Do you like cookies? 🍪 We use cookies, just to track visits to our website, we store no personal details. By using our site, you acknowledge that you have read and understand our Cookie Policy, Privacy Policy, and our Terms of Service.
Financial institutions must be able to identify and verify the identity of their customers throughout the business relationship.
Knowing your customer (KYC) is not only about getting his/her name and address, it is also verifying and understanding with certainty the operations, services or transactions that the client will perform.
Understanding the source of wealth (is it legitimate?), but also the consideration of the source of funds (is it of questionable provenance?) are integral parts of the due diligence processes required by the KYC standards and AML regulations.
To meet regulatory and legal requirements, obtaining this information from the customer and verifying it involves setting up, at key moments of the business relationship, careful processes of vigilance and control over the knowledge and authentication of the customer.
What is KYC, Know Your Customer due diligence?
KYC vigilance procedures are part of the due diligence requirements that obliged entities are expected to implement and follow to prevent the use of the financial system for money laundering and terrorist financing.
Know Your Customer (KYC) refers to the identification of the user and by extension his agents, proxies, representatives or beneficiaries. Identity information (surname, first name, date of birth, register number, home or headquarters address, articles of association, shareholding structure, company number, etc.) must be proved by means of supporting evidence which vary according to the specific case
.
The information is verified with sufficient certainty and must comply with the duties of care imposed by the AML regulations, which incorporate the KYC standards.
What is the origin of KYC?
Ensuring the control of a business relationship through the knowledge of the client has long been a pillar of contractual agreements and allows to anticipate a large number of risks: operational, financial or reputational.
The strengthening of KYC's due diligence measures through regulatory standards was initiated in the 1980s and 1990s and has continued since in response to the outbreak of numerous international scandals.
QUICKINFOThe international expansion of criminal activities
It is no coincidence that the turning point comes at a time when globalisation is taking hold. International transactions are facilitated by the financial system and allow criminals to easily launder the proceeds of their illegal activities. Cash transactions for substantial amounts have also become more feasible.
The rise of the cross-border distribution of hard drugs by cartels, money-laundering bank scandals associated with the repatriation of funds linked to humanitarian crimes, terrorist acts across the Atlantic and in Europe, economic scandals with the subprime crisis, schemes in tax havens, Panama Papers, Luxleaks, Swissleaks and other countries with legal systems that tend to leave grey areas of anonymity facilitating the implementation of tax evasion schemes.
All these reasons urge international bodies to issue coordinated responses and recommendations on actions that need to be taken to combat abuses of the financial system and illicit money flows.
The strengthening of KYC's due diligence measures through regulatory standards was initiated in the 1980s and 1990s and has continued since then in response to the outbreak of numerous international scandals.
The rise of the cross-border distribution of hard drugs by cartels, money-laundering bank scandals associated with the repatriation of funds linked to humanitarian crimes, terrorist acts across the Atlantic and in Europe, economic scandals with the subprime crisis, schemes in tax havens, Panama Papers, Luxleaks, Swissleaks and other countries with legal systems that tend to leave grey areas of anonymity facilitating the implementation of tax evasion schemes.
The Financial Action Task Force on Money Laundering (FATF) is an intergovernmental body that was established at the G7 Summit in Paris in 1989. Its mission is to examine money laundering techniques and trends, consider existing actions at national and international level and present vigilance measures. Less than a year after its creation, the FATF published a report containing a series of Forty Recommendations setting out a comprehensive plan of necessary measures (regulatory and operational) to combat money laundering.
FATF Rapid Historical evolution overview
The Rise of FATF Recommendations
In 1991, the implementation of the standards in the FATF member countries began to be monitored. Establishment of the principles for mutual evaluation in order to inform its members of their compliance with due diligence requirements and to raise awareness about their national exposure.
The 40 FATF Recommendations
Revision in June 2003 of the "40 Recommendations of the Financial Action Task Force (FATF) on Money Laundering" and completion of the thorough revision in 2012.
Terrorism Financing extension Recommendations
Adoption in 2001 and 2004, following the terrorist attacks in New York and Europe, of the "9 Special Recommendations on Terrorist Financing" aimed at providing countries with powerful tools to trace and intercept terrorist attacks and prosecute individuals involved in terrorist financing.
