What is KYC in banking?

Introduction to KYC in banking

Know Your Customer is the process of identifying and verifying individuals at the point of account opening, and falls under the wider Anti-Money Laundering and terrorist financing reduction process.

This includes collecting personally identifiable information including name, proof of address, and date of birth and then verifying this against data sources such as credit or telco to find a match.

Where the option for verifying using data checks isn't feasible, businesses can also use other methods to verify customers such as document verification. This involves asking the customer to submit a Government approved proof of identity document such as a passport or driver's license and then verifying that the document is real and hasn't been tampered with.

Ultimately, the KYC definition in banking serves to verify that the person attempting to onboard is who they claim to be.

What does KYC aim to achieve?

KYC in banking is a regulatory requirement and all banks licensed by organisations such as the Financial Conduct Authority (FCA) must perform relevant Customer Due Diligence (CDD) at the point of onboarding to verify every customer.

Is KYC compulsory for bank accounts?

Banks are required to use customer information to perform a KYC check during onboarding but must also use Anti-Money Laundering (AML) and anti-fraud checks to identify any customers who may be sanctioned, politically exposed, or where there is the presence of adverse media. Having KYC and AML work in harmony is one of the most critical elements to a complete compliance program.

Banks can then use the information obtained at onboarding and undertake a risk assessment on the customer to decide whether the onboarding attempt should be successful.

KYC in banking can also refer to the process of corporate onboarding, otherwise known as Know Your Business (KYB). This is a business critical process for B2B banks and involves understanding the risk of a potential new client, partner, or supplier by analysing credit, financial information, and identifying and screening beneficial owners.

Why is KYC so important for banks in the UK?

KYC is a critical process for banks in the UK for a number of reasons:

• Enhanced security and fraud prevention: By verifying the identity of their customers, banks reduce the risk of fraud and aiding identity theft. This helps protect both the bank itself and its customers from financial losses or reputational damage.
• Improved customer trust: When customers feel comfortable that their bank is taking necessary steps to protect their identity, it builds trust and loyalty and leads to a better customer experience and sets the tone for long-term relationships.
• Operational efficiency: Automated KYC software helps streamline the customer onboarding process, making operations more efficient, reducing the likelihood of manual error, and allows compliance teams to focus on higher risk customers requiring manual intervention.

What happens when KYC goes wrong in banks?

KYC failings can have serious consequences for banks, including:

• Financial penalties: Depending on the severity of the failing, regulatory bodies can step in and impose fines or suspensions on banks.
• Reputational damage: Allowing KYC failings to infiltrate a bank can also lead to reputational damage as customer trust can be negatively impacted.
• Operational disruptions: Poor KYC processes can lead to slow compliance processes and have a lead on impact on other areas of a business.

When does a bank need to perform KYC?

KYC is synonymous with account opening, as regulations mandate banks to verify customer identities at this stage. While the process, especially manual KYC, can be cumbersome, it ensures accurate customer verification and provides a comprehensive view of risk profiles and financial crime prevention.

KYC regulation in banking

Banks operating globally must navigate a complex regulatory landscape. Ensuring adherence to a variety of KYC and AML regulation to mitigate financial crime, criminal activity, and identify suspicious activities before impacting business and compliance operations.

Some of the key global regulation is as follows:

1. European Union Anti-Money Laundering Directives (EU AMLD)

The EU AMLD, now in its 6^th iteration, establishes KYC obligations for banks operating within the European Union. It outlines CDD measures, beneficial ownership identification, and reporting requirements.

2. Financial Action Task Force (FATF)

FATF develops policies to combat money laundering and terrorist financing. It's "40 recommendations" provide a comprehensive framework for KYC compliance, emphasising risk-based approaches and customer identification procedures.

3. Basel Committee on Banking Supervision (BCBS)

The BCBS sets global standards for banking regulations, including guidelines on Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures. Its recommendations influence KYC practices worldwide.

4. Dodd-Frank Act (USA)

Enacted in response to the 2008 financial crisis, the Dodd-Frank Act mandates stringent KYC requirements for banks operating in the United States. It includes provisions such as the Customer Identification Program (CIP) and imposes penalties for non-compliance.

5. Foreign Account Tax Compliance Act (FATCA)

Implemented by the U.S., the Foreign Account Tax Compliance Act (FATCA) aims to prevent tax evasion by requiring foreign financial institutions to report information about U.S. account holders. Compliance with the act involves a robust KYC procedure to identify and verify account holders' identities.

These are just some of the regulations that banks must comply with when operating globally, and whilst regulatory bodies all share the same goal of ensuring banks are correctly verifying the identity of their customers, there are also nuances to each regulation which, in turn, makes executing a global compliance program a challenge for banks. If KYC is not done upon opening of a bank account, the bank will be in breach of regulation and subject to fines or suspensions at the decision of the local regulator.

How does KYC in banking work?

There are multiple considerations banks must make when designing their KYC checklist. A secure KYC policy is not only critical to regulatory adherence, but it can also be the difference between a new customer and someone dropping off the journey if its too complex.

Particularly in the last decade, customer expectations have increased, and it's no longer fit for purpose for verification to not be a real-time journey. Banks must therefore balance compliance with speed of onboarding to find the right balance.

However, a typical KYC process covers five main areas: identification, customer due diligence, risk assessment, onboarding, and monitoring.

1. Identification

The first stage of the KYC process is to obtain identifiable information from the customer, otherwise known as a customer identification program. this typically involves asking for name, address, and date of birth. Some banks will also choose KYC documents verification at this stage in the process depending on their risk-based approach or geographic location of the customer.

What KYC documents does a bank need to ask for?

