What Is KYC Verification?
KYC verification is an identity verification process through which financial institutions combat fraud, money laundering, and other financial crimes.
KYC stands for Know Your Customer, or alternatively, Know Your Client, and is essential to the security of financial institutions and compliance with regulatory standards.
In today’s digital economy, KYC is a very important tool.
Who Uses KYC Verification?
Any financial institution that allows customers to open and maintain a bank account must have KYC processes in place.
Such institutions include banks, private lenders, credit unions, and financial firms.
Is KYC Mandatory In The UK?
Yes, it certainly is. Banks must abide by KYC requirements to satisfy anti-money laundering laws.
Why is KYC Necessary?
KYC reduces financial crime, which has arguably increased with globalisation and the ease with which individuals and corporations can move and hide money.
As financial organisations and companies develop ties and increase their communication, preventing financial crimes becomes a much greater challenge.
KYC verification is one avenue regulators are pursuing to stave off the worst abuses.
How Does KYC Verification Work?
KYC verification works by confirming the identity of customers every time they open a bank account.
To maintain the integrity of KYC standards, a bank has the right to deny a customer a new account if they do not complete the verification process.
The three phases of the KYC verification process are (1) the Customer Identification Program, (2) the Due Diligence Program, and (3) Continuous Monitoring.
KYC identification runs beyond simply verifying the customer’s identity and includes learning about the customer’s activities and evaluating how likely they are to commit illegal activity.
How To Check Someone’s Identity In The UK
The UK government’s Good Practice Guide states that there are five ways businesses can check someone’s identity. These ways are face-to-face, digitally, by email, over the phone, or by post.
KYC Customer Required Information
Customers will need to provide the following information to comply with the KYC process:
- Their full name
- Date of birth
- Home address with proof of address (e.g., a utility bill)
- Photographic ID
- The name of their business (if applicable)
- Information about business operations (company structure chart)
- The name(s) of the business owner(s)
- Names of the senior personnel
- Company address
*Additional details may be required.
Required KYC Documents
While exact requirements vary depending on if an individual has a business and what industry the business is in, customers will likely have to submit the following:
Passport, driving license, mortgage statement, council tax bill for the current year, utility bill from the last three months, bank statement issued within the last three months, voters roll search, and the business’s Certificate of Incorporation.
How A Customer’s KYC Information Is Used
Once a customer has given their information to the bank, the information is cross-checked with a database.
This cross-check is performed to see whether anyone associated with the business has a history of committing financial crimes or is currently suspected of being involved in criminal activity related to fraud.
The information check also determines the jurisdiction of the individuals in question.
KYC Risk Rating
Once a customer’s information has been checked, they will be given a risk rating.
This is a critical rating that determines whether they and their business are able to move forward as is or must undergo enhanced due diligence (EDD).
We will explain more about what enhanced due diligence is and what it means in a moment, but first, let’s look at some risk factors that impact customer ratings.
Factors In KYC Risk Rating
Here are some factors that will determine a company’s KYC risk rating:
-The business primarily takes cash.
-The business is located in a country that has substantial corruption or money laundering. Terrorism financing is also considered. Additionally, the KYC assessment considers a country’s counter-terrorism capabilities and anti-money laundering (AML) laws and regulations.
-Persons named in company documents are ultimate beneficial owners (UBOs) of the company.
-The business owner or senior personnel are politically exposed persons (PEPs).
Three Types of KYC Risk Ratings
Taking these metrics and others into account, a financial institution will assign one of three risk ratings.
- Low Risk (SDD – Standard Due Diligence)
Standard Due Diligence is applied to customers who rate as Low-Risk. This is a very favorable rating that means a customer is unlikely to present a risk to the financial institution. Most individuals will fall into this category.
- Medium Risk (CDD – Customer Due Diligence)
Customer Due Diligence is applied to those who rate Medium-Risk. This rating is applied to businesses as a standard procedure to reduce risk. CDD is required of any business that interacts with customers.
- High Risk (EDD – Enhanced Due Diligence)
High-Risk customers require Enhanced Due Diligence and what’s known as a Risk-Based Approach (RBA).
If a customer receives this rating, they may be denied services from the financial institution.
To move forward, a customer within this classification needs to follow a special process and will likely need to receive managerial approval from the financial institution.
Receiving a High-Risk rating isn’t always the fault of the customers. It is standard practice for businesses located in high-risk countries to automatically get rated as High-Risk.
Likewise, family members of Politically Exposed Persons (PEPs) will need to undergo Enhanced Due Diligence verification.
KYC and Reasonable Reassurance
Despite best efforts, even the most thorough due diligence checks won’t catch every issue, nor can such checks predict every event.
This is especially true given how many transactions take place every day.
Financial institutions process tens of millions of transactions on a daily basis, if not more. Such a huge amount of data makes it impossible for any team to analyze the information manually.
KYC Ratings Are Good But Not Perfect
Financial institutions use KYC risk ratings to get around the bulk data issue. These ratings are quite good at detecting patterns of relevant financial crimes, but they aren’t perfect.
