What is KYC in Banking?
If you open an account with a bank or sign up for a financial product or service, you’re likely to go through a KYC process to confirm you are who you say you are. KYC, or Know Your Customer, helps banks and financial institutions verify the identities of their customers and identify risk factors for fraud, money-laundering, and other financial crimes.
To help you learn more about this process and why it’s important, we’ve created this guide to KYC in banking. We’ll discuss:
- What is KYC?
- The history of KYC
- Why KYC is important
- AML vs KYC: What’s the difference?
- Who needs to have KYC processes?
- What triggers KYC re-verification
- The components of KYC
- What are KYC documents?
- The cost of KYC for businesses
- What is eKYC?
What is KYC?
Firstly, let’s understand what exactly KYC is.
KYC stands for Know Your Customer, or in some cases, Know Your Client. It is a customer due diligence process that banks and financial institutions are legally obliged to undergo in order to assess, monitor, and reduce the risk of money laundering, terrorism financing, and other fraud schemes. The term KYC is also used to describe the laws and regulations that define these processes.
KYC includes:
- Verifying that a customer is who they claim to be
- Monitoring their behavior for suspicious activity
- Reporting suspicious account activity.
The KYC verification process typically kicks off when a customer opens a new account with a financial institution (e.g. onboarding). It also happens continuously throughout the working relationship (e.g. ongoing monitoring of transaction patterns or if a client purchases a new product).
The typical elements of KYC vary between jurisdictions, however they usually include:
- ID card verification
- Proof of address
- Face verification/liveness check
- Biometric verification.
KYC plays an important role in the fight against financial crime by allowing financial services companies to spot suspicious activity and prevent misuse of their services. Banks and institutions can refuse to open accounts or cancel an account if a person doesn’t meet the minimum KYC requirements.
The history of KYC
KYC processes were developed in response to widespread financial fraud and money laundering that happens on a global scale. Although you may not always hear about them, financial crimes are a major problem, with money laundering accounting for 2-5% of the global GDP according to the United Nations. Strong KYC processes are a way for banks and financial institutions to do their part to reduce the potential for these crimes to occur.
Regulations around KYC were first introduced in the 1990s by the Financial Action Task Force (FATC) to limit the occurrence of anonymous bank accounts and help financial institutions spot suspicious activity. After 9/11, KYC measures were increased to more accurately assess, monitor, and prevent the risk of terrorism financing.
Today, KYC processes have evolved to accommodate the widespread digitization of banks and financial services, offering more accurate insights, automation, better opportunities for monitoring account activity, and faster onboarding of customers.
Why is the KYC process important?
In 2020, financial institutions filed around 6,452 suspicious activity reports per day. KYC plays a critical role in helping institutions detect this activity and assess money laundering risks.
The very nature of KYC processes is to assess a client’s risk for committing financial crimes early in the relationship and then monitoring their behavior for suspicious activity. Without this process, clients can use anonymous accounts to launder money, finance terrorism, and commit fraud without an organization’s awareness.
Because the KYC process is so integral in spotting and preventing financial crimes, banks and financial institutions have a legal obligation to comply with KYC regulations and Anti-Money Laundering laws. Failing to do so can result in heavy fines and penalties, not to mention loss in customer trust and a damaged reputation on top of the crimes committed.
AML vs KYC: What’s the difference?
You may see the term AML used often in conjunction with KYC. They’re also sometimes used interchangeably, though they mean different things.
AML stands for Anti-Money Laundering. It refers to the entire framework of legislation and regulations that financial institutions must comply with to prevent the occurrence of money laundering. KYC forms a part of that framework, stating that organizations must know who they are doing business with, monitor their behavior, and report suspicious activity.
The exact legislation surrounding AML varies between different countries and jurisdictions. It is the responsibility of banks and financial institutions to develop their own policies and procedures that comply with local AML standards.
In short, AML is the larger regulatory framework that aims to prevent money laundering, fraud, and financial crimes, while KYC forms a small part of that process.
Who needs to have KYC processes?
Any financial institution or financial services company with exposure to customer risk must have KYC processes in place. These include:
- Banks
- Credit unions
- Fintech companies
- Cryptocurrency exchanges and wallet providers
- Wealth management firms and broker-dealers
- Private lenders.
KYC processes generally apply when these businesses onboard a new client (i.e. when a client opens an account). They can also occur throughout the relationship, for example when account activity changes or a client acquires a regulated product.