Nuclear Weapons Financing extension
In 2012, the FATF extends its mandate to weapons of mass or nuclear destruction, following growing concerns about North Korea and Iran.
What are the key steps of Know Your Customer rules?
What is the KYC validation process in practice?
The general obligations of customer and transaction due diligence are materialised in operational processes through 3 key steps introduced in the general provisions of the AML Act.
1.
Identification and verification of the customer with sufficient certainty;
2.
Assessment of the characteristics of the customer and the purpose and intended nature of the business relationship with an adequate level of AML risk assigned;
3.
Continuous vigilance over the business relationship and operations of the customer, achieved through controls over transactions and customer profile.
Where are KYC rules for identification and verification defined?
Know Your Customer rules are usually formalized in the following policies and procedures of financial institutions. Three main documents are commonly used.
- The Customer Acceptance Program;
- The Customer Identification Procedure;
- The Transaction Monitoring Procedure
How do criminals avoid KYC identification procedures?
Anonymity can give a false sense of security. A priori, it conceals the true identity of the end user of the financial service and allows a certain freedom of action without fear of consequences. The adage "not seen, not taken" takes on its full meaning in the case of identity theft.
Identity theft, fraud, swindling, credit card theft, counterfeiting of legal documents, data piracy, deepfakes, sim-swapping, corruption, fictitious front companies, use of mules, casinos, online gaming platforms, untraceable virtual currencies.
These few means are the most popular ways for criminals to evade the obligation to know the customers in order to be able to launder the money of their illicit activities with impunity.
Identity theft, fraud, swindling, credit card theft, counterfeiting of legal documents, data piracy, deepfakes, sim-swapping, corruption, fictitious front companies, use of mules, casinos, online gaming platforms, untraceable virtual currencies.
How can KYC procedures be strengthened to prevent identity theft?
For financial institutions, the basis of an effective program to combat fraud attempts and maintain the transparency of cash flows is a legitimate customer identification system.
Establishing valid identification and monitoring processes that incorporate due diligence standards and consider national and industry recommendations are not sufficient to manage all money laundering risks.
QUICKINFOSpecial cases require a stronger approach and greater resources
Identity theft, forgery and counterfeiting of identity documents are growing offences that challenge, through technology, financial crime professionals within obliged entities.
The expansion of consumer services through new digital channels has transformed the delivery of financial services. Means of money transfer are now more diversified than ever (traditional banking system, NPPs - new payment services providers, mobile banking, electronic exchange offices, virtual currencies, prepaid credit cards...).
The digitisation of financial services has made it possible, thanks to technology, to open up to people left behind by traditional banking systems. These new connected services bring new risks that financial institutions must cover. Remote relationships are inherently riskier and force the use of more advanced identification and verification measures.
Technology is also providing solutions here as well.
Since the emergence of new financial services with international scope - GAFAs, Revolut, N26, Crowdfunding platforms, virtual currencies and ICOs - startups and fintech specializing in regulatory compliance and assisting anti-fraud professionals have undergone enormous expansion.
The solutions provided by Fintech and Regtech companies include automated digital systems that facilitate the verification of an end-user identity from the very beginning of the business relationship.
- Reading of identity documents through OCR (Optical Character Recognition) technology.
- Counterfeit verification (Artificial Intelligence - Machine learning)
- Real-time facial recognition to eliminate the risk of identity theft
- Checks on watch lists and international sanctions
- Political Exposure Verification (PEP)
- Checking for adverse media articles
- Audit of business records and beneficial owner records
These KYC digital solutions allow the financial entity to streamline its resources by limiting their interactions to atypical or suspicious cases requiring manual validation.
Which KYC documents are valid for customer identification?
The set of KYC documentation required to be gathered upon the establishment of a financial service relationship can imply different types of legal documents and certificates. Depending on the country’s criteria, different types of records might be valid as proof of identity.
A first segmentation to build in the customer acceptance program of a financial firm is the list of KYC requirements for physical persons and those for corporates.
Inside this segment, other categories exist and should be considered to foster due vigilance.
According to the case, further information might be required to identify the user with high certainty. The KYC regulatory requirements could differ based on the legal form, business activity or financial services provided. Even the entity appreciation of the risk can trigger enhanced vigilance measures for identification.
