KYC (Know Your Customer) is today a significant element in the fight against financial crime and money laundering and customer identification is the most critical aspect as it is the first step to better perform in the other stages of the process.
The global anti-money laundering (AML) and countering the financing of terrorism (CFT) landscape raise tremendous stakes for financial institutions.
International regulations influenced by standards like The Financial Action Task Force (FATF) are now implemented in national laws encompassing strong directives like AML 4 and 5, and preventive measures like "KYC" for client identification.
Let's start with a definition of KYC and eKYC, and discover how advanced ID verification systems can better support KYC processes.
What is KYC?
KYC means Know Your Customer and sometimes Know Your Client.
KYC or KYC check is the mandatory process of identifying and verifying the identity of the client when opening an account and periodically over time.
In other words, banks must make sure that their clients are genuinely who they claim to be.
Banks may refuse to open an account or halt business relationship if the client fails to meet minimum KYC requirements.
Why is the KYC process important?
KYC procedures defined by banks involve all the necessary actions to make sure their customers are real, assess, and monitor risks. These processes help prevent and identify money laundering, terrorism financing, and other illegal corruption schemes.
KYC process includes ID card verification, face verification, document verification such as utility bills as proof of address, and biometric verification.
Banks must comply with KYC regulations and anti-money laundering regulations to limit fraud. KYC compliance responsibility rests with the banks.
In case of failure to comply, heavy penalties can be applied.
In the U.S., Europe, the Middle East, and the Asia Pacific, a cumulated USD26 billion in fines has been levied for non-compliance with AML, KYC, and sanctions-fines the past ten years (2008-2018) - let alone the reputational damage done and not measured.
KYC checks are done through an independent and reliable source of documents, data, or information. Each client is required to provide credentials to prove identity and address.
In May 2018, the U.S. Financial Crimes Enforcement Network (FinCEN) - added a new requirement for banks to verify the identity of natural persons of legal entity customers who own, control and profit from companies when those organizations open accounts.
Bottom line: when a corporate company opens a new account, it will have to provide Social Security numbers and copies of a photo ID and passports for their employees, board members, and shareholders.
What is eKYC?
- In India, Electronic Know Your Customer or Electronic Know your Client or eKYC is a process wherein the customer's identity and address are verified electronically through Aadhaar authentication. Aadhaar is India's national biometric eID scheme.
Why is eKYC so popular in India?
It's because 99% of the adult population has a digital identity in the country. In October 2020, 1,265 billion residents got their Aadhaar number.
- eKYC also refers to capturing information from IDs (OCR mode), the extraction of digital data from government-issued smart IDs (with a chip) with a physical presence, or the use of certified digital identities and facial recognition for online identity verification.
Customer onboarding can then be done via mobile.
eKYC is considered more and more feasible as its accuracy is improving by utilizing Artificial Intelligence (AI).
Anti-Money Laundering Directive
In Europe, the fourth Anti-Money Laundering (AMLD4) directive entered into force in June 2017, with a new set of rules to help financial entities protect against the risks of money laundering and financing of terrorism.
The enhanced version of the fifth AML directive (AMLD5), effective as of 10 January 2020, brought new challenges for financial institutions:
- Improve understanding of customers, beneficial owners of legal entities, and their financial dealings to minimize risk
- Stricter Customer Due Diligence
- Control customer identity and share data with central administration
- EU member states must implement the directive within two years.
KYC process flow
KYC and Customer Due Diligence measures
The KYC policy is a mandatory framework for banks and financial institutions used for the customer identification process. Its origin stems from the 2001 Title III of the Patriot Act to provide a range of tools to prevent terrorist activities.
To comply with international regulations against money laundering and terrorist financing, reinforced Know Your Customer procedures need to be implemented in the first stage of any business relationship when enrolling a new customer.
Banks usually frame their KYC policies incorporating the following four key elements:
- Customer Policy
- Customer Identification Procedures (data collection, identification, verification, politically exposed person/sanctions lists check) aka Customer Identification Program (CIP)
- Risk assessment and management (due diligence, part of the KYC process)
- Ongoing monitoring and record-keeping
This involves verifying a customer's identity through documents including a national ID Document with a document reader and advanced document verification software.
From visual ID check to digital verification
For some, this is still mostly a paper-based check with KYC forms to fill. See examples here.
For others, it's a digital process that involves verifying that an identity document is genuine or even going further to authenticate the holder of the document through additional biometric checks such as facial or fingerprint checks.
A digital ID verification process enables a bank to automatically capture customer demographic data, which can be integrated into enterprise systems like CRM to:
- streamline the customer onboarding process,
- conduct further due diligence and risk assessment,
- review for PEPs (Politically Exposed Persons).
Financial institutions must also maintain records on transactions and Information obtained through the Customer Due Diligence measures. These requirements should apply to all new customers and also to existing customers based on materiality and risk.
KYC verification: Innovative approaches welcome
In November 2018, US agencies, including the Federal Reserve, issued a joint declaration that encourages some banks to become increasingly sophisticated in their approaches to identifying suspicious activity and experimenting with artificial intelligence and digital identity technologies.
Earlier in the year, the European Supervisory Authorities promoted new solutions to address specific compliance challenges. They suggest retaining a common approach for a consistent application of standards across the EU.
They anticipate several types of control, such as «a built-in computer application that automatically identifies and verifies a person from a digital image or a video source (facial biometrics)” or “a built-in security feature that can detect images that are or have been tampered with (e.g., facial morphing) whereby such images appear pixelated or blurred”.
The use of biometrics can be challenged by local or regional regulations (GDPR in the EU, CCPA in California, to name a few).
On this topic, read our September 2020 web dossier on biometric data and data protection regulations.
How can we help?
With strong expertise in ID verification for governments, Gemalto also supports private customers by providing a solution that helps them comply with the new rules, particularly those regarding CDD (Customer Due Diligence) and KYC obligations.
ID Verification helps banks provide a smooth customer onboarding experience that complies with KYC regulations and minimizes the risk of fraud.
Our solution automatically provides, in a matter of seconds:
- digital capture of customer information for instant auto-fill in enterprise data systems
- multichannel identity document verification, with adaptable security levels
- option of customer authentication using biometric technologies
- option of customer risk assessment through the review of PEPs, sanction or watch lists
Our system is using the A.I. approach, where the system is capable of learning from data.
It's a central component of the latest-generation algorithms developed by Thales in its ID Verification systems.
You will rapidly increase your onboarding rate as the system learns and gets better all the time.