Know Your Customer (KYC) procedures are a critical function to assess customer risk and a legal requirement to comply with Anti-Money Laundering (AML) laws. Effective KYC involves knowing a customer’s identity, their financial activities and the risk they pose. Content
Do you know your customer? At any rate, you ought to. If you’re a financial institution (FI), you could face possible fines, sanctions and reputational damage if you help enable money laundering or terrorist financing. More importantly, KYC is a fundamental practice to protect your organization from fraud and losses resulting from illegal funds and transactions. “KYC” refers to the steps taken by a financial institution (or business) to:
To create and run an effective KYC program requires the following elements: 1) Customer Identification Program (CIP)How do you know someone is who they say they are? After all, identity theft is widespread, affecting over 16.7 million U.S. consumers and accounting for 16.8 billion dollars stolen in 2017. For obliged entities, such as financial institutions, it’s more than a financial risk – it’s the law. In the U.S., the CIP mandates that any individual conducting financial transactions needs to have their identity verified. Provisioned in the Patriot Act, the CIP is designed to limit money laundering, terrorism funding, corruption and other illegal activities. Other jurisdictions have similar provisions; over 190 jurisdictions around the world have committed to recommendations from the Financial Action Task Force (FATF), a pan-government organization designed to fight money laundering. These recommendations include identity verification procedures. The desired outcome is that obliged entities accurately identify their customers. A critical element to a successful CIP is a risk assessment, both at the institutional level and at the level of procedures for each account. While the CIP provides guidance, it’s up to the individual institution to determine the exact level of risk and policy for that risk level. The minimum requirements to open an individual financial account are clearly delimited in the CIP:
While gathering this information during account opening is sufficient, the institution must verify the identity of the account holder “within a reasonable time.” Procedures for identity verification include documents, non-documentary methods (these may include comparing the information provided by the customer with consumer reporting agencies, public databases, among other due diligence measures), or a combination of both. These procedures are at the core of CIP; as with other Anti-Money Laundering (AML) compliance requirements, these policies shouldn’t be followed willy-nilly. They need to be clarified and codified to provide continued guidance to staff, executives and for the benefit of regulators. The exact policies depend on the risk-based approach of the institution and may consider factors such as:
2) Customer Due DiligenceFor any financial institution, one of the first analysis made is to determine if you can trust a potential client. You need to make sure a potential customer is trustworthy; Customer Due Diligence (CDD) is a critical element of effectively managing your risks and protecting yourself against criminals, terrorists and Politically Exposed Persons (PEPs) who might present a risk. There are three levels of due diligence:
Some practical steps to include in your Customer Due Diligence program include:
3) Ongoing monitoringIt’s not enough to just check your customer once. You need to have a program to monitor your customer on an ongoing basis. The ongoing monitoring function includes oversight of financial transactions and accounts based on thresholds developed as part of a customer’s risk profile. Depending on the customer and your risk mitigation strategy, some other factors to monitor may include:
There may be a requirement to file a Suspicious Activity Report (SAR) if the account activity is deemed unusual. Periodical reviews of the account and the associated risk are also considered best practices:
In general, the level of transaction monitoring relies on a risk-based assessment. Corporate KYCJust as individual accounts require identification, due diligence and monitoring, corporate accounts require KYC procedures as well. While the process bears similarity to KYC for individual customers, its requirements are different; additionally, transaction volumes, transaction amounts and other risk factors, are usually more pronounced so the procedures are more involved. These procedures are often referred to as Know Your Business (KYB). While each jurisdiction has its own KYB requirements, here are four general steps to implement an effective program: Retrieve company vitals Identify and verify an accurate company record such as information regarding register number, company name, address, status and key management personnel. While the specific information that you gather depends on the jurisdiction and your fraud prevention standards, you’ll need to systematically gather the information and input it into your workflows. Analyze ownership structure and percentages Determine the entities or natural-persons who have an ownership stake, either through direct ownership or through another party. Identify Ultimate Beneficial Owners (UBOs) Calculate the total ownership stake, or management control, of any natural-person and determine if it crosses the threshold for UBO reporting. Perform AML/KYC checks on individuals For all individuals that are determined to be a UBO, perform AML/KYC checks. It’s one issue to ensure KYC compliance, it’s an all-together far greater issue to deliver compliance in a manner that is cost-effective, scalable and doesn’t unduly burden the customer. A Thomson Reuters survey reveals escalating costs and complexities bogging financial institutions (FIs) down. 89% of corporate customers have not had a good KYC experience – so much so that 13% have actually switched to another FI as a result. Besides the poor customer experience, the actual cost of running a comprehensive KYC compliance program continues to rise. Amongst the 800 FIs in the survey, the average was $60 million annually while some firms were spending up to $500 million. In the UK, a Consult Hyperion report estimates KYC compliance costs cost banks £47 million a year, while each check runs £10 to £100. Compliance professionals will have no option but to bear the weight of these new requirements and expectations going forward; having said that, it’s essential to know that these regulatory strictures serve a vital function: Battling fraud, eliminating money laundering, terrorist financing, bribery, corruption, market abuse, and other financial misconduct. While the fight is complex and often costly, the value is vital, both in protecting consumers and the whole financial system from being manipulated by bad actors. Electronic KYC verification (eKYC)KYC verification is the process of verifying a customer’s identity to help comply with Know Your Customer regulations. Regulated businesses need to get personal identifying information from the prospective customer and check that it is accurate and legitimate. These procedures, where possible, should take advantage of digital processes. There might be situations, such as outdated legislations or hard-to-change legacy requirements, where digital techniques can’t