Compliance Consultancy
Risk management and Consultancy firm

Know Your Customer

Introduction to KYC Know Your Cusotmer Due Diligence obligation
Financial institutions must be able to identify and verify the identity of their customers throughout the business relationship.

Understanding the source of wealth (is it legitimate?), but also the consideration of the source of funds (is it of questionable provenance?) are integral parts of the due diligence processes required by the KYC standards and AML regulations.

To meet regulatory and legal requirements, obtaining this information from the customer and verifying it involves setting up, at key moments of the business relationship, careful processes of vigilance and control over the knowledge and authentication of the customer.

What is KYC, Know Your Customer due diligence?

KYC vigilance procedures are part of the due diligence requirements that obliged entities are expected to implement and follow to prevent the use of the financial system for money laundering and terrorist financing.
What is the meaning of KYC - Know Your Customer?
Know Your Customer (KYC) refers to the identification of the user and by extension his agents, proxies, representatives or beneficiaries. Identity information (surname, first name, date of birth, register number, home or headquarters address, articles of association, shareholding structure, company number, etc.) must be proved by means of supporting evidence which vary according to the specific case

The information is verified with sufficient certainty and must comply with the duties of care imposed by the AML regulations, which incorporate the KYC standards.

What is the origin of KYC?

Ensuring the control of a business relationship through the knowledge of the client has long been a pillar of contractual agreements and allows to anticipate a large number of risks: operational, financial or reputational.

The strengthening of KYC's due diligence measures through regulatory standards was initiated in the 1980s and 1990s and has continued since in response to the outbreak of numerous international scandals.

What is the historical origin of KYC - Know Your Customer?
The rise of the cross-border distribution of hard drugs by cartels, money-laundering bank scandals associated with the repatriation of funds linked to humanitarian crimes, terrorist acts across the Atlantic and in Europe, economic scandals with the subprime crisis, schemes in tax havens, Panama Papers, Luxleaks, Swissleaks and other countries with legal systems that tend to leave grey areas of anonymity facilitating the implementation of tax evasion schemes.

All these reasons urge international bodies to issue coordinated responses and recommendations on actions that need to be taken to combat abuses of the financial system and illicit money flows.
The strengthening of KYC's due diligence measures through regulatory standards was initiated in the 1980s and 1990s and has continued since then in response to the outbreak of numerous international scandals.
The rise of the cross-border distribution of hard drugs by cartels, money-laundering bank scandals associated with the repatriation of funds linked to humanitarian crimes, terrorist acts across the Atlantic and in Europe, economic scandals with the subprime crisis, schemes in tax havens, Panama Papers, Luxleaks, Swissleaks and other countries with legal systems that tend to leave grey areas of anonymity facilitating the implementation of tax evasion schemes.

The Financial Action Task Force on Money Laundering (FATF) is an intergovernmental body that was established at the G7 Summit in Paris in 1989. Its mission is to examine money laundering techniques and trends, consider existing actions at national and international level and present vigilance measures. Less than a year after its creation, the FATF published a report containing a series of Forty Recommendations setting out a comprehensive plan of necessary measures (regulatory and operational) to combat money laundering.

What are the key steps of Know Your Customer rules?

Example of KYC procedure financial institution
What is the KYC validation process in practice?
The general obligations of customer and transaction due diligence are materialised in operational processes through 3 key steps introduced in the general provisions of the AML Act.

  • 1.

    Identification and verification of the customer with sufficient certainty;

  • 2.

    Assessment of the characteristics of the customer and the purpose and intended nature of the business relationship with an adequate level of AML risk assigned;

  • 3.

    Continuous vigilance over the business relationship and operations of the customer, achieved through controls over transactions and customer profile.

Where are KYC rules for identification and verification defined?

Know Your Customer rules are usually formalized in the following policies and procedures of financial institutions. Three main documents are commonly used.

- The Customer Acceptance Program;
- The Customer Identification Procedure;
- The Transaction Monitoring Procedure

How do criminals avoid KYC identification procedures?

Anonymity can give a false sense of security. A priori, it conceals the true identity of the end user of the financial service and allows a certain freedom of action without fear of consequences. The adage "not seen, not taken" takes on its full meaning in the case of identity theft.

How criminals bypass KYC process ?
Identity theft, fraud, swindling, credit card theft, counterfeiting of legal documents, data piracy, deepfakes, sim-swapping, corruption, fictitious front companies, use of mules, casinos, online gaming platforms, untraceable virtual currencies.

These few means are the most popular ways for criminals to evade the obligation to know the customers in order to be able to launder the money of their illicit activities with impunity.

Identity theft, fraud, swindling, credit card theft, counterfeiting of legal documents, data piracy, deepfakes, sim-swapping, corruption, fictitious front companies, use of mules, casinos, online gaming platforms, untraceable virtual currencies.

