KYC or Know Your Customer Verification is an important best practice for financial institutions and similar industries to prevent fraudulent behavior, verify customers, and ensure client integrity.
Let’s start with what is a KYC verification? Why do we need it? We’ve got this covered, so we’re going to answer these questions and more regarding KYC. But here’s the quick answer:
What is KYC verification? KYC refers to ‘Know Your Customer’ or ‘Know Your Client’. A process wherein a business can verify the identity of customers to gauge their legitimacy and credibility. The process is most used by banks, insurance companies, and other financial institutions to establish the legitimacy of customers
Why Have KYC Verification?
KYC was first introduced in the United States in the 1990s. The regulations were made more stringent after the 9/11 attacks.
The need for KYC is established due to the global nature of today’s business environment and the increasing need to track money that is introduced into the economy. By tracking where and who the funds are coming from, governments across the world can aim to restrict various kinds of illegal activities and protect their stakeholders.
Here are some of the common reasons for mandating KYC verification:
One of the key areas that KYC addresses is identity theft. KYC is based upon providing valid proof to establish your legal identity. Previously, bank accounts could be opened by forged documents or stolen identity proofs.
There could be an inside man who could help pass the papers into the process, thereby allowing illegal elements to steal someone’s identity.
This passed on all the responsibility of their actions to the person who’s identity was stolen. As a result, any and all activity performed by the perpetrators would fall on the shoulders of an innocent person.
By using best practices for KYC, banks and other institutions can validate identities and prevent fake accounts, by keeping a record of each account holder and ensuring that only the right people offered their services.
After 9/11, the U.S. Government started to crack down on suspicious operations in a bid to stop terrorist activities on American soil. One of the ways to do that was stopping the funding for the terrorist camps. It was found that various people and agencies were using funds generated in the U.S. to fund these campaigns.
The money would be generated by businesses in the U.S. and then transferred via shell accounts to these terrorists. In order to stop the funding, the Government sought to link the names and accounts of the suspects.
Once they had a list of all the accounts owned and operated by these perpetrators, they would then be able to stop the money from changing hands. That’s one of the reasons, why KYC was brought in. It allowed the Government agencies to keep a track of the money being generated and transferred.
Over 20 million victims of identify fraud are reported each year in the US, allowing cybercriminals to access a large pool of real user data that can be used to open fraudulent financial accounts.
Similar to terrorist financing, banks are used for funding other criminal activities as well. The list of activities includes narcotics, human trafficking, smuggling, racketeering and more.
These organized and unorganized criminal sectors would use dummy accounts in banks to store their money. The money would be spread across a long list of accounts to avoid suspicion and then transferred via illegal means to other countries and different states for laundering.
The term money laundering is used to denote the process of transferring illegal money and transforming them into legal monetary value. One example is the money generated by illegal transactions that were used to make cash purchases like paintings, gold, and jewelry, which was then later sold off to transform the funds into legal currency.
By using KYC, the Government could keep track of the accounts and means used to transfer and store these funds.
Another case that made KYC verifications very helpful was financial fraud. There are many types of financial fraud. But one of the most complicated types are the ones where the perpetrator would set up dummy accounts using fake or stolen IDs.
They would then fill a loan application. While loan approval processes have become more stringent, in the recent past, banks were more lenient in providing loans. The perpetrator would then dupe the bank of the loan amount raised from the various accounts.
These are some of the most critical cases which made KYC verification necessary in the United States.
The Government put in the Bank Secrecy Act and the Patriot Act to put a stop on these activities. The Customer Identification Program (also known as CIP) was provisioned in the Patriot Act to help banks and other financial institutions limit illegal financial activities.
So, how does the CIP work? Let’s check it out.
How Is KYC Verification Used?
While KYC was first formulated for banks and financial institutions, today it is used by a wide range of businesses including online businesses. Institutions generally frame their KYC procedures using four different approaches:
- Customer Acceptance Policy
- Customer Identification Procedure
- Transaction Monitoring
- Risk Management
KYC controls used in organizations generally involve the following practices:
- Pooling and scrutiny of personal identity documents.
- Matching identity documents against global watch-lists generated by law enforcement agencies around the world.
- Identification and determination of risk generated from the customer and his/her tendency to commit illegal activities including money laundering, terrorism, and identity theft.
- Customer profile creation on the basis of the previous analysis and past transaction history.
- Observing customer’s behavior and matching transactions against expected behavior and that of the customer’s peers.
Now, let’s talk a bit more about each of the four different approaches.
Customer Acceptance Policy
The Customer Acceptance Policy lays down the rules and regulations needed to adhere to when on-boarding a new customer. It will mention the eligibility criteria, minimum requirements and various documentation needed to accept the customer.
These documents include personal identification documents, photo identity proofs, address verification proofs, etc. The documents allow for the organization to recognize the individual and validate their identity. As such, this forms one of the most crucial parts of the KYC verification.
