KYC | Complete Guide to KYC Compliance & KYC Regulations 2021

Introduction to KYC or Know your customer

Know your customer or KYC history dates back to 2001 in the USA as a part of the Patriot Act in the wake of 9/11. Before the 2000s, KYC practices were directed at preventing money laundering but after 9/11 everything changed. Furthermore, everyday companies are exposed to operational, legal, and reputational risks due to online scams and frauds, consequential losses of which are beyond comparison. Therefore, regulatory authorities developed KYC or Know your customer processes to avoid frauds and the practices of money laundering.

Financial institutions usually perform KYC processes before opening customer accounts. Money laundering is becoming increasingly widespread, bad actors are always finding more innovative ways to disguise and conceal their illegal sources of money. Illegal sources may include and are not limited to drug trafficking, terrorist financing, tax evasion, corruption, smuggling, etc. Therefore Know Your customer procedures are readily accepted by businesses across the globe as a measure towards customer identification and anti-money laundering. The guidelines are issued by regulatory authorities unique to every country, territory, and/or jurisdiction.

What is KYC compliance?

KYC compliance is important for financial institutions to ensure the identity of their customers. So when onboarding new customers let’s say for example for bank account opening. KYC checks for customer identification and verification are performed to meet KYC compliance. Banks hold the rights to refuse customer’s requests for account opening, in case their KYC verification fails or shows negative results. KYC compliance has a significant role in today’s changing financial landscape to combat against the crimes of money laundering and terrorist financing.

As the world is digitizing at a rapid pace, manual KYC checks are making it difficult for financial companies to meet KYC compliance, since manual KYC checks are becoming challenging when it comes to securing customer and business interest through accurate KYC verification.

Therefore. Online KYC verification is taking a turn for the better and for effectively meeting global compliance and regulations.

How can KYC protect global businesses?

Knowing your customer is considered important because it tells you about the customers you are doing business with. It allows the financial sector to carry out extensive customer due diligence to verify their identities to prevent identity theft, money laundering, and fraud. Know your customer compliance protects businesses against unanticipated reputational damages due to external breaches from sneaking into systems. The regulations of money laundering and terrorist financing are becoming stricter by the day in a lot of countries around the world.

Robust KYC verification processes perform a thorough analysis of entities undergoing identification including anyone wishing to connect with a business in any way or form. An in-depth customer due diligence is performed for identification, screening against blacklists to identify money laundering suspicions, checking UBOs (ultimate beneficial owners) in case of KYB (Know your business), collecting customer information, and checking against PEP’s (Politically exposed persons) global lists for additional security.

Since online KYC verification assesses the risk level associated with every individual, individuals with high levels of risks go through additional identity checks such as checking against adverse media and extensive corporate analysis for risk profiling. Risk profiles are continuously updated due to the changing security landscape. Following ‘Know your customer’ regulations are obligatory for financial institutions around the globe. Regulatory authorities have placed penalties in case of not following the set of rules and regulations pertaining specifically to ‘know your customer’ and Anti-money laundering norms. Yet, companies every year pay billions of dollars in penalties because they fail to comply with KYC and AML compliance checks, and that are just monetary damages, minus the reputational damages to corporations.

Benefits of performing automated KYC processes

KYC processes ensure transactional transparency between customers and financial institutions. Some of the most important benefits of performing KYC processes are as follows:

• ‘Know your customer’ processes establish institutional credibility among customers and across industries
• On one side it protects customer’s sensitive data from going into the wrong hands, and on the other side, it saves businesses from facing reputational and legal damages due to breaches and cases of identity theft
• Keeps investor’s interest secure at all costs
• As mentioned earlier, the main focus of KYC is to prevent financial crimes such as money laundering, tax evasion, corruption, and terrorist financing
• Preventing fraudsters from conducting fraudulent ICOs is also one of the KYC benefits
• Manual KYC costs are pretty high, automating know your customer procedures using identity verification solutions is a step in the right direction
• Replacing manual ‘Know your customer’ with online KYC verification is time and cost-effective
• Automation and digitization is reducing manual labor, consequently eliminating errors
• Helping companies stay compliant with the rapidly changing and expanding regulation landscape
• KYC procedures for swifter customer onboarding
• Automated KYC can help with frictionless verification processes regardless of geographical boundaries

Components of KYC

There are three main types of customer due diligence or KYC processes, which are performed based on the level of risks associated with every individual. Say for example an individual exposed to PEPs may require an in-depth screening as compared to normal account holders with minimum levels of transactions.