be used for KYC. However, these are the exception and are on their way out; full digital KYC is the future and companies that fight it, will find themselves on the losing side. There are numerous reasons why electronic KYC (eKYC) will prevail: Speed The Thompson Reuters survey indicates that 30% of respondents stated it takes over two months to on-board a new client, while 10% indicate it takes over four months. This is damaging client relationships, has a negative impact on the brand, and is hurting revenue growth as some customers abandon the process. Faster eKYC processes improve all these factors. Accuracy Mistakes slow down the process and add to cost; eKYC can automatically check for errors and more quickly fix any mistakes. Cost While eKYC systems do have costs, their faster speeds, improved accuracy and better utilization of compliance resources provide better bang for the buck and improve scalability. Adaptability As regulations constantly change, compliance systems need to correspondingly change. eKYC workflows can change almost on the fly; in many cases, simply update a ruleset and you’re done. Integration eKYC, for the most part, is about using APIs to easily add functionality. With new APIs being added all the time, new capabilities are a simple integration away. Tracking/reporting Digital data is seamlessly transferable in its native form to analytics, auditing, tracking and reporting systems creating opportunities for optimization and strategic analysis. Customer experience Not only is eKYC a quicker process, it is easier from the get-go for the customer. The entire process is often mobile or internet-only thus delivering a smooth, convenient experience. Efficiency Your compliance and legal teams are highly paid, intelligent and valuable resources. eKYC enables a better work environment resulting in a more engaged work force. Mobile KYCNew technological developments continue to drive KYC solutions forward. From biometric data to AI, technology is offering better ways to identify customers, run due diligence checks and perform ongoing monitoring. The combination of mobile data with traditional data sources can take KYC to the next level, adding an extra layer of authentication to help deliver a convenient, immediate and effortless customer experience, along with the necessary compliance and fraud mitigation measures. Connecting with real customers and foiling fraudsters in the mobile world is a challenge. While you have an array of verification methods and data available to you, accessing mobile data and leveraging it to ensure that specific criteria are met by legitimate customers adds an extra layer of protection. Simply put, it’s another tool to help reduce fraud risk, improve KYC standards, and just as important, secure an effortless experience for your mobile-minded customers. KYC requirements for sectorsKYC for banking Banking regulations are often the first to reflect new KYC requirements. If left vulnerable, banks could be a substantial conduit for money laundering, as they provide a variety of financial services and deal with significant amounts of accounts, money and transactions. There’s also the need for banks to maintain the substantial amount of trust that banks have built up with their customers when deploying digital processes: “As more banking activities go digital, consumers are becoming aware of the existing vulnerabilities. A FICO report on how the pandemic has driven FIs toward digital transformation found that U.S. consumers have high expectations for identity verification. 62% expect to verify their identity when opening an account digitally, and 42% expect to set up biometric identification during the onboarding process.” Fortunately, technology is improving KYC and AML program for banks with better identity verification speed, accuracy and reliability. Leveraging APIs, AI/ML, biometrics and advanced optical character recognition (OCR) technologies enables banks to gather more information and analyze it more intelligently. Consideration of numerous alternative sources such as email history, mobile data and mobile app analytics can assist in risk assessments. The result is a higher likelihood of detecting synthetic and fraudulent identities before issuing an account. KYC for financial services Most other financial services also have KYC requirements similar to banks. It’s up to the service to perform KYC and monitor customer transactions to ensure they aren't part of a money laundering scheme. As part of their monitoring duties, financial service organizations need to verify the origin of larger sums and report cash transactions exceeding threshold limits. In addition to compliance with AML laws, financial institutions need to make sure their clients understand them. Today, extensive records should be kept on every significant financial transaction. Few methods of detecting crime and corruption are more effective than examining the records of connected financial transactions. KYC for crypto With numerous countries approaching cryptocurrencies differently, creating a KYC crypto program is challenging. To further assist regulators and industry participants in creating programs that deter money laundering and other financial crimes, the FATF noted several red flags around KYC:
Ensuring effective KYC procedures are in place at account opening helps deter money launderers and other financial criminals from becoming active on your services. The customer information obtained at onboarding also improves the monitoring process, as it provides insight into the account and the expected use of funds. Some KYC laws around the worldAustralia Brazil Canada Europe To create more cohesive, harmonious and powerful AML regulations, the European Commission adopted an action plan for a comprehensive Union policy on preventing money laundering and terrorism financing. India Now, Aadhaar-based eKYC enables financial service providers to electronically verify the identities of Indian consumers. Mexico New Zealand South Africa UK This post was originally published October 17, 2016, updated to reflect the latest industry news, trends and insights. What is due care why would an organization want to make sure it exercises due care in its usual course of operations?Why would an organization want to make sure it exercises due care in its usual course of operations? due care has been taken when an organisation makes sure that every employee knows what is acceptable or unacceptable behavior and knows the consequences of illegal or unethical actions.
Is the right of individuals or groups to protect themselves and their information from unauthorized access providing confidentiality?Privacy is the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality. Laws, policies, and their associated penalties only provide deterrence if, among other things, potential offenders fear the probability of a penalty being applied.
What is the subject of the Computer Security Act group of answer choices?What is the subject of the Computer Security Act? Laws, policies, and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught.
What is the subject of the Computer Security Act quizlet?What is the subject of the Computer Security Act? Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Key studies reveal that legal penalties are the overriding factor in leveling ethical perceptions within a small population.
|