KYC, which stands for Know Your Customer, is term commonly found with AML, which stands for Anti-Money Laundering. In this post, we outline what KYC refers to and how to think about it in a sophisticated way. This helps teams navigate discussions with RegTech and identity verification companies when discussing features and solutions for product and business needs.
The concept of KYC is now important for many businesses because in major markets like the US and EU, businesses are required to know who the ultimate beneficiary of funds are, which means they need to identify their customers. Although KYC once focused on the traditional financial industry, many digital services now need to perform KYC checks for regulations and also to build customer trust. For example, many crypto companies and virtual asset service providers need to have KYC checks.
In this piece, we will outline:
- What is Know Your Customer (KYC)?
- What counts as CDD and KYC?
- How identity verification solutions help you with KYC procedures
- The benefits of KYC processes
What is Know Your Customer (KYC)?
KYC refers to a process of getting to know who your customers are, which requires verifying the identity of the individuals you may be engaging in business with. Engaging in business could include a longer-term relationship, such as a customer opening an account with you, or it could be a one-off transaction.
What is the difference between AML and KYC?
KYC and AML are often used together, but they are not the same concepts. AML refers to Anti-Money Laundering regulations. Regulatory bodies, such as the Financial Crimes Enforcement Network (FinCEN) in the US, require companies to be AML compliant and in obliged entities (such as financial institutions). AML regulations are widely adopted to reduce corruption, bribery, money laundering, and fraud.
Globally, AML regulations and requirements for KYC have been expanding steadily, including the introduction of the 6th Anti-Money Laundering Directive (6AMLD) in Europe, which companies must comply with by June 3, 2021. Though AML regulations previously focused on financial services, the growth of online services and transactions, as well as online fraud and money laundering, now means that many businesses could be required to show they have performed customer due diligence if they are investigated. The EU’s 6AMLD now applies to crypto companies and virtual asset service providers.
KYC refers to knowing who your customers are (and the processes to find out). KYC often helps companies meet AML regulatory requirements but companies that may not be subject to regulatory requirements may also want to have KYC checks to reduce the risk of fraud or increase security.
How does KYC relate to CCD, CIP and AML?
KYC is also closely associated with terms such as customer due diligence (CDD) customer identification program (CIP), and ongoing monitoring.
If businesses perform CDD, they will come to know who their customers are. In some jurisdictions, CDD processes are referred to as a CIP. This means that if your business performs CDD through a CIP, then you will have a KYC process or KYC procedures.
These concepts are most developed in the financial sector, particularly in banks but also with credit companies, insurance agencies, and adjacent industries such as accounting firms or regulated industries such as gambling. These sectors perform CDD because they are obligated to comply with AML regulations in many major markets or face consequences that include fines, sanctions, and even incarceration for individuals.
Sometimes, companies may explain CDD or having a CIP as part of KYC. It is important to know that CDD is a requirement outlined in AML regulations. KYC is an industry term that has been widely adopted in financial services and adjacent sectors.
What counts as CDD and KYC?
Performing sufficient customer due diligence and having a robust KYC process allows companies to protect themselves by ensuring that they are doing business legally, with legitimate entities, and it also protects customers (or end users) who might be harmed by financial crimes such as fraud.
CDD and KYC procedures begin with collecting data on an individual, such as through their official photo ID (national IDs, passports, drivers’ licenses). In-person, performing identity verification is straightforward: you can verify that the individual handing these items to you looks the same and has the same signature as what is shown in their official documents. You can also inspect the physical documents to judge their authenticity. In banks, the information about an individual (such as their names, social security numbers, birthdays, addresses, and associated companies) is compared to individuals on sanctions lists, watchlists, and list of politically exposed persons (PEPs) to make sure the bank is not doing business with someone suspected of being involved with a crime, or at a high risk of money laundering. Some countries or companies may call this process a customer identification program.
The process remains the same online, but effective technology must be used to reliably perform the same processes. To do the same online, you will want to:
- know the identity of the person through their submitted documents
- confirm the authenticity of the documents
- verify this person is physically in front of their device (not a bot)
- confirm that the person in front of the device matches the documents
How identity verification solutions help you with KYC procedures
Today, there are a variety of solutions providers that cover RegTech, identity verification, identity management, and cybersecurity. While many companies have overlapping services, they may be designed for certain types of use cases.
