Looking to incorporate AI into your role? If you're in the financial services vertical, you might want to start with your KYC process.
Understanding the Know Your Customer (KYC) Process
As more financial institutions look at the “perpetual KYC” concept, they must also understand what the 'know your customer (KYC)' process truly means.
As accelerated digital transformation during the last two years brought the adoption of online services by banking customers to 85%, banks have struggled to keep pace with both existing and tightening financial crime prevention compliance standards, such as Know Your Customer (KYC) regulations. Financial crime compliance costs have risen sharply in the last three years to an average of $27.8 million annually for institutions with holdings greater than $10 billion, representing a 95% increase over 2019 outlays.
At the same time, spiking compliance expenses seem to be having a markedly underwhelming effect on the effectiveness of financial crime prevention mandates, as a 2022 Q3 poll of financial institutions found that 76% of organizations assess their own KYC processes as either poor (29%) or mediocre (47%) in practice. As more financial institutions look to the newly coined “perpetual KYC” concept as a solution to underperforming processes, decision-makers in the industry must understand the broader context from which the current buzz around KYC has emerged.
Getting to Know KYC
In 1970, the U.S. enacted the Banking Privacy Act, a law that began requiring banks and other financial institutions to perform identity confirmation and verification for new customers to prevent certain criminal activities that rely on access to financial services. These processes – dubbed KYC in later iterations of the law – originally targeted money laundering activities by domestic organized crime.
The legal significance of KYC for federal compliance for banks has since undergone reinvention a handful of times. The first time was in 2001, when the Patriot Act merged the law enforcement domains of anti-money laundering (AML) and anti-terrorism financing to enhance the capabilities of federal agents to identify potential terrorist networks by their financial footprints. More recently, federal law enacted in 2018 redefined the customer due diligence (CDD) portion of existing KYC regulations to place an enhanced legal burden on financial institutions to verify the identities of all beneficial owners holding controlling stakes in companies doing business with U.S. financial institutions.
North American countries – the U.S. in particular – experienced by far the largest regional increase in non-compliance punitive actions against financial institutions in the first half of 2022, with total fines coming in at $1.453 billion – an uptick of 220% from the same timeframe in 2021. Under the circumstances, decision-makers in the banking industry should prioritize achieving a granular understanding of KYC compliance throughout their organizations.
What Is KYC Compliance?
KYC procedures exist to prevent or at least reduce the ease of financial crimes such as money laundering, identity fraud, and terrorism financing. Existing federal KYC regulations attempt to accomplish this by requiring that financial institutions maintain a compliance record demonstrating reasonable attempts to verify customer identities and report suspicious activities. These regulations do not specifically enumerate exactly what steps must be taken, as the prevailing federal position is that doing so invites organizations to attempt to satisfy only the bare minimum and ignore the spirit of the law.
Nevertheless, the nongovernmental, independent Financial Industry Regulatory Authority (FINRA) publishes KYC guidelines for financial institutions. These are found in FINRA Rules 2090 and 2111:
- 2090: Broker-dealers must make reasonable efforts to verify the identities of customers and persons authorized to act on their behalf with regard to accounts
- 2111: Broker-dealers must be able to demonstrate to reasonable effect that financial recommendations given to customers serve their financial interests according to a defensible understanding at the time
Most financial institutions employ a three-step process to satisfy FINRA’s KYC guidelines.
- Customer Identification Program (CIP): Uses public records such as known addresses, dates of birth, and government identification credential numbers to establish customer identities
- Customer Due Diligence (CDD): Collects customer personally identifiable information (PII) to verify identities and perform risk assessment profiles for customers
- Ongoing Monitoring: Puts in place monitoring controls for transaction habits, anomalous financial behavior, and political exposure for potentially high-risk customers
To reduce the risk of KYC oversights by accident or insufficient employee training, many banks have adopted KYC checklists for employees with account creation and modification responsibilities. At a minimum, KYC checklists include:
- Business Information
- Contact Information
- Banking Information
- Banking Primary Contact Information
Streamlined KYC Compliance with FileInvite
As regulatory compliance with KYC and other financial crime prevention measures becomes more complex and costly, financial institutions are seeking new solutions in technology. FileInvite’s SOC 2 Type 2 compliant file sharing and document portal platform eases KYC compliance for your employees and customers. Offering a single secure repository for client KYC documentation, FileInvite removes the risk and hassle of document collection through insecure email attachments and delivered hard copies.