KYC: 3 Key Steps to Successful Know Your Customer Compliance

Know Your Customer (KYC) is a critical element in the fight against money laundering and other financial crimes today. The digital nature of the global financial system today means that financial institutions are more vulnerable to attacks and are at risk of being used as money laundering facilitators. It is estimated that 2-5% of global GDP is laundered yearly, stressing the need for the right processes to protect financial institutions and customers alike. 

To achieve this, international institutions like the Financial Action Task Force (FATF) have laid down guides for global adoption. One of the key aspects is conducting KYC for client identification and verification to spot fraudsters at the early stages of onboarding. 

What is KYC, and why does it really matter? What key steps are businesses expected to take to achieve KYC compliance? Can the process be automated? This article covers all you need to know about Know Your Customer (KYC) Compliance for businesses today.   

What is KYC?

Know Your Customer (KYC) refers to the process of identifying and verifying your customer identity during onboarding and periodically after onboarding for fraud prevention and AML compliance. KYC may also be referred to as Know Your Client. 

In simpler terms, financial institutions are mandated to verify that their customers are genuinely who they claim to be. Depending on the outcome of a KYC check, the bank may choose to onboard the customer or not establish a business relationship at all. 

KYC refers to the steps taken by a business to:

• Establish a customer identity
• Assess and understand the nature of the customer’s activities (certify that the customer's source of funds is legitimate)
• Conduct money laundering risk assessment 

A lack of proper KYC procedures will lead to penalties and sanctions by the governing body in that jurisdiction. 

Why does KYC Matter?

KYC is a fundamental practice that both protects an organization from fraud and financial losses due to illegal transactions and their associated reputational damage, as well as protects legitimate customers from becoming criminal victims.

KYC helps fight: 

• Money Laundering
• Terrorist Financing
• Other Financial Crimes

Who Needs KYC? 

All businesses operating in an AML-regulated industry are mandated to conduct KYC checks. Standard KYC procedures are to be applied when onboarding a new client and during the course of the business relationship. 

Here is a rundown of some of the businesses required to perform KYC: 

• Banks
• Credit unions
• Private lenders and lending platforms
• Asset management companies
• Brokers
• Casino and gambling organizations
• Fintechs 
• Real estate companies
• Nonbanking financial institutions (NBFI), etc
• Money transfer and remittance institutions

What are the Importance and Benefits of KYC?

KYC helps financial institutions:

• Perform risk assessment by verifying customer identity and financial history during a lending profess
• Fight frauds resulting from false identity or bad acting
• Makes the financial system of a country less risky and more trustworthy, thereby, attracting more investments
• Prevents money laundering
• Protect businesses against reputational damages resulting from association with criminal entities 
• Helps businesses avoid financial losses due to regulatory fines

What KYC Documents are Required for Compliance?

KYC process is performed when establishing an individual business-to-customer relationship (e.g. an individual opening a bank account) and business-to-business relationship (a business opening an account). The KYC documents required for both processes differ. 

Documents required for individuals generally include: 

• Drivers’ license
• International passport 
• Social Security card/ national identity number
• Other documents issued by the state or federal government

The following documents may also be required for proof of address: 

• Bank statements
• Utility bills
• Employment documents
• House rental agreements

For business relationships, the following documents are generally requested:

• Business name, address, and incorporation certificate
• Registration number
• Articles of incorporation
• Tax details
• Board of trustees, etc

Note that these documents vary depending on the nature of the business relationship to be established. 

How does the KYC process Work?

Businesses can customize Smile ID’s solutions to meet their specific KYC needs by following the processes below:

Step 1: Identity Verification

Smile ID offers an array of identity verification solutions to help businesses meet their KYC compliance needs. This includes: 

• Document Verification: empowers businesses to verify 8500+ identity documents across 226 countries globally using biometric authentication and OCR technology.
• Government KYC Checks: leverage direct access to databases from ID issuing authorities across Africa to verify customer identity. 
• Enhanced Document Verification: Combine the functionality of Document Verification and Government KYC checks in one robust solution for a more detailed compliance check.