For different situations, different methods should be applied and adopting risk-based due diligence processes is crucial in focusing the resources on the most relevant cases.
QUICKINFOList of valid KYC docs - Proof of Identity
Below is a list of commonly accepted documents for KYC processes. The distinction between individuals and entities has been produced. Again, the list of examples below might not be applicable as a valid identification method in your case. It is recommended that you refer to the regulations in force in the State in which you reside.
List of commonly accepted documents for the KYC process of individuals
- Identity card
- Passport
- Driving licence
- Health insurance card
- Family record book
- Birth certificate
List of commonly accepted documents for the KYC process of entities
- List of representatives, officers, directors
- Identity documents of the representative(s) natural person(s)
- Statutes countersigned by the clerk's office of the commercial court, articles of association, company number
- Shareholder structure signed by a manager
List of commonly accepted documents for proof of address:
The law requires the company to collect proof of domicile. This is most often an obligation of means and not of result, as is the case with identity documents for natural persons. Nevertheless, it must be possible to demonstrate that the best efforts have been made to try to gather the information.
- An insurance contract or certificate
- A bill or certificate of contract for water, electricity, gas, fixed telephone or internet
- A certificate issued by a domiciliation company with administrative approval
- A commercial lease
- A certificate of domiciliation of the registered office
What are the skills of a qualified KYC Compliance Officer?
The best defence is to have good analysts in your department that will carry out good work from the start of the relationship with the customers.
The following interim review will feel more comfortable if the files were clear, consistent, and with reduced errors from the start.
This validated authenticity before the financial institution's engagement with the client will flag any unusual activity or warning signs from the beginning.
To cover this, KYC analysts should :
1. be able to analyse alerts produced by KYT monitoring tools and report writing 2. handle customer identification requests (KYC) 3. review complex clients and write effective concise reports 4. follow-up and propose developments/maintenance on the KYT and KYC monitoring tools
5. interact with the relationship managers in terms of monitoring, analysis of reports produced by this first line of defence. 6. carry out second line of defence AML related controls (account openings, sanctions and embargoes, PEPs,...) 7. prepare responses or reports to local authorities (local FIU,…) 8. support on administrative tasks
KYC Compliance Officer are generalists that will be :
1.meticulous, rigorous, curious and demonstrate maturity 2. analytical and have synthesis skills 3. experienced in AML but also in other relevant domains for your business model 4. at ease with domestic and European AML regulatory requirements
5. multilingual 6. proficient user of IT applications 7. able to read balance sheets, and have notions of tax related matters and special mechanisms (ex: VAT carousel …) 8. integrated into the team and the organization but can at the same time work independently
What are the challenges faced by KYC Compliance Officers?
KYC is still a challenge for most obliged entities if we take into consideration the recent fines in the industry.
Complexity in ownership structures with international links requires guidance from the compliance department. The people in Compliance are required to be a generalist and specialist at the same time
Negotiation with the business relationship managers for asking update of information and documentation towards the customers and to set the tone of embedding the AML culture within the entity
In case that customers are operational among different entities of a group, the belief arises that 'one KYC package' is not sufficient to cover regulatory obligations
Group reliance and KYC introduction certificates (outsourcing intra-group) or outsourced KYC requires additional controls although the final responsibility stays in the hands of the obliged entity
High workload and sometimes repetition of unappealing tasks resulting in high turn-over of staff and insufficient knowledge transfer
Maintain a consolidated or bird's eye view on potential AML-risks and report it accurately towards the governance bodies
Balance between doing business and respect the adherence with applicable regulations and market standards
Fast changing regulatory landscape and the evolution of regulatory obligations
When are KYC due diligence investigations required?
The general rule implies a duty to identify and verify with certainty the identity of the user of the financial service so that the contractual relationship can be complete. If this duty cannot be fulfilled, the relationship cannot be established or must be terminated, since identification must be possible throughout the business relationship.
However, there are exceptions depending on the nature of the service. For example, identification may be deferred until the fulfilment of a condition precedent of a tripartite contract for third party beneficiaries of life insurance.
