According to PwC’s global economic crime and fraud survey 2022, the top external perpetrator of an organization is the customer. That means that some of the people that you so desperately need for your organization to thrive are the ones that harm you the most.
According to the survey, nearly one in five companies expressed that their most harmful incident had a financial impact of more than $50 million! Unbelievable, right?
Still, in most cases, customers are your only way to success. But what could you do to protect your organization from people that attempt fraud and threaten your business? This is where KYC (Know Your Customer) procedures come into play.
With proper KYC processes in place, customers can be identified and verified to determine whether they pose a risk to your company or not.
But let’s start at the beginning. First, we want to answer the question of what KYC is, continue with KYC in different industries, provide you with a list of KYC verification methods and finish this blog with an insightful FAQ. Once you’ve gone through the blog, you will be able to equip your organization with the right procedures to combat fraud.
What is KYC?
KYC stands for Know Your Customer. It is a mandatory customer due diligence (CDD) process carried out by companies to verify the identity of their customers and to assess and monitor customers’ risk. In short, KYC procedures ensure that customers are who they say they are.
Generally, KYC helps to prevent money laundering, terrorism financing, and other illegal financial activities. It is a critical process for determining customer risk profiles and helps to identify whether a customer meets the legal requirements of an organization. Even though KYC is relevant for any industry, it is especially relevant for financial and banking institutions and other high-risk businesses such as insurance or real estate.
For example, financial institutions are required to conduct KYC processes before a customer opens a bank account and then continuously monitor transaction patterns to comply with AML & KYC regulations.
In order to comply with KYC requirements, customers must provide proof of their identity and address, so that organizations can perform due diligence and make sure that customers are who they claim to be. For that purpose, identity documents such as passports, driving licenses, ID cards, and proof of address documents such as bank statements or payslips are often required.
But why is this lengthy process even necessary? Let’s have a look at why KYC is so important for an organization.
Why is KYC important?
Do you know your customers? Are you sure they don’t pose any risk to your organization and that they are who they claim to be? If you can’t answer these questions with yes, then it is time for you to implement KYC processes. Because KYC processes allow your organization to know exactly to whom it is providing services.
KYC procedures are important as they allow you to discourage people who want to commit identity or document fraud. By going through a KYC process, their identity will be exposed to customer due diligence officers, which makes it very hard for fraudulent identities to pass the KYC procedure.
On top of preventing fraud, businesses have to comply with KYC requirements (and AML regulations) to avoid heavy fines and sanctions. Although not all industries are required to have a KYC process in place, financial institutions are among the ones that are required to fulfill KYC requirements by law.
While not all industries are required to perform customer due diligence, the risk of fraud, such as identity fraud, document fraud and money laundering, makes KYC procedures very crucial. Organizations have to meet two core KYC components: Customer Due Diligence (CDD) and a Customer Identity Program (CIP). With those measures in place, organizations hope to prevent harmful fraudulent acts.
Let’s have a look at KYC in different industries. For readability purposes, we focus on three areas, but there are many more matters that require KYC procedures.
KYC per Industry
As previously mentioned, KYC is essential in many industries. Each industry experiences different risks, which translates into different regulations and measures needed to take action.
Below, we will discuss what KYC looks like and which requirements apply in three different examples:
- KYC for the Financial Industry
- KYC for Business
- KYC for Crypto
KYC for the Financial Industry
KYC for banking is highly relevant and has to be conducted thoroughly. For the financial industry, KYC is no longer an option but is required by law. A bank or other financial institution has to verify the identity of customers, otherwise, heavy fines or other penalties can be imposed.
Therefore, a bank must have a Customer Identification Program (CIP) in place in which data is collected, identified, and verified.
On top of that, financial institutions must conduct Customer Due Diligence (CDD) procedures to continuously monitor customers, collect identity information to create customer risk profiles, and cross-check this information with databases that entail information about politically exposed persons or sanctions.
Only with these processes in place, banks and other financial institutions are compliant with KYC & AML regulations.
KYC for Business
Every business that is onboarding customers should conduct KYC checks. This is not only to protect your business against fraud but also to protect your customers.
