November 02, 2022
Jennifer LoweJennifer is a writer at Plaid, covering lending and payroll. She believes in the potential of new financial services to enable greater financial access.
Table of ContentsIn 2021, reported fraud losses rose to $5.8 billion, an increase of more than 70 percent in a single year. One way to combat the rise in financial fraud and money laundering is to reduce anonymous bank accounts and monitor suspicious activity. For financial organizations, that means knowing who customers are and continuously monitoring for risk factors, a process called KYC or "know your customer."
While the programs to meet KYC requirements are developed by individual organizations, financial institutions like banks, credit unions, and Fortune 500 financial firms, must comply with complex regulations to verify customer identity, called KYC. This article explains what KYC requirements are in the U.S., and why KYC in banking matters.
Failing to meet KYC regulations can mean steep fines, an increased risk of fraud, and reduced consumer trust, making KYC compliance critical to businesses in many industries.
KYC stands for "Know Your Customer." It is a due diligence process financial companies use to verify customer identity and assess and monitor customer risk. KYC ensures customers are who they say they are.
Compliance with KYC regulations helps prevent money laundering, terrorism financing, and more run-of-the-mill fraud schemes. By verifying a customer’s identity and intentions when the account is opened and then monitoring transaction patterns, financial institutions can more accurately pinpoint suspicious activities.
To meet KYC requirements, clients must provide proof of their identity and address, such as ID card verification, face verification, biometric verification, and/or document verification. Examples of KYC documents include a passport, driver's license, or utility bill.
KYC is a critical process for determining customer risk and whether the customer can meet the institution’s requirements to use their services. It’s also a legal requirement to comply with Anti-Money Laundering (AML) laws. Financial institutions must ensure clients are not engaging in criminal activities while using their services.
KYC is a legal requirement for financial institutions and financial services companies to establish a customer’s identity and identify risk factors. KYC procedures help prevent identity theft, money laundering, financial fraud, terrorism financing, and other financial crimes. Failure to meet KYC requirements can result in steep fines and penalties.
AML regulations were introduced in 1970 to fight money laundering. Following the 9/11 attacks, the U.S. passed stricter KYC requirements as part of the Patriot Act. While these changes were in the works for several years, the terrorist attacks provided the political momentum needed to enact them.
Title III of the Patriot Act requires financial institutions to meet two core KYC components: the Customer Identification Program (CIP) and Customer Due Diligence (CDD). Current KYC procedures embrace a risk-based approach to counteract identity theft, money laundering, and financial fraud:
→ Want to fight fraud while handling KYC requirements? Plaid Identity Verification is the lowest friction identity verification experience available.
The difference between AML (anti-money laundering) and KYC (Know Your Customer) is that AML refers to the framework of legislation and regulation financial institutions must follow to prevent money laundering. The KYC process is a key part of the overall AML framework and specifically requires organizations to know who they do business with and verify customer identity.
Financial institutions are responsible for developing their own KYC processes. However, AML legislation can vary by jurisdiction or country, which means financial institutions must establish KYC procedures that comply with each set of AML standards.
KYC is required for any financial institution that deals with customers while opening and maintaining financial accounts. When a business onboards a new client, or when a current client acquires a regulated product, standard KYC procedures generally apply.
Financial institutions that need to comply with KYC protocols include:
KYC regulations have become an increasingly critical issue for almost any institution interacting with money (so, just about every business.) While banks are required to comply with KYC to limit fraud, they also pass down those requirements to organizations with whom they do business.
Prevent fraud, win users, and protect your bottom line
Certain activities can require organizations to reverify customers with an updated KYC process. Triggers for KYC reverification can include:
For example, as a result of initial due diligence and ongoing monitoring, a bank might flag risk factors like frequent wire transfers, international transactions, and interactions with off-shore financial centers. A “high-risk” account is then monitored more frequently, and the customer might be asked to explain transactions or update other KYC-related information periodically.
Understanding KYC means understanding not just what the process is, but how the different components work together to reduce fraud and illegal activity.
To comply with the Customer Identification Program, financial institutions must ask customers for identifying information. Every financial institution conducts its own CIP process based on its risk profile, so a customer may be asked for different information depending on the institution.
For an individual, KYC documents could include:
For a company, the information may include:
For either a business or an individual, further verifying information might include:
Financial institutions must verify that this information is accurate and credible, by verifying documentation authenticity, using digital identity verification, or both.
Customer due diligence requires financial institutions to conduct detailed risk assessments, including examining the potential types of transactions a customer makes to detect suspicious behavior. Using this information, the institution assigns the customer a risk rating that determines how often the account is monitored. Institutions must verify the identity of any individual who owns 25% or more of a legal entity, and any individual who controls the legal entity.
While there’s no standard procedure for due diligence, institutions can think of them in three tiers:
Continuous monitoring means financial institutions must monitor their client’s transactions on an ongoing basis for suspicious or unusual activity. This step embraces a dynamic, risk-driven approach to KYC. When suspicious or unusual activities are detected, the financial institution must submit a Suspicious Activities Report (SAR) to FinCEN and other relevant law enforcement agencies.
The two mandatory KYC documents are proof of identity with a photograph and proof of address. Customers must provide an updated, unexpired government-issued identification proving nationality or residence and include a photograph or similar safeguard. These documents establish identity when users open a financial account, such as a savings, fixed deposit, mutual fund, or insurance account.
Documents commonly accepted as standard proof of identity and address include:
→ Need a faster account opening and onboarding flow? Plaid Auth provides instant bank account authentication when users connect with their bank account credentials.
In 2021, financial institutions spent an estimated $37.1 billion on AML-KYC compliance technology and operations. Beyond the immediate cost of implementing processes, KYC has other costs, such as increased time investment and higher customer churn.
However, non-compliance with KYC processes can increase costs as well. Failing to meet KYC requirements can lead to increasingly steep fines. In 2013 and 2014, $4.3 billion in fines were levied against financial institutions, which quadrupled the fines of the nine previous years combined. For example, JP Morgan was fined more than $2 billion for a failure to report suspicious activities. In 2021 alone, financial institutions were fined $2.7 billion.
KYC regulations mean almost any business, platform, or organization that interacts with a financial institution to open an account or engage in transactions must comply with these complex regulations.
KYC regulations have far-reaching implications for consumers and financial institutions alike. Financial institutions must follow KYC standards when working with a new client. These standards were enacted to fight financial crime, money laundering, terrorism funding, and other illegal financial activity which often rely on anonymous financial accounts.
Failure to comply with KYC regulations can mean steep fines, lack of consumer trust, and even prosecution in some cases. As the financial technology industry grows, more organizations will need to comply with these complex regulations.
Taking a risk-based approach to KYC helps eliminate the risk of fraudulent activities and ensures a better customer experience.