Photo Credit: Unsplash
- KYC is an integral process for national and financial security as it offers secure financial transactions with businesses as well as financial institutions.
- KYC is a demanding activity because it is expensive and requires considerable time and effort.
- Failure to comply with KYC can result in exorbitant fines that can drain your startup's resources.
- KYC is mandatory for all U.S. banks under the U.S. Patriot Act of 2001.
- KYC documents include ID card verification, document verification such as utility bills, proof of address, biometric and face verification, etc.
KYC Full Form
KYC is an abbreviation for Know Your Client, or more familiarly, Know Your Customer. All financial institutions have to comply with KYC rules to help prevent financial crime. It is a series of procedures for verifying a customer’s identity and intentions before progressing with a transaction.
Compliance with KYC rules is an essential obligation on the part of financial institutions. Failure to comply with KYC rules can incur huge fines in countries where KYC is mandated by law (like the U.S.). The U.S. Treasury requires financial institutions to assist the government in combating money laundering through KYC.
What is KYC?
KYC refers to the necessary steps taken by all financial institutions for verifying and identifying their customers and their intentions. Compliance with KYC ensures that money laundering, terrorism financing, and other fraudulent schemes are kept at bay. A customer’s identity verified at the time of opening their account, goes a long way in accurately identifying and undermining suspicious activities. It is a standard due diligence process to assess and monitor customer risk.
KYC in banking has customers provide and verify their credentials to prove their identity and address. These credentials can include ID card verification, biometric verification, and other methodology. KYC checks the customer’s eligibility to use the services of the financial institution. KYC requirements were originally introduced to combat money laundering and theft. The U.S. immediately passed stricter laws around KYC as part of the Patriot Act, post 9/11. They were amended further in 2016 by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN).
The Patriot Act requires financial institutions to comply with:
- Customer Identification Program (CIP): CIP is committed to verifying the customer's identity in the first place. The “customer” here refers to any individual or organization that qualifies as a legal entity for being a client of a given financial institution. By qualifying for CIP, they can open and use their account. Every CIP must have a risk-adjusted procedure. Usually, for individuals, verification documents include a driver's license, passport, or government-issued ID. For verification of a company, verification documents include a government-issued business license, partnership agreement, etc. Financial institutions must check the validity of the documents.
- Customer Due Diligence (CDD): CDD is at the core of Anti-Money Laundering (AML). CDD ensures the customer’s identity is valid and keeps a regular check on transactions even after opening the account. This leads financial institutions to assign a risk rating to each customer that further determines the degree of monitoring required. CDD efforts and the extent of their application vary depending on the type of transactions.
In determining what level of due diligence is appropriate, a company should prioritize:
(a) Understanding of customers
(b) Identifying of owners of an account
(c) Details of other personal and business relationships that the customer maintains
(d) Approximate annual sales
(e) AML policies
(f) Third-party documentation
(g) Local market reputation (gauged through a review of media sources)
KYC procedures demand a risk-based approach. A risk-based approach is defined as a process that allows for the identification of the potentially high risks of money laundering and terrorist financing.
Such a risk-based approach evaluates steps to deal with and to combat such crimes:
- Identity theft: KYC verifies the identity of a customer and prevents fake accounts and identity thefts from forged documents. This establishes a secure foundation for any business organization.
- Money laundering: KYC monitors financial transactions in order to prevent money laundering or suspicious criminal activities such as dummy accounts. This also prevents multiple fake accounts from existing as identity verification is a required first step.
- Financial Fraud: KYC measures were established to prevent financial fraudulent activities, such as using fake identities to apply for loans. When any suspicious activity is detected, financial institutions are required by law to submit a Suspicious Activities Report (SAR) to FinCen whose job is to promote national security by preventing the illicit use of finances or money laundering.
Why is it important to know your customer?
KYC is a major step towards national security. National security is a collective aim guaranteed by well-being and security in every sphere such as healthcare, finance, education, governance, and so on. Financial security is essential to a nation for preventing the misuse of its resources, which in turn, help in the development and advancement of the nation globally. Through KYC, all illicit activities, which also include terrorism financing, are controlled by financial institutions. This is essential for maintaining world peace and equilibrium as well. With the fast-paced global environment, KYC regulations are likely to soon be established as a worldwide requirement. In the past, several companies have established relationships based on face-to-face interaction. Nowadays, businesses can follow extensive KYC and AML checks online.
It is important to know your customer because:
- Confirmation of identity: The ultimate aim (and core) of KYC is to ensure the genuine identity of a customer of any financial institution, be it an individual or a business. KYC establishes whether the client is engaged or likely to be engaged in criminal activity or not. KYC procedures have to be conducted at the outset and continued for the duration of the customer relationship. This generally removes the doubt of potential criminal activity at the outset itself, providing a green signal for continuing transactions with the client/customer. Apart from financial institutions, some non-financial businesses voluntarily implement KYC procedures. Such measures contribute to establishing the business as worthy of a customer’s trust.
- Close monitoring and risk profile evaluation: KYC entails a periodic review of client information to evaluate the risk profile of any customer. It is mandated that any suspicious activity needs to be reported. The primary aim of such close monitoring is to identify illegal activities such as money laundering, identify unusual cross-border activities, keep client identification up to date, and determine if customers are included on lists that mark them as someone who is a politically exposed person (PEP), is subject to sanctions, or someone who is on adverse media lists. This keeps financial institutions aware of customer risk at all times.
- Essential for ensuring trust among customers: This is important because customer trust often provides the strongest foundation base for any business. KYC limits fraud and, by doing so, retains the trust of customers.
