Do you really know the identity of your online users?
When onboarding new users, whether they’re customers, employees or suppliers, businesses need a brilliant user experience that delivers a fast response while mitigating the risk of identity fraud. This is the objective of the Know Your Customer (KYC) process.
In this article, we provide an overview of KYC compliance and describe KYC best practices for businesses. We will try to minimize reference to the long list of KYC-related acronyms, like CDD, AML, CTF, CIP, PEP, and PII, but some references are necessary.
What is KYC?
KYC is a process for conducting background checks on customers for pre-onboarding risk assessments. It is done by businesses to identify and verify the identities of new users to meet regulatory compliance. Meeting KYC or Customer Due Diligence (CDD) standards is a cornerstone of modern Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CTF) policies.
Know Your Business (KYB) is an extension of standard KYC regulations. Instead of focusing on verifying individuals, KYB verifies the details of companies including the Ultimate Beneficial Owners (UBOs) of the company. KYC and KYB processes play a critical role in mitigating fraud, money laundering, and terrorism financing.
Who needs to follow KYC requirements?
KYC is a key procedure for financial institutions, but it’s increasingly adopted by various non-financial institutions. The list of regulated entities that are impacted by KYC requirements varies from one country to another. Typically, the list of regulated entities includes:
· Financial institutions
· Fintech companies
· Credit Unions
· Gambling entities and casinos
· Wallet providers and cryptocurrency exchanges
Businesses operating in these sectors need to demonstrate compliance with AML and CTF obligations.
The role of KYC in AML & CTF
Organizations need to pay attention to who they onboard as a customer, and conduct proper customer risk assessment through a well-functioning KYC process to filter out customers that are linked with money laundering or terrorism.
The United Nations Office on Drugs and Crime (UNODC) estimates the amount of money laundered globally in one year is 2 – 5% of global GDP, or $800 billion – $2 trillion in current US dollars. Due to the clandestine nature of money-laundering, it is however difficult to estimate the total amount of money that goes through the laundering cycle.
In 2021, financial institutions were fined a total of US$2.7 billion for failures in AML compliance. The reasons for AML fines ranged from ignoring internal illegal activity to serious shortcomings in AML compliance. Globally, regulators and financial institutions are coming under increased pressure to stop illegal flows, so organizations need to prepare for increased scrutiny of their activities. Therefore, compliance teams need to adopt every relevant technology that they can to prepare themselves and prevent their organization from being used by criminals to launder dirty money—or else they’ll pay the price for it.
To mitigate the risk of non-compliance, organisations must implement a rigorous KYC process.
Key components of the KYC Process
Customer Identification Program (CIP)
The KYC process includes obtaining and checking Personally Identifiable Information (PII) to combat various criminal activities that could arise from improper identification of customers.
While CIP provides general instructions, it’s up to each company to decide which PII they choose to request according to their policy. Some of the more commonly requested examples of PII include:
· Full name of the client
· Date of birth of the client
· Address of the client
To verify PII, the client typically needs to supply official documents such as a passport, ID card, driver’s license, or other forms of photo ID.
The verification process might also include a check to see if the client is listed on global watch lists for Politically Exposed Persons (PEP) and Sanctions.
Customer Due Diligence (CDD)
In the European Union, CDD requirements are determined by the AMLD5 framework while in the United States they are governed by the Financial Crimes Enforcement Network (FinCEN). Regardless of jurisdiction, CDD guidelines have a common foundation in that they require organizations to:
· Identify and verify customers
· Identify and verify beneficial ownerships
· Understand customer relationships and their risk profiles
· Continue ongoing monitoring of customers and their transactions
The guidelines make it clear that the process of performing CDD is a continuous one, and it varies case-by-case depending on the results of the initial customer risk assessment. There are three different levels of CDD, each meant to be used for different clients depending on their risk levels:
Simplified Due Diligence (SDD) – used in cases where there is a low risk of money laundering or terrorism financing
Basic Customer Due Diligence (CDD) – requires basic information to be collected for customer identification and verification
Enhanced Due Diligence (EDD) – requires collection of additional information for higher-risk customers. This information is used to better understand customer activity and to mitigate potential risks of criminal activities.
Who needs KYC?
Some organisations have regulatory obligations to perform KYC checks to comply with AML and CTF guidelines. However, even if your business is not in a regulated industry, it still might make sense to perform KYC checks on new users. At truuth we’re seeing substantial growth in the application of KYC to the following use cases:
· Streamlining the onboarding process for new employees, contractors, and suppliers – KYC not only verifies the identity of the new starter, but it also delivers a better user experience by automatically capturing the user’s information from their ID document in a matter of seconds
· Preventing retail fraud for high value online purchases – if you’re selling high value items online you need to mitigate identity fraud. KYC solutions can mitigate this risk while also delivering a seamless checkout experience for the user
· Verifying user identity for the share economy – whether you’re booking a room, a car, or a bicycle, chances are you will be asked to verify your identity by scanning your ID and taking a selfie
In each use case KYC delivers a risk profile that can be used as a baseline for detecting suspicious activities. If a user’s risk level is high, they can be asked to provide additional evidence of their identity. Alternatively, they might be asked to put down a deposit to mitigate fraud losses.
Truuth makes KYC simple
It’s true that becoming legally compliant with all KYC and AML requirements can be challenging. However, it’s a task that can be simplified through the use of online identification services.
Most regulators and organizations already acknowledge the reliability and ease of use of Electronic Know Your Customer (eKYC) services. This means that all the complicated and time-intensive processes involving personal data, customer identification, and verification can be reduced to a matter of minutes, if not seconds.
Truuth applies the latest advancements in machine learning and artificial intelligence to deliver KYC services to our clients. Our Identity-as-a-Service solution makes it super easy for clients to set up their own branded KYC service without any complex integration. Our service has several important advantages:
· High assurance in user identity – we employ Machine Learning models for document authenticity, face match (between ID document and user selfie), and user liveness
· Fully customizable user journey – clients can configure the verification of identity process to match their use case and you can brand the service with your own logo and brand colors
· Global reach – no matter where you’re located on the globe, chances are we’ve got you covered. We can support data sovereignty in 26 geographic regions
· Simple onboarding and pay-as-you-go pricing – you can be up and running in minutes and, unlike many competitors, you only pay for what you use. We have no minimum spend, no set up fees, and our plans start from less than US$1.50 per KYC with significant price declines as volumes increase
Many companies have chosen truuth as their KYC and fraud prevention service provider. We hope you’ll also consider doing the same if you’re looking for world-class assurance and user experience.
Interested to know more?
If you’re interested in learning more about how our KYC service can help your business you can sign up for a complimentary trial. There are no fees, no contracts, and no obligations. You can be up and running in less than 10 minutes.
Simply give us a few basic details about you and your company, and we’ll set up your customized and branded KYC service with 250 free KYC invitations. Come and see how easy it is to achieve world-class customer identity verification.
Start your free trial here.