Reasonable reassurance comes into play here since it is impossible to say for certain whether any given individual or business will or will not commit fraud and other malicious acts.
Consequently, regulators have to allow for some risk while crafting policies to reduce it.
Maintaining necessary restrictions while not overly stalling the operations of financial institutions, individuals, and businesses is an ongoing balancing act.
To aid with the task of reducing risk, businesses have turned to KYC registries, which make it much easier for businesses to keep up with customer information.
Bear in mind that customer information has to be updated regularly as people move addresses, businesses change, new types of fraud are used, new regulations are put into place, and so on.
There are a number of activities that can retrigger KYC reverification, such as:
A sudden significant change in transaction activity, the customer moving addresses and getting a new job, and major changes in the customer’s business and what products and services it offers.
KYC Registries Streamline The Financial Industry
Keeping up with the ever-shifting financial landscape is a monumental and expensive task for businesses.
According to Celent, the financial industry spent a little over USD 37 billion to run AML-KYC operations in 2021.
By acting as a central storehouse for KYC information, KYC registries remove a substantial burden from businesses and streamline banking services for individuals.
Perpetual Know Your Customer (P-KYC)
The step beyond KYC is what’s called Perpetual Know Your Customer (P-KYC), which gives businesses the ability to regularly and automatically update customer information.
Perpetual KYC offers marked advantages because it is automated and keeps businesses from having to reverify customer information manually.
P-KYC monitoring tracks every relevant detail that could change the customer’s risk rating through an integrated system of data checks.
These checks are made quickly after a customer’s information has been updated. Speed and convenience are central advantages here.
P-KYC Informs Business Decisions
Rapid updates to critical customer information allow businesses to minimize risk and make better decisions.
As we mentioned, the financial industry spends billions of US dollars per year running AML-KYC operations. Perpetual KYC helps to manage costs while increasing information efficiency.
KYC vs AML
KYC and AML are related terms that belong within the same wheelhouse.
In fact, AML is an umbrella term that encompasses KYC as well as several other regulatory mechanisms.
As you know, KYC focuses on verifying a customer’s identity and giving them a risk rating.
AML, meanwhile, concentrates on the much broader task of fighting money laundering, fraud, bribery, smuggling, and trafficking through procedures that include but are not limited to Enhanced Due Diligence.
Anti-Money Laundering Is A Broad Undertaking
AML is a comprehensive crime-fighting effort on the part of governments and financial institutions, one that requires a host of relevant and effective laws and regulations to sustain.
These laws and regulations must be routinely updated to keep pace with changes in technology and to address new challenges.
Fines For Not Complying With AML Laws
Fines are one of the strongest incentives governments have to enforce AML laws.
And it doesn’t seem like regulations have loosened, despite the UK’s exit from the European Union in 2020 and the widespread changes that took effect at the beginning of 2021.
Further Reading: Other Ways Businesses Are Improving Customer Onboarding
KYC registries and P-KYC are two ways businesses are improving their customer onboarding, but they aren’t the only ways. Businesses can also benefit from adopting a fundamental shift in mindset.
Something businesses today should remember is not to start from scratch during the onboarding process.
Most Customers Aren’t Isolated Islands
When onboarding a new customer, the tendency is to create a blank profile for that customer, which requires businesses to build a new profile from the ground up.
But the truth is that new customers are rarely isolated islands with no background information.
It’s very possible that a customer might own or be a senior person in a business that a financial institution is already servicing. Likewise, the customer might already have a different product with the institution.
These are but two examples of several possible associations that allow businesses to gather information about customers internally and improve the quality of the onboarding process.
Customer Connections Strengthen Business Relationships
Approaching KYC with this mindset shows customers that the business knows they exist and appreciates their relationship.
Using Third-Party Data
There is also something to be said about carefully leveraging third-party data.
While businesses need to proceed judiciously here, it has become common practice for financial institutions to use third-party data to improve their customer onboarding experiences.
Additionally, many financial institutions use third-party data to detect signals that indicate risk.
One last point we want to raise is that looking at customer context helps businesses get a better picture of the risk involved.
Customer context focuses on seemingly simple details, such as the date the customer’s business was established.
Of course, this seems like an obvious thing to look into, but large financial institutions have a tendency to focus on running KYC checks by following a list of metrics rather than getting human eyes on any given business and making common sense inquiries.
Large Financial Institutions Sometimes Miss Details
Large financial institutions have done a good enough job maintaining KYC standards, considering the sheer volume of businesses and transactions they are required to sift through.
But they can still miss important risk signals that seem innocuous on the surface.
What if, for instance, the business was formed only a few weeks prior? Or what if the business address has connections to other limited partnerships?
Little clues like these may warrant deeper inspection. Asking the right questions about risk indicators while focusing on customer context helps financial institutions make better decisions.
Pixxles is a payment provider authorised by the Financial Conduct Authority to provide payment services.