Back to All Blogs
Don’t let KYC kill your bank! Part 1
KYC/AML/KYB Compliance

Don’t let KYC kill your bank! Part 1

October 17, 2019

Know Your Customer (KYC) methods and processes are critical to assess and monitor customer risk. They are also a legal obligation to comply with regulations and Anti-Money Laundering (AML) laws set by each country.

Here in Part 1 we tell you a bit more about KYC, and in Part 2 we tell you how we can help!

KYC is simply the steps taken by a financial institution or business to:

  • Establish customer identity
  • Assess fraud risks (legitimacy of funds etc.)
  • Assess money laundering risks associated


Know Your Customer
The minimum requirements, generally speaking, are:

Institutions such as banks may require an identification number also.

During account opening, the institution must verify the identity of the account holder “within a reasonable time.” Procedures for identity verification include documents, non-documentary methods (comparing the information provided by the customer with consumer reporting agencies, public databases, or new real-time methods) or a combination of both.


Levels of risk
KYC policies for banks depend on each institution and the levels of risk involved, but may consider:

  • The types of accounts offered
  • The bank’s methods of opening accounts
  • The types of identifying information available
  • The bank’s size, location, and customer base
  • The types of services the customer base use in their geographic location


Customer Due Diligence
Customer Due Diligence (CDD) is a critical element of effectively managing your risks and protecting yourself against criminals, terrorists, and Politically Exposed Persons (PEPs) who might present a risk.

There are three levels of due diligence:

  • Simplified Due Diligence (“SDD”) are situations where the risk for money laundering or terrorist funding is low and a full CDD is not necessary. For example, low-value accounts.
  • Basic Customer Due Diligence (“CDD”) is information obtained for all customers to verify the identity of a customer and assess the risks associated with that customer.
  • Enhanced Due Diligence (“EDD”) is additional information collected for higher-risk customers to provide a deeper understanding of customer activity to mitigate associated risks.

Some practical steps to include in your customer due diligence program include:

  • Ascertain the identity and location of the potential customer, and gain a good understanding of their business activities. This can be as simple as verifying the name and address of your customer from a national identity document.
  • When authenticating or verifying a potential customer, classify their risk category and define what type of customer they are.
  • Beyond basic CDD, it’s important that you carry out the correct processes to ascertain whether EDD is necessary. This can be an ongoing process, as existing customers have the potential to transition into higher risk categories over time; in that context, conducting periodic due diligence assessments on existing customers can be beneficial. Factors one must consider to determine whether EDD is required, include, but are not limited to, the following:
      • Location of the person
      • Occupation of the person
      • Type of transactions
      • Expected pattern of activity in terms of transaction types
  • Keeping records of all the CDD and EDD performed on each customer, or potential customer, is necessary in case of a regulatory audit.


Ongoing Monitoring
It’s not enough to just check your customer once, you need to have a program to monitor your customer on an ongoing basis. The ongoing monitoring function includes oversight of financial transactions and accounts based on thresholds developed as part of a customer’s risk profile.

Depending on the customer and your risk mitigation strategy, some other factors to monitor may include:

  • Spikes in activities
  • Out of area or unusual cross-border activities
  • Inclusion of people on sanction lists
  • Adverse media mentions

There may be a requirement to file a Suspicious Activity Report (SAR) if the account activity is deemed unusual.

Periodical reviews of the account and the associated risk are also considered to be best practice:

  • Is the account record up-to-date?
  • Do the type and amount of transactions match the stated purpose of the account?
  • Is the risk-level appropriate for the type and amount of transactions?

In general, the level of transaction monitoring relies on a risk-based assessment.


How we can help

At Acuant we provide a full range of KYC solutions for banks and beyond.

Identity
KYC/AML/KYB Compliance

Use Case Spotlight: Regional Credit Union Uses Acuant to Stop Synthetic ID Fraud

October 23, 2019

A recent study from a regional Credit Union stated that over the course of a few months, Acuant had saved hundreds of hours in employee time and tens of thousands of dollars in losses. This credit union, which serves more...

READ MORE
Identity

Synthetic Identity Fraud Is The Fastest Growing Financial Crime — What Can Banks Do To Fight It?

October 8, 2019

Glenn Larson is the Vice President of Engineering at Acuant and is a member of Forbes Technology Council,  an invitation-only community for world-class CIOs, CTOs and technology executives. Read his article for the Forbes Tech Council below, or you can read...

READ MORE

Questions?

Let's Talk Support