Know Your Customer

What is Know Your Customer (KYC)?

Know Your Customer is a compliance process typically used by businesses in the financial services sector. The purpose of KYC is to help organisations accurately verify the identities of their customers and highlight any risks of completing a transaction with them. As a result, this can help to combat financial crimes such as fraud, money laundering, terrorist financing, and other related illegal activities. The Financial Conduct Authority (FCA) established KYC as part of its Anti-Money Laundering (AML) standards.

 

Key aspects of KYC

Identity verification

To comply with KYC, businesses must verify the identity of their customers, which is often carried out through KYC checks. These checks help to assess and authenticate that a customer is who they claim to be. If a customer fails KYC checks, a financial company can refuse to do business with them, because they could be making the organisation vulnerable to fines, reputation damage, and financial crimes. 

Risk assessment

In addition to confirming a customer’s identity, KYC checks are also beneficial in establishing the risk an individual poses to the financial organisation. Risks include fraud, money laundering, and terrorist financing. 

Ongoing monitoring

KYC compliance is not a one-time task; it’s an ongoing process. Businesses should monitor customer activities and transactions over time to identify any suspicious behaviour. Regularly reviewing customers’ financial behaviour highlights these risks and protects the organisation, because risk status can change. 

 

Who needs to comply with KYC?

KYC is most commonly applied to banks and other institutions in the finance sector. However, several other sectors and business types should be following KYC in their processes, including:

• Accountants and tax advisers
• Estate agents
• Legal professionals
• Gaming and casino businesses
• Luxury goods and art dealers
• Crypto asset businesses
• Trust providers

 

Why is KYC important?

KYC is important in protecting businesses from illegal activities through effective risk management. Good KYC practices can offer a better understanding of customers and their financial practices. Therefore, it is easier for the company to assess, manage, and reduce risk. If an organisation does not comply with KYC and it should be, it could face substantial fines from the FCA. 

 

What is the KYC process?

Maintaining KYC compliance involves four key elements, each establishing a strong protection layer in your company’s customer identification framework. 

Customer Identification Program (CIP)

The CIP is the first step in the KYC process, establishing that the customer’s identity is accurate and they are who they claim to be. Financial companies should collect and verify identification information from customers before doing business with them. Identification information for customers can include government-issued IDs and addresses.

Customer due diligence

Following the CIP, due diligence should be carried out by collecting further details about the customer in order to establish their risk. This goes a step further than the initial verification in the CIP by seeking confirmation from banks or other financial institutions that the customer is trustworthy. For example, checking that their source of wealth, the purpose of the transaction, and their behaviour during the transaction were all legitimate.

Enhanced due diligence

Enhanced due diligence is an optional, more in-depth step for customers who present a higher risk, e.g., politically exposed persons (PEPs) or individuals from high-risk areas. Performing enhanced due diligence is essential in minimising the risk of financial crimes. It typically involves detailed background checks, source of funds investigations, and continual monitoring. 

Ongoing monitoring

Regular KYC reviews, often known as perpetual KYC, are essential for spotting unusual shifts in a customer’s behaviour or transactions that may signal a change in their risk status. By maintaining ongoing oversight, businesses can swiftly detect and escalate suspicious activity to the appropriate authorities. An effective monitoring program should cover:

• Adverse media mentions involving the customer, especially in the case of politically exposed persons (PEPs) or individuals subject to sanctions
• Any changes in the geographic location of the customer or their transactions
• Variations in transaction patterns, including changes in frequency, types, or financial amounts

 

To find out more about KYC compliance, check out our guide covering the topic.