What Is Know Your Client (KYC) & How Do You Get Started?

Know Your Client (KYC) processes are becoming increasingly common and are designed to reliably identify customers before a business relationship is started.

Most of us are introduced to the concept when we open a bank account. Here the bank usually requires us to provide personal information and authenticate it using official documents like passports.

Passports and ID cards contain specific, measurable security elements like Holograms, UV features, printing techniques and Watermarks, making them hard to fake and excellent for authentication.

Below you can see an example; the use of a Watermark on a recently issued UK passport.

This kind of security feature is difficult to recreate believably and makes it harder to forge. Businesses and banks can check the authenticity of these official documents by analysing the security features, allowing them to authenticate the personal data provided by the client.

For customers this results in a drawn out and tedious registration process. For businesses, the consequences are often dire. Data protection laws make Know Your Client processes incredibly expensive, often requiring specially trained employees and sophisticated software.

We’ll go into detail about how businesses can get started with KYC later, but for now it’s worth understanding why these processes are even necessary.

In 2001, the attack on the World Trade Center changed everything. Prior to this horrific event, money laundering and terrorism financing where simply not a priority for international policy makers.

After the attacks, stopping the flow of illegally acquired money became a top priority for the FATF and its members. Subsequently, legislation was passed that compelled businesses of all sizes to identify their customers and ensure they were not misusing the business relationship for illicit purposes.

This approach now falls under the umbrella of Customer Due Diligence (CDD) and typically encompasses both Anti-Money Laundering (AML) and Know Your Client (KYC) checks. Exactly what kind of information is collected varies by industry and by country, but typical data points include:

1. Full Name
2. Email Address
3. Home Address
4. Phone Number
5. Copy of ID card or Passport
6. ID or Passport Number
7. ID or Passport Expiration Date

The data listed above is easy to authenticate and hard to fake, while most individuals possess this kind of information. That is they are usually required when performing a Know Your Client process.

Which Know Your Client Process Is Right For You?

Businesses around the world need to complete Know Your Client processes but many differences exist. One key factor is the chosen niche, with financial service providers requiring rigorous KYC and AML checks, while businesses in the entertainment industries (like e-gaming) can often make-do with very lax processes.

As Fortnite’s money laundering scandal showed however, this approach is often dangerous — criminals will always look for ways to wash money. With this in mind, business owners, regardless of industry, should ensure that day-to-day customer due diligence requirements are met.

This should involve identifying customers before a business relationship is entered into and subsequently applying a risk-based scoring system. This will help to protect your business from PEPs, terrorists and other high-risk individuals.

If you’re new to risk-based scoring, make sure to seek legal advice and complete an internal audit as soon as possible. This will help you to establish the threat of money laundering or terrorism financing through your business.

Another important factor involves sophisticated anti-money laundering (AML) checks, which ensure that prospective customers are not wanted by international police agencies like Interpol. Corporations typically outsource this as it requires software that can automatically the presence or absence of a customer on more than 13 international AML Sanctions lists. The KYC-Chain software has the capacity to make these kind of AML checks in real time.

Beyond customer due diligence, risk-based scoring and AML, the precise KYC process relevant for your business is usually articulated by your jurisdiction’s regulator for a given industry. Financial service providers in the United States for example would receive guidance from the SEC, while the same service provider in Germany would abide by the guidelines laid out by BaFin.

If you are unclear as to what kind of process you should put in place, get in touch with your local regulatory body.

That being said, most Know Your Client processes follow a very similar pattern:

1. The customer’s email address is collected and verified
2. The customer’s personal information is collected
3. Identification documents and utility bills are collected
4. The data is verified using specialised software/or employees
5. AML and PEP checks are done
6. Additional data or clarification is requested if needed
7. The customer is either accepted or rejected depending on the verifiability of the provided information.

Although these steps broadly outline a typical KYC process, make sure to talk to your regulator and learn exactly what is expected of you.

GDPR & Strong Data Management

On the 25th of May 2018 the General Data Protection Regulation (GDPR) was passed. Since then businesses dealing with European customers have had to fundamentally change the way personal data is managed.

We’ve provided this guide to help you maneuver the post-GDPR world, but for now it’s important to understand that the new regulations add a significant amount of complexity to day-to-day operations.

Data from European citizens needs to be easily auditable, editable and deletable — something that most data management systems simply doesn’t allow. In short, customers now have much more power over their own data, meaning that businesses need to acquiesce to requests and handle information with great care.

If standards slip and a data breach occurs, GDPR outlines weighty fines to punish non-compliant corporations. To stay safe, it makes sense to use dedicated software which is GDPR compliant and allows you to audit, edit and delete information as requested by customers.

That being said, even if your customers are not affected by GDPR, the global trend toward stricter KYC processes will inevitably increase the data management burden on businesses. As a result, data management is an increasingly important topic and should be included in your KYC workflow.

Checking For High-Risk Individuals

We’ve previously mentioned the importance of a risk-based approach during and after the Know Your Client process. The reason for this is that every customer has a slightly different risk profile, as it relates to money laundering and terrorism financing. The key is to use the KYC process in order to identify a customer’s risk profile.

Key considerations here are typically the country of origin, country of residence, source of funds, quantity of funds and presence on special agency lists. The premise is that certain countries have weaker infrastructures for the prevention of money laundering and terrorism financing.

The FATF carries a list of such countries including Iran and North Korea. As a result, prospective customers from jurisdictions listed as high-risk by the FATF should be treated with extreme caution and in close coordination with local regulators — especially if the transaction amounts are substantial.

PEPs — Politically Exposed Persons — are another type of customer which require special care and need to be identified during the KYC process. We’ve provided a detailed explanation of PEPs here. For now it suffices to say that PEPs are individuals who have held public office, or are related to such individuals. The thinking behind it, is that these individuals may be powerful enough to seriously endanger the financial system.

As a result it makes sense to use KYC-Chain or similar software to protect your business from high-risk individuals.

Conclusion — Understanding Know Your Client

Know Your Client checks are more important than ever.

Businesses of all sizes and all around the world need to understand who they are doing business with. Crucially, it’s not even enough to simply check customer’s at the beginning of the relationship.

Instead, activity needs to be monitored and the risk-profile updated continuously throughout the business relationship. GDPR, data management and rampant money laundering add even more complexity to the matter, but it is vital that businesses start addressing their issues.

Overall, the burden of building effective KYC checks in-house is often prohibitive, which is why dedicated compliance solutions like KYC-Chain are often utilized instead.

Get in touch for a free DEMO and to see how we can help you on your path to compliance.