Step 2: AML Check

Take extra precautions by running an AML check on the customer against PEP, Sanctions, and watchlists.

Businesses can perform this via our no-code platform or API/ SDK integration. Book a free demo today to learn more.

Steps to Achieving KYC Compliance for Individual Customers

We recommend that you follow the processes below to create and run an effective KYC compliance program: 

1. Develop a Customer Identification Program (CIP)

Identity theft and scams are global threats, affecting millions of individuals yearly. This means that financial institutions need to prioritize ensuring their customers are truly who they claim to be. Establishing a robust Customer Identification Program (CIP) helps achieve this. 

The following information is generally collected and verified during customer identification:

• Name
• Date of birth
• Proof of address
• Valid government-issued ID (e.g. National ID number, Passport, Social security, driver's license, etc)

AML guidelines laid down by FATF mandate that individuals conducting any financial transactions need to verify their identity. This has also been adopted by countries globally into law (e.g. the FICA Act of South Africa, the Patriot Act in the US, the Money Laundering (Prohibition) Act in Nigeria, etc.)

Risk assessment is a key aspect of running a successful CIP. Customer risks need to be accessed at the institutional level during onboarding and requirements set for different account levels. Depending on the nature of the business and sector it operates in, individual institutions need to determine the exact policies and procedures for specific customer risk levels. 

For example, a bank needs to consider the following when creating a customer identification program:

• Its method of opening an account
• Size, location, and dominant customer base/ customer jurisdiction. Unique policies should be designed for different products and services per customer region
• The types of accounts it offers

Have more questions? Book a free demo call with our experts.

2. Conduct Customer Due Diligence

Customer due diligence is the step that actually helps a business assess the potential risks a customer poses. After establishing a robust CIP, you then need to proceed to lay out customer due diligence steps to make sure a potential customer is trustworthy. These procedures will be guided by the already established policies. 

Customer Due Diligence comes in three levels:

a. Simplified Due Diligence (SDD) 

Simplified Due Diligence is the lowest level of due diligence applicable to a customer. It involves a low-friction identity verification process that aims to validate a customer's identity usually through document verification.   

This level of due diligence is used when the customer is low-risk and will only make use of products that fall in the SDD category. However, the customer should be continuously monitored for trigger events that may require a higher level of due diligence. 

A good example of this is a customer looking to open a tier 1 KYC account with a daily transaction cap. SDD can be conducted for this, however, the customer may wish to transact more in the future. A higher due diligence needs to be conducted before upgrading the customer account. 

b. Standard Customer Due Diligence (CDD)

Standard Customer Due Diligence requires businesses to identify customers and then reliably verify their identities. It is the level of due diligence that is applied in most cases. For individuals, IDs and key information about the customer need to be collected and verified against reliable databases. This ensures that the individual is legit and not a criminal, looking to exploit the business relationship. 

An example of this is opening a standard bank account that allows the customer to transact in large volumes. Standard bank accounts allow you to transact within a specific range that most people wouldn't cross daily. Much higher volumes may require an account upgrade. Just like SDD, triggers also need to be set that may require further due diligence. 

c. Enhanced Due Diligence (EDD)

Enhanced due diligence refers to the process of carrying out extra checks on a customer identification beyond standard customer due diligence procedures. It involves collecting and verifying additional information (e.g. AML checks). 

Generally, EDD factors are clearly stated by a country’s legislation, however, financial institutions are also encouraged to assess the customer risk and take measures equivalent to their assessment. It can also be an ongoing process too as customers have the tendency to transition into higher risk categories than initially assessed. 

EDD processes go the extra mile and may require more information from customers:

• Occupation
• Location and jurisdiction
• Expected methods of payments
• Anticipated pattern of activities
• Types of transactions

3. Ongoing Monitoring

Having a good CIP and due diligence procedure is not enough. You need to continuously monitor customers and update their risk levels accordingly. This process also includes constant oversight of financial transactions based on triggers and thresholds developed as part of the customer’s risk profile. 