Customer Identification Procedures
The documents obtained during on-boarding are used to verify the veracity of the customer. An individual financial account can be opened only when these minimum requirements are addressed:
- Date of birth
- Identification number
But just gathering the information is not enough. They need to be verified within a reasonable amount of time. But the procedure for verification is not limited to documents only. non-documentary methods include comparing the information received with consumer reporting agencies, public databases, and watch-lists.
These procedures form the base of CIP practices, along with AML (Anti-Money Laundering) compliance. While these policies are general in nature, the exact practices are influenced by the type of risk profile the company faces and the service being offered. As a result, factors such as:
- Type of account offered
- Bank’s procedures for opening account
- Type and quality of information available
- Bank’s location, product types, customer base and size, also form a part of the consideration.
The methods used during verification must be “reasonable and practicable” so that the identity and profile of the customer can be conclusively established.
Get started with KYC Verification and the best fraud prevention tools to protect your company and clients.
Methods of Identity Verification
Usually, financial institutions will scrutinize Government-issued identification documents in a bid to establish the legal identity of the person. The identification documents cannot be expired and have to be valid. These documents can include a driver’s license and passports.
The document needs to have a picture of the individual as well as display the nationality. These are minimum requirements for institutions to accept a Government-issued identification. However, the institutions can accept other documents as deemed fit by them to meet CIP standards and practices. At all times, the documents need to be reasonable enough to establish the identity of the person in question.
The best-case scenario calls for providing more than one document to establish the identity and legality of the person. In such cases, any doubts that may arise from one document can be mitigated by the supporting document.
However, don’t you think that visiting the bank just to furnish a few documents is a bit tedious in today’s day and age? Why not use digital media? Well, here’s a response to that.
Use of Electronic Identity Verification
In order to provide convenience to customers and further strengthen the financial institution’s ability monitoring standards, eIDV or electronic identity verification was introduced. These are non-documentary methods, meaning they do not need any hard copy paperwork. These are legal and offer some of the highest levels of risk control mechanism.
One of the methods includes verifying the customer’s identity by comparing information obtained from the customer and the information obtained from consumer reporting agencies, public databases, and other such sources. This is one of the processes practiced in eIDV.
Other methods include contacting the customer to establish existence, scrutinizing reference of other financial institutions, background check on transaction history and procuring financial statements. However, these methods do not offer the same speed and reliability as that of the previous method.
Alternatively, banks and financial institutions can also combine documentary and non-documentary methods. For example, they can use on-demand ID verification along with eIDV procedures to qualify applicants. This will help add an extra layer of protection while still keeping the essence of convenience intact.
Electronic identification is where IPQS are specialists in creating processes that work for you. See below for further details on how to get this underway for your organization.
Dealing With Risk-Cases
The work of the CIP is not limited to maintaining procedures and practices for verification only. It also lays down the steps to deal with risk-cases. Now, what are risk-cases or edge-cases? Risk-cases refers to the scenarios where there are encumbrances to conclusively verify the identity of the person.
This can happen when the person does not have an identity document or if the document type is not recognized by the institution. It can also happen if the customer is never able to visit the bank or institution in person.
As a result, regulations mandate that the organizations CIP also incorporate procedures to handle such scenarios where the risk factor is greater than usual cases. Examples of these are when the identity cannot be conclusively determined or when the bank requires more documentation than usual. Even situations when the bank needs to file a suspicious activity report (SAR) also need to be covered.
Additionally, it is not enough that the identity is established at the time of opening the bank account. In fact, the identity must remain the same for as long as the account is open with the institution and then five years after. As a result, regular monitoring of document validity is required.
In addition, the organizations are required to match identities against domestic and international AML agencies, Counter-Terrorist Finance agencies and global watch-lists.
Sound complex? Well don’t worry, we have the perfect solution for this so keep reading to discover more.
Verifying Businesses With KYC
The CIP is not applicable to individuals only. It is also applicable for business entities like LLPs, PLCs, and trusts. The existence of a business can be ascertained by scrutinizing documents like the articles of incorporation, Government-issued business license, partnership deed, and trust agreements.
Similar to verification for individuals, business verification can also be done using eIDV. Institutions can look up online business registers to find company records which can allow for hassle-free onboarding while ensuring CIP protocols are maintained.
Additionally, it is now mandatory to not only establish the identity of the business, but also that of the owners. Financial institutions are required to identify and verify the identity of the vested owners who’ll become customers of the bank, in case the business is accepted.
Yes, it’s becoming tougher to operate within the boundaries that are set by regulatory institutions, but these are working in our security interests. And while they may seem more complex, it’s reassuring to know there are organizations around that can take the stress out of navigating your way around these topics.
This is why IPQS is here for our customers. We pride ourselves on helping with this and other security applications you may need. So why not get in touch and ask for some assistance today.