What is MFA?
Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …
All financial institutions (FIs) must employ rock-solid Know Your Customer (KYC) practices to protect from risky business dealings and ensure compliance with anti-money laundering (AML) laws. “Know Your Customer” standards refer to the due diligence that all financial institutions must conduct to clearly identify the customer, get an idea of their primary activities and intentions, and assess any financial risks associated with the customer.
KYC regulations originated in the 1970s when financial crimes were running rampant and going unpunished. As a leader in the space, the US government began to make laws to prevent money laundering, the first of which was called the Bank Secrecy Act. KYC regulations have been adjusted over time, with notable additions following 9/11 and the 2008 financial crisis.
KYC checks are in place to protect businesses, consumers, financial institutions, governments, and global economies. To put it simply: they’re vital to the financial health and well-being of the entire globe. Because KYC standards are designed to prevent money laundering, limit terrorist financing, and restrict other financial crimes, they’re importance cannot be overstated.
By ensuring that financial institutions have proper KYC measures in place, these laws also help mitigate the risk of identity theft and fraud for individuals and businesses. At a high level, KYC laws also help promote transparency and accountability in financial situations, safeguarding everything from individual assets to government financial reserves. The US may have pioneered KYC regulations, but because of their proven effectiveness, many other countries and authorities around the world have implemented similar measures.
So, what does the KYC process actually look like? In order to get an accurate understanding of customer identities, financial intentions, and potential risks, financial institutions like banks, money lenders, and investment firms, must remain committed to effective KYC practices. At a minimum, a good KYC process should include the following:
The customer identification program (CIP) is one of the most vital parts of the KYC process. Mandated by the USA PATRIOT ACT, a CIP requires institutions to have robust procedures to gather and update customer information on a regular basis. All banks and financial institutions must have a CIP in place that meets the minimum identity requirements for all customers, including their name, birth date, address, and an identification number such as a Social Security Number or Taxpayer Identification Number.
The initial information gathering occurs when a new customer opens an account at a financial institution, but it doesn’t stop there. Financial institutions must also verify the account holder’s identity using key information such as identifying documents (a driver’s license or passport) or information from credit bureaus and government databases.
A CIP is mandatory for all financial institutions, but the exact specifications of an organization’s CIP may vary based on the risk associated with the institution. Said risk considers a number of key factors:
Verifying the identity of a new client is one thing; determining whether or not they are reliable and trustworthy is a completely different task. The Customer Due Diligence (CDD) requirements are part of the KYC processes to protect institutions from money laundering risks, terrorist funding risks, and other fraud-related risks. CDD has multiple levels:
Regardless of risk levels, a reliable Customer Due Diligence program consists of clarifying the identity and physical location of your clients, assessing their risk and categorizing their account based on risk, defining expected transactions and payment types for all customers, and keeping a record of historical CDD checks for all account owners.
Financial situations can change rapidly, and because of the potential for those changes, due diligence should be conducted on a continuous basis. The customer who opened an account 5 years ago might not be at the same risk level today. Do you know his or her current risk level? Have you assessed it? If KYC documents and checks aren’t kept up to date, they’re no longer an effective tool for preventing money laundering and insulating your organization from risks.
KYC compliance is complex and multi-layered, and because of that, the governance around KYC laws is also multi-layered. Of course, banks and financial institutions themselves are the first line of defense against money laundering and related financial crimes, but it doesn’t stop there. In the US, the Financial Crimes Enforcement Network (FinCEN) is the main financial regulatory body.
On an international level, the Financial Action Task Force (FATF) sets global standards for KYC processes and anti-money laundering laws. Countries that are members of the FATF are expected to incorporate the agency’s guidance into their laws and regulations.
The KYC process centers around individual financial accounts, but for financial institutions that do business with corporations or businesses, a similar set of checks is required. Usually called “Know Your Business” (KYB) checks, the risk assessment for organizations encompasses similar steps as KYC checks, with a few more items to consider. At this scale, FIs must also consider transaction volumes, transaction amounts, and other risk factors.
In order to truly “Know Your Business” before partnering with them, gather business information such as the company name, address, financial status, and leadership team members. Next, take a look at how the company is owned and identify Ultimate Beneficial Owners (UBOs). Finally, perform individual KYC/AML checks on individuals who are considered UBOs.
KYC compliance can end up taking a lot of time and resources from financial institutions, but KYC checks are unavoidable. Not only are they legally mandated, but they’re in place to protect the FIs themselves, making them a strategic investment in the long run. One thing that banks and other FIs can do to reduce the costs associated with the KYC process is to implement digital tools when possible.
Electronic customer verification and other key digital platforms can help prevent financial risks. For example, Eftsure is a secure payment platform that protects businesses from fraudulent payments, money laundering, and more with secure customer verification, transaction monitoring, and automated due diligence. Built-in risk assessment features and compliance reporting can make the KYC process more straightforward for financial institutions of all kinds.
Cryptocurrency markets have long been considered “decentralized” exchanges with fewer regulations. However, that decentralization opens crypto exchanges up to more risks. Money launderers and terrorists can take advantage of cryptocurrencies to launder money and get away with other financial crimes.
However, crypto exchanges aren’t as “Wild, Wild West” as some people make them out to be. As money services businesses, crypto exchanges must still abide by anti-money laundering laws. AML laws require customer verification programs and ongoing reporting minimums.
There are many KYC documents that help financial institutions verify the identity of new customers and assess the risks associated with their accounts, but KYC lists and reporting agencies play a big role in non-document-based verification. Some of the lists that can be used to cross-reference account owner reliability are:
It takes a unified effort to stop international criminals in their tracks. As the sophistication of these checks has grown, it has gotten harder and harder for financial crime perpetrators to slide below the radar. Of course, criminals will continue advancing their tactics, but with a collective, international effort to get in front of these risks, the world will be a safer place for all of us.
Background Refs:
Multi-factor authentication (MFA) is a security method that requires users to prove their identity using two or more distinct factors before accessing …
Imposter scams are a type of fraud where scammers pretend to be trusted individuals, companies, or government agencies to deceive victims into …
Accounts payable fraud is a deceptive practice that exploits vulnerabilities in a company’s payment processes. It occurs when individuals—whether employees, vendors or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.