KYC Verification Process – 3 Steps to Know Your Customer Compliance

Did you know there are three key components to KYC?

The entire identity verification procedure encompasses much more, however, the most critical components are:

• Customer Identification Program (CIP)
• Customer due diligence
• Ongoing monitoring 

In this blog we’ll be discussing the critical nature of these 3 steps in the wider KYC verification process. 

Introduction

Since the turn of the century, we’ve been propelled into a technological revolution and the Covid-19 pandemic served to show the world that digitisation will continue at an exponential rate. Whilst the outside world shut down, our remote capabilities soared in the Covid era, much of which continues post pandemic due to its efficient nature. From opening a bank account to scheduling a doctor’s appointment, Know Your Customer KYC processes have ameliorated to become an almost entirely paperless and virtual process. 

Whilst digitisation has created greater efficiency in daily personal and work-related tasks, we’ve seen advanced technology being employed for illicit use. New technology and online processes face the imminent threat of attack as hackers utilise more advanced methods to bypass business security measures. 2021 to 2022 saw the global fraud rate increase by 18% and 2022 also marked the highest rise in ID document forgery at 24%, in comparison to 18% in 2021. Passports claimed the top spot of all forged ID documents, accounting for approximately 40% of all reported cases; it is speculated that this is attributed to the difficulty in biometric fraud because of advanced features like liveness detection, causing criminals to focus their efforts on document fraud for greater ease.

Download Shufti’s 2022 ID Fraud Report for more insightful global trends and data to streamline your company’s security operations. 

Banks and other financial institutes, as well as credit unions and e-commerce are particularly vulnerable to such threats as financial crime is at an all time high; it is also a desirable subsection of crime due to its lucrative pay out if successful. With widespread implementation of digital KYC, many more industries riding the wave of digitisation are exposed to a wider scope of cyber threats and fraud – so it’s essential to have robust Know Your Customer verification for optimum security.

If a criminal successfully bypasses KYC due diligence procedures, an organisation may unknowingly be facilitating money laundering, often affiliated with terrorist financing, drug trafficking, tax evasion, smuggling and a plethora of other criminal activities. This puts an organisation in jeopardy, as global and local non-compliance will result in reputational damage and financial loss due to large penalties. KYC is not only a verification procedure, but a compliance standard that all companies have a duty to uphold.

Want to strengthen your KYC verification process? Check out our industry-acclaimed identity verification solutions here. 

What is KYC?

In layman’s terms, KYC is the abbreviated term for ‘Know Your Customer’. 

The KYC verification process itself is a little more intricate. It authenticates and ensures the legitimacy of customers, essentially checking – Are you who you say you are? Are you safe to work with as a customer? 

It is a critical part of the customer due diligence process to ensure fraud prevention and other financial crimes. It also plays a key role in upholding the integrity of the wider global financial system, so a loophole or flaw will have dire consequences on the monetary ecosystem if exploited. 

When did Know Your Customer (KYC) verification start?

The concept of verifying customers before commencing a business relationship has been around for a long time, initial KYC requirements were drafted in the 1970s in the United States, in an attempt to combat money laundering – passed under the Bank Secrecy Act (BSA). This initial framework has since been revised and altered, most notably after the September 11th terrorist attack in 2001 as part of the Patriot Act and the financial crisis of 2008. As KYC procedures have undergone adaptation, KYC regulatory compliance has also symbiotically changed alongside it. 

Proactive security measures have revolutionised business security, it eliminates the risk of commencing relations with high-risk or illegitimate customers and spares an organisation from non-compliance fines, financial loss and upholds a positive image. However, when fraudulent activities do occur, they often take place due to unauthorised access on online platforms, which is why KYC is critical in fraud prevention and has resulted in KYC compliance. 

KYC Verification Steps

Similar to the traditional KYC process previously seen in banks with in-person and paper documentation, e-KYC steps follow a similar process. 

KYC step 1 | Collection of information

The first step to know your customer requires the organisation to collect necessary personal information from the online user. This often happens at the early stages of account registration, whereby personal details are required for sign-up.

KYC step 2 | Ask the user to upload proof

The user will be asked to upload a supporting piece of evidence to prove their identity. This step can encompass face, address and document verification and spans across a wide array of document types. It is done to check whether the user-entered information is legitimate. 

Shufti offers KYC verification with the capability to authenticate customers from over 10,000 types of ID documents, find out more here. 

