Table of contents
- What is KYC Compliance?
- Laws Governing KYC Compliance
- Requirements for a Client-Centric approach to KYC Verification Process
- Components of a Client-Centric approach to KYC Verification Process
- How IDmerit can help with its KYC Compliance Solutions?
The concepts behind Know Your Customer or Know Your Client (KYC) has been around since the early 90’s as the finance industry in different parts of the world attempted various methods to validate ID. As technology grew and ease of doing business became more mainstream, fraud rose and the financial industry reached out to governments for a more definitive identity verification solution. Many governmental regimes answered the call and began issuing regulations, but there were always the issues of increased friction in the customer onboarding process and lack of effective ID validation systems.
At the onset of KYC verification, e-commerce, Business to Business (B2B), and other industries were not taken into account. KYC compliance mainly dealt with the financial industry, but luckily for regulators, the KYC creators left room for adjustment and growth. And with the focus being shifted to Anti-Money Laundering (AML), KYC became part of AML compliance. Doing this strengthened the need for KYC verification, but drowned out its importance, customer awareness and still didn’t rectify the issues of friction or digital identity management.
What is KYC Compliance?
In the beginning, Know Your Customer (KYC) consisted of guidelines that only required financial services (e.g. banks, brokerage companies, insurance, mortgage houses, etc.) to verify the identity, exercise due diligence, and possible risks involved in doing business with an individual. Now, KYC compliance laws encompass a wide range of businesses from different industries. Including Fintech (cryptocurrencies, online payment providers, and SaaS), Real Estate, Health Care, Gaming (e-gaming platforms like poker, lottery, etc.), legal and precious metal, and art dealers.
KYC is now part of the regulatory AML compliance obligations of financial and non-financial organizations. Obligated entities develop their customer identification processes and verify their customers according to the regulatory guidelines. Achieving KYC compliance helps businesses prevent penalties, fight fraud, and mitigate financial crimes such as money laundering and terrorist financing.
Laws Governing KYC Compliance
Separating KYC from AML compliance laws at this stage isn’t plausible because the objective of KYC isn’t just to validate ID, but to prevent fraud. Basic customer due diligence sometimes isn’t enough to combat or even deter fraudsters. Therefore KYC often needs the backing of AML compliance which requires sterner measures, penalties and enhanced due diligence.
Despite the introduction of regulations, the KYC verification process isn’t standard across the globe. This is mainly due to the loophole that gives banks and other financial institutions the right to adjust for due diligence according to their needs and not every country’s law covers all aspects of digital identity management. Due to the ambiguity in the law and execution by financial institutions, automated KYC isn’t even a requirement in a few countries, making the entire KYC verification process overbearing for the customer.
Because KYC compliance laws are a part of AML compliance regulations they are influenced by the recommendations of the intergovernmental organization, Financial Action Task Force (FATF) or its French name, Groupe d’action financière (GAFI). Below is a list of some KYC governing agencies and the laws implemented around the globe.
Financial Crimes Enforcement Network (FinCEN) – As part of its mandate given by the US Department of the Treasury, FinCEN serves as the Financial Intelligence Unit (FIU) in the US with the mission to safeguard the financial system from illicit use. Through the provisions of the US Patriot Act, the Bank Secrecy Act (BSA) requires the reporting entities (primarily banks) to take necessary measures for ID validation and to report suspicious activities to FinCEN.
Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) – Represents Canada’s FIU and is responsible for the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). The PCMLTFA Act of Canada sets the KYC verification requirements, global money handling, and processes and regulations for any industry that receives legal tender transacts goods or handles cryptocurrencies and other digital forms of payment. All suspicious activities and potential breaches are to be reported by participating entities.
KYC Compliance and Money-Laundering Act
The Money Laundering Act – 2017 (MLA) of the UK falls directly under the jurisdiction of FATF and the Sanctions and Money Laundering Act and defines customer verification regulations for reporting entities. Within MLA there are exemptions for transaction amount limits, account balances, and repeat business. These exemptions assist in the ease of doing business within the United Kingdom but are not hard and fast for all foreign investors as financial institutions have the final say.
