If you’re responsible for regulatory compliance in your organization, you might have encountered the “Know Your Customer” or “KYC” regulation. This anti-money laundering regulation helps prevent financial crimes.
However, some businesses are unsure of the KYC rules, how to comply with them or whether they apply to them.
In this article, you’ll learn what Know Your Customer is, which businesses need to comply and how the KYC process works.
You’ll also discover how to incorporate KYC checks into your customer onboarding process and what emerging technology means for the future of KYC.
What is Know Your Customer?
Know Your Customer ( KYC) is a set of regulations and standards for verifying customer identity to safeguard against financial crime. Sometimes known as “Know Your Client”, the rules focus on assessing the risk customers pose to a business.
KYC is part of a broader compliance set known as anti-money laundering (AML) regulations. AML aims to combat terrorist financing, fraud and other illegal activities by preventing money laundering.
Note: Money laundering is the criminal practice of concealing the origins of illegally obtained money through transactions involving legitimate entities.
The Financial Action Task Force (FATF), an intergovernmental organization, sets the international standards for KYC and other AML laws in its member states. These include the US, Canada and most European countries.
Note: In the US, the Financial Crimes Enforcement Network (FinCEN) enforces KYC and other AML regulations. Under the USA PATRIOT Act 2001, mandated businesses must comply with these rules.
Business owners must vigorously assess risk and verify identities to meet KYC regulatory requirements. Compliance means performing KYC checks on new customers, conducting due diligence and continuously monitoring risk.
Which types of businesses need to know about Know Your Customer?
Know Your Customer and other AML regulations apply to any business vulnerable to money laundering or fraud.
KYC requirements apply to banks, building societies and credit unions. Cryptocurrency exchanges and wallet providers must also comply with the regulations.
The rules also apply to many other financial services institutions, including:
Asset managers
Pension providers
Consumer credit services
Money transfer services
Payment institutions
Safety deposit services
It doesn’t stop there. Any business that handles large sums of money from individuals or organizations is vulnerable to money laundering or fraud. Therefore, it must comply with KYC rules.
Mandated businesses include accountants and auditors, tax advisors and independent financial advisors (IFAs), as well as other types of companies from outside financial institutions, such as:
High-value art dealers
Estate agents and letting agents
Casinos and gaming operators
Lawyers
It’s vital for all businesses to know whether KYC and other anti-money laundering regulations apply to them and to take the necessary steps to comply.
If you’re unsure whether your business needs to follow the rules, check with the relevant regulatory agencies in your region to be certain.
The KYC process explained
Know Your Customer compliance involves assessing the level of risk new customers present, verifying their identities and continuously monitoring their activities. Here’s a detailed breakdown of the KYC process.
Customer Identification Program
The Customer Identification Program (CIP) requires businesses to obtain four pieces of identifying information at the beginning of their working relationship (e.g., when customers apply to open accounts):
The customer’s name
Their date of birth
Their address
Their customer identification number (for US citizens, this is typically their social security or employer identification number)
Businesses usually require a government-issued identity document – such as a passport – as proof of customer identity. In some cases, they also ask customers to provide an additional form of ID, such as a driver’s license or birth certificate.
Customers can provide an official document, such as a bank statement or utility bill, as proof of their address.
Due diligence
Once a business has obtained a customer’s identifying information, it conducts due diligence based on the risk the customer poses to the company.
This risk-based approach to due diligence means that all customers are subject to standard KYC checks. However, customers at a higher risk of infiltration, terrorism financing or money laundering face stricter due diligence.
Several factors can influence customer risk profiles and the level of due diligence businesses must perform under KYC regulations. These factors include:
How much the customer earns in salary or annual sales
Who the customer’s customers are
What the customer’s reputation is in the local market (based on credible media sources)
Customers with a higher risk profile can also include “politically exposed persons” and individuals on sanctions lists and government watchlists.
Note: A politically exposed person (PEP) is someone who holds a prominent position in public life. Government officials, military officers and judges are all examples of PEPS.
Customers with addresses in “high-risk jurisdictions subject to a call to action” are subject to a higher level of due diligence. These are countries that – according to the FATF – have “significant strategic deficiencies in their regimes to counter money laundering, terrorist financing and financing of proliferation”.
Here’s a breakdown of each due diligence level.
Customer due diligence
At a minimum, the standard level of customer due diligence (CDD) requires businesses to use the information customers provide to:
Establish that the customer’s KYC documentation is authentic and valid
Verify the customer resides in their stated country
If the customer is a business with more than one ultimate business owner (UBO), due diligence also involves verifying the identities of each UBO and assessing the purpose of their relationship with the business.
Enhanced due diligence (EDD)
Enhanced due diligence (EDD) for higher-risk customers adds some steps to standard customer due diligence.
EDD measures usually involve asking the customer to provide additional documentation. This documentation might include evidence of their source of funds or a notary’s certification of their identity and address.
Companies may also obtain internal sign-off on the KYC check from a business director or a money laundering reporting officer (MLRO).
Continuous monitoring
KYC isn’t only about performing checks during the customer onboarding process. It’s about assessing risk continuously throughout the business relationship.
Continuous monitoring involves checking that customer documentation remains valid and up to date over time. It also requires businesses to have systems to highlight suspicious customer activities or new types of risk. Signals to monitor might include:
Unusual spikes in financial activities
The customer doing business with individuals on sanction lists
The customer conducting unusual cross-border activities
Adverse mentions of the customer in the media
Ongoing monitoring is especially critical for high-risk customers who are subject to enhanced due diligence.
