Reliable KYC practices are crucial to every business that handles legal commitments. Besides mitigating legal risks (such as identity theft and fraud), KYC also provides a sustainable legal base by tracking the validity status of submitted documents and tracking suspicious transactions. Even so, complying and keeping up with KYC requirements can be challenging.
What are they and what do they entail?
Know Your Customer (KYC) is the process of identifying and verifying customers. Therein identification means gathering their personal data, and verification entails matching that data to information provided on that person’s ID.
To identify a customer, businesses usually need to collect the following data:
To validate and verify this information, service providers may take a document-based verification route. In that case, they will request and check the customer’s government issued identity document and proof of address.
In line with Anti-Money Laundering/ Counter terrorist financing (AML/CTF) requirements , businesses must also ensure that customers are trusted individuals. In other words, service providers must evaluate customer risk, making sure they aren’t involved in organized crime or under applicable sanctions. That involves сhecking global sanctions lists, watchlists, blocklists, and adverse media.
It refers to a network of international standards, laws, regulations, procedures and acitivities made to prevent, detect and punish illegal funds entering the financial system to fund terrorist individuals, organisations and/or activities.
It helps to detect fraud and prevent financial crimes, such as money laundering.
Stolen personal data can be used to register on platforms, ranging from payment apps to dating sites. Once this step is complete, individuals may perform illicit transactions or scam honest users on behalf of another person. To mitigate those risks, businesses verify their customers in alignment with KYC.
AML-obligated companies that don’t meet KYC requirements may face regulatory enforcement measures and reputational losses.
Even non-AML-obligated companies can face business risks (multi-accounting, illegal chargebacks, etc.) if they don’t voluntarily implement KYC procedures.
Since KYC falls within AML/CTF requirements, every AML-obligated business must perform KYC procedures. Some good examples are financial institutions, insurance entities, real estate brokers, car dealers, accountants, crypto businesses, and gambling platforms that offer their services on a constant and unlimited basis. But KYC can also be useful for businesses that aren’t subject to AML regulations, such as marketplaces and car sharing platforms. It can help them manage customer risks and filter out risky suppliers and platforms.
The KYC procedure is meant to confirm that a customer is who they say they are. Here’s an example of proper remote KYC steps (in line with European ETSI standards for eIDAS), in order:
However, KYC checks don’t end with the onboarding stage. Under AML regulations, businesses must continuously monitor their customers’ profiles and transactions. That includes checking document validity and detecting suspicious transactions.
Different providers offer different KYC services. Some are fully automated, some include manual checks, liveness checks etc… The best advice is to choose one solution that covers all KYC needs instead of using a combination of different solutions.
Here’s the core criteria for choosing a KYC provider:
The solution must comply with the regulatory requirements of the business’s jurisdiction(s).
Providers should offer strong fraud protection, reliably identifying forgeries, spoofing, and other malicious activity.
A provider should support document types from different countries and offer a selection of prominent interface languages
The solution should have short processing times and high verification speed, saving users’ time and providing quick access to services