Autorité des Marchés Financiers (AMF) is the anti-money laundering regulator in France and under its remit sanctioned by the FATF and the European Union (EU) allows them to require to regulate, authorize, monitor, and where necessary, inspect, investigate and enforce the customer identity verification laws for financial businesses. Under the Anti-Money Laundering Directive of 2020 (AMLD5), Financial Markets Authority (AMF) strengthens the fight against terrorism financing.
Australian Transaction Report and Analysis Centre (AUSTRAC) implemented the amended Anti-Money Laundering Counter-Terrorism Financing (AML/CTF) Act of Australia in 2020 under the guidance of the FATF. Aside from counter-terrorism financing measures like monitoring the cross-border movement of money, the AML/CTF requires all parties involved in financial activity must follow AML and KYC compliance guidelines.
Notwithstanding the countries and regulators listed here, the implementation of more stringent AML/ KYC compliance requirements are a global affair. There are only a few detractors of mainly sanctioned countries that haven’t fully implemented either AML and/or KYC compliance laws. Under FATF and FinCEN, digital identity, global ID verification, e-KYC, corporate KYC, and automated KYC began taking center stage in KYC verification systems.
For customers, with the right digital identity management systems in place, this could mean the introduction of a more client centric approach to KYC verification and improved customer onboarding processes. However, all good things come at a cost, and banks, businesses, and entire industries need to re-educate their customers on the importance of KYC, refrain from reducing the process to a customer onboarding checklist, and invest in a secure Client centric approach to KYC verification process.
Requirements for a Client Centric approach to KYC Verification Process
Customer due diligence plays a key role in the KYC verification process. To understand how KYC works, comprehension of what constitutes due diligence and the varying levels of customer due diligence is needed. Different levels of assumed risk require different levels of due diligence.
There are three main types of customer due diligence that are based on a customer’s level of risk.
Simplified Customer Due Diligence
At the simplified level of customer due diligence, checks are performed for the initial stages of customer onboarding and do not require in-depth screening.
Basic Customer Due Diligence
Basic Customer Due Diligence or Standard Due Diligence (SDD) is carried out on all customers categorized as low or medium risk. Except in the case of Politically Exposed Persons (PEP) or famous entities, these individuals or entities are considered normal account holders with minimum level transactions.
Enhanced Due Diligence
Enhanced Due Diligence (EDD) is used for high-risk customers and these customers go through extensive screening, monitoring, and background checks for money laundering, terrorism financing, and corruption. Effective enhanced due diligence exposes the nature of the business and delves into Know Your Customer’s Customer (KYCC).
During customer due diligence, individuals and entities involved with sanction countries and on global watchlists are automatically reported to the relevant regulatory bodies, beneficiaries, and sources of income are identified. Due diligence is an important step in the KYC verification process and by performing extra checks, businesses and banks can keep themselves safe from bad actors and money laundering activities.
The KYC compliance process varies around the globe, but there are some common aspects of a great KYC verification process. Once your KYC verification system eliminates bad actors, reduces pain points in the customer onboarding process, and effectively handles digital identity management, it’s a success.
Components of a Client Centric approach to KYC Verification Process
This is not a customer onboarding checklist for KYC compliance. The goal of each of these components is to streamline the KYC verification process and make it easier for businesses to put KYC policies into practice. There will still be room for risk assessment and ID validation without lengthy processes or complex systems. In essence, all the components of basic customer due diligence still apply as well as robust features for enhanced due diligence and automated KYC.
Mobile Identity Verification for Customer Onboarding
Banks and other financial institutions seem to be holding up progress when it comes to mobile identity verification. Many businesses, especially those online, have begun the transition to mobile identity verification. Customers are mobile-ready and verifying identity using built-in smartphone biometrics to check age and account ownership and auto-complete forms with IDMautofill should be a normal part of KYC verification.
Knowledge-Based Assessment (KBA) only goes so far and in this internet and social media age, the answers can be readily found online. It is time the banks embraced biometric technology for their customer base. They don’t even have to own the hardware or software. Through a third-party digital identity management company, they can verify customers via mobile without drastic budget allocations or installing a new KYC verification system.
Behavior Monitoring During Transaction Screening
Do you think it’s normal to sweat profusely during a loan transaction? Of course not! But not every behavior red flag will be this obvious. When dealing with online customers, behavior monitoring gets a bit complicated. Add in synthetic identity fraud and it may be difficult to guess why this person is interacting with your business.
Ongoing behavior monitoring during transaction screening and monitoring can help you piece together the actions of your online user. At IDMERIT, we use a multi-layered approach monitoring various aspects of biometric behavior such as signature analysis and finger movements to validate ID. Biometric behavior monitoring isn’t standard KYC practice and its use can put you ahead of KYC compliance and bad actors.
Enhanced Due Diligence for Payment Services Providers
It was only recently in 2020 that payment gateways were getting the necessary regulatory overhaul to bring them into AML/ KYC compliance. Card issuers and customers were tired of holding their breath during every online transaction and so the revised Payment Services Directive (PSD2) was rolled out. As welcome as the change was for merchants and customers alike, not every payment gateway has taken the necessary steps to maintain global ID verification or tight customer onboarding measures.
Strong Customer Authentication (SCA) was meant to be a simple 3-step checklist to fulfill PSD2 directives. Using two-factor authentication, payment services providers can validate ID, however, like KBA, SCA has exemptions and loopholes. This provides way too many gaps for fraudsters plus there aren’t any heavy fines for non-compliance. That means businesses should treat payment services providers as high risk and enact enhanced due diligence for their own protection.
Retain Video and Document Verification Services
Document verification is one of the pet peeves of customers during the customer onboarding process. Without digitalization, it can be an outright nightmare. Video and document verification services should be a part of digital identity management to make customer onboarding faster and easier.
Customers are willing to forgo long lines in both banks and utility companies collecting and verifying identity through their official documents. Not only does IDMconnect help validate ID using utility documents, but the use of IDMlive also reduces the unnecessary health risk and exposure for vulnerable citizens. Using our document verification services which have access to government databases can provide clear, visual, and documental proof for KYC verification.
Automated KYC for Global Industries
In 2021, one should not still be making a call for automated KYC or e-KYC practices. At the cusp of 2022 automated KYC should be part of standard industry practices across the board for all industries. In a global technological era, where cars have started to fly, e-KYC should not still be waiting on international corporations to get on board.
The holdup on e-KYC is that large corporations are trying to figure out how to do it in the house when the financial industry and governments have already outsourced their KYC verification services. Granted, it is understandable that corporate entities wish to protect their stakeholders’ data and interests, the damage of improper KYC verification is far worse and can cost more in testing and financial damages in the long run.
Sadly, where large corporations lead, small to medium enterprises follow. It’s easier to seek out a digital identity management company that has experience in global ID verification and can verify corporate company records and CEO addresses. With automated KYC and biometric behavior monitoring included, the entire KYC verification process can be simplified yet effective against bad actors.
Using a third-party KYC verification service doesn’t mean you can’t maintain your risk profiles of high-risk customers nor will you lose access to key data. When KYC verification works it empowers businesses to fulfill their AML compliance and eliminate fraud across industries while offering a frictionless customer experience. Therefore execution and enforcement of KYC processes and policies is the key behind a successful KYC verification process and that’s what we provide at IDMERIT.
How IDmerit can help with its KYC Compliance Solutions?
Digital identity management was not something banks and other financial institutions were equipped to handle. Though the government had the information, their databases were sometimes incomplete, too spread out, or had limited access that would create nightmares in the customer onboarding process. The easier solution was to let third-party entities provide document verification services, global ID verification and assist in automating the KYC verification process.
This is where IDMERIT comes in and because of digital identity management companies like ours, you now have an easier route to KYC verification. We helped set the industry standards in KYC verification services through our IDMkyX platform. We perform mobile identity verification with device fingerprinting through smart devices and biometric behavior monitoring for the most impactful risk assessment process and onboarding experience.
Let’s prove how we can help you create a successful client centric KYC verification process. Contact IDMERIT today!