Triggers may include: 

• Adverse media mentions
• A sudden or unusual spike in activities
• Unusual cross-border activities
• Sanction and watchlist listings

The institution may also need to file proper Suspicious Activity Reports (SAR) to relevant authorities. Generally, the level of monitoring relies on a risk-based assessment.

Read Also: KYC for Fintech in Africa - A Comprehensive Guide 

Steps to Achieving Corporate KYC Compliance

Corporate accounts and business relationships also require KYC compliance just like individuals. However, this process has different requirements for KYC compliance and customer risk assessment. The procedure is referred to as Business Verification Corporate KYC, or Know Your Business (KYB).

Exact business verification processes are defined by specific jurisdictions but generally include the following steps:

1. Company Verification

This involves identifying and verifying company information such as business name, address, registration number, and key management persons.

2. Verify Ownership Structures

A company may be fronting or be a shell for criminal transactions, therefore, it is important that its ownership structure and percentages are verified. This uncovers persons with a stake through third parties or direct ownership. 

3. Verify Ultimate Beneficial Owners (UBOs)

UBOs are the ultimate beneficiaries of a business. They need to be also identified and their stake evaluated and reported based on the UBO reporting threshold of the jurisdiction. 

4. Conduct KYC and AML Checks on UBOs

The final step is to conduct KYC and AML checks on the ultimate beneficial owners of the business. This is to verify their identity and assess the individual risks they pose as a person, which extends to the business relationship.

Have questions? Book a free demo call with our experts.

KYC Requirements for Different Sectors

KYC Requirements for Banks

Banks are at the forefront of AML and KYC regulations due to being the most vulnerable to becoming conduits for money laundering activities and other financial crimes. KYC requirements for banks generally involve performing the three levels of customer due diligence as well as ongoing monitoring based on the risk profile of the customer. Biometric authentication and other fraud prevention measures should also be put in place.

KYC Requirements for Non-Banking Financial Institutions (NBFIs)

KYC requirements for other financial service providers are similar to those of banks, however, they are often not as strict. These institutions are mandated to perform KYC and monitor transactions to ensure they are not facilitating money laundering schemes. Specific situations like investigating larger sums of money transfers and reporting sums above certain thresholds also need to be adhered to. Their records also need to be kept.

KYC Requirements for Real Estate

Generally, real estate companies are required to collect accurate customer data like name, phone number, date of birth, address, and a valid government-issued ID and verify these data. For business relationships, all individuals and beneficial owners of the property and buyers need to be verified. 

KYC Requirements in Crypto

Cryptocurrency is not fully regulated and different jurisdictions have individual laws for them. This makes creating a tailored KYC program challenging. However, crypto companies are expected to conduct appropriate due diligence to avoid being facilitators of money laundering. General signs of suspicious activities in crypto transactions include:

• Forged IDs or documents
• Customers who frequently change their profile information
• Individuals on watch and sanction lists
• Multiple accounts created under different names
• Conducting transactions from high-risk jurisdictions IP addresses
• Incomplete KYC information 

Recommended: KYC Checklist - Ultimate KYC Guide for Businesses and Financial Institutions.

The Role of Electronic KYC Verification (eKYC) for AML Compliance Today 

Digital or electronic KYC (eKYC) facilitates easy customer onboarding to help comply with regulations by obtaining personally identifiable information from customers and verifying that it is accurate. The procedure takes advantage of digital processes and verifies the information obtained directly from government databases. Other checks like document verification and biometric authentication may also be put in place for an extra layer of security. 

What are the Benefits of Electronic KYC Verification (eKYC)?