How can KYC procedures be strengthened to prevent identity theft?

For financial institutions, the basis of an effective program to combat fraud attempts and maintain the transparency of cash flows is a legitimate customer identification system.

Establishing valid identification and monitoring processes that incorporate due diligence standards and consider national and industry recommendations are not sufficient to manage all money laundering risks.
How to improve KYC procedure?

New finance digital service providers
The expansion of consumer services through new digital channels has transformed the delivery of financial services. Means of money transfer are now more diversified than ever (traditional banking system, NPPs - new payment services providers, mobile banking, electronic exchange offices, virtual currencies, prepaid credit cards...).

The digitisation of financial services has made it possible, thanks to technology, to open up to people left behind by traditional banking systems. These new connected services bring new risks that financial institutions must cover. Remote relationships are inherently riskier and force the use of more advanced identification and verification measures.
Technology is also providing solutions here as well.

Since the emergence of new financial services with international scope - GAFAs, Revolut, N26, Crowdfunding platforms, virtual currencies and ICOs - startups and fintech specializing in regulatory compliance and assisting anti-fraud professionals have undergone enormous expansion.

The solutions provided by Fintech and Regtech companies include automated digital systems that facilitate the verification of an end-user identity from the very beginning of the business relationship.

These KYC digital solutions allow the financial entity to streamline its resources by limiting their interactions to atypical or suspicious cases requiring manual validation.

Tools for data visualization and detection of atypical or suspicious transactions are also continually being improved with artificial intelligence. They are replacing the internal systems of traditional organizations to help them fulfil their due diligence obligations more effectively.

Which KYC documents are valid for customer identification?

The set of KYC documentation required to be gathered upon the establishment of a financial service relationship can imply different types of legal documents and certificates. Depending on the country’s criteria, different types of records might be valid as proof of identity.

A first segmentation to build in the customer acceptance program of a financial firm is the list of KYC requirements for physical persons and those for corporates.
Inside this segment, other categories exist and should be considered to foster due vigilance.

What is the list of accepted KYC documents? Individual and company
According to the case, further information might be required to identify the user with high certainty. The KYC regulatory requirements could differ based on the legal form, business activity or financial services provided. Even the entity appreciation of the risk can trigger enhanced vigilance measures for identification.

For different situations, different methods should be applied and adopting risk-based due diligence processes is crucial in focusing the resources on the most relevant cases.

List of commonly accepted documents for the KYC process of individuals

- Identity card
- Passport
- Driving licence
- Health insurance card
- Family record book
- Birth certificate

List of commonly accepted documents for the KYC process of entities

- List of representatives, officers, directors
- Identity documents of the representative(s) natural person(s)
- Statutes countersigned by the clerk's office of the commercial court, articles of association, company number
- Shareholder structure signed by a manager

List of commonly accepted documents for proof of address:

The law requires the company to collect proof of domicile. This is most often an obligation of means and not of result, as is the case with identity documents for natural persons. Nevertheless, it must be possible to demonstrate that the best efforts have been made to try to gather the information.

- An insurance contract or certificate
- A bill or certificate of contract for water, electricity, gas, fixed telephone or internet
- A certificate issued by a domiciliation company with administrative approval
- A commercial lease
- A certificate of domiciliation of the registered office

What are the skills of a qualified KYC Compliance Officer?

What are the skills required to become KYC analyst?

The best defence is to have good analysts in your department that will carry out good work from the start of the relationship with the customers.
The following interim review will feel more comfortable if the files were clear, consistent, and with reduced errors from the start.

This validated authenticity before the financial institution's engagement with the client will flag any unusual activity or warning signs from the beginning.

To cover this, KYC analysts should :

1. be able to analyse alerts produced by KYT monitoring tools and report writing
2. handle customer identification requests (KYC)
3. review complex clients and write effective concise reports
4. follow-up and propose developments/maintenance on the KYT and KYC monitoring tools

5. interact with the relationship managers in terms of monitoring, analysis of reports produced by this first line of defence.
6. carry out second line of defence AML related controls (account openings, sanctions and embargoes, PEPs,...)
7. prepare responses or reports to local authorities (local FIU,…)
8. support on administrative tasks

KYC Compliance Officer are generalists that will be :

1.meticulous, rigorous, curious and demonstrate maturity
2. analytical and have synthesis skills
3. experienced in AML but also in other relevant domains for your business model
4. at ease with domestic and European AML regulatory requirements

5. multilingual
6. proficient user of IT applications
7. able to read balance sheets, and have notions of tax related matters and special mechanisms (ex: VAT carousel …)
8. integrated into the team and the organization but can at the same time work independently

What are the challenges faced by KYC Compliance Officers?