Simplified Customer Due Diligence or CDD

Know your Customer checks are performed on initial customer onboarding stages. It usually assesses the potential risks posed by customers. This level of due diligence does not require an in-depth screening. It is a basic process because individuals are not categorised as high or medium risk profiles.

Standard Due Diligence or SDD

Standard Due Diligence SDD is carried out in the case of public authorities or famous entities. These are categorised as low or medium risk customers. Every country and jurisdiction has its own set of standards, outlining when to perform standard due diligence procedures.

What is Enhanced Due Diligence or EDD

Unlike customer due diligence and standard due diligence, high-risk individuals go through extensive screening to check the involvement in money laundering, terrorist financing, and corruption. Business ultimate beneficial owners are identified, along with sources of income, and screened against PEPs and global sanction lists to eliminate risks of financial crimes.

Apart from that, additional background checks are also performed, as needed. Enhanced due diligence also exposes the nature of the business and the purpose of bigger transactions through ‘know your customer’ remediation. Due diligence is an important step that companies take to get rid of risk by performing extra checks in return keeping businesses safe from bad actors and money laundering activities.

Global Industries using KYC services

KYC procedures are empowering businesses to fulfill their AML compliance and eliminate fraud across industries. It also offers frictionless customer experience during customer onboarding as they are performed thoroughly by KYC experts.

What is KYC in Banking?

This is one of the most significant use cases of KYC. Financial institutions that provide account opening services rely greatly on digital KYC in banking services to obstruct financial crimes such as money laundering and identity theft. Also, in the case of remote payments robust ‘know your customer’ procedures help with customer identification and verification to ensure the authenticity of individuals sending and receiving the money. Through KYC, customers have to prove their identity either through document verification or live video KYC, which proves to be an efficient process for fraud prevention.

Not just banks, insurance companies also rely on KYC solutions as they offer online registration to prospective policyholders. ‘Know your customer’ processes for insurance companies allows them to know that the customers undergoing insurance are authentic and are who they say they are. Then there are brokerage firms, mortgage companies, and various loan companies that use KYC solutions for adding an additional layer of security to their revenues and operations.

You may be interested in Video KYC – Ultimate Solution for Financial Institutions

KYC For Gaming and Gambling Industry

The online gambling industry is rapidly growing and is expected to reach over $94 billion U.S. dollars by the year 2024. One of the reasons for this unanticipated growth is uninterrupted digitization. This continual digitization is bringing convenience to businesses and customers alike.

Over 4.4 billion people around the globe use the internet for interacting with the online world in one way or the other. Online gambling and gaming industries are mandated to verify the identity of their customers including age verification and address verification for risk profiling. The whole idea of KYC for online gambling and gaming sites is to prevent it from bad actors including frauds and restricting minors from approaching age-restricted platforms or items. It provides a secure player environment, builds trust among customers, and helps online companies to stay compliant, eliminating non-compliance fines.

KYC For Travel Industry

The travel industry has seen remarkable changes due to technological advancements. Technology is making things easier for global industries including travel. Travel agencies now improve their customer experience through powerful KYC and AML practices. Since technology has maximized the risk of online frauds, ‘know your customer’ for identity verification is eliminating these risks to a greater extent.

Over the course of a few years, the travel industry is a favorite sector for cybercriminals to target. In 2018, a travel booking site Orbitz lost sensitive customer data including credit card details to a security breach. These stolen payment details are then used for identity theft and sold on the black market, bought by other cybercriminals, used for the purpose of account takeovers. Therefore, KYC for identity verification including biometric technology can prevent these crimes from happening.

KYC For Crypto Exchanges

The technology is also revolutionising the crypto industry. Cryptocurrencies like Bitcoin are easily available for people to buy from crypto exchanges. But various financial crimes such as money laundering are being actively carried out through cryptocurrency due to its complex infrastructures as it makes the sources untraceable. According to financial crime reports, around $2 trillion is laundered every year.

Therefore, the need for KYC verification continues to grow along with the growth of the crypto industry. Virtual currencies have always seemed to be involved in some kind of scandals so, for the cryptocurrency industry to work, KYC crypto for customer identity verification is stressed upon by regulatory authorities to eliminate not only money laundering but fraudulent ICOs from taking place.

Other use cases of KYC are and not limited to:

• Online Crowdfunding platforms
• Telecommunication
• Healthcare to prevent medical identity theft
• Investor verification
• eCommerce
• Airport clearance

What is eKYC?