Some of the benefits of eKYC include:

• Speed: eKYC empowers businesses to conduct faster customer onboarding, cutting down onboarding rates from months to merely minutes.  
• Customer Experience: Beyond speed, eKYC offers a better overall customer experience in terms of ease and comfort during onboarding.
• Accuracy: due to the process being digital, there is a higher level of accuracy resulting from the absence of manual processes. Costly human error is eliminated. 
• Flexible and Adaptable: Compliance regulations change frequently, requiring that processes change too. With eKYC, the process is digital, making it easier to effect changes. 
• Integration: eKYC generally involves adding functionality via APIs. This makes it simpler to integrate new capabilities into an existing system.
• Cost-effectiveness: eKYC processes offer better value per cost and utilization of compliance resources compared to manual processes.
• Analytics: Tracking, interpreting, and reporting data is much easier with the eKYC due to the system being completely digitized. 

Mobile KYC for AML Compliance

With the advent of technological advancements like SDKs, mobile KYC for AML compliance can be easily achieved. Mobile biometric verification capabilities offer easy ways to identify customers and run due diligence/ ongoing monitoring from their mobile devices.

For instance - businesses can integrate with Smile ID’s SDKs and perform KYC, biometric authentication and trigger controlled fraud prevention prompts all from the user's mobile device. While there is an array of methods available, leveraging mobile phones, the one device most customers already have and use conveniently, adds an extra protection layer. 

Achieving KYC Against Generative AI Identity Documents

Ground-breaking generative AI technologies have been on the rise in the past few years. This has powered technological advancements but also left existing KYC systems vulnerable, especially solutions like document verification. The right AI can generate realistically looking ID documents that may pass verification tests, and deep fakes to pass biometrics tests. 

What is the best way to prevent this today? Are KYC processes doomed to succumb to AI fakes? Thankfully, no. With the right solution, businesses can spot generative AI documents during onboarding with government KYC checks.

Government KYC check empowers businesses to not just verify the ID document provided by the customer, but go ahead to also verify the serial number of the ID directly from government and reliable databases. 

For instance - a customer provides an AI-generated document that is quality enough to pass an identity verification test. However, adding an extra layer of government KYC checks, which verifies the ID number directly from the government database will reveal that the ID is fake, regardless of the document verification result. Government KYC checks will really become a key solution for businesses especially as generative AIs evolve. Book a free demo to see how it works.

Examples of KYC Laws Around the World

KYC in South Africa

KYC in South Africa is governed by the Financial Intelligence Center Act (FICA) which laid down KYC requirements for business in the area. The Financial Sector Conduct Authority (FSCA) is empowered to regulate the financial institutions in the country. Read our full KYC Guide in South Africa to learn how this affects your business.

KYC in Europe

The 4AMLD, 5AMLD, and 6AMLD have been passed to expand the existing scope of KYC requirements and customer due diligence processes in Europe. This involves collecting personally identifiable information and screening customers against watchlists. 

KYC in Cote d'Ivoire

KYC in Cote d’Ivoire is guided by the Anti-money Laundering/ Combating the Financing of Terrorism Law, 2016. The country has seen tremendous progress in countering money laundering in recent times. Check out our full KYC Guide in Cote d’Ivoire to learn how this affects your business.

KYC in Kenya 

The Central Bank of Kenya is responsible for supervising and enforcing compliance across the nation following the Anti-Money Laundering Act, 2009, and further released procedures. 

KYC In India

KYC laws are governed by the Prevention of Money Laundering Act (PMLA), 2002, and further released documents. Regulatory bodies like the Securities and Exchange Board of India (SEBI) and Reserve Bank of India (RBI) further interpret these laws for specific institutions they oversee.

KYC in Zambia

The Financial Intelligence Center of Zambia establishes and governs the KYC framework in the country. The National Anti-Money Laundering (AML) and Countering Terrorism Financing and Proliferation Financing (CTPF) Policy was launched on 2nd February 2023. Learn about how this affects business operations in the country through our robust KYC Guide in Zambia. 

Bottom Line 

Proper KYC requires a thorough understanding of the industry you operate in as a business and the laws laid down by regulatory bodies in that jurisdiction. With the right compliance program, organizations can easily achieve compliance in the regions they operate.

Smile ID solutions are designed to provide you with comprehensive AML and KYC coverage in 52+ countries across Africa. Our APIs and SDKs are designed for easy integration with and interaction with your existing infrastructure. Book a free demo today to learn more.