KYC is still a challenge for most obliged entities if we take into consideration the recent fines in the industry.

  • Complexity in ownership structures with international links requires guidance from the compliance department. The people in Compliance are required to be a generalist and specialist at the same time
  • Negotiation with the business relationship managers for asking update of information and documentation towards the customers and to set the tone of embedding the AML culture within the entity
  • In case that customers are operational among different entities of a group, the belief arises that 'one KYC package' is not sufficient to cover regulatory obligations
  • Group reliance and KYC introduction certificates (outsourcing intra-group) or outsourced KYC requires additional controls although the final responsibility stays in the hands of the obliged entity
  • List of Compliance officer - KYC analyst challenges
  • High workload and sometimes repetition of unappealing tasks resulting in high turn-over of staff and insufficient knowledge transfer
  • Maintain a consolidated or bird's eye view on potential AML-risks and report it accurately towards the governance bodies
  • Balance between doing business and respect the adherence with applicable regulations and market standards
  • Fast changing regulatory landscape and the evolution of regulatory obligations

When are KYC due diligence investigations required?

The general rule implies a duty to identify and verify with certainty the identity of the user of the financial service so that the contractual relationship can be complete. If this duty cannot be fulfilled, the relationship cannot be established or must be terminated, since identification must be possible throughout the business relationship.

However, there are exceptions depending on the nature of the service. For example, identification may be deferred until the fulfilment of a condition precedent of a tripartite contract for third party beneficiaries of life insurance.

More specifically, the European directives combating money laundering and terrorist financing state that KYC must be done when:

When should you conduct KYC Due Diligence?
  • the customer wishes to proceed with a transaction in the context of a business relationship
  • the customer, outside a business relationship such as one above, wishes to conduct
    • one or more transactions which appear to be linked amounting to a total minimum of EUR 10 000;
    • one or more credit transfers or fund transfers (money transfer in the sense of Directive (EC) n° 1781/2006 of the European Parliament and the Council of 15th November 2006 that appear to be linked and that amount to a total of more than EUR 1 000;
    • or regardless of the amount if the obliged entity receives the funds concerned in cash or in the form of anonymous electronic money.;
  • in the case of gambling operators, the collection of winnings amounting to EUR 2 000 or more, regardless of whether the transaction is performed in a single operation or in several operations;
  • in the event of a suspected money laundering or financing of terrorism transaction;
  • there is reasonable doubt over the genuine nature of an existing customer’s identity.

Naturally, a large set of exceptions exist.

You want to know more precisions and understand the rules that apply specifically to your case ? Defend your company from financial crime abuses ! Contact our KYC experts!

What is the average wage of a Compliance KYC Analyst?

What is the real average wage of KYC compliance officers?
Working in a Compliance team is no easy task in the light of the functions listed above. It is also necessary to be totally impartial and independent in order to properly carry out one's duties in the interests of the company.

With this in mind, a Compliance Officer, starting from a certain level of experience, will receive an annual gross remuneration of more than €75,000 on average.

A KYC Analyst is a multi-disciplinary profile with a more operational focus that needs to be trained to understand the company's internal processes and solutions before becoming fully profitable.
A KYC Junior Analyst is entitled to a gross salary of €36.000 per year at the beginning of his or her career.
A KYC analyst with a high level of experience or seniority can be a truly indispensable and a hard-to-replace operational element, and can almost double his or her salary to an average of €69,000 per year.

Why should financial institutions identify and verify their clients with a high degree of certainty?

The worst nightmare for a financial firm is to transact with an unknown counterparty or whereby the real beneficiary is masked through complex structures or ownership.

The control processes set in place for customer acceptance, intermediary customer review and the knowledge on the purpose of the relationship are built from a risk-based approach. The development of a stringent process is crucial to cover these obligations and controls will highlight gaps that require adjustments.

How to safely identify a remote customer? - KYC

Based on the business model and the sector, the possibility of straight-through processing by using online KYC templates to thorough KYC investigations are permissible, as long that it confirms the true identity of the customer.

In case that several parties are involved in complex financial transactions, a clear picture can be developed by using KYC templates or KYC forms covering all aspects of the regulatory duties.
Electronic KYC templates or KYC forms with audit trails have the preference.

What are the benefits of outsourcing the KYC process?

Best outsourcing KYC firm - Europe- Belgium
Do you have difficulties with the implementation of internal KYC processes and is the staff turnover rate too high?

Outsourcing KYC to specialized companies can result in higher efficiency but also more accurate files.

The outsourced partner will combine temporary knowledge applicable in different business models, and also experience on the subset of multi-bank customers with a more accurate view of the client.

A global KYC view will facilitate the analysis of the data subject (no cross-references, nor revealing of confidential information).

