Banking is a highly-regulated industry, and the government has been holding this sector to higher standards regarding “Know Your Customer” (KYC) laws. The impact is broad for customers, and the mandates affect every institution that manages money. As a result, banks are certainly on the hook in complying with KYC to mitigate fraud, but they also share the responsibility with anyone who transacts with their business.
KYC laws are designed to ensure banks always verify identities, assess risks adequately, and provide customers with no prohibited lists. Further, KYC laws help combat fraud schemes, money laundering, and the financing of terrorism. The crucial component is finding the right balance, so innocent customers do not have to bear the requirements’ brunt.
Banks cannot escape the mandatory KYC process of verifying customers. Initially, KYC laws were incorporated and introduced in 2001 as part of the Patriot Act, passed to help prevent and monitor terrorist activities. Today, every financial product and transaction must pass KYC checks.
KYC banking basics
The Patriot Act section introduced KYC laws, added enforcement, and requirements to the Bank Secrecy Act of 1970. Therefore, Title III of the Patriot Act requires banks to employ the following: A Customer Identification Program (CIP) and Customer Due Diligence (CDD).
To meet CIP requirements, they must ask their customers for specific documents related to identifying information. These are the types of documents typically requested:
- Date of birth
- Proof of address
- Government-issued identification number
- Government-issued ID’s (Driver’s license or passport)
- Certified articles of incorporation
- Partnership agreement
- Trust instrument
- Government-issued business license
Other types of verifying documents may include:
- Financial references
- Data from a consumer reporting agency or public database
- Financial statements
Banks can determine which documents they request as long as they can verify identifying data.
The next aspect of KYC is CDD. To comply with CDD, banks must have the ability to predict what types of financial transactions a customer might make so that the bank can monitor and detect suspicious activity. Moreover, the bank should assign the customer a risk rating to assess how they should watch the account and which customers pose too significant a risk to take on as new clients.
If warranted, banks would ask consumers for more information such as their occupation, a description of business operations, source of funding, their account’s intent, and more. While banks must meet CDD requirements, they do not have a set of standard operating procedures (SOPs) to do so.
To be clear, the Patriot Act does not discuss CDD specifically, but it does mandate banks to file suspicious activity reports. If a bank doesn’t know enough about its customers, it won’t have enough data to file said reports.
However, the FDIC, the Financial Crimes Enforcement Network (FinCEN), the Fed’s Board of Governors, the Comptroller of the Currency of the U.S. Treasury, the IRS, and others, strictly mandate CDD.
When a bank has performed its due diligence, it can flag suspicious wire transfers, international transactions, and off-shore transactions and deem a customer a “high-risk” account that should induce a greater level of monitoring. The bank may also contact the customer to explain their transactions.
What’s the difference between KYC and AML?
Know Your Customer is quite similar to Anti-Money Laundering (AML) protocols, and they are connected. KYC brings transparency to AML by using its verifications, monitoring, and flagging activities to draw out suspicious activities that may involve money laundering.
Why is KYC important?
When banks take steps to verify consumer identities and understand their spending habits, banks can then have more data on their side to flag suspicious activities. The only way people can launder money or finance terrorism is by opening anonymous accounts. KYC gives banks the ability to detect these types of activities better.
As regulations tighten, banks must learn how to comply accordingly or else face expensive fines and penalties. Between 2013 and 2014, financial institutions faced $4.3 billion in liabilities, which is four times greater than the previous nine years in total.
Global banks are not immune as JP Morgan, and HSBC were fined $2 million each because they did not report suspicious activity.
Consider KYC the cost of doing business
While KYC does increase the cost of doing business in the financial sector, it’s more expensive not to comply. The most vital component is to find a balance of compliance while still meeting customer needs and expectations.
Banking will continue to be more highly regulated than other industries, so it’s time to determine how to meet compliance effectively without disrupting operations or causing customer loss. Another issue is if your bank is fined for fraud, it may not only cost steep fines but may also damage vendor relationships permanently and cause reputational loss.
According to a Thomson Reuters survey, 89% of corporate customers shared that they did not have a good KYC experience. Nonetheless, the government implemented KYC before contemporary tech tools were available. This means many KYC systems currently in place are outdated, and when updated, they can make compliance more comfortable and seamless.
Optimizing & automating the Know Your Customer process
The modern regulatory landscape makes it difficult for banks to grow their customer base through more convenient and lower-cost digital channels. Customers want the convenience of banking from anywhere, on any device, and like a seamless, quick, and easy experience. Yet, banks must manage the processes associated with KYC regulations that can make some customers wait for days or even weeks as their data is verified.
Still, these contradicting demands create an opportunity for new technologies to transform manual KYC and customer onboarding processes into a streamlined workflow.
Digital processes can revolutionize KYC and remove the need for physical interactions while decreasing processing time and extracting every customer’s comprehensive picture. Optimizing the KYC process with the right steps and tools should have the following capabilities:
- Can verify the authenticity of identifying documents.
- Captures biometric data.
- Validates customer identity through cross-referencing biometric data with I.D. documents.
