The Saga Of KYC In US Banking Regulations — BSA To Patriot Act And The Road Ahead In The Digital Age

Published in

Signzy

7 min readFeb 24, 2021

KYC regulations have critical implications for consumers in the financial space. Banks need to comply with KYC to limit fraud. However, they also pass down that requirement to those with whom they do business.

KYC In Banking — The Base At The Banking Secrecy Act”?

Know Your Customer or KYC is used by banks and financial institutions to verify the identities of their clients. It is also a way to assess any potential risks of forming a business relationship with them. The goal of KYC is to prevent banks from being used, intentionally or not, for money laundering and other illegal activities.

In 1950, the Federal Deposit Insurance Act was passed to monitor the Federal Deposit Insurance Corporation (FDIC). The bill included a list of regulations that banks must comply with in order to remain insured by the FDIC. This event was crucial to forming the foundation of modern KYC laws.

In 1970, the U.S. Congress introduced the Bank Secrecy Act. The BSA is an amendment to the Federal Deposit Insurance Act. It requires banks to produce 5 types of reports to FinCEN and the Treasury Department:

Currency Transaction Reports (CTR): This contains any cash transaction that exceeds $10,000 in one business day. It can include multiple transactions.
Suspicious Activity Reports (SAR): This report shows any cash transaction where a customer violates BSA reporting requirements.
Foreign Bank Account Report (FBAR): Any U.S. citizen/resident with a foreign bank account of at least $10,000 is required to file an FBAR report each year.
Monetary Instrument Log (MIL): Banks must keep a record of all cash purchases of monetary instruments. This includes money orders, cashier’s checks, traveler’s checks, etc.
Currency and Monetary Instrument Report (CMIR): Anytime a person or institution physically transfers monetary instruments in excess of $10,000 into/outside of the United States must file a CMIR.

The ABCs of KYC — The Major Focus Of Patriot Act

KYC laws were launched in 2001 as part of the US Patriot Act. The law was passed after 9/11 to provide a means to hamper terrorist behavior.

The particular section of the Act that pertained specifically to financial transactions added requirements and enforcement policies to the Bank Secrecy Act of 1970 that had thus far regulated banks and other institutions. These changes had been in the works for years before 9/11. The terrorist attacks finally provided the thrust needed to enforce them.

Thus, Title III of the Patriot Act requires that financial institutions deliver on two requirements for stricter KYC. These two are the Customer Identification Program (CIP) and Customer Due Diligence (CDD).

CIP — The First Pillar Of The Patriot Act

CIP is the more straightforward of the two components, and likely more familiar.

To comply with CIP, a bank asks the customer for identifying information. Each bank conducts its own CIP process, so a customer may be asked for different information depending on the institution. An individual is generally asked for a driver’s license or a passport.

Information requested for a company might include:

Certified articles of incorporation
Government-issued business license
Partnership agreement
Trust instrument

For either a business or an individual, further verifying information might include:

Financial references
Information from a consumer reporting agency or public database
A financial statement

Nonetheless, every bank is required to verify their customers’ identity and make sure a person or business is real.

CDD — The Second Pillar of The Patriot Act

The second component, CDD, is more nuanced.

In conducting due diligence, banks aim to predict the types of transactions a customer will make.

This is done in order to be able to detect anomalous (or suspicious) behavior.

This also helps assign the customer a risk rating that will determine how much and how often the account is monitored.

Finally, it also helps identify customers whose risk is too great to do business with.

Banks may ask the customer for a lot more information. This can include the source of funds, the purpose of the account, occupation, financial statements, banking references, description of business operations, and others. There’s no standard procedure for conducting due diligence. This means banks are often left up to their own devices.

In fact, the Patriot Act doesn’t even directly highlight a CDD requirement. On the contrary, it denotes that a bank is required to file a suspicious activity report if it suspects or has reason to suspect such activity. But without knowing about its clients, a bank won’t be able to meet this requirement — hence the CDD.

The Financial Crimes Enforcement Network (FinCEN) regulates and strictly enforces KYC. FinCEN also manages other regulators for banks. It also manages the Fed’s Board of Governors, the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency of the U.S. Treasury. Other financial institutions can be regulated by the SEC, the U.S. Treasury, the IRS, or the National Credit Union Administration, among others.

As a result of due diligence, a bank might flag certain risk factors. These are like frequent wire transfers, international transactions, and interactions with off-shore financial centers. A “high-risk” account is then monitored more frequently. In such cases, the customer might be asked more often to explain his transactions or provide other information periodically.

KYC Procedures in the Digital Age

Today, banks and their fintech counterparts can go to great lengths to assure compliance with KYC standards. As a result, more money is poured into new KYC technologies constantly. This was found as a study of the CEB TowerGroup. Currently, KYC solutions rank amongst the most valuable banking technologies. More than 62 percent of executives are certain, KYC investments will grow even more in the future.

In the modern context of digital, border-free and contactless payments, AML and KYC cannot deny their beginnings. Many KYC procedures still derive from a time when financial services were stationary. Back then, the client had to be physically present in a banking branch to access them. Identity verification was a simple matter of seeing the client physically. This was usually followed with collating the paper documents and ID with official records. The client databases had to be updated manually.

As part of KYC, users may supply bank account data, social security numbers etc. . They may also provide hard physical proofs of identity like a valid passport and utility bills (water or electricity bills). Should the customer deliberately hand over false information, the reviewing company will have the case investigated. This may ultimately lead to legal action. Modern technologies help alleviate the human factor. AML procedures today are more about lines of code on a server than types of seals on paper documents.

Yet, in many cases, banks and fintech businesses don’t settle for the state-of-the-art in regulatory tech. A KYC Market Report by CEB states that the systems by which banks identify their customers are often outdated. With general anti-money laundering technology, the situation gets even worse.

This is why banks and financial institutions are invited to rethink KYC in the light of modern software solutions and technologies like:

Blockchain: Sharing of KYC related data without intermediaries
Artificial intelligence: Approvement of documents via self-learning algorithms
Biometrics: Identification through biometrical features
CDD and EDD by evaluation of social media activity
Streaming: Voice and face identification via video chat

Regulatory technology (or RegTech) like this has the potential to make KYC processes a lot faster and more accurate or transparent

Conclusion

In our current time of digital disruption, KYC and AML are in a constant state of change. The online market for financial services and products is growing and so are the risks for customers engaging with them. The international banking and fintech scene keeps changes this will keep regulators occupied. Innovative technologies and flexible software give businesses an edge, allowing them to stay compliant and to adapt to new forms of cybercrime.

But within this period of change, one thing remains firm:

There will always be customers. And knowing what they are up to, will always be a key factor for corporate success.

About Signzy

Signzy is a no-code platform for financial services. No matter how complex your workflow or operational complexity, Signzy is able to completely automate your back-operations decision-making process into a real-time API. This is possible due to a combination of Nebula — Our no-code AI model builder and our Fintech API Marketplace of over 200+ APIs. Today we work with over 90+ FIs globally including the 4 largest banks in India and a Top 3 acquiring Bank in US. Globally we have a strong partnership with MasterCard and offices in New York and Dubai to serve our customers in the 2 geographies. Our Product team of 120+ people is building a global AI product out of Bangalore.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com