The outsourcer will benefit from the instruments used by the outsourced party and the industrialisation of its processes.
Among these, state of the art workflow systems, full-fledged screening platforms and analysis on high-risk factors already available (PEPs, RCA), use of artificial intelligence, accesses to data of UBO, commercial registers, etc.

Is outsourcing KYC the predecessor of the Central KYC Registry?

Within the market, correspondent banks have already adhered to available KYC register providers. This addresses the KYC requirements across multiple jurisdictions but for a limited scope of entities (financial institutions, funds and large corporates).

The registry for private individuals and legal entities is in a premature stage and has not been developed yet. In addition to that is the changing financial market landscape where FinTechs are entering quickly.

Financial firms are reflecting about joining forces to create and manage centralised due diligence KYC registries.

In the meantime, can outsourcing the KYC function bring the light at the end of the tunnel for smaller entities?

It relieves the pressure of timely completion of reviews or the onboarding of new clients as SLAs in place will tackle the job.

The contrast between the reviews and cyclical onboarding will no longer have an impact on the headcount of your KYC/CDD department. The burden of engaging temporary workers who might leave sooner than planned also disappears.
Was this service page helpful ?  
FATCA - Compliance Consultancy

Do you know FATCA?The Foreign Account Tax Compliance Act ("FATCA") was enacte...

Sanctions and Embargoes - Compliance Consultancy
Sanctions and Embargoes

Due to globalisation, companies are increasingly exposed to the risk of sanctions, op...

MiFID MiFIR - Compliance Consultancy

The Directive 2014/65/EU (hereafter the "Directive") on markets in financia...

Insider Dealing - Compliance Consultancy
Insider Dealing

Insider dealing (the term "insider trading" is also frequently used) arises w...

Politically Exposed Persons - Compliance Consultancy
Politically Exposed Persons

It is essential that your financial company understands the concept of Politically Ex...

Common Reporting Standard - Compliance Consultancy
Common Reporting Standard

Where does the Common Reporting Standard (CRS) idea comes from ?The concept of agreei...

Market Abuse - Compliance Consultancy
Market Abuse

Market Abuse is a concept that encompasses unlawful behaviour in the financial market...

Know Your Customer - Compliance Consultancy
Know Your Customer

Financial institutions must be able to identify and verify the identity of their cus...

Payment Service Directive 2 - Compliance Consultancy
Payment Service Directive 2

The idea behind the Payment Service Directives (PSD) aims at simplifying the lives of...

Cryptocurrencies - Compliance Consultancy

What are the dangers of cryptocurrencies?Cryptocurrencies are virtual or digital curr...

Terrorist Financing - Compliance Consultancy
Terrorist Financing

The financing of terrorism is defined as the distribution or collection of funds, in ...

Customer Due Diligence - Compliance Consultancy
Customer Due Diligence

The Customer Due Diligence (hereafter “CDD”) investigation is required by EU juri...

Cybersecurity - Compliance Consultancy

Faced with the outbreak of highly targeted attacks and a highly regulated environment...

Anti Fraud - Compliance Consultancy
Anti Fraud

Fraud is one of the most damaging risks your business can faceWe are in a persistent ...

Screening - Compliance Consultancy

Are you familiar with the term "screening" or are you wondering what does it ...

Anti Bribery and Corruption - Compliance Consultancy
Anti Bribery and Corruption

Fighting against dumping and bribery is required for any company. Suspicions of corr...

Anti Money Laundering - Compliance Consultancy
Anti Money Laundering

Anti-money laundering compliance regulations are a challenge for financial institutio...

Get in touch with us - Compliance Consultancy
Get in touch !

We'll present you the technology to stop money laundering and terrorist financing

Europol defines Financial Crime as "illegal acts committed by an individual or a group of individuals to obtain a financial or professional advant...

Return to financial crime
Discover Pideeco Compliance Services and Business solutions for your operational business needs
Domain Experts
Andre Figueira De Carvalho - Pideeco Network Partner
Andre Figueira De Carvalho
Junior Consultant
Damian Vildosola Truche - Pideeco Network Partner
Damian Vildosola Truche
Senior Consultant
Piet De Vreese - Pideeco Network Partner
Piet De Vreese
Managing Director
Drini Vula - Pideeco Network Partner
Drini Vula
Senior Consultant
Outcomes of the FATF October 2019 Plenary Week in Paris
Michel Cliquet

For one week, from the 13th to the 18th October, representatives of 205 countries and jurisdictions, the IMF, UN, World Bank and other organizations (OECD, OSCE, Europol, Egmont Group of Financial Intelligence Units, ...) met in Paris for the Financial Action Task Force...

Read more Author What else ?
Outcomes of the FATF October 2019 Plenary Week in Paris - Pideeco Journal