Reporting and ongoing compliance
If your ongoing monitoring activities uncover any signs of potential criminal activity, report it to the relevant governing body. In the US, for example, you must file a Suspicious Activity Report (SAR) with the Financial Crimes Enforcement Network (FinCEN).
When it comes to KYC reporting, time is of the essence. You should file a SAR or equivalent report as soon as you discover any suspicious activity.
Those responsible for AML compliance must stay current with the latest rules to ensure the business continues to follow KYC rules correctly.
What does KYC mean for your business?
If Know Your Customer regulations apply to your business, you must comply with them by:
Assessing the level of risk that new customers present
Conducting KYC checks as part of your customer onboarding
Following the rest of the KYC process to ensure ongoing compliance
Failing to follow KYC and other AML rules can have serious consequences. These include financial penalties, reputational damage and, in some cases, criminal prosecution.
Compliance management may already be high on your agenda. For instance, if you handle personal data about EU residents, you must follow other rules, such as GDPR compliance. Consider KYC an additional activity to include in your compliance management routine.
Download your guide to managing teams and scaling sales
How to incorporate KYC checks into your customer onboarding
Incorporating KYC checks into your customer onboarding process might seem daunting, but it can be relatively straightforward with the right approach. Ultimately, it comes down to three key factors: systems and processes, customer communication and staff training.
Systems and processes
Implementing robust KYC procedures relies on having equally robust processes in place. From collecting customers’ KYC documentation to verifying the information and assessing risk, each stage requires a system to use and a process to follow. You and your customers should be clear on the following:
What each stage of the process involves
What method you’ll use to complete the process
When to move on to the next stage of the process
How to indicate that the process is complete
There’s a wide range of software and cloud-based technology that can help establish KYC systems and processes. For example, Pipedrive’s customer relationship management (CRM) software includes functionality for recording a customer’s KYC verification status.
Simply create a custom field for “Compliance” and mark it as complete when a customer’s KYC checks are complete.
Customer communication
Putting the customer experience at the heart of your KYC procedures allows you to build customer trust as you comply with the rules.
Be transparent about your processes and why you have them in place. Be clear about how you use customer data and the steps you take to handle it securely.
To make it easy for customers to access this information, consider publishing it online – ideally on a dedicated page on your company website. Pipedrive’s Trust Center is a good example.
Making the information readily available shows that you take compliance and customer information security seriously.
Staff training
Staff training is essential for successfully incorporating KYC checks into your customer onboarding.
Anyone involved in the onboarding process – including sales and marketing teams – should understand KYC regulations. Team members must know exactly what to do to support the business’s compliance with KYC, including the systems and processes they should use.
Include AML regulations – and KYC specifically – in your company’s compliance training.
Here are some tips for making the training engaging and relevant to each person’s role:
Use real-world scenarios to make policies tangible and relatable
Make resources easy to access for quick and convenient reference
Promote open communication about compliance challenges
Offer ongoing or on-demand learning rather than one-off sessions
In addition to KYC’s role in customer onboarding, staff should also be aware of the importance of ongoing monitoring for regulatory compliance and how to report suspicious activity.
What does the future hold for Know Your Customer?
Thanks to emerging technologies like the following, KYC compliance will become quicker and easier.
Electronic KYC (eKYC)
Electronic KYC (eKYC) solutions allow businesses to request and verify KYC documents digitally on a desktop or mobile device. With no in-person meeting or document exchange required, eKYC offers a convenient alternative to manual KYC checks.
Electronic KYC solutions verify customers’ identities electronically, automatically alerting businesses to potential high-risk customers. The platforms use a range of technologies to do this, including biometric data, documentation recognition and digital breadcrumbs.
EKYC providers rely on trusted data sources like government registries and allowlists. To operate as securely as possible, they employ measures like two-factor authentication and digital breadcrumbs.
Many eKYC solutions integrate with companies’ existing systems, including their CRM. For example, AIRR integrates with Pipedrive.
The integration allows private equity and venture capital (VC) firms to automatically record their customers’ KYC verification status in their CRMs.
Mobile KYC
Mobile KYC is a type of eKYC technology that conducts identity verification exclusively on a mobile device like a smartphone. It uses similar technology to eKYC to verify customers’ identities remotely and securely.
Mobile KYC technology can also include “selfie” verification. Customers take a photo of themselves on their smartphone and upload it to a mobile app or a website on their mobile browser. The technology compares the selfie against the image in the customer’s photo ID to verify their identity.
As technology continues to evolve to support a digital-first approach to business, more eKYC providers are likely to emerge in the coming years. Electronic and mobile identity verification may become the norm in the future.
Crush your manual admin with this sales automation guide
Final thoughts
For businesses handling large sums of money from individuals and organizations, Know Your Customer is vital to anti-money laundering compliance.
If you work in financial services or another regulated industry, assessing customer risk factors, conducting KYC checks and performing ongoing monitoring should already be part of your approach to compliance management. To improve accuracy and efficiency, consider using technology to automate some of these processes in the future.
If you’re looking for a CRM with functionality for tracking your KYC activities and recording your customers’ identity verification status, consider Pipedrive. Sign up for a free 14-day trial.