KYC step 3 | Verification of information

Once the user uploads a document as proof, the document template is identified and examined against a set criterion that adheres to global KYC compliance standards. Online KYC verification software has the ability to detect tampering or photoshop and flag illegitimate documents. Once document authenticity is confirmed, data is extracted. This is done with Optical Character Recognition OCR and data can be extracted in two ways: 

1. Data extraction through OCR, whereby the system automatically extracts the data from the identity document and checks the authenticity of the information.
2. Data extraction without OCR, where the user manually enters the information and the IDV solution checks the user-entered information against the one present on the identity document. 

Check out our video for the start to finish process of KYC: 

KYC step 4 | Customer identification programme

Next up in the KYC procedure, the Customer Identification Program (CIP). The mandate of CIP is to ensure that the entity performing a financial transaction is verified. This is necessary to curb money laundering, terrorist financing and other illegal criminal activities that disrupt the overall financial system. 

In CIP, financial institutions are required to collect the user information to open a bank account. This information includes:

• Name
• Address
• DoB 
• Identification number

After this information is gathered, it is verified against supporting evidence taken from biometric or document verification. CIP also includes the critical component of customer and business account risk assessment, enabling financial institutions to build parameters that customers will be given a risk score against. This can vary depending on the organisation and industry. This predefined criterion contributes to fraud prevention and at this point, the organisation can decide its Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures. 

KYC step 5 | Customer Due Diligence

This is a process in which a customer’s information is screened against KYC protocols. In KYC compliance, this is the second step whereby basic customer information is collected online in real-time. In CDD, the information collected includes:

• Name
• Address
• Age
• Date of birth

All this information is used to verify the onboarding customer. After this, the customer is assigned a rating as per credentials after the AML screening procedures and financial credibility. In the event of a customer ID being flagged due to records on watchlists or PEP records, the customer is branded as high-risk and triggers the Enhanced Due Diligence process to be performed. 

Customer Due Diligence concludes how much of a risk a customer will pose to an institution and should reveal those who have had prior involvement in money laundering and terrorist financing.Those in the realm of private and offshore banking will carry out CDD at greater depths due to the nature of the industry and the increased threat of financial crime. 

AML Screening

As the KYC verification comes to a close, a new form of security and compliance comes into play – anti-money laundering regulations. One time verification to confirm a customer’s authenticity does not guarantee that a customer will act in accordance with the law. Once successfully passing banking KYC processes a customer may begin to commit financial crime and AML screenings are implemented industry-wide to detect this. This risk mitigation strategy generally consists of a transaction criteria and if any of the criteria is met the customer’s account is flagged instantly for internal investigation. If it is a case of financial crime, the bank has a responsibility to report it to the appropriate authorities. Ongoing AML screening indicators consist of:

• Transaction above the specified threshold
• A large number of frequent transactions
• Unusual/suspicious activities

Find out more on the red flags to detect money laundering in the finance sector. 

Read more about ‘Indications of Money Laundering’:  Guide to Anti-money Laundering and Countering Terrorist financing.

Corporate KYC 

Know Your Business or ‘KYB’ is regarded as ‘corporate KYC’ and is a process that ensures verification of corporate entities or businesses you are dealing with, a crucial part of KYC compliance. Industry requirements and regulations surrounding Ultimate Beneficial Owner (UBO) verification is highly prioritised across the industry now, in attempts to build a clean and legal customer base, alongside business relationships. 

KYC is a necessity for businesses

Now that we’ve delved into the legal aspects of KYC compliance, it is apparent that effective KYC solutions are a requirement for every sector in the midst of a digitally revolutionised age. This does not only entail verification, but compliance with the ever-changing KYC and AML regulatory landscape which has undergone immense shifts recently to maintain the war against financial crime. 

Shufti is one of the world’s leading identity verification providers with award-winning KYC, KYB and AML solutions – a one-stop solution for enterprises. We offer real-time verification across the globe and support 10,000+ documents in 150+ languages. We have recently launched e-IDV to innovate and revolutionise the identity verification space worldwide. Find out more about our robust e-IDV solution here. 

Some common questions about KYC verification:

How can my company carry out KYC verification and customer onboarding?

Companies usually work with an identity verification provider – like us. Verification software isn’t a quick or easy thing to develop, so we handle that part for you. Our solutions are easily integrated into the company’s KYC practices and website for customer onboarding and verification.  

What IDs can be used for KYC verification and onboarding?

This will vary depending on your IDV provider. At Shufti, we verify an expansive range of documents, 10,000+ ID documents across 230+ countries & territories, in 150+ languages – we’re dedicated to creating a safe digital world. 

How long should it take to verify a customer?

Again, this will depend on your KYC verification provider, but generally across the industry it’s between 30 seconds to a minute. However, here at Shufti, we offer unmatched verification – in 30 seconds or less.