- Scalable for banks with a global presence or a desire to grow.
- Enhances a positive customer onboarding experience.
It’s time to consider Robotic Process Automation (RPA), which automates clearly-defined and rules-based processes that are non-invasive and builds a user interface based on existing applications. Thus, RPA is quick to execute. Since RPA builds on current applications, it is ideal for supporting ad hoc KYC verifications and integrating rule engines supporting KYC compliance.
In banking, the onus is on your institution to prove KYC compliance and ensure every stakeholder has done their part. This process involves documenting and storing relevant records on all clients, including the nature and size of their financial transactions, their account type, the reason for their account, and the source of their funds. If you cannot provide and verify this data, you are at risk for significant fines, reputational damage, and possible legal implications.
At the very least, banks should have documents about the clients’ business type, funding sources, the purpose of specific transactions, and accurate predictions of future transactions. The three vital components of a Know Your Customer compliance framework include:
Identification of the customer
Banks must verify and analyze every customer identifying data source for any inconsistencies or fraud. Depending on the country, there may be other factors to review, such as whether the potential client is on a Sanction List or is identified as a Politically Exposed Person (PEP) who is more vulnerable to corruption.
Customer due diligence includes collecting available identifying data from authentic and trusted sources, determining the purpose and nature of the account, and maintaining continuous monitoring to ensure the activity is consistent with stored customer data.
Enhanced due diligence (EDD)
When a customer is flagged as high-risk, enhanced due diligence measures should be taken, such as further investigation, a request for more documents, and increased monitoring.
However, extraction, analysis, and entering data into existing processes such as client onboarding is time-consuming to perform manually, nor is it possible to execute these processes at scale with manual-based and outdated systems. On the other hand, automation can address these issues and ensure faster, auditable, and robust KYC compliance.
KYC due diligence checklist
It takes careful planning to implement an effective KYC system. There are a few best practices to follow, including the KYC due diligence checklist below:
Customer Identification Program (CIP): Current U.S. laws require every financial institution to maintain a CIP to prevent money laundering or terrorism funding. A compliant CIP requires a name, date of birth, address, and identification number. Next, the bank must verify this information.
CDD: Deploying CDD effectively means conducting adequate risk assessments and then enhancing the investigation of high-risk customers.
Consistent monitoring: Risk assessment is continuous. You should always monitor for unusual activity. As a result, you can take the right actions before any damage occurs.
Innovations in KYC
Utilizing digital platforms for automation and even blockchain can help reduce the time and cost of KYC workflows while improving the customer experience significantly. Further, transaction monitoring is more effective while data quality is improved. Some of these innovations include real-time I.D. verification to ensure fraud protection and security while quickly meeting customer needs.
There isn’t any question that manual Know Your Customer processes are painful and time-consuming for the bank and the customer. For instance, once a CIP file is created at onboarding, it must be reviewed and manually updated throughout the client life cycle. After onboarding, each addition to the file becomes more difficult and complex to manage.
The processes aren’t time-consuming just on the paper side, but isolated digital documents also pose challenges and risks. If human employees are tasked with finding connections between multiple copies, the process can take days, weeks, or months. Whenever a KYC file is reopened, human employees must relearn the data and determine how they map to new documents. These types of tasks take time and take focus away from other essential areas of the business.
How can KYC innovations improve accuracy, efficiency, and scalability to processes without adding to the workload?
Digital process automation (DPA) can automate key KYC processes associated with client onboarding, including communications, receipt of faxes, scanning, processing, validating, document storage, retrieval, and MIS reporting. DPA can also help to automate other manual KYC-related processes and repetitive tasks, including:
- Setting up customer data (Uploading identifying documents into the CRM system).
- Validating customer information, both structured and unstructured, collects data, accesses databases, and fills in forms.
- Gathering and monitoring customer information from various databases.
- Storing and managing data from multiple systems and consolidating data into one centralized portal for real-time and easy access.
- Customer screening by verifying existing consumer data through government databases.
- Real-time monitoring alerts.
- Audit trail maintenance.
Another KYC innovation is implementing blockchain for verification. Blockchain technology can remove the need for any enhanced I.D. checks because blockchain databases have built-in immutability. To illustrate, a bank can send a request to a blockchain platform to access customer identification data. The customer then grants consent and allows access via a One Time Password (OTP). The bank will access the data, but the customer still owns their documents. Moreover, since blockchain technology uses a distributed ledger model, there is no single point of weakness and no single authority. Once data is entered, it is secured by cryptography and cannot be modified without 51% of the network in agreement.
While KYC compliance can increase costs and turnaround time when implemented via legacy systems and manual labor, it’s important to note that KYC innovations such as automation and blockchain technology can help to increase accuracy, efficiency, cycle times, auditability, transparency, centralization, overall compliance, and customer satisfaction. KYC is a vital process for mitigating fraud, money laundering, financial misconduct, and more. However, the time has come to simplify the KYC process with future-proofing technologies.
ProcessMaker ensures security-and-convenience-minded banks can meet Know Your Customer compliance requirements through it’s digital process automation platform. If you’re ready to learn more, contact us today.