KYC (Know Your Customer) Definition, Guidelines & Regulations

Learn how User Migration with Okta reduced unexpected password resets and reduces helpdesk calls and support issues.

KYC (Know Your Customer) definition, guidelines & regulations 

Know Your Customer (KYC), is a set of guidelines within the financial industry designed to protect banks and financial services from fraud and money laundering by ensuring that these organisations use due diligence to verify customers’ identities according to regulations and compliance requirements. 

KYC involves processes that not only establish the customer’s identity but also determine the suitability and risks involved with entering into and maintaining a business relationship with this customer. 

KYC also serves to protect the customer, as it helps financial organisations better understand their customer and offer relevant services and investment opportunities. Financial institutions, as well as many other non-financial organisations and nonprofits, are required to be KYC compliant. To be KYC compliant, policies typically include customer acceptance, customer identification, transaction monitoring, and risk management. 

KYC is especially important as between 2 per cent and 5 per cent of the GDP (gross domestic product) every year is laundered money. Compliance with KYC regulations can help combat fraud, money laundering, and the financing of terrorist operations by verifying that customers accessing financial services are legitimate. 

What is KYC?

Know Your Customer is a set of procedures and guidelines that fits under a financial institution’s AML (anti-money laundering) policy. It impacts nearly all sectors of business, but it is especially relevant for financial institutions, such as banks and related sectors including investment and trading operations, insurance, and real estate. 

Since the pandemic and with enhancements in technology, digital banking is especially common, with an expected 65.3 per cent of the United States population using digital banking in 2022. This makes KYC even more imperative during the customer onboarding process, which is now regularly performed online and remotely. 

KYC aims to protect financial institutions from online fraud by laying out a set of standards to ensure that customers are legitimate. It also helps to better understand all the potential risks before beginning a business relationship.

What does Know Your Customer mean?

As a set of standards required in the financial services and investment industry, KYC means exactly what the name implies — it is a process of ensuring that the organisation offering financial services goes through a process to know their customer and prove that they are who they claim to be before the customer can open an account or enter into a business agreement. KYC uses a set of controls to make sure that the customer does not have ties to terrorism, corruption, or money laundering to avoid entering into a criminal business arrangement. 

KYC is essentially a process of identification and verification of a customer. The customer will need to provide legal and binding proof of identity before they are granted access to services or products that they are requesting from the institution. Laid out by the United States Financial Crimes Enforcement Network (FinCEN), KYC helps organisations verify the identities of their customers, understand the possible risks, and improve the business relationship between the customer and the company.

Requirements for KYC

Know Your Customer helps to ensure that banks, financial services, and online businesses are not used for money laundering by criminal elements or enterprises. It also helps these organisations to have a better understanding of their customers, their financial dealings, and personal financial requirements.

There are four main components for KYC.

  1. Customer acceptance policy (CAP): Before agreeing to enter into a business agreement with a customer, the organisation is required to conduct due diligence based on their risk profile. The organisation must verify the identities of the customer and also beneficial owners (those with at least 25 per cent equity interest). If a customer is deemed to have a high AML risk, this ownership threshold is lowered, commonly to 10 per cent. 

The risk profile for the customer is created as soon as a relationship is established between the organisation and the customer. The organisation is required to develop this risk profile based on the purpose and type of the relationship, including financial interactions and requirements.

Under the CAP element of KYC, organisations are only to accept customers as their customers who fall under a particular risk threshold. The goal is to avoid potential criminal partnerships.

  1. Customer identification procedures (CIP): The customer must provide credentials that prove they are who they say they are. This can include valid documentation (government-issued ID and/or documents for proof of address), biometric screening, and face verification to determine proof of identity. When using a third party for customer identity verification, this third party is required to provide the organisation with CIP and AML certificates each year.
  2. Monitoring of transactions: Using the risk profile as a baseline, organisations are required to then monitor transactions and accounts for potentially suspicious and/or illegal activities. Organisations are also required to ensure that customer information remains accurate and current, updating it as needed. Any findings are to be reported promptly.
  3. Risk management: Organisations need to have a centralised process to identify, evaluate, and prioritise risks. With financial institutions, there is an inherent amount of risk to be expected, and organisations need to have detailed policies and procedures in place to manage these risks and share information as needed. Organisations must make sufficient attempts to avoid and prevent threats, minimise the possible effects of a threat, and have threat response actions in place.