- Transparency: Customers have more control over their information with KYC in place. This is because, within such a framework, the processes of obtaining, storing, and managing data must be transparent to clients.
- Favorable for overseas business opportunities: Conducting a KYC check for overseas business partners helps in clear assessments for business owners. All countries have different rules for KYC and different laws for finance-related criminal activities. The laws in the U.S. are known to be relatively strict, and KYC checks on overseas business partners help founders based in the U.S. to venture into safe territory. They can then think about making meaningful progress with their business, rather than constantly having to worry about the reliability and authenticity of their business partners. This can also help prevent any defamation - with respect to image and reputation - in case nefarious activity with a startup’s business partner is detected.
Know Your Customer Law
Attempts are being made to implement KYC worldwide. In the U.S., KYC and AML mandates and their corresponding CDD requirements originate from the 1970 Bank Secrecy Act and the 2001 Patriot Act, which were expanded in 2016 by the U.S Treasury’s FinCen and even by new state regulations, including California’s CCPA compliance rules. The Global Financial Action Task Force (FATF) reviews financial transactions globally.
The following laws helped bring the KYC process to life:
- The Bank Secrecy Act was passed by the U.S. Congress in 1970. It is an amendment to the Federal Deposit Insurance Act. It requires banks to file five types of reports with the Financial Crimes Enforcement Network and Treasury Department:
(a) Currency Transaction Report (CTR) for cash transactions that exceed $10,000 in one business day.
(b) Suspicious Activity Reports (SAR) for cash transactions where a customer may appear to not adhere to BSA reporting requirements.
(c) Foreign Bank Account Report (FBAR) must be filed by any U.S citizen or resident who has a foreign bank account with at least $10,000 in it.
(d) Monetary Instrument Log (MIL) is for banks to keep a record of all cash purchases between $3,000 and $10,000.
(e) Currency and Monetary Instrument Report (CMIR) is used to report a person or institution that physically transports monetary instruments in excess of $10,000 into or outside of the U.S.
- The U.S. Patriot Act: The U.S. Patriot Act of 2001 devised KYC rules and then deemed KYC mandatory for all U.S. banks. This Act helped initiate and develop KYC requirements into what they are today. This Act also requires financial institutions to comply with stricter KYC rules, including the CIP and CDD as discussed earlier.
- Financial Crimes Enforcement Network: In 2016, the FinCen rule required all banks to collect the names, birthdates, addresses, and Social Security Numbers of individuals who own 25% or more of an equity interest in a legal entity.
Benefits of KYC
KYC is the future of a stabilized global market. With several regulations at work towards securing ease of financial transactions, KYC has become mandatory in several countries, including the U.S.
The benefits of KYC are:
- Limiting fraudulent activities that are a result of fake identities: KYC mandates identity verification at the outset. By doing so, it mitigates the risks of fake identities which would otherwise be concealed and used to further illegal activities.
- Prevention of money laundering and other unlawful activities: KYC requires monitoring of the customer even after the account is opened. It keeps an eye on the nature and frequency of their transactions. This prevents money laundering and other unlawful activities.
- Fosters national security and national trust: This happens because KYC makes the financial framework more trustworthy and less risky. The resources of the country are secured into the right hands by KYC.
- Customer growth: An expansion in customers is the result of the minimized uncertainty that the guarantee of KYC brings along. Customers also feel a sense of mutual responsibility when they cooperate with their respective financial institutions in achieving a risk-free business environment for both parties.
Disadvantages of KYC
While KYC is a useful tool for various organizations, it can have a few limitations:
- A compromise of KYC data can incur severe GDPR penalties. This can also result in damage to the reputation of the given company and exact a toll on their customer base. From 2016 to 2020, U.S. banks have been reported to pay fines amounting to $160 billion to the U.S. government for noncompliance.
- The absence of a standard specification by law on the kind of information that must be used to verify customers results in each financial institution functioning in fear of massive fines, operating on its own, and deciding on proper procedures for due diligence. This can result in confusion for customers when they hear of the different documents that are needed for KYC.
- Time-consuming for customers: KYC requirements have been known to make starting off relationships with KYC-compliant companies a long and complex process for customers. For example, banks take approximately a month to complete the account opening process. In addition to the time involved, customers are also sometimes hesitant to provide all the information required.
- Increasing compliance costs: KYC is generally an expensive procedure. The costs incurred for executing anti-money laundering processes and practices could exhaust the financial resources of early-stage startups, so other daily functions run a risk of coming to a standstill. For small companies, this cost could be too high to bear.
- Documents needed for KYC verification vary from nation to nation: There is no uniformity - among countries - in the documents that are required for verification and this can include passports, utility bills, bank statements, etc. For corporations, it can mean founders'/directors' information, like names, birthdates, addresses, etc. This creates further difficulty in setting up a uniform procedure for achieving a common global goal - the security of financial resources.
- Difficulty in keeping information up to date: Every change in info must be documented properly for the information to be used as a tool in effective identity verification. Even a minor change in the customer's information, like their address, must be registered and documented instantly.
Learn more with us
Access our Knowledge Base for Startups.
We can help!
At AbstractOps, we help early-stage founders streamline and automate regulatory and legal ops, HR, and finance so you can focus on what matters most—your business.
We can help you understand and implement KYC. Get in touch with us.
Like our content?
Subscribe to our blog to stay updated on new posts. Our blog covers advice, inspiration, and practical guides for early-stage founders to navigate through their start-up journeys.
Note: Our content is for general information purposes only. AbstractOps does not provide legal, accounting, or certified expert advice. Consult a lawyer, CPA, or other professional for such services.