Know Your Customer, or KYC, refers to measures undertaken by financial institutions and businesses to verify their customer’s identities and determine any potential risks in conducting business. Every financial institution must have a KYC program in place. The KYC process is comprised of a customer identification program (CIP) and customer due diligence (CDD).
How well do you know your customer? Financial institutions are at risk of facing sanctions, fines, and reputation damage if they transact with money launderers or terrorists. KYC is a critical practice to shield your business from fraud and losses due to illegal funds and transactions. Here are elements of an effective KYC program:
Customer Identiﬁcation Program (CIP)
How do you determine an individual is who they claim to be? Identity theft in the US affects over 16.7 million consumers and accounts for $16.8 billion lost. CIP dictates that any person carrying out financial transactions should verify their identity.
Through the Patriot Act, CIP intends to minimize money laundering, corruption, terrorism funding, and other illegitimate activities. At the same time, it aids in identity verification. The minimum requirements set by CIP for an individual to open a financial account are:
- Legal name
- Date of birth
- A person’s complete address
- Legal identification number
Whereas the above information is enough for opening an account, the institution must conduct an identity verification within a reasonable period. In addition, depending on the bank’s risk assessment, the bank may require additional information. In identity verification, institutions use documents like government-issued identification cards, non-document methods like financial references, or a combination of both.
A financial institution’s CIP must have a guideline to determine whether a customer is on federal lists—for instance, a list of known or suspected terrorists. Financial institutions ought to inform their clients their information is used for identity verification. In addition, the government mandates banks to keep all CIP information during the account’s duration and at least five years after the closure of the account.
Customer Due Diligence (CDD)
It’s critical to determine whether a potential client is trustworthy. Customer due diligence is a crucial factor in efficiently managing your risks. It will help shield your business against terrorists, criminals, and politically exposed people who might pose a threat.
In your KYC program, use these available CDD levels:
Simpliﬁed Due Diligence (SDD)
SDD applies to clients with a low risk for criminal activities. Here, financial institutions only require obtaining basic customer information without a detailed risk assessment. Nevertheless, financial institutions ought to keep an eye on the account for any suspicious activities.
Basic Customer Due Diligence (BCDD)
This is the second level and requires a more in-depth assessment of the customer opening an account.
Enhanced Due Diligence (EDD)
EDD utilizes expert analysis and close monitoring of high-value accounts and accounts with signs of unethical activities. Here, additional information is collected to give a deeper insight into the customer. Despite some EDD elements legislated in some countries, it is the responsibility of any bank to identify its risk and ensure its customers are not bad actors.
You can also incorporate these steps into your CDD program.
- Verify the identity and address of potential clients, and understand their business
- When conducting customer’s identity verification, group them in their risk category before storing their information and documentation
- Keep records of all CDD and EDD of each customer for purposes of a regulatory
- Conduct a detailed process to ascertain the necessity of EDD. This process should be continuous since existing customers can transition into higher risks with time
Conducting CIP and CDD is not enough for an effective KYC program. To know your customer, you need to monitor their account continuously. This entails overseeing their financial transactions and accounts based on set criteria for evaluating customer’s risk profiles.
Taking into consideration your risk mitigation plan, some factors to monitor are:
- Significant changes in account activity
- A sudden change in business operations. For instance, new ownership, cross-border transactions, etc.
- Law enforcement inquiries
- Adverse media mentions
If an account’s activity is unusual, ensure you file a Suspicious Activity Report (SAR). In addition, ensure you keep accurate and up-to-date information on all your customers.
Ensure the type and amount of transactions match the purpose of the account. The level of monitoring should be based on a risk assessment.
Let Us Help
Are you looking to safeguard your business? At Enformion, we can help you avoid facing fines, sanctions, and reputation damage. Contact us today to find out more about how we can help.