The ABCs of KYC: What is “Know Your Customer”?

The Know Your Customer process, often abbreviated as KYC, is a critical component of financial compliance regulations, pretty much anywhere in the world. Most often, KYC is associated with anti-money laundering (AML) regulations, helping to prevent financial fraud with the accurate, compliant collection of personal data as it relates to the customers of a financial institution.

Since a financial motivation is the most basic motivation for criminal or opaque activity, financial data is always at risk, and so it requires the highest levels of protection. It should also be constantly evolving, to keep up with the ever-changing threat outlook – especially in this digitized age, where most financial systems (and financial records) are online. Cybercriminals are also harder to catch, increasingly savvy, and the most driven ones are resourceful at hiding their digital identity, or even pretending to be someone else.

Data Collection Techniques

That means that stringent information collection by financial institutions is more important than ever. It’s not enough just to have accurate data, they need to truly ‘know your [their] customer’ over the course of their banking relationship. Those not involved in digital financial security might think that KYC and AML amount to the same thing, but there is a key difference.

The term ‘anti-money laundering’ concerns the actual compliance rules and regulations, while ‘know your customer’ is the tools and processes by which the rules and conditions are enforced. Know your customer guidelines are essentially in accordance with the international Financial Action Task Force (FATF) standards that help determine the probability that an individual could be involved in money laundering or in funding terrorism.

KYC outlines what customer due diligence and effective record keeping of such personal data should look like. There are a few key steps in maintaining effective Know Your Customer processes, starting with:

Collecting vital biodata

Much like a lot of other ‘form filling’ procedures, an appropriate Know Your Customer process starts with gathering the basic profile information about the customer. This information will include names, addresses, dates of birth, social security numbers, and if the customer is an organization, the data will include the company’s incorporation documentation, too.

This is the most basic step in the process, and the company will decide its future compliance responses based on this information. It will also be used to fill out subsequent risk assessments.

Verify and Corroborate

This might seem extremely obvious, but in the financial services industry, checking and double checking to ensure the accuracy and reliability of the information should be second nature. Therefore, companies that collect KYC data must take steps to verify the information gathered as being legitimate and accurate.

This should include corroborating the provided data against other official documents where the authenticity is not in question, such as driving licenses, passports or birth certificates. This data will be used for future risk assessments, so it should be contrasted against other official lists which could have a knock-on, cumulative risk effect. These lists include FATF blacklists of gray operational territories, global sanctions and watch lists, and criminal databases, particularly those featuring individuals who have been flagged for financial crimes like graft and political corruption.

Know Your Customer Risk Rating

The collated customer data now has to be assigned a KYC risk rating – a calculation based on a range of risk variables, with figures designated to represent the risk level of that customer being involved in a financial crime as well as a threat assessment of the holistic compliance landscape that the organization is involved in, making sure all the compliance boxes are checked.

In some jurisdictions, KYC risk ratings are assigned based on each customer’s individual risk assessment. So with a higher risk rating, firms will need to employ more in-depth AML countermeasures such as enhanced due diligence, investigations into the sources of funding, and deep background media searches. Lower risk clientele can be subject to more streamlined AML steps, helping to optimize how efficiently (and quickly) the transaction or customer experience process progresses.

Screening and Monitoring Reviews

The KYC process flow is not a one-time thing. Rather, it will be a continuously adaptive set of processes that must keep up with shifts in customer behavior and expectations, not to mention an evolving financial landscape. That means that firms need to conduct ongoing reviews of customer compliance and risk ratings, chief among which is screening customer transactions to see if funds are being channeled to high-risk entities – for example, organizations with a history of financing suspicious political parties, or which appear on financial watchdog danger lists.

By periodically but systematically updating KYC risk ratings, the company can be sure to reflect changes in customer profile – such as changes in job profiles, or a newly committed crime – while monitoring media searches can alert KYC practitioners when a customer is involved in something with a negative public perception, that might adversely impact their risk rating.

With a risk alert of interest, the company can then check if the customer’s financial history meets the risk assessment’s expected requirements. If it does not, this may necessitate an adjustment of the customer’s risk rating.

While this may all have been intensely difficult and laborious in the recent past, fortunately new digital tools and automated processes are helping to smooth, and in some cases enhance, KYC processes. Screening and monitoring procedures can be automated for faster results, especially for repeat outcomes, enhancing the accuracy of the process.

Making use of digital customer due diligence tools can also help to keep up-to-date on emerging risks as well as to keep tabs on new, more sophisticated criminal tactics. It also can go the other way – when a customer’s risk level drops (because they got removed from certain sanction lists for example, or because they were mislabeled for having the same name as a convicted criminal) – ‘whitelisting’ the customer can be automated to verify their identity and position against whitelist databases. So, with the upheaval that the new digital technology frontiers have afforded financial compliance, also comes an accelerated efficiency in processes, thanks to other technological innovations.