Know your customer
Know your customer (KYC) refers to due diligence activities that financial institutions and other regulated companies must perform to ascertain relevant information from their clients for the purpose of doing business with them. The term is also used to refer to the bank regulation which governs these activities. Know Your Customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed agents', consultants' or distributors' anti-bribery compliance. Banks, insurers and export credit agencies are increasingly demanding that customers provide detailed anti-corruption due diligence information, to verify their probity and integrity.
- 1 Standards
- 2 Typical KYC controls
- 3 Enhanced due diligence
- 4 KYC Process Capability Maturity Model
- 5 Laws by country
- 6 KYC Day
- 7 See also
- 8 References
- 9 External links
The objective of KYC guidelines is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities. Related procedures also enable banks to know or understand their customers, and their financial dealings better. This helps them manage their risks prudently. Banks usually frame their KYC policies incorporating the following four key elements:
- Customer Acceptance Policy;
- Customer Identification Procedures;
- Monitoring of Transactions; and
- Risk management.
For the purposes of a KYC policy, a Customer may be defined as :
- a person or entity that maintains an account and/or has a business relationship with the bank;
- one on whose behalf the account is maintained (i.e. the beneficial owner);
- beneficiaries of transactions conducted by professional intermediaries, such as Stock Brokers, Chartered Accountants, Solicitors etc. as permitted under the law, and
- any person or entity connected with a financial transaction which can pose significant reputational or other risks to the bank, say, a wire transfer or issue of a high value demand draft as a single transaction.
Typical KYC controls
KYC controls typically include the following:
- Collection and analysis of basic identity information (referred to in US regulations and practice a "Customer Identification Program" or CIP)
- Name matching against lists of known parties (such as "politically exposed person" or PEP)
- Determination of the customer's risk in terms of propensity to commit money laundering, terrorist finance, or identity theft
- Creation of an expectation of a customer's transactional behavior
- Monitoring of a customer's transactions against their expected behaviour and recorded profile as well as that of the customer's peers
Enhanced due diligence
|This section needs additional citations for verification. (August 2012)|
While Enhanced due diligence (EDD) has not been internationally defined, the USA PATRIOT Act dictates that institutions "shall establish appropriate, specific, and, where necessary, enhanced, due diligence policies, procedures, and controls that are reasonably designed to detect and report instances of money laundering through those accounts." US regulations require that EDD measures are applied to account types such as Private banking, Correspondent account, and Offshore banking institutions.
Because regulatory definitions are neither globally consistent nor prescriptive, financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money Laundering Specialists) suggests the following:
A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk; assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.
Characteristics of EDD
Rigorous and robust
Generally this means consistent, thorough and accurate. The process must be documented and available for inspection by regulators. The process must be SMART (Specific, Measurable, Achievable, Relevant and Timebound), scalable and proportionate to the risk and resources.
Over and above KYC procedures
EDD files rely upon initial client screening. This definition requires revalidation of the customer’s identity – knowing the client’s identity, not who they say they are. EDD processes should use a tiered approach dependent upon the risk. Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results. Commercial intelligence companies such as Dow Jones, World Compliance, Red Flag Group, Steele Foundation, and C6 Intelligence Information Systems Ltd. ("C6 Database"), aggregate this information and compile it daily into a comprehensive database. Many of these commercial intelligence companies are serviced by in-country providers with researchers on the ground who can obtain information that is not otherwise easily accessible. Companies such as KYC Israel, and SGS Nigeria are examples of in-country due diligence investigation companies.
What is reasonable depends upon factors including jurisdiction, risk, resources, and technology state of the art. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof i.e. on the balance of probability.
Relevant adverse information
Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offences.
Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized regulatory bodies.
KYC Process Capability Maturity Model
A series of draft KYC Capability Maturity Model papers were published  and shared for peer review with a range of international KYC practitioners in 2009 - 2011. An updated version was published in ACