Know Your Customer (KYC) is a process of verifying the identity of customers. As lots of financial services migrated online, there is often no face-to-face interaction between the clients and service providers. As a result, KYC is becoming increasingly important to prevent money laundering activities. It is also required by the regulatory authorities to acquire extensive information on clients before allowing them to make transactions.
Besides money laundering, additional threats arouse these last few years that solicited a strict regulatory response. Terrorist financing has been a huge issue as money transfer channels are used to finance terrorist activities across the world. Thus it became imperative to not only know the identity of a customer but to also judge the character of the client and to assess the possible purposes they might be using the service for. KYC rules apply not only to banks but to any institution that offers financial services through which users can move money. These services could include online wallets such as PayPal or Skrill, money transfer services like Western Union, exchanges and brokerages and so on.
KYC rules do not apply only to individual clients but to companies and firms using financial services as well. Different countries have different KYC regulations. If you have ever tried to purchase cryptocurrency from an online exchange you would have had to go through an extensive verification process. Some exchanges require you to submit photos of your ID and passport, proof of residence, etc.
You might have also noticed that some exchanges require more information and proof than the others. This could happen for several reasons. Some jurisdictions might have a more strict approach with KYC requirements, while others may be more lenient. So, depending on where the service provider is incorporated, they might be subject to different requirements. Also, even though there are regulatory forces overseeing the KYC implementations of private companies, sometimes they do not publish detailed guidelines on how to achieve a satisfactory process of user identification. In such cases, it falls upon the companies to decide how extensive a process to implement. Some choose to be safe and require more information from customers, while other think that tedious registration might scare away potential clientele.
A new trend has also emerged of introducing different verification levels for online services. A higher level is accessed when more documentation is submitted. With a higher verification level, different functionality can be accessed. This allows companies to attract a user-base without breaking the KYC regulations.
Some of the processes that the financial providers might be required to go through include verifying the identity of the customers, checking if there are real people behind the accounts, double-checking the prohibited lists to see if the customer has come under question and assessing if the customer might use the services in the future for money laundering or other illegal purposes.
In the US companies have two requirements regarding KYC: Customer Identification Program (CIP) and Customer Due Diligence (CDD). While specific requirements might differ in other territories, the general principles are maintained in most of the developed world.KYC procedures differ for individual clients and companies. For CIP, companies are required to gather the following information on individual clients: Name, date of birth, address, identification number. Depending on the riskiness of a client, some additional information might be required. Banks and financial institutions might rely on third parties for this information under certain circumstances.
KYC procedures differ for individual clients and companies. For CIP, companies are required to gather the following information on individual clients: Name, date of birth, address, identification number. Depending on the riskiness of a client, some additional information might be required. Banks and financial institutions might rely on third parties for this information under certain circumstances. For companies, under CIP, service providers might be required to collect the following information: certified articles of incorporation, business license, a financial statement, financial references, etc.
CIP is a more straightforward process. CDD, on the other hand, requires more nuanced assessment of each customer. For Due Diligence, companies are required to assess the patterns of the transactions of individual clients. Later, these assessments are used to judge when a client makes a transaction that does not fit into the pattern. Depending on this process, each customer must be assigned a specific risk rating. If the risk is too high services to the customer could be terminated.
For CDD, customers might be asked to provide additional information to the data collected during the CIP process. This information could include occupation, description of their business activity, a specification of purposes of transactions, references, sources of the used funds and so on. It is really a task of the service provider to assess what information will help them best in estimating the riskiness of a client.
For businesses, there is a clear trade-off between security and revenues. Overburdening KYC regulations might eliminate the risk of being penalized for non-compliance, but it will also cost the company a user-base as many innocent customers will not be able to access the services. Fines for KYC failures could be very high. A few large banks were each fined $2 million recently for this reason exactly. On the other hand, there are territories that offer regulatory havens for firms. Those who have the resources to relocate their operations to those territories might be able to offer their clients more easily accessible services. A balance has to be found, that is often easier for experienced KYC professionals and teams.
In addition, gathering and processing information is often expensive and requires human resources that might not be readily available at companies. In such cases, it is often easier and cheaper to hire other companies with the processes already set up and ready to go.
KYC solutions range in services that they provide. Some might take on an advisory role and give companies legal counsel on how effective their KYC procedures are. Others offer technologic solutions such as biometric processing and engineering of client registration procedures. For virtually any company handling money, that also deals with a large customer base, it is impossible to comply with KYC regulations without automating the process. This can only be done through advanced technology, which is expensive to develop. For this reason, third party KYC solutions have emerged that offer already set up automated processes.
Some firms offer more continues services like transaction monitoring. These providers use intelligent software to look at users’ transactions more comprehensively. They are able to find operations that fall out of the ordinary behavior of a specific user. There are also blacklist providers that maintain a list of customers that had been judged as high-risk at some point before. These lists are used to cross-check the customer base to easily identify potential high-risk clients.
When finding a customer that might be carrying a potential risk, it is the responsibility of companies to notify regulators. This process can be automated as well using third-party providers that will handle those kinds of communication.
Choosing a KYC provider is an important decision as in case of failure the companies are liable for the mistakes themselves. As there is no cheap and easy way to audit the internal processes of KYC solutions, companies can assess the reputation of the providers. If the providers have a large client base it is likely that they are successful in implementing effective KYC processes. It is also imperative to check if the client-base of the provider matches one’s business needs. As mentioned, different territories have different regulations, so if a provider is experienced in addressing the KYC needs of one regulatory force, they might not be as effective in dealing with a different jurisdiction.
It also depends on the information needed by the company which provider they might choose. For businesses with the need to verify online users’ identities different services might be needed than for others dealing with the clients face to face.
There is also a legal factor that should be considered when deciding to use a third-party provider in implementing the KYC procedures. Some regulators might have different views on the issue. Depending on the business and the process, a third-party provider might not be acceptable for a regulator. These issues can often be sorted out with the providers themselves.
Additionally, some business operations might change depending on the services provided by the KYC solutions. If too much needs to be outsourced to the company different risks arise. Losing control of the business processes is not in the interest of any company.
One quick way to check the services in advance is by requesting a demo. Many companies offer free access to their services for a short period of time to give companies the ability to compare different providers and choose the option that will be the best for their business needs.
Get the most recent news at your inbox
Stay up to date with the financial markets everywhere you go. We won’t spam you.