If you want to know who your customers are, you will likely want to do identity verification. Identity verification services like Passbase complete many steps required for CDD so that companies can be AML compliant. The way Passbase does identity verification is as follows:
- an end user is invited to verify their identity through Passbase
- they perform a challenge with a video selfie
- they submit an official photo ID document (that a company can choose)
- they may be required to submit additional documents (that a company can choose)
For an end user, the identity verification process is completed in two or three steps and under a minute, so that they can continue with their onboarding. For a Passbase client company, the submitted video selfie and document are enough to perform an identity and document verification.
A user’s video selfie serves as both a liveness detection test and to verify that their face matches the photo ID. The submitted documents help to identify the person through their name, date of birth, address, and other identifiers. In addition, the information can be cross-checked with databases and watchlists to check that a person is not wanted or to identify them if they are a politically exposed person (PEP).
In addition, clients using Passbase can also further secure their business and offer end users conveniences by re-using their digital identities in the following ways:
- allowing end users to perform biometric authentication for passwordless sign-ins and transactions
- allowing end users to reuse documents for future identity verifications, such as for new services
Each identity verification performed helps meet KYC checks to protect against fraud and also provide evidence of ongoing due diligence and monitoring to regulators (if necessary).
The benefits of KYC processes
In short, KYC processes help online companies secure their business, even if they may not have regulatory considerations. To summarize, knowing who your customers helps with the following:
- Reduce the risk of fraud: when you know who a customer is, you are better protected from scams, fraud, and account theft
- Stay AML compliant: having KYC processes increases the chances that you have done sufficient CDD, protecting against fines for money laundering (even if unintended)
- Build trust with customers: give customers confidence that their accounts are secure with you
With the growing amount of services and transactions happening online, organizations beyond the financial services industry and other obliged entities for AML regulations need to know who their customers are. Below, we outline ways that different sectors can benefit from performing identity verification and knowing who their customers are.
In the past, online retailers and ecommerce businesses did not have access to bank-grade security tools. Now, they do and regulations are catching up. In markets like the EU, regulations such as the second Payment Services Directive (PSD2) are requiring that businesses need to provide stronger authentication methods before allowing transactions to go through. At the same time, lawmakers are catching up with regulations and fines for insufficient age verification for age-restricted products such as tobacco, alcohol, vapes, and cannabis to minors. Performing identity verification with an official government ID provides a birthdate that allows online retailers to screen out minors.
The mobility sector also has regulations to consider, namely that vehicle drivers have a valid license. Uber was stripped of its license twice after regulators found that thousands of trips were made with drivers with borrowed or fake identities. By integrating an identity verification service, a mobility service can quickly match the person submitting their driver’s license with the photo ID and perform a KYC check. In addition, identity verification services use databases to perform ID verification and check for a driving license’s validity. This frees up the business to focus on its core service for end users.
Marketplaces and peer-to-peer platforms
Successful marketplaces are built on trust and safety. As marketplace platforms are competitive, user trust translates to retention. After multiple cases of fraud with fake listings, Airbnb began to require that hosts verify their identities with photo IDs. In addition to building trust with end users, marketplaces handling transactions also have to consider multiple regulatory requirements, such as PSD2 in Europe for payment processing, and AML requirements to know who the ultimate beneficiaries are when receiving funds. Adding identity verification to the user onboarding process is a quick way to mitigate fraud, unsatisfied customers, and potential fines.
FinTech, crypto and insurance
In the U.S. and the EU, regulations are growing tighter for services related to the financial industry, such as digital currencies. In December 2020, the FinCEN proposed regulating crypto companies in the U.S. In the EU, the 5th and 6th Anti-Money Laundering Directives (5AMLD and 6AMLD) added digital wallets and currencies, art dealers, law firms, and accounting services to a list of obliged entities, with harsher penalties for failing to comply. Implementing identity verification, while adding necessary documents to meet due diligence requirements, will help companies stay regulatory compliant.
Like the financial industry, online gaming and gambling is already subject to a range of regulations. In the past, gaming operators could have rudimentary age declaration pop-ups. However, fines for online gambling operators had already reached over £24 million (US$ 33 million) by the end of Q1 in 2021. In the past, paying fines was seen as the cost of business, but with the available identity verification solutions today that can satisfy both KYC requirements and age verification, gaming operators have a more sustainable way of continuing operations. You can find out more here.
Passbase provides a convenient way for businesses to perform KYC checks through identity verification that allows your end users to prove who they are during user onboarding, to create accounts, prove their age, and perform secure passwordless log-ins. Your team can manage verifications from a unified dashboard and you can immediately integrate Passbase into your service or platform via the Passbase API or with SDKs for iOS, Android, and web.