Learn how GBG products can help you meet your KYC obligations and give you a competitive edge as a leader in anti-money laundering (AML) compliance.
What is Know Your Customer (KYC)?
KYC is all about verifying the identities of your customers, clients and suppliers.
Financial institutions use KYC to protect themselves from being used by criminals looking to move illicit money. KYC also helps organisations to better understand and manage risk.
KYC is something of an umbrella terms that encompasses a range of activity that helps you identify and verify a customer.
The United Nations Office on Drugs and Crime (UNODC) estimates that between 2% and 5% of the world’s Gross Domestic Product (GDP) is laundered each year, which is equal to between £616bn and £1.47tn.
At a minimum, you should conduct KYC checks when you onboard a new customer, but for a more robust approach, KYC should be an ongoing process of checking and monitoring your customers and their typical behaviour.
In most cases, you’ll need to carry our Customer Due Diligence (CDD). This involves taking the customer’s name, date of birth and address plus sometimes a copy of an official identity document with a picture of them on it.
Passports, driving licences and identity cards utility bills and bank statements are the most common documents used for CDD. The electoral register and credit reference agencies can also be used for data checks.
In some cases, you’ll also need to identify the ‘beneficial owner’ of a company, partnership or trust too. This is to ensure you understand who the individuals are behind an organisation.
CDD measures must be applied when:
CDD checks for new business relationships only apply when you and your customer expect the relationship to be ongoing, formally or informally.
You’ll need to gather information on the purpose of the relationship and the ‘intended nature’ of the relationship i.e. where the funds will come from and the purpose of your transactions.
This may include: details of the customer’s business or employment, the source and origin of the funds the customer will be transferring to you, copies of recent and current financial statements, and details of the relationships between signatories and beneficial owners, and the expected level/type of activity that will take place in your relationship.
Customer information has to be kept up-to-date when their circumstances change e.g. there’s a change in the ownership structure of their business.
When these changes happen, you’ll need to amend your risk assessment of them and carry out further due diligence if necessary.
Sometimes you’ll need to carry out CDD checks when you don’t have an ongoing relationship with a customer, but carry out occasional transactions with them.
These checks become necessary when a transaction has a value of:
Linked transactions are where a larger amounts have been broken down into separate, smaller (less than €15,000) transactions to avoid CDD checks.
You must have systems in place to detect these kinds of linked transactions. When you spot them, you have to take a view on whether it’s been deliberately split. Some red flags to watch out for include:
When the nature of a transaction carries a higher risk of money laundering, you’ll need to carry out CDD on occasional transactions of less than €15,000.
Enhanced due diligence
Occasionally, you’ll need to conduct a more thorough review of your customer. This is called enhanced due diligence and must be carried out when:
In the case of politically exposed persons, you’ll need to make sure:
Relationships with other money service businesses
Enhanced due diligence is advised if your customer is a money transmitter or a currency exchange office because of the higher risk of money laundering and terrorist financing associated with ‘bulk transfers’ of money.
Not only are you expected to carry out proper due diligence, you also need to show you have adequate internal controls and monitoring systems to flag money laundering threats as they happen.
These controls and systems should include:
You should create a policy document that includes your anti-money laundering policy, controls and the procedures for preventing money laundering. It needs to name the relevant people in your business and detail their responsibilities.
Finally, you need to keep records of all your CDD activity for each relationship for 5 years after a transaction takes places or the relationship ends. These records are acceptable as photocopies, microfiche, scans, digital copies or originals.
You can be fined by regulators and, in more serious cases, face criminal prosecution.
What’s more, those penalties for non-compliance could make the headlines, which can cause immeasurable damage to your reputation and put potential customers off doing business with you in future.
Even if you’re not legally required to carry out KYC checks, knowing more about your customers can help you manage risk and keep out unwanted customers. Demonstrating KYC compliance also helps to build trust by showing that you’re going above and beyond what’s expected of you.
The scope of KYC is also ever-expanding. For example, cryptocurrency firms weren’t subject to AML regulation until the introduction of 5AMLD. So, if you believe your market is likely to become regulated in future, getting a head start on it now could save your business a painful retrofitting process.
Our Identity Solution, can help you to stay on top of your regulatory requirements wherever you operate and give you a competitive edge as a leader in compliance.
IDscan validates identity documents for KYC purposes, relieving the pressure on your front line teams and freeing up their time for other priorities.
Hear from us when we launch new research, guides and reports.