What triggers KYC re-verification?
Sometimes, an organization needs to re-verify customers through an updated KYC process. This usually occurs after a certain ‘trigger’ has been made.
For example, a customer may have passed an initial KYC process when onboarding with a bank and deemed to pose a minimal level of risk. After a few months, however, their activity may have changed with more frequent transactions of higher amounts. As a result, the account now poses a higher level of risk than before and a re-verification process is needed. This allows a customer to explain their situation and the account to be monitored more closely.
Triggers for KYC re-verification will vary depending on the business, however common triggers include:
- Unusual transaction activity (e.g. unusually high transaction amounts or volumes)
- New information about the customer
- Change in a customer’s occupation
- Change in the nature of a customer’s business
- Adding a new party to a customer’s account
- New overseas transactions
- Transactions with high-risk individuals or high-risk countries.
What are the components of KYC?
There are three components required for a full KYC program:
- Customer Identification Program (CIP): This states that all customers must have their identity verified, whether they are an individual or a corporation. The goal of CIP is to ensure that a customer is who they claim to be.
- Customer Due Diligence (CDD): This refers to establishing a risk profile for each client by collecting further customer data. Those who are considered to be higher-risk require a deeper check.
- Continuous monitoring: This refers to continuously monitoring a customer’s activity for anything suspicious for the duration of the business relationship. The frequency and extent of monitoring will depend on the customer’s risk profile, but should generally include monitoring transactions, sanction lists, and media coverage.
The way these three elements are implemented is up to the financial institution to decide, however they must be included as part of a full KYC framework.
What are KYC document requirements?
Customers must present certain documents as part of the KYC process. The exact document requirements will depend on the organization and the industry, however they might include:
- Proof of ID: This comes from a government-issued ID, for example, a driver’s license, birth certificate, or passport.
- Proof of address: This is used to confirm a person’s address and can be pulled from a utility bill or lease agreement.
- Face verification/liveness check: This prevents spoof attacks by ensuring the live presence of a person.
- Biometric verification: This includes verifying a person by their face, fingerprints, or voice.
- Document verification: This checks a government-issued ID for forgery.
The most basic document requirements for KYC are a government-issued ID with a photo, such as a passport or driver’s license, and a proof of address, such as a gas or utility bill.
How much does KYC cost businesses?
KYC is not a simple measure to implement, and it costs financial institutions a lot in terms of tools, software, and time. In 2021, it’s estimated that financial institutions spent more than $37 billion on AML and KYC-related operations. Some financial institutions have reported spending $60 million per year, while others claim to have spent $500 million in one year on KYC.
While the costs of implementing KYC is high, failing to meet KYC compliance can cost an organization even more. This includes fines and penalties for non-compliance, of which a cumulative $26 billion USD has been levied in the last 10 years in the US, Europe, Middle East, and Asia Pacific. In the first half of 2021, 80 banks were fined nearly $3 billion US for violating AML and KYC-related laws.
Besides the financial repercussions of failing to meet regulations, a business can suffer a damaged reputation and reduced customer trust, which can take a long time to recover – if ever.
What is eKYC?
eKYC stands for electronic Know Your Customer and refers to the digital verification of a customer’s identity. As banks and financial institutions become digitized, more financial products and services are being offered online. eKYC has been developed to offer an enhanced due diligence process that’s remote, paperless, and provides immediate verification of identity.
This is not only useful for the customer, who is able to start using services immediately upon verification, but also for financial organizations who are able to automate KYC processes and retrieve more data about new clients. This includes passive signals, such as IP address, metadata, and VPN use, as well as third-party data, pulled from government watchlists and adverse media reports.
eKYC uses various technologies, including:
- Electronic forms
- Digital document and/or facial recognition
- Biometric data
- Two-factor authentication
- Digital breadcrumbs
- One-time passwords.
KYC: a summary
Banks and financial institutions are responsible for ensuring that their products and services are not being used to commit crimes, such as money-laundering, terrorism financing, or identity theft. To do this, they must know exactly who is using their services and monitor their behavior to spot suspicious activity. This is where KYC comes in.
For some customers, KYC can seem like a burdensome process that takes time and effort to get through. However, it does a great deal in helping spot and reduce the occurrence of financial crimes on a global scale. As technology advances, eKYC helps make this process faster and smoother for both parties.
ZEN is committed to keeping KYC processes fast and simple for our customers. If you have any questions about our process, please reach out to our team.