In 2021, reported fraud losses rose to $5.8 billion, an increase of more than 70 percent in a single year. One way to combat the rise in financial fraud and money laundering is to reduce anonymous bank accounts and monitor suspicious activity. For financial organizations, that means knowing who customers are and continuously monitoring for risk factors, a process called KYC or "know your customer."
While the programs to meet KYC requirements are developed by individual organizations, financial institutions like banks, credit unions, and Fortune 500 financial firms, must comply with complex regulations to verify customer identity, called KYC. This article explains what KYC requirements are in the U.S., and why KYC in banking matters.
Failing to meet KYC regulations can mean steep fines, an increased risk of fraud, and reduced consumer trust, making KYC compliance critical to businesses in many industries.
What is KYC?
KYC means "Know Your Customer." It is a due diligence process financial companies use to verify customer identity and assess and monitor customer risk. KYC ensures a customer is who they say they are.
Compliance with KYC regulations helps prevent money laundering, terrorism financing, and more run-of-the-mill fraud schemes. By verifying a customer’s identity and intentions when the account is opened and then monitoring transaction patterns, financial institutions can more accurately pinpoint suspicious activities.
To meet KYC requirements, clients must provide proof of their identity and address, such as ID card verification, face verification, biometric verification, and/or document verification. Examples of KYC documents include a passport, driver's license, or utility bill.
KYC is a critical process for determining customer risk and whether the customer can meet the institution’s requirements to use their services. It’s also a legal requirement to comply with Anti-Money Laundering (AML) laws. Financial institutions must ensure clients are not engaging in criminal activities while using their services.
→ Want to know how Public seamlessly onboards users to invest in stocks, ETFs, crypto, and more? Watch the Powered by Plaid story on how Public enables new users to make their first trade in minutes.
Why is KYC important in banking?
KYC is a legal requirement for financial institutions and financial services companies to establish a customer’s identity and identify risk factors. KYC procedures help prevent identity theft, money laundering, financial fraud, terrorism financing, and other financial crimes. Failure to meet KYC requirements can result in steep fines and penalties.
AML regulations were introduced in 1970 to fight money laundering. Following the 9/11 attacks, the U.S. passed stricter KYC requirements as part of the Patriot Act. While these changes were in the works for several years, the terrorist attacks provided the political momentum needed to enact them.
Title III of the Patriot Act requires financial institutions to meet two core KYC components: the Customer Identification Program (CIP) and Customer Due Diligence (CDD). Current KYC procedures embrace a risk-based approach to counteract identity theft, money laundering, and financial fraud:
Identity Theft: KYC helps financial institutions establish proof of a customer’s legal identity. This can prevent fake accounts and identity thefts from forged documents or stolen identity documents.
Money Laundering: Both organized and unorganized criminal sectors use dummy accounts in banks to store funds for narcotics, human trafficking, smuggling, racketeering, and more. KYC limits their ability to avoid suspicion by spreading money out across several accounts.
Financial Fraud: KYC helps prevent fraudulent financial activities, such as using fake or stolen IDs to apply for a loan and then receive funding with fraudulent accounts.
→ Want to fight fraud while handling KYC requirements? Plaid Identity Verification is the lowest friction identity verification experience available.
AML vs KYC: What’s the difference?
The difference between AML (anti-money laundering) and KYC (Know Your Customer) is that AML refers to the framework of legislation and regulation financial institutions must follow to prevent money laundering. The KYC process is a key part of the overall AML framework and specifically requires organizations to know who they do business with and verify customer identity.
Financial institutions are responsible for developing their own KYC processes. However, AML legislation can vary by jurisdiction or country, which means financial institutions must establish KYC procedures that comply with each set of AML standards.
Who needs to have KYC processes?
KYC is required for any financial institution that deals with customers while opening and maintaining financial accounts. When a business onboards a new client, or when a current client acquires a regulated product, standard KYC procedures generally apply.
Financial institutions that need to comply with KYC protocols include:
Wealth management firms and broker-dealers
Finance tech applications (fintech apps), depending on the activities in which they engage
Private lenders and lending platforms
KYC regulations have become an increasingly critical issue for almost any institution interacting with money (so, just about every business.) While banks are required to comply with KYC to limit fraud, they also pass down those requirements to organizations with whom they do business.
The Fintech Spotlight
Get the latest insights and in-depth analysis on the future of digital finance
What triggers KYC reverification?
