to understand and assess risk — not just the one customers pose to the institution but to the country as a whole. Not complying with KYC and AML regulations further opens the door to scrutiny from regulators and creates the risk of heavy fines.
Therefore, using digital verification tools to streamline processes becomes vital to both the banking industry and the customers.
So, where do we go from here?
In the last year, KYC documentation and verification processes alone have cost financial institutions $1.4 billion. Also, a complete and accurate customer history is essential for a successful KYC verification. Non-compliance can lead to heavy fines, further adding to the cost.
Here's where digital KYC compliance tools come into play by offering easy fraud detection and identity verification. They lower operational costs and streamline processes, giving the customer a frictionless onboarding experience. But, making the change to digital tools can be difficult. It's essential you find the right partner that complies with the AML laws and meets your requirements.
MetaMap's software enables seamless identity verification and mapping of client data, reducing the manual and repetitive verification tasks we have historically seen in B2C financial organization.
Schedule a free trial today to learn how MetaMap can help you build the optimal workflow for your business.