Guide to Know Your Customer (KYC)

Contents:

• What is Know Your Customer (KYC)?
• How big is the risk?
• When do I need to carry out KYC checks?
• How do I carry out KYC checks?
• What happens if KYC isn’t done properly?
• Is there a benefit to KYC checks if I don’t legally have to do them?
• GBG products that can help you with KYC

What is Know Your Customer (KYC)?

KYC is all about verifying the identities of your customers, clients and suppliers.

KYC checks will help prevent you onboarding customers who are involved with various types of fraud, such as money laundering, and/or illegal activity, such as financing terrorism.

Financial institutions use KYC to protect themselves from being used by criminals looking to move illicit money. KYC also helps organisations to better understand and manage risk.

KYC is something of an umbrella terms that encompasses a range of activity that helps you identify and verify a customer.

How big is the risk?

The United Nations Office on Drugs and Crime (UNODC) estimates that between 2% and 5% of the world’s Gross Domestic Product (GDP) is laundered each year, which is equal to between £616bn and £1.47tn.

When do I need to carry out KYC checks?

At a minimum, you should conduct KYC checks when you onboard a new customer, but for a more robust approach, KYC should be an ongoing process of checking and monitoring your customers and their typical behaviour.

How do I carry out KYC checks?

In most cases, you’ll need to carry our Customer Due Diligence (CDD). This involves taking the customer’s name, date of birth and address plus sometimes a copy of an official identity document with a picture of them on it.

Passports, driving licences and identity cards utility bills and bank statements are the most common documents used for CDD. The electoral register and credit reference agencies can also be used for data checks.

In some cases, you’ll also need to identify the ‘beneficial owner’ of a company, partnership or trust too. This is to ensure you understand who the individuals are behind an organisation.

CDD measures must be applied when:

• You begin a business relationship with a customer (or another party in a property sale)
• You suspect money laundering or financing terrorism
• You have doubts about a customer’s information you already hold
• The customer’s circumstances change
• You carry (not a high-value dealer) out an ‘occasional transaction’ worth €15,000+
• You (a high-value dealer) make a payment to a supplier worth €10,000+
• You (a high-value dealer) carry out an ‘occasional transaction’ worth €10,000+

CDD checks for new business relationships only apply when you and your customer expect the relationship to be ongoing, formally or informally.

You’ll need to gather information on the purpose of the relationship and the ‘intended nature’ of the relationship i.e. where the funds will come from and the purpose of your transactions.

This may include: details of the customer’s business or employment, the source and origin of the funds the customer will be transferring to you, copies of recent and current financial statements, and details of the relationships between signatories and beneficial owners, and the expected level/type of activity that will take place in your relationship.

Customer information has to be kept up-to-date when their circumstances change e.g. there’s a change in the ownership structure of their business.

When these changes happen, you’ll need to amend your risk assessment of them and carry out further due diligence if necessary.

Occasional transactions

Sometimes you’ll need to carry out CDD checks when you don’t have an ongoing relationship with a customer, but carry out occasional transactions with them.

These checks become necessary when a transaction has a value of:

• €15,000 or more if you’re not a high value dealer
• €10,000 or more if you’re a high value dealer

Linked transactions are where a larger amounts have been broken down into separate, smaller (less than €15,000) transactions to avoid CDD checks.

You must have systems in place to detect these kinds of linked transactions. When you spot them, you have to take a view on whether it’s been deliberately split. Some red flags to watch out for include:

• Several payments from the same customer in a short period
• A number of customers carrying out transactions on behalf of the same person
• A number of customers sending money transfers to the same person

When the nature of a transaction carries a higher risk of money laundering, you’ll need to carry out CDD on occasional transactions of less than €15,000.

Enhanced due diligence

Occasionally, you’ll need to conduct a more thorough review of your customer. This is called enhanced due diligence and must be carried out when:

• The customer isn’t physically present for identification checks
• You enter into a business relationship with a ‘politically exposed person’ (a non-UK or domestic member of parliament, head of state or government, or government minister and their family members and known close associates)
• You enter into a transaction with a person from a high-risk third-country identified by the EU
• There’s a higher risk of money laundering

In the case of politically exposed persons, you’ll need to make sure:

• Only senior management approves the new relationship,
• There are adequate measures in place to establish where the person’s wealth and funds come from
• There will be stricter monitoring of the relationship

Relationships with other money service businesses

Enhanced due diligence is advised if your customer is a money transmitter or a currency exchange office because of the higher risk of money laundering and terrorist financing associated with ‘bulk transfers’ of money.

Your responsibilities

Not only are you expected to carry out proper due diligence, you also need to show you have adequate internal controls and monitoring systems to flag money laundering threats as they happen.

These controls and systems should include:

• A nominated officer for employees to report suspicious activity to
• A compliance officer (for larger or complex organisations)
• Clear responsibilities for senior managers and regular updates on money-laundering risks
• Adequate training for employees with money-laundering responsibilities
• Documented anti-money-laundering policies and procedures
• Measures to minimise the risk of money laundering on a day-to-day basis

You should create a policy document that includes your anti-money laundering policy, controls and the procedures for preventing money laundering. It needs to name the relevant people in your business and detail their responsibilities.

Finally, you need to keep records of all your CDD activity for each relationship for 5 years after a transaction takes places or the relationship ends. These records are acceptable as photocopies, microfiche, scans, digital copies or originals.

What happens if KYC isn’t done properly?

You can be fined by regulators and, in more serious cases, face criminal prosecution.

What’s more, those penalties for non-compliance could make the headlines, which can cause immeasurable damage to your reputation and put potential customers off doing business with you in future.

Is there a benefit to KYC checks if I don’t legally have to do them?

Even if you’re not legally required to carry out KYC checks, knowing more about your customers can help you manage risk and keep out unwanted customers. Demonstrating KYC compliance also helps to build trust by showing that you’re going above and beyond what’s expected of you.

The scope of KYC is also ever-expanding. For example, cryptocurrency firms weren’t subject to AML regulation until the introduction of 5AMLD. So, if you believe your market is likely to become regulated in future, getting a head start on it now could save your business a painful retrofitting process.

GBG products that can help you with KYC

Our Identity Solution, can help you to stay on top of your regulatory requirements wherever you operate and give you a competitive edge as a leader in compliance.

ID3global can help you meet your KYC obligations, verify your customers’ ages and check for Politically Exposed Persons (PEPs) and sanctions.

IDscan validates identity documents for KYC purposes, relieving the pressure on your front line teams and freeing up their time for other priorities.

Find out more about GBG Identity Solution here.