Have we forgotten what KYC is for?
KYC (know your customer) needs no introduction. We all think we know why it’s done and what it’s for.
Keeping bad apples out of the barrel might be one line of thinking. Name screening checks are therefore performed on potential new customers to ensure they have no terrorist or criminal links. A myriad of vendors and list aggregators with clever fuzzy naming logic exist to help us with this task.
Ensuring customers are who they say they are might be another line of thinking. This has become increasingly urgent given that many people now sign up for new accounts online – or “non-face-to-face.” Facial recognition software enables photo ID comparison, OCR (optical character recognition) solutions can read passports and national ID cards and video solutions can show that the customer is actually “alive”.
Yet such thinking and solutions only partly explains what KYC is for. It is all very well to ensure only the good apples come in and that they are alive and have good ID documents, but what do we do with them now?
In 1989, the G7 established FATF (Financial Action Task Force) to develop policies to counter money laundering which was increasingly being seen as a major international problem. Not only was crime going global, but it also had the potential to destabilise the global economy. Understanding underlying money laundering trends and more importantly, combatting it, was considered crucial. In 2001, following the September 11th terrorist attacks on the US, the remit of FATF was expanded to include terrorist financing.
FATF provides annual reports and sets of recommendations on how to combat money laundering and terrorist financing to countries around the world. These recommendations are used as the cornerstone by the world’s compliance regulators (for example the Bank of England in the UK, MAS in Singapore, HKMA in Hong Kong and so on) to determine their AML policies. One such AML policy requirement is of course around KYC.
In its most recent recommendation report in October 2018, the very first subject FATF discussed has a direct bearing on why KYC is done. It is worth quoting in full –
Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, and should take action, including designating an authority or mechanism to coordinate actions to assess risks, and apply resources, aimed at ensuring the risks are mitigated effectively. Based on that assessment, countries should apply a risk-based approach (RBA) to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate with the risks identified.
The FATF Recommendations, International Standads on Combating Money Laundering and the Financing of Terrorism & Proliferation. Updated October 2018
The risk based approach mentioned in the report is really the key for why KYC needs to be done. KYC is performed during a customer’s on-boarding into an institution in order to asses his or her risk to that institution from a money laundering point of view. Should a risk exist, procedures and policies need to then be in place to mitigate it. Some customers provide a greater degree of risk than others. Those who are of higher risk require enhanced due diligence processes to be in place. Lower risk customers by contrast would only face simpler processes.
KYC is therefore an on-going process, it exists for so long that the customer remains with the institution. When KYC thinking is just about name screening or document verification when the customer opens their account, the essential points about on-going risk assessment are lost.
So how do we assess a customer for risk? What should we be looking for? Helpfully the regulators themselves give us some clues. Assessing people based upon their country – such as where they live or what their nationality is, is one favourite. FATF obligingly tells us which countries are considered high risk – it won’t be a surprise to learn that nations such as North Korea and Iran sit at the top of the list.
Another way to assess risk is to look at a customer’s occupation. Here, we must remember that the risk being discussed is about money laundering, not credit risk or any other personal factors. Based on this, somebody in the banking industry would be considered more risky than somebody in the agricultural industry. Why? Because a banker has greater access to money, particularly the flow of money, than a farmer. They therefore have a greater risk of performing money laundering.
Other ways exist too. What product is the customer applying for? Certain financial products, for example bank current accounts of crypto-currency exchange wallets, have a much greater capability for being used for money laundering than other products, such as mortgage loans or life insurance policies. Again, these products might be assessed differently if looked at from a credit risk point of view, but we are only considering money laundering here.
Sophisticated solutions will consider multiple risk factors. The data for these factors can all be captured during customer on-boarding and be used to build up a comprehensive risk picture of the customer. If done at the same time as fuzzy match name screening and facial recognition identity document verification, a holistic KYC solution for on-boarding can be provided.
This however still does not quite complete our picture. While KYC is now being done properly when the customer opens their account, it is still necessary that the data is constantly kept fresh and the customer’s risk dynamically updated as and when things change. For example, if a customer moves from a low risk country to a high risk country, such a change needs to be accounted for in the risk assessment policies. When customers become high risk, so the enhanced due diligence policies mentioned earlier need to kick in.
We understand that KYC is more than just name screening or identity verification. We understand that a holistic view of customers risk both when they open their account and throughout their time with an institution is necessary in order to meet the anti-money laundering and counter terrorist financing regulations that exist. And that is why we have built Idenfo, the first all-in-one AML and KYC solution for all financial institutions.
Idenfo combines a simple to use interface with an exceptionally clear data model and API for easy implementation. It comes with built in name screening list integration and fuzzy match logic covering you where-ever you are in the world. The system is further designed to meet identity verification requirements and also the risk based approach demanded by FATF. Sophisticated, built in risk factors are available with default settings aligned with FATF and regulators requirements. Configuration parameters allow flexibility and changes to meet the further nuance requirements of compliance teams from around the world. With Idenfo, all your KYC requirements really will be covered.
To find out more, please go to our website, we would be happy to assist you.