Now that more and more businesses have evolved to a digital platform, simple KYC is evolving into electronic KYC thus forming e-KYC. Financial institutions or otherwise are required to identify and authenticate their customers to avoid any risks posed by false identities. When their customers lack any real identification, or when they are not authenticated, makes it difficult for businesses to execute due diligence accordingly.

The reason why a lot of companies are moving towards e-KYC for convenient onboarding processes and in return profitable customers. As online transactions increase due to the ever-increasing presence of online businesses, it has become crucial to assure the legality of online customers. This is where e-KYC comes in, it allows companies to verify an individual’s identity through digital verification mechanisms. Shufti has launched an eIDV solution to innovate identity verification landscape across the globe. Learn more about our eIDV solution here.  

Document verification

Includes the verification of government-issued KYC documents identity cards, passports, or even health insurance. Financial institutions can refer to these assets when verifying the identity of prospective customers.

Video verification

One of the ways to prevent online frauds and possible impersonations during e-KYC is to perform video verification. India is considered as one of the first countries to embrace video identification. Video KYC is a face to face communication process through a live video with a compliance specialist for customer identification. It is not only a verification process but helps companies reduce the high costs of physically visiting the customers or vice versa. Video verification is basically an online version of the traditional one-on-one meetings.

Facial recognition and liveness detection

Many financial institutions make use of biometric authentication and liveness detection for fraud prevention. In facial recognition, the face of the person is matched against one or more faces to ascertain the existence of the match, to begin with. This technology is growingly becoming a part of everyday life. On the other hand, liveness detection is the technology that recognizes whether the face in front of the camera belongs to the person it was supposed to in order to avert face spoofing or identity theft. It ensures the remote presence of the users at the time of verification through micro-expression analysis and 3D-depth perception in order to combat face spoof attacks.

What is Mobile KYC?

Now that we know what is KYC, and enhanced KYC. It’s time to discuss Mobile KYC. Mobile KYC allows businesses and customers to authenticate identities using smartphones. Everyone owns a smartphone these days, the features of having a front camera and 4G internet connection makes the whole verification experience smoother. Mobile KYC services increase customer outreach with more credibility. It is revolutionizing the banking sector and eCommerce sector. In this day and age, everyone is buying and selling stuff straight from their mobile phones, therefore, identity verification through mobile for customer authentication is an effective way forward.

The ease of the digital world brings with it various online crimes thus identifying customers with just a few clicks is convenient and advantageous. In today’s digitized world, customers are carrying out their banking operations including transactions using their mobile devices. Regulations around the globe are changing due to technological advances, financial institutions are bound to follow the guidelines for AML, and are required to follow ‘Know your customer’ checks for remote customer identification. The reason why mobile KYC is coming in handy for banks to authentic transactions, and account opening.

KYC onboarding process

Oftentimes, onboarding new customers can be complex for global industries. But identity verification and verifying their transaction history and patterns is important in order to comply with Anti-money laundering regulations and customer due diligence. Having said that, KYC checks for customer verification are not only limited to early onboarding stages but also performed after regular intervals for remediation purposes. Since the KYC process is becoming intense, companies are spending a thousand dollars on manual ‘Know your customer’ processes which are inaccurate, inefficient, and expensive. Therefore, automated KYC onboarding is gaining attention. The following steps are included in the customer KYC onboarding process:

1.  Customer Identification Program
The first step involved in the KYC onboarding process is the customer identification program, here personal information of the client is collected.

2. End-User Submits Government-Issued Document(s)
After the user has filled in the form with his or her personal information, the next step is to upload their identity document for verification purposes

3. Data Extraction Using OCR
After uploading the required document, the data on the ID document is extracted using OCR technology for processing and verification.

4. AML Screening
AML screening is performed to identify high-risk entities and which as a result prevents them from entering the system.

5. Transaction Monitoring
Ongoing financial transaction monitoring is done to identify suspicious transactions and patterns of money flow.

What is the importance of kyc process

Performing effective KYC checks reduces the threats of identity theft, financial crimes such as money laundering, corruption, tax evasion, and terrorism financing. Complete risk assessment helps in understanding clients, their behaviors, and transaction patterns. The KYC verification process collects customer information to verify their identity which consequently stops crimes from taking place in the future. KYC verification processes in financial institutions ensure that their customers are not involved in money laundering related crimes.