Who needs to use KYC?

Financial service organisations, such as banks, credit card companies, investment brokers, and fintech industries, are all required to remain compliant with KYC. Relevant industries like real estate and insurance companies also need to use KYC. 

The use of KYC has become more widespread with the growth and evolution of technology and the increased use of online services. Many online retailers and businesses are now required to use KYC as well. Both financial and non-financial companies need to use KYC as do many nonprofit organisations.

KYC protects both organisations and their customers. For the purposes of KYC, a customer is any of the following:

  • Any customer or entity that has a business relationship or maintains an account with the organisation
  • A beneficial owner (anyone the account is maintained on behalf of)
  • Beneficiaries of transactions that are completed by professional intermediaries, such as stockbrokers, for instance
  • Anyone connected to a financial transaction who can pose a significant risk to the financial institution 

Many different countries have KYC laws and regulations in place regarding financial institutions and customer relationships. 

How to be KYC compliant

The main objective of KYC is to ensure that entities are not entering into business relationships with criminals, such as terrorists, and to help prevent money laundering. To do so, organisations are required to verify the identities of their customers and learn about their financial interactions before accepting them as a customer and assessing their potential risk threshold. 

To remain compliant with KYC, you will need to ensure that you are properly verifying a potential customer’s identity during the onboarding process. You’ll then need to continue to monitor transactions for suspicious behaviours, reporting them when they are noted. 

Customer verification requirements include performing basic due diligence to verify the following:

  • Name
  • Date of birth
  • Address

These will need to be validated through proper documentation, often a Social Security (SS) card, driver’s license, or passport. If a customer or entity is deemed high-risk, an enhanced level of due diligence is required that can involve more documentation and information.

Know Your Customer compliance is also a part of AML compliance, which means that the following is also required:

  • Anti-money laundering policies, procedures, and controls must be developed and carried out.
  • The AML program requires the appointment of an AML compliance officer to oversee it.
  • The AML program also requires that independent monitoring and oversight be performed regularly.
  • Employees must be trained in anti-money laundering on an ongoing basis.

There are a number of KYC services, software, programs, and third-party companies that can help with the development, implementation, compliance insurance, and maintenance of a KYC solution.

Key takeaways

Know Your Customer (KYC) is essential for banks and financial institutions. It spells out guidelines to ensure that organisations do not fall prey to fraud, money laundering, or business relationships with criminals. The scope of KYC goes beyond just the financial industry and reaches into virtually every industry. 

At the heart of a KYC solution is customer identity verification. Organisations are required to perform due diligence to validate the identities of potential customers before accepting them as a customer. This includes gaining a comprehensive understanding of their financial interactions, which can also help to improve things on the customer side as the business will have a better knowledge of what services are relevant to the specific customer.

Organisations that deal with financial transactions are required to have an AML (anti-money laundering) policy, and KYC falls within this scope. As a set of guidelines, the main elements of KYC include a customer acceptance policy (CAP), a customer identification policy (CIP), transaction monitoring and reporting, and risk management. 

To remain compliant with KYC and avoid large fines or repercussions, businesses must properly verify the identity of their customers during the onboarding process, continually monitor financial transactions for suspicious actions, report any flagged issues, and work under the AML policies, procedures, and controls.

References

Money Laundering. United Nations Office on Drugs and Crime (UNODC).

Share of Population Using Digital Banking in the United States From 2018 to 2022. (January 2022). Statista.

Financial Crimes Enforcement Network. FinCEN.

FinCEN Know Your Customer Requirements. (February 2016). Harvard Law School Forum on Corporate Governance.