More specifically, the European directives combating money laundering and terrorist financing state that KYC must be done when:
the customer wishes to proceed with a transaction in the context of a business relationship
the customer, outside a business relationship such as one above, wishes to conduct
one or more transactions which appear to be linked amounting to a total minimum of EUR 10 000;
or regardless of the amount if the obliged entity receives the funds concerned in cash or in the form of anonymous electronic money.;
in the case of gambling operators, the collection of winnings amounting to EUR 2 000 or more, regardless of whether the transaction is performed in a single operation or in several operations;
in the event of a suspected money laundering or financing of terrorism transaction;
there is reasonable doubt over the genuine nature of an existing customer’s identity.
What is the average wage of a Compliance KYC Analyst?
Working in a Compliance team is no easy task in the light of the functions listed above. It is also necessary to be totally impartial and independent in order to properly carry out one's duties in the interests of the company.
With this in mind, a Compliance Officer, starting from a certain level of experience, will receive an annual gross remuneration of more than €75,000 on average.
A KYC Analyst is a multi-disciplinary profile with a more operational focus that needs to be trained to understand the company's internal processes and solutions before becoming fully profitable.
A KYC Junior Analyst is entitled to a gross salary of €36.000 per year at the beginning of his or her career.
A KYC analyst with a high level of experience or seniority can be a truly indispensable and a hard-to-replace operational element, and can almost double his or her salary to an average of €69,000 per year.
Why should financial institutions identify and verify their clients with a high degree of certainty?
The worst nightmare for a financial firm is to transact with an unknown counterparty or whereby the real beneficiary is masked through complex structures or ownership.
The control processes set in place for customer acceptance, intermediary customer review and the knowledge on the purpose of the relationship are built from a risk-based approach. The development of a stringent process is crucial to cover these obligations and controls will highlight gaps that require adjustments.
Based on the business model and the sector, the possibility of straight-through processing by using online KYC templates to thorough KYC investigations are permissible, as long that it confirms the true identity of the customer.
In case that several parties are involved in complex financial transactions, a clear picture can be developed by using KYC templates or KYC forms covering all aspects of the regulatory duties.
Electronic KYC templates or KYC forms with audit trails have the preference.
What are the benefits of outsourcing the KYC process?
Do you have difficulties with the implementation of internal KYC processes and is the staff turnover rate too high?
Outsourcing KYC to specialized companies can result in higher efficiency but also more accurate files.
The outsourced partner will combine temporary knowledge applicable in different business models, and also experience on the subset of multi-bank customers with a more accurate view of the client.
A global KYC view will facilitate the analysis of the data subject (no cross-references, nor revealing of confidential information).
The outsourcer will benefit from the instruments used by the outsourced party and the industrialisation of its processes.
Among these, state of the art workflow systems, full-fledged screening platforms and analysis on high-risk factors already available (PEPs, RCA), use of artificial intelligence, accesses to data of UBO, commercial registers, etc.
Pideeco Consultants in AML operational regulatory compliance can help you realise thorough and critical customer assessments, portfolio management and risk-based procedures and workflows to identify all the potential risks you are facing and treat them in due time.
We assist your firm in covering its regulatory obligations and avoid damaging impacts.
Is outsourcing KYC the predecessor of the Central KYC Registry?
Within the market, correspondent banks have already adhered to available KYC register providers. This addresses the KYC requirements across multiple jurisdictions but for a limited scope of entities (financial institutions, funds and large corporates).
The registry for private individuals and legal entities is in a premature stage and has not been developed yet. In addition to that is the changing financial market landscape where FinTechs are entering quickly.
Financial firms are reflecting about joining forces to create and manage centralised due diligence KYC registries.
In the meantime, can outsourcing the KYC function bring the light at the end of the tunnel for smaller entities?
It relieves the pressure of timely completion of reviews or the onboarding of new clients as SLAs in place will tackle the job.
The contrast between the reviews and cyclical onboarding will no longer have an impact on the headcount of your KYC/CDD department. The burden of engaging temporary workers who might leave sooner than planned also disappears.
Was this service page helpful ?
Terrorist Financing
The financing of terrorism is defined as the distribution or collection of funds, in ...
EU proposals: cross-border distribution of investment funds
A Proposal for a Directive which will amend, the Directive 2009/65/EC (UCITS IV Directive) and the Directive 2011/61/EU (AIFMD), was adopted on 12 March 2018 by the European Commission. The aim of the new Directive will be to facilitate the cross-border distribution of...