For example, car rental businesses that offer a reservation system online need to ensure that people are over 18 and have a driver’s license. To avoid fines and other penalties for renting out a car to unauthorized people, these businesses should fulfill Know Your Customer requirements and, e.g., verify the age and driving license categories in the onboarding process.
But what if you were to onboard customers that aren’t individuals but companies? In this case, you would perform so-called KYB (Know Your Business) checks. KYB is seen as an extension of KYC since it was introduced much later after the initial KYC regulations. While both procedures involve checks to verify identities, the main difference between the two is that KYC applies to individuals, while KYB applies to businesses.
KYC for Crypto
Cryptocurrency have been increasing in popularity over the last few years. This and the growing risk of terrorist financing and money laundering are the reasons why crypto platforms are now regulated as financial institutions. As we previously learned, all financial institutions need to comply with KYC & AML regulations and therefore integrate processes accordingly.
KYC for crypto platforms is mainly used to identify and confirm users’ and customers’ personal information to verify age, identity and address. The main goal is to determine the probability of customers posing money laundering risks.
This has been causing frustrations for customers of crypto platforms, as the original idea of crypto exchange was to trade anonymously. Yet, regulators are pressuring crypto firms to introduce KYC measures to have more control over customers and cryptocurrency transactions.
While all three example industries have the same main goal in mind (identifying & verifying a customer’s identity), every industry still uses KYC regulations for a slightly different purpose. Let’s now have a look at how the KYC regulations differ for different regions.
Worldwide KYC regulations
KYC regulations don’t only differ per industry, but also per region or country. To keep the blog readable, we focus on three different regions, the European Union, United Kingdom and United States.
Over thirty years, the EU has developed a solid framework for preventing money laundering and terrorism financing. The EU rules are far-reaching and go beyond international standards. Therefore, the European Commission wrote an action plan for a comprehensive Union policy on preventing money laundering and terrorism financing to achieve more harmonious, cohesive, and powerful Anti Money Laundering (AML) regulations.
Additionally, in 2016, Europe passed three AML directives (4AMLD, 5AMLD, and 6AMLD) that expand the scope of KYC requirements to new sectors.
This increases the need for enhanced Customer Due Diligence (CDD), as the process includes the collection, verification, and record-keeping of Personal Identifiable Information (PII). On top, customers need to be screened against sanctions and politically exposed persons (PEP) lists to assess the risk of each customer.
The information above clearly shows that EU regulations are quite strict and solid. Understandably, we are not able to provide every single rule that applies. Please conduct industry-specific research yourself to prevent fines and other penalties.
Even though the UK has robust AML and KYC laws and regulations in place, the regulations are not overly specified. Instead, they function more like guidelines rather than hard requirements. Those guidelines are divided into five parts of identity checking and are published in the Good Practice Guide provided by the UK government. These five parts are:
- Acquiring evidence of the claimed identity
- Checking if the evidence is valid
- Checking if the claimed identity has existed over time
- Checking whether the claimed identity is at high risk of identity fraud
- Determining whether the identity belongs to the person claiming it
Interestingly, not all steps need to be performed at once, as the risk level of a customer determines which checks need to be executed. On top of that, according to the 2017 updated AML regulations, there are three specific requirements that need to be fulfilled:
- Identify the customer
- Verify the customer’s identity
- Assess the purpose and intent of business relationships and occasional transactions
If you find yourself in the UK, please conduct your own research on KYC and AML regulations on top of our article, as it is impossible for us to cover all the regulations necessary for your specific industry.
In the US, the U.S. Financial Crimes Enforcement Network (FinCEN) is the authority for KYC regulations. They set regulations with the goal in mind of preventing illegal activities such as fraud and money laundering. In general, in the US, there are three layers of KYC requirements:
- Customer Identification Program (CIP) → The CIP requires customers to provide their full name, date of birth, address, and social security number. This applies no matter the customer risk profile.
- Customer Due Diligence (CDD) → The US law requires all financial institutions to conduct CDD procedures while onboarding new customers. CDD is a series of background checks and screenings of customers to assess their risk profile and identify their identity.
- Enhanced Due Diligence (EDD) → EDD is needed to gather additional information. This comes into play when customers pose a higher risk of terrorist financing, infiltration, or money laundering.