KYC process steps include Customer Identification, due diligence, and enhanced customer due diligence; helping the financial sector to avoid severe reputational damages and hefty financial charges imposed by regulators for non-compliance. For the banking sector, it is extremely important to perform an in-depth background screening to mitigate fraudulent activities.

• Fraudulent activities are minimized by thoroughly following ‘know your customer’ regulations
• Institutions can collect sufficient proof of individual identity for verification
• Financial organizations can ensure that their services are not abused in any way through identity theft
• Prevents money laundering, and other monetary fraudulent transactions

KYC regulations around the world

Every jurisdiction has its own laws to comply with since they have their government-issued identity cards, driver license, passports, credit/ debit cards, and utility bills. Industries such as financial, online gaming, and gambling sites have greater KYC regulations and AML compliance obligations and may have their own devoted regulatory authorities for that matter. Countries use governmental agencies to oversee compliance regulations. For example, Portugal uses three separate regulatory authorities for its banking, securities, and gaming sector.

The Financial Action Task Force (FATF)

FATF is a global intergovernmental organization committed to fighting against money laundering and terrorist financing crimes. It has 36 member states spread across its jurisdictions. FATF has been putting forth the global standards for anti-money laundering compliance by monitoring customers under AML and CTF guidance. FATF has made it mandatory for financial institutions to perform thorough ‘know your customer’ procedures, risk assessment, screening against global sanctions, and due diligence processes before onboarding customers and businesses. 

You may be interested in: 40 recommendations of FATF – Shaping the future of your business

Some major KYC regulations:

• The European Union’s Anti-Money Laundering Directives – 5AMLD and 6AMLD
• The Financial Conduct Authority (FCA) in the UK
• The Bank secrecy act in the USA
• Hong Kong Monetary Authority (HKMA) and the Monetary Authority of Singapore (MAS) for Asia
• AUSTRAC in Australia

KYC Regulations in the US

Financial Crime Enforcement Network (FinCEN) has proposed a regulatory framework and according to the law, 

• KYC checks are mandatory for customer onboarding 
• Customers should be given a risk rating 
• EDD must be performed for high-risk customers
• Non-compliacne will result in hefty penalties 

KYC Regulations in the UK

After Brexit, the United Kingdom is following the Sanctions and Money Laundering Act of 2018. As per the law, the UK will follow the United Nations sanctions to meet international policy objectives and national security. All enterprises are guided to maintain updated anti-money laundering and counter terrorist financing (AML/CFT) measures. Lastly, the Act of 2018 has suggested the entities to perform due diligence checks on all the entities to maintain domestic security and comply with the international security standards. 

Recommended: A Comprehensive Guide to AML and KYC Compliance in the UK

KYC Regulations in the EU

The European Union will be complying with the sixth anti-money laundering directive (6AMLD). Here are the key points of 6AMLD:

• 22 predicate offences have been described in the directive 
• The directive has reduced transaction threshold for all the EU states
• Three points have been discussed to consider aggression
• Economic sanctions have increased up to 5 million
• 6AMLD focuses on the RegTech companies

KYC Regulations in Australia 

The Australian Transactions Reports and Analysis Center (AUSTRAC) has also amended the KYC/AML regulations when the pandemic struck the world. It has provided alternatives to ensure better compliance with the identity verification protocols suggested. According to AUSTRAC, electronic copies of government-issued ID documents can be used and alternative proof of identity can be used for verification. In case any of the aforementioned alternatives do not work, video KYC must be performed for identity verification. 

KYC and AML Compliance Checklist

Collecting customer personal information through the customer identification program (CIP) is an important part of KYC checklists:

• The full legal name of the customer
• Customer’s digital photo to match with the ID document
• Scanned ID documents such as identity cards, passports, and others
• POA or proof of address from the utility bills, or bank statements
• Ultimate beneficial owners (where needed) along with other identities checks
• Screening against global blacklists such as PEP lists, sanctions, and other watchlists to identify the involvement in money laundering

KYC regulations around the world

Every jurisdiction has its own laws to comply with since they have their government-issued identity cards, driver license, passports, credit/ debit cards, and utility bills. Industries such as financial, online gaming, and gambling sites have greater KYC regulations and AML compliance obligations and may have their own devoted regulatory authorities for that matter. Countries use governmental agencies to oversee compliance regulations. For example, Portugal uses three separate regulatory authorities for its banking, securities, and gaming sector.

