A few decades ago, many financial institutions literally “knew” their customers. People would bank in a local branch and speak to the manager if they needed a loan or a mortgage. Those days are long gone.
We now live in an age where most of us conduct the bulk of our financial lives online, with limited in-person interaction. Know Your Customer / Client (KYC) sits amid a sea of related acronyms such as AML (Anti Money Laundering), CDD (Customer Due Diligence), and CIP (Counter Identification Program).
The compliance burden of dealing with all this lays a heavy load at the door of many companies – not just banks and lenders. Compliance with Anti Money Laundering (AML) legislation, of which KYC is a component, is compulsory for many businesses – from fintech firms and insurance companies to crypto exchanges and iGaming and casino sites.
In this article, we look at how KYC works and discuss ways to utilize technology to make it more effective and less burdensome. We also consider the consequences of failing to address shortcomings in KYC and AML processes.
Let’s start right at the beginning.
What is KYC?
KYC stands for Know Your Customer (or sometimes Know Your Client). It’s a process designed to ensure that companies thoroughly verify their customers’ identities. This applies both at the point when they initially sign up (or open an account) and on an ongoing basis.
Complying with KYC is mandatory for many businesses. It’s far from hyperbole to describe it as a minefield. Across the world, new KYC and AML legislation emerges on a regular basis. Unsurprisingly, this is far from coordinated, leaving companies that do business across borders to navigate varying compliance burdens on the whims of different governments.
KYC processes are increasingly automated. Opening a new account and completing KYC processes can involve digital document verification, providing biometric data, and completing various online checks.
Digital KYC processes contrast starkly with taking official documents to a physical location for a manual check by a human. They can save time, minimize compliance costs, and address customer friction. However, the potential for online fraud is ever present – and the consequences of dropping the ball are huge.
The Consequences
In 2020 alone, companies worldwide paid over $10 billion in fines for failing to meet their obligations concerning KYC, AML, and other related legislation.
While KYC specifics vary from country to country, they usually come under the banner of AML (Anti Money Laundering). In many cases, such legislation dates back several decades but has been updated in recent years to account for increasing reliance on the internet.
Money laundering is said to “cost the world 2% to 5% of its GDP” as stated in an article by LegalJobs. AML legislation protects against financial crime and tries to thwart the funding of terrorism and other illegal activity. However, many big-name firms have been known to fall short.
Offenders include ABN Amro, fined $574 million in 2021 for “serious shortcomings” in (its) processes to combat money laundering.” In the same year, Capital One was fined $390 million for “willfully failing to implement and maintain an effective Anti-Money Laundering (AML) program.”
How to Get KYC Right
Clearly, the fines above make terrifying reading for anybody operating a company that’s subject to KYC and AML compliance. Global banks may be able to weather such penalties, but they’d likely be enough to sink an emerging fintech company.
With that in mind, we next discuss some strategies for dealing with the burden of KYC.
1. Start with Business Process and Risk Management
Effective KYC and AML usually involve choosing the right tech – more on that shortly – but it begins with the business process. Keeping on top of ever-evolving global legislation is a job in itself.
SEON recommends designating a Chief Compliance Officer, who’s primarily responsible for “stay(ing) abreast of the changing laws and regulations.” They can also serve as an interface between the business and its auditors.
2. Filter Customers Out of Full KYC Checks
This means more than just performing KYC checks on some customers! This would be neither sensible nor compliant.
However, it’s usually possible to identify and eliminate certain illegitimate customers before they even get to the KYC stage. Techniques such as digital footprinting can raise red flags in a simple and inexpensive way. For example, IP address checks can ascertain if a customer isn’t where they say they are. An email address check, based on Open Source Intelligence (OSINT), can reveal whether somebody’s social media footprint looks suspicious.
Each full KYC check can cost $130 or more. Filtering out clearly suspicious customers prior to that stage creates additional resources to process the others effectively.
3. Consider Identification and Activity
KYC is primarily about checking that a customer is who they say they are, but AML goes further than that.
For example, a customer could legitimately open an account and pass a KYC process, only to go on and make transactions that should still raise red flags.
Increasingly, AI and machine learning can help identify suspicious customer activity patterns. A sudden huge transaction, for example, could indicate that an account has been compromised or has been used for nefarious purposes for the first time.
4.Fight AI with AI
The advent of widespread AI and “deep fake” technology means it’s increasingly easy for fraudsters to trick their way through KYC processes with falsified documents and even fake video calls.
Tech professionals are hard at work finding ways to fight this AI with AI of their own. A recent project involves the use of light tracking. This looks at light reflections from subjects’ eyes – something easy to detect but difficult to fake.
5.Include a Human Element
Digital KYC is already heavily automated, but there remains a role for humans in the process. Manual checks can prove due diligence and also verify that AI systems are learning correctly. “White box” machine learning systems “show their homework,” making it possible to see how automated decisions have been made.
KYC technology is constantly evolving. Any business that hasn’t enhanced its procedures in a year or two will almost certainly find ways to cut costs, improve accuracy, and reduce the risk of one of those terrifying fines.
Related Posts