In this article:
- Introduction to KYC in banking
- KYC regulations for banks
- Key processes of KYC in banking
- Common challenges in KYC for banks
Introduction to KYC in banking
Know Your Customer is the process of identifying and verifying individuals at the point of account opening.
This includes collecting personally identifiable information including name, address, and date of birth and then verifying this against data sources such as credit or telco to find a match.
Where the option for verifying using data checks isn't feasible, businesses can also use other methods to verify customers such as document verification. This involves asking the customer to submit a Government approved identity document such as a passport or driver's license and then verifying that the document is real and hasn't been tampered with.
Ultimately, KYC serves to verify that the person attempting to onboard is who they claim to be.
KYC in banking is a regulatory requirement and all banks licensed by organisations such as the Financial Conduct Authority (FCA) must perform relevant Customer Due Diligence (CDD) at the point of onboarding to verify every customer.
Banks are required to use customer information to perform a KYC check during onboarding but must also use Anti-Money Laundering (AML) and anti-fraud checks to identify any customers who may be sanctioned, politically exposed, or where there is the presence of adverse media. Having KYC and AML work in harmony is one of the most critical elements to a complete compliance program.
Banks can then use the information obtained at onboarding and undertake a risk assessment on the customer to decide whether the onboarding attempt should be successful.
KYC regulation in banking
Banks operating globally must navigate a complex regulatory landscape. Ensuring adherence to a variety of KYC and AML regulation to mitigate financial crime.
Some of the key global regulation is as follows:
- European Union Anti-Money Laundering Directives (EU AMLD)
The EU AMLD, now in its 6th iteration, establishes KYC obligations for banks operating within the European Union. It outlines CDD measures, beneficial ownership identification, and reporting requirements.
- Financial Action Task Force (FATF)
FATF develops policies to combat money laundering and terrorist financing. It's "40 recommendations" provide a comprehensive framework for KYC compliance, emphasising risk-based approaches and customer identification procedures.
- Basel Committee on Banking Supervision (BCBS)
The BCBS sets global standards for banking regulations, including guidelines on Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures. Its recommendations influence KYC practices worldwide.
- Dodd-Frank Act (USA)
Enacted in response to the 2008 financial crisis, the Dodd-Frank Act mandates stringent KYC requirements for banks operating in the United States. It includes provisions such as the Customer Identification Program (CIP) and imposes penalties for non-compliance.
- Foreign Account Tax Compliance Act (FATCA)
Implemented by the U.S., the Foreign Account Tax Compliance Act (FATCA) aims to prevent tax evasion by requiring foreign financial institutions to report information about U.S. account holders. Compliance with the act involves a robust KYC procedure to identify and verify account holders' identities.
These are just some of the regulations that banks must comply with when operating globally, and whilst regulatory bodies all share the same goal of ensuring banks are correctly verifying the identity of their customers, there are also nuances to each regulation which, in turn, makes executing a global compliance program a challenge for banks.
How does KYC in banking work?
There are multiple considerations banks must make when designing their KYC checklist. A secure KYC policy is not only critical to regulatory adherence, but it can also be the difference between a new customer and someone dropping off the journey if its too complex.
Particularly in the last decade, customer expectations have increased, and it's no longer fit for purpose for verification to not be a real-time journey. Banks must therefore balance compliance with speed of onboarding to find the right balance.
However, a typical KYC process covers five main areas: identification, customer due diligence, risk assessment, onboarding, and monitoring.
- Identification
The first stage of the KYC process is to obtain identifiable information from the customer, otherwise known as a customer identification program. this typically involves asking for name, address, and date of birth. Some banks will also choose document verification at this stage in the process depending on their risk-based approach or geographic location of the customer.
- Customer Due Diligence (CDD)
Once the information has been received, banks must then perform relevant CDD actions. This includes matching the information provided by the customer against data sources to find a a match, and checking against global Politically Exposed Persons (PEPs), sanctions, and adverse media lists.
If document verification is included in the onboarding journey, banks will verify the document is real and hasn't been tampered with to prevent the risk of successful identity fraud.
- Risk assessment
Once the information provided by the customer has gone through the CDD process, banks must then perform a risk assessment to determine if the individual can be accepted as a customer.
This will include reviewing the returned information from CDD and matching it against the banks' risk thresholds. Banks will often use KYC software to automatically accept customers who pose no risk and then only perform a manual risk assessment on customers who have flagged as high risk.
In some cases, when a customer has been marked as high risk or requiring manual intervention, banks can then ask for more information including a document check, cross-checking other databases, or performing a manual review.
- Onboarding
The banks can then make the decision on whether the customer should be onboarded or rejected, and all information provided by the customer should be stored securely for audit purposes.
- Ongoing monitoring
The KYC process for banks doesn't stop when the customer completes onboarding. It is also required that banks routinely monitor their customers to understand if circumstances have changes.
For example, if John Doe signs up to a bank today and doesn't flag against any AML or fraud databases, that doesn't mean that the customer won't match as a risk of money laundering or fraud in the future. It is critical that banks re-screen the customers' identity to flag any potential issues.
Banks must also use a transaction monitoring system which analyses customer transactions including transfers, deposits, and withdrawals to identify any risk of fraudulent activity.
Common challenges in KYC for banks
One of the biggest banking KYC challenges, particularly 'traditional' banks who rely on manual processes or legacy systems, is digital transformation.
In the last decade, the emergence of digital challenger brands such as Monzo, Revolut, and Starling have based their business model on being entirely digital. The success of the new era of digital banks has been largely based on ensuring that the customer experience is seamless by providing a real-time onboarding journey.
This has also been coupled with expectations from customers rising due to a digitised world and brought real-time verification to the forefront of priority. Customers are no longer willing for verification at account opening to take longer than a few minutes and banks have had to develop their KYC systems to ensure they can deliver digital onboarding.
Another key challenge faced by banks is the increased risk of financial crime and money laundering. According the United Nations Drugs and Crime (UNODC), an estimates 2-5% of global GDP is laundered each year.
A significant proportion of this laundered money is targeted through banks. Not only have banks has to focus on real-time verification but also have had to double down on AML processes to identify customers who pose a risk to their business.
How FullCircl can help
FullCircl works with 7 out of the top 10 UK banks and 700+ regulated entities to support their KYC requirements.
FullCircl's identity verification platform includes access to a full suite of compliance services including, but not limited to, KYC software, AML (PEPs sanctions, adverse media, and watchlists), anti-fraud tools, automated document verification, and more.
To find out more about how FullCircl can support your KYC banking needs by delivering real-time verification through a single access point, book a free demonstration here.