5 Steps to Effective KYC Compliance
5 Steps to Effective KYC Compliance
Compliance demands and business concerns of how to satisfy new laws are growing. Read about these key pillars of a compliant workflow and get your KYC right.
Join the DZone community and get the full member experience.Join For Free
Compliance demands are growing alongside business concerns of how to satisfy these new laws in real life. To play by the rules and avoid unnecessary fines, companies are getting back to the basics in order to fully evaluate their KYC processes and determine the changes ahead.
Having advanced compliance is definitely a head start for companies who wish to win the race against their competitors. But to get this advantage, businesses have to know how to play by the rules and get their KYC right.
What KYC Stands For
‘Know Your Customer’ is the requirement to identify and gather background information about your client before entering into a business relationship with them. It can be done via the provision of an identity document and, at times, a proof of address or other relevant data.
KYC is, effectively, a knight holding a shield against the maleficent antagonists. It fights fraudsters and safeguards a company’s fortune. Having a compliant KYC program automatically renders a business safer and more trustworthy. It is something clients will greatly appreciate.
What The Law Tells Us
There are many regulatory bodies that control and impose KYC—the non-binding FATF recommendations that cover 37 countries, the EU’s obligatory 5th AML Directive, etc. All in all, the regulations around the world follow the same template with certain variations here and there, however, not always with a clear guideline.
Some of these variations include the method of verification. If you are located in the UK, Russia, Malaysia, or the Cayman Islands then you could use selfie-based identification. However, In Austria, Germany, Liechtenstein, Switzerland and Estonia, companies must perform video-based ID verification.
To follow the right path, businesses firstly need to consider their own standpoint, and secondly, the requirements given by the legislature that they work under. Although regulators are not always there to prescribe the exact method of identification, they almost always ask for a risk-based approach.
Adopting a Risk-Based Approach to Compliance
Nowadays, the risk-based approach is the golden standard, although not a very descriptive one. In a nutshell, businesses are required to adequately assess the risks that could indicate connections to money laundering activity, terrorist financing, and all the worst things happening in the world’s financial pool. The common template for a risk-based approach is customer due diligence followed by enhanced due diligence.
Customer Due Diligence
These essentially encompass the basic check that a user goes through and the check that determines the risk that a user poses.
Collecting personal data such as the user’s name, and the proof of identity.
Verifying the collected data through an independent resource.
Checking the data against PEPs lists, adverse media and sanctions lists.
Finding out if a client is high-risk and needs to go through Enhanced Due Diligence (EDD).
Usually, CDD is enough, but for those like financial institutions who have more to lose and greater exposure to fraud, EDD is almost a permanent necessity.
If the Evidence Is Not Enough, Carry Out Enhanced Due Diligence
EDD is a more demanding process designed to verify high-risk clients, which usually branches into EDD for individuals and EDD for legal entities.
When it is an individual
Gather and verify additional information such as proof of funds/wealth.
Conduct database screenings across PEPs, adverse media, and sanction lists.
Make a decision on whether to drop or continue working with a client. This, of course, depends on the company's policy.
When it is a legal entity
Make an on-site visit (optional).
Analyze the source of funds and checking the UBOs.
Decide on whether a business wants to accept certain risks or let go of the client.
After that, the process doesn’t end. Transactions and accounts are regularly, or rather, ongoingly checked throughout the whole customer lifecycle for any strange patterns in order to eliminate any loopholes for fraudsters to wriggle their way into.
Check the Boxes: 5 Crucial Steps to Effective KYC
There could be many corner cases and variations of this flow, but, as we have said before, the foundation is almost always the same. So, be sure to remember these five essential steps to KYC compliance.
Implementing a risk-based approach
Clients must be thoroughly checked for risk factors. In addition, if the system requires it, you must request further proof from the client.
Using a compliant method for online identity verification
A company must review the regulatory demands of the jurisdiction it is based in and follow the rules, implementing an effective and compliant tool for the workflow.
Performing KYC CDD
Collecting additional information—proof of identity, or proof of address or both.
Performing KYC EDD
Collecting even more information for the purpose of additional checks, if found to be necessary—proof of funds/wealth, adverse media check, etc.
The relationship with a client doesn’t end after onboarding. The best practice is to continue monitoring them in case of any unusual patterns and investigate suspicious cases.
KYC is not as tough as it seems, however, it does take some time and resources to build a reliable flow. Yet, when a business gets it right, there are no setbacks to growth, and it's able to shoot a clean goal.
Opinions expressed by DZone contributors are their own.