The type of documentation can vary depending on the jurisdiction but typically, verifying name, address, and date of birth against Credit Reference Agency data is applicable as a pass for KYC. In the UK, a '2+2' check is enforced, which requires the bank to verify 2 pieces of customer data (i.e. name and address) against 2 data sources (i.e. electoral and telco).

In recent years, automated document verification has emerged as a popular verification method, requiring customers to provide a Government issued identification document such as a passport or driving license and supplementing that verification with biometrics powered facial comparison.

2. Customer Due Diligence (CDD)

Once the information has been received, banks must then perform relevant CDD actions. This includes matching the information provided by the customer against data sources to find a a match, and checking against global Politically Exposed Persons (PEPs), sanctions, and adverse media lists.

If document verification is included in the onboarding journey, banks will verify the document is real and hasn't been tampered with to prevent the risk of successful identity fraud.

3. Risk assessment

Once the information provided by the customer has gone through the CDD process, banks must then perform a risk assessment to determine if the individual can be accepted as a customer.

This will include reviewing the returned information from CDD and matching it against the banks' risk thresholds. Banks will often use KYC software to automatically accept customers who pose no risk and then only perform a manual risk assessment on customers who have flagged as high risk.

In some cases, when a customer has been marked as high risk or requiring manual intervention, banks can then ask for more information including a document check, cross-checking other databases, or performing a manual review.

4. Onboarding

The banks can then make the decision on whether the customer should be onboarded or rejected, and all information provided by the customer should be stored securely for audit purposes.

5. Ongoing monitoring

The KYC process for banks doesn't stop when the customer completes onboarding. It is also required that banks routinely monitor their customers to understand if circumstances have changes.

For example, if John Doe signs up to a bank today and doesn't flag against any AML or fraud databases, that doesn't mean that the customer won't match as a risk of money laundering or fraud in the future. It is critical that banks re-screen the customers' identity to flag any potential issues.

Banks must also use a transaction monitoring system which analyses customer transactions including transfers, deposits, and withdrawals to identify any risk of fraudulent activity.

What is electronic KYC (eKYC) and how does it work in banking?

As digital first banks and customer expectations continue to emerge, banks have had to adapt their KYC process. Traditionally, the KYC process required customers to visit a bank branch and verify their identity in person.

With more customers signing up to banks digitally, through apps and online, eKYC has become common practice. Electronic Know Your Customer (eKYC) is a digital process used to verify the identity of customers, replacing traditional paper-based methods. It leverages technology to streamline and automate the verification process, making it faster, more efficient, and more secure.

Some of the benefits of eKYC for banks are:

• Speed and efficiency: eKYC significantly reduces the times required for customer onboarding as it is usually performed in real-time.
• Cost-effective: Automating the KYC process reduces the need for manual input and physical paperwork which can reduce operational costs.
• Enhanced security: Digital verification methods such as biometrics provide higher accuracy and remove the risk of human error.
• Improved customer experience: Customers can complete the verification process whenever and wherever they like, without needing to physically visit a bank.

Common challenges in KYC for banks

Despite KYC being a well established process that banks have been using since regulation was established, there are a number of challenges that banks face in the KYC process:

Digital transformation

'Traditional' banks face challenges with trying to update manual processes and legacy systems to compete with the speed and efficiency of digital first banks. Monzo, Starling, and Revolut to name a few examples offer seamless, real-time onboarding as they established a robust eKYC process from inception.

With rising customer expectations demanding quicker verification process, older banks have had to adapt their systems, spending both time and resource to bring their KYC process up to modern parity.

Increase in financial crime

Financial crime continues to plague banks as fraud techniques become more advanced with the emergence of Artificial Intelligence (AI). The United Nations Office on Drugs and Crime (UNODC) estimates that between 2 and 5% of global GDP is laundered each year, and banks are often targeted by criminals.

Because of this increased risk, banks have had to increase the security o their FinCrime operations by investing in new technology and additional resource to continue the fight against financial crime.

Failed KYC checks

Even if banks are leveraging technology and leading data sources to process KYC checks, in many cases customers can fail the KYC check. This can be due to a number of reasons including name mismatches, incorrect date of birth, invalid documents, and more.

This increases the workload of compliance teams who will either have to investigate the issue further and ask the customer to re-do the KYC check, or banks will have to invest further in functionality such as failover and waterfall to try and give customers the best possible chance to complete onboarding successfully.

High-risk customers

High-risk customers include those linked to sanctioned countries, politically exposed persons, customers with adverse media and more. These customers require banks to perform Enhanced Due Diligence (EDD) which involves a more rigorous and time-consuming process.

The bank will be required to gather additional information from the customer and conduct a more in depth review of the customer. Inherently, enhanced due diligence often requires manual interaction from the compliance team, further demonstrating the importance of using eKYC and real-time verification on safe customers to free up the compliance team.

Can software help with KYC? How FullCircl can support you

Using software for the KYC process is no longer a nice to have for banks. It is imperative that banks invest in KYC software to stay ahead of rising regulation across juridictions globally, coupled with a digital first account opening process. By integrating these technologies, KYC software helps financial institutions reduce the risk of financial crime, improve regulatory compliance, and provide a better customer experience.

FullCircl works with 7 out of the top 10 UK banks and 700+ regulated entities to support their KYC requirements.

FullCircl's identity verification platform includes access to a full suite of compliance services including, but not limited to, KYC software, AML (PEPs sanctions, adverse media, and watchlists), anti-fraud tools, automated document verification, and more. Through a single API integration, FullCircl can facilitate real-time eKYC checks, providing banks with the efficiency they need to stay ahead of customer expectations and rising regulation.

To find out more about how FullCircl can support your KYC banking needs by delivering real-time verification through a single access point, book a meeting with a KYC specialist.