As previously mentioned, please do additional research that is more specific to your industry and country. Next, we want to talk about setting up your KYC process and which different KYC verification methods are available.
Setting up your KYC process
Setting up your KYC process depends on several factors, such as the country your business is located in and which kind of solution you require. To set up your KYC process, you can follow these steps:
- Check out your industry and region-specific regulations
- Check for possible risks in your industry
- Check the scale of your KYC process
- Choose between an automated and a manual solution
- Find a provider that offers the verification methods you require
- Set up your process
In the following paragraphs, we will discuss this in more detail, so that you can make an informed decision about which verification method fits your business.
KYC verification methods
As there are various KYC verification methods available, it may quickly become overwhelming. This is why, in the following paragraphs, we will highlight two different KYC verification methods to help you find the answer:
- Manual KYC verification
- KYC automation with E-KYC
Manual KYC verification
Many organizations, especially financial institutions, have been obliged to follow KYC regulations before verification software and automation even existed. This means, those organizations committed to a manual KYC verification process that they still perform today.
Manual KYC verification requires your CDD officers to check every document provided by the customer manually. Customers have to come to the office of an organization to have their identity verified for the organization to make sure they are who they claim to be.
This is doable if you have a few new customers per day, but will quickly develop into a time-consuming process for the customer, but also for your employees once the customer number increases.
Furthermore, the ability to manipulate documents increased drastically, as photo editing software such as Photoshop is available to everybody these days. With the skills of people improving, it becomes harder and harder for the human eye to detect manipulations and fraudulent documents. Hence, checking and verifying documents manually opens doors for numerous fraud attempts.
Still, if an organization has to onboard less than 40 customers a day, then it is probably more affordable to stick to a manual verification process. With our IDP calculator, you can easily check if an automated KYC solution is justified for your onboarding process.
In general though, using software to automate your KYC processes quickly becomes an attractive solution, as it can increase the speed of the customer verification process, but also protect your organization from fraud. What that looks like will be discussed in the following paragraphs.
KYC automation with E-KYC
As the number of customers and therefore the number of documents needed to be verified increase for your business, the manual KYC process is no longer an option if your business is looking to scale up. That’s why software solutions that automate KYC processes are currently on the rise. Such solutions are also known as E-KYC.
There are numerous reasons why electronic KYC (E-KYC) is the way forward:
- Cost → Faster speed, higher accuracy, and better utilization of human resources make KYC processes scalable and more cost-efficient.
- Accuracy → E-KYC software can automatically check for errors and fix mistakes, which improves the accuracy of the verification process drastically.
- Speed → Manual KYC procedures can easily take up to a couple of months. This leads to customer frustration or customers abandoning the process. With E-KYC, customer onboarding becomes faster, as documents can be checked and verified around the clock and more efficiently.
- Adaptability → KYC regulations regularly change. Compliance systems that are based on software can easily be changed accordingly by, e.g., simply updating a ruleset or security measures.
- Integration → E-KYC software is most of the time-integrated via an Application Programming Interface (API). This makes it very easy to add new functionalities to verify customer identities.
- Efficiency → Customer documents can be automatically checked and recorded into desired databases, which will lead to a more efficient onboarding process.
- Customer Experience → Customer experience is improved in numerous ways. The quicker and more efficient process makes the experience nicer from the get-go. Often E-KYC solutions offer the KYC process via mobile phone, making remote onboarding easier, quicker, and more convenient for the customer. Like this, a customer’s identity can be verified everywhere, which means a visit to the office becomes superfluous.
Once customer data has been collected in the digital onboarding process, it continuously needs to be updated, cleaned, and periodically reviewed. This process is an extension of the KYC process and is known as KYC remediation. How often the KYC remediation process is conducted largely depends on the regulations in effect in your industry and the risk profile of your customer.
If you are planning to use KYC software, one of the main things to think about is the verification methods you want to use. The paragraphs below discuss the various options.
As mentioned earlier, digital and remote onboarding is on the rise. For organizations, that means they are facing the challenge of verifying identities safely and securely in a digital process. Therefore, the use of selfie verification provides a fitting solution, in which a customer is asked to first take a picture of their ID document and then take a selfie.