The Financial Action Task Force (FATF)

FATF is a global intergovernmental organization committed to fighting against money laundering and terrorist financing crimes. It has 36 member states spread across its jurisdictions. FATF has been putting forth the global standards for anti-money laundering compliance by monitoring customers under AML and CTF guidance. FATF has made it mandatory for financial institutions to perform thorough ‘know your customer’ procedures, risk assessment, screening against global sanctions, and due diligence processes before onboarding customers and businesses. 

You may be interested in: 40 recommendations of FATF – Shaping the future of your business

Some major KYC regulations:

• The European Union’s Anti-Money Laundering Directives – 5AMLD and 6AMLD
• The Financial Conduct Authority (FCA) in the UK
• The Bank secrecy act in the USA
• Hong Kong Monetary Authority (HKMA) and the Monetary Authority of Singapore (MAS) for Asia
• AUSTRAC in Australia

KYC Regulations in the US

Financial Crime Enforcement Network (FinCEN) has proposed a regulatory framework and according to the law, 

• KYC checks are mandatory for customer onboarding 
• Customers should be given a risk rating 
• EDD must be performed for high-risk customers
• Non-compliacne will result in hefty penalties 

KYC Regulations in the UK

After Brexit, the United Kingdom is following the Sanctions and Money Laundering Act of 2018. As per the law, the UK will follow the United Nations sanctions to meet international policy objectives and national security. All enterprises are guided to maintain updated anti-money laundering and counter terrorist financing (AML/CFT) measures. Lastly, the Act of 2018 has suggested the entities to perform due diligence checks on all the entities to maintain domestic security and comply with the international security standards. 

Recommended: A Comprehensive Guide to AML and KYC Compliance in the UK

KYC Regulations in the EU

The European Union will be complying with the sixth anti-money laundering directive (6AMLD). Here are the key points of 6AMLD:

• 22 predicate offences have been described in the directive 
• The directive has reduced transaction threshold for all the EU states
• Three points have been discussed to consider aggression
• Economic sanctions have increased up to 5 million
• 6AMLD focuses on the RegTech companies

KYC Regulations in Australia 

The Australian Transactions Reports and Analysis Center (AUSTRAC) has also amended the KYC/AML regulations when the pandemic struck the world. It has provided alternatives to ensure better compliance with the identity verification protocols suggested. According to AUSTRAC, electronic copies of government-issued ID documents can be used and alternative proof of identity can be used for verification. In case any of the aforementioned alternatives do not work, video KYC must be performed for identity verification. 

Automating manual customer onboarding processes in banking

Manual ‘know your customer’ processes in banking are prone to errors, slow, complicated, and risky. Along with that, they bring problems during client onboarding because manually filling forms and answering questions are time-consuming. Whereas, automated KYC in the banking sector specifically reduces manual tasks and allows financial institutions to be more accurate and time-efficient, helping them to evaluate customer risk more effectively.

Modern technology combined with regulatory compliance is preferred. Therefore, automated KYC authentication is significant for financial institutions and other global industries. Moreover, it reduces paperwork, storage space, and costs of manual KYC. Too much documentation is prone to corruption whereas streamlined and automated KYC processes can eliminate such activities. Also, with digital KYC customers can avail banking and other services instantly.

What is KYC remediation?

Since ‘know your customer’ is becoming a topmost concern for industries, maintaining customer files, while getting rid of inaccurate and outdated information on an on-going basis is also becoming a priority. Therefore, KYC remediation is a process of updating customer KYC files to meet regulatory compliance. Moreover, KYC remediation gives businesses an opportunity to conduct a risk assessment to minimize business risks and to understand customers better.

How Shufti can help global businesses?

Shufti’s digital KYC solution is helping companies to minimize the complications that come with onboarding and monitoring customers and businesses, in the fastest and simplest way possible. Shufti’s AML screening protects businesses from money laundering activities and identifies entities involved in financial crime to meet AML and KYC compliance within financial institutions.

• Faster customer onboarding while reducing drop off rates
• Enhanced customer due diligence to ensure the authenticity of individual through ID documents and face recognition
• Ongoing monitoring for AML compliance, databases and lists are updated on a continuous basis, to remove any ambiguity in identification processes
• Automated KYC solutions including age verification, address verification, facial biometric authentication, video KYC, and OCR for business can easily be integrated with already existing company systems for ease of use
• The automated system is secure without the involvement of third parties

Shufti uses the applications of Artificial Intelligence and human intelligence. It provides universal language support and verification services in more than 230 countries and jurisdictions.