Certain activities can require organizations to reverify customers with an updated KYC process. Triggers for KYC reverification can include:
Unusual transaction activity
New information or changes to the client
Change in the client’s occupation
Change in the nature of a client’s business
Adding new parties to an account
For example, as a result of initial due diligence and ongoing monitoring, a bank might flag risk factors like frequent wire transfers, international transactions, and interactions with off-shore financial centers. A “high-risk” account is then monitored more frequently, and the customer might be asked to explain transactions or update other KYC-related information periodically.
What are the components of KYC?
Understanding KYC means understanding not just what the process is, but how the different components work together to reduce fraud and illegal activity.
The core components of KYC include:
Customer Identification Program: Identify and verify the identity of customers.
If you’re working with businesses, identify and verify the identity of the beneficial owners of companies opening accounts.
Customer Due Diligence Program: Understand the nature and purpose of customer relationships to develop customer risk profiles.
Continuous Monitoring: Conduct ongoing monitoring to identify and report suspicious transactions and—on a risk basis—maintain and update customer information.
Customer Identification Program (CIP)
To comply with the Customer Identification Program, financial institutions must ask customers for identifying information. Every financial institution conducts its own CIP process based on its risk profile, so a customer may be asked for different information depending on the institution.
For an individual, KYC documents could include:
A driver’s license
For a company, the information may include:
Certified articles of incorporation
Government-issued business license
For either a business or an individual, further verifying information might include:
Information from a consumer reporting agency or public database
A financial statement
Financial institutions must verify that this information is accurate and credible, by verifying documentation authenticity, using digital identity verification, or both.
Customer Due Diligence (CDD)
Customer due diligence requires financial institutions to conduct detailed risk assessments, including examining the potential types of transactions a customer makes to detect suspicious behavior. Using this information, the institution assigns the customer a risk rating that determines how often the account is monitored. Institutions must verify the identity of any individual who owns 25% or more of a legal entity, and any individual who controls the legal entity.
While there’s no standard procedure for due diligence, institutions can think of them in three tiers:
Simplified Due Diligence (“SDD”): Used for low-value accounts, or when the risk of money laundering or financing terrorism is low.
Basic Customer Due Diligence (“CDD”): At this level of due diligence, financial institutions should verify a customer’s identity and level of risk.
Enhanced Due Diligence (“EDD”): High-risk or high-net-worth customers that require a deeper understanding of the customer’s financial activities and risks. For example, if a customer is a Politically Exposed Person (PEP), they may be at greater risk for money laundering.
Continuous monitoring means financial institutions must monitor their client’s transactions on an ongoing basis for suspicious or unusual activity. This step embraces a dynamic, risk-driven approach to KYC. When suspicious or unusual activities are detected, the financial institution must submit a Suspicious Activities Report (SAR) to FinCEN and other relevant law enforcement agencies.
What are KYC document requirements?
The two mandatory KYC documents are proof of identity with a photograph and proof of address. Customers must provide an updated, unexpired government-issued identification proving nationality or residence and include a photograph or similar safeguard. These documents establish identity when users open a financial account, such as a savings, fixed deposit, mutual fund, or insurance account.
Documents commonly accepted as standard proof of identity and address include:
State-issued ID card
→ Need a faster account opening and onboarding flow? Plaid Auth provides instant bank account authentication when users connect with their bank account credentials.
How much does KYC cost businesses?
In 2021, financial institutions spent an estimated $37.1 billion on AML-KYC compliance technology and operations. Beyond the immediate cost of implementing processes, KYC has other costs, such as increased time investment and higher customer churn.
However, non-compliance with KYC processes can increase costs as well. Failing to meet KYC requirements can lead to increasingly steep fines. In 2013 and 2014, $4.3 billion in fines were levied against financial institutions, which quadrupled the fines of the nine previous years combined. For example, JP Morgan was fined more than $2 billion for a failure to report suspicious activities. In 2021 alone, financial institutions were fined $2.7 billion.
The impact of KYC processes on the banking world
KYC regulations mean almost any business, platform, or organization that interacts with a financial institution to open an account or engage in transactions must comply with these complex regulations.
KYC regulations have far-reaching implications for consumers and financial institutions alike. Financial institutions must follow KYC standards when working with a new client. These standards were enacted to fight financial crime, money laundering, terrorism funding, and other illegal financial activity which often rely on anonymous financial accounts.
Failure to comply with KYC regulations can mean steep fines, lack of consumer trust, and even prosecution in some cases. As the financial technology industry grows, more organizations will need to comply with these complex regulations.
Taking a risk-based approach to KYC helps eliminate the risk of fraudulent activities and ensures a better customer experience.