To make use of this solution, two components are necessary:
- A scanning device to take the selfie (usually a smartphone)
- A software that is able to compare the facial characteristics with the ID document
The software compares the submitted selfie to the photo on the customer’s ID card in real time. To do so, facial biometric features are analyzed and compared. This ensures that customers are not using an ID document of another person for the onboarding process. Selfie identity verification has a couple of advantages that improve the onboarding process of your company:
- Fraud protection → Identity verification that is using real-time selfie verification adds an extra layer of protection against people trying to use IDs of other people. Selfie verification is convenient to use, non-transferable and hard to fake as it analyzes a person’s facial biometric features, which is why it is very beneficial to use in your KYC verification process.
- KYC compliance → Using a selfie in real-time as part of your KYC process allows you to determine whether customers are who they say they are. This ensures that you are compliant with this part of the KYC regulations, Anti-money Laundering (AML), and GDPR requirements.
- Shorter turnaround time → With an automated solution for identity verification, the onboarding process for customers becomes fast and available anywhere 24/7. With automated and remote selfie identity verification, multiple new customers can be onboarded in seconds, which means the turnaround times are shortened and customer satisfaction increased.
KYC with Liveness Check
Verifying the identity of customers can be done, as just mentioned, with real-time selfie verification. An even safer alternative is KYC with a liveness check.
Liveness checks ensure that the customer is physically present. The customer has to follow the movements required by the software for biometric scans, which then allows the software to validate and determine if the person behind the camera is a real person.
The order of biometric scans is changed in every process to avoid spoofing of the software. This makes the process even more secure and allows you to be KYC-compliant.
KYC Document verification
The KYC process is often accompanied by plenty of documents. All of them need to be checked and verified, which is very important but can quickly turn into a lengthy process when done manually.
Intelligent Document Processing (IDP) solutions can automatically process onboarding documents, such as IDs, passports, contracts, residence permits, driver’s licenses or other government-issued documents.
This will not only speed up the process but also enable you to catch document fraud by recognizing edited photos and manipulated text. On top, IDP solutions offer the possibility to mask sensitive data on documents, which protects client information from data breaches or hacker attacks. While all of this already brings you a step closer to KYC compliance, you can still take it a step further.
In order to verify identities, a rather new feature, NFC-based verification, can be applied. NFC technology allows you to access customer data from identity documents (that have an RFID chip) and then validate the document’s authenticity. As PII data embedded in RFID chips cannot be altered, the use of this technology enhances security, ensures KYC compliance, and allows you to have a faster and more reliable onboarding experience for your customers.
Proof of address verification
With automated proof of address verification, you simplify customer onboarding and meet KYC requirements. By combining proof of address verification with other identity verification software features, KYC and AML compliance can be enhanced.
With intelligent software, the address on a document can automatically be extracted, cross-checked with existing databases and then validated. This solution doesn’t only speed up your digital customer onboarding, but also prevents possible address or document fraud.
Does this sound like something you need for your onboarding? We have good news, with Klippa you can enhance your onboarding process and become KYC compliant! What that looks like will be explained in the next paragraphs.
Automate KYC processes with Klippa
Automating KYC processes has become a must for businesses to stay compliant and competitive with the ability to scale their operations. For that, Klippa offers the IDP solution, Klippa DocHorizon to simplify your onboarding and compliance checks. With DocHorizon, manual processing of ID & Proof of address documents is history as the scanning, extracting, and verifying of those KYC documents is fully automated.
On top of our IDP solution, we offer an automated identity verification solution that allows you to use selfie identity verification with a liveness check. Real-time user feedback ensures that the customer experience is smooth, and the verification process can be done accurately. Next to that, you can add as many security layers as you need.
Here is a list, to name a few:
- Selfie Identity Verification
- Liveness Check
- ID document verification
- NFC ID verification
- Proof of address verification
- Age verification
Do you also want to increase security in your onboarding process and comply with the latest KYC regulations while providing a remote onboarding experience? By implementing Klippa’s solution into your systems, this is possible. Just book a free online demo below, or contact one of our experts for more information. P.S. The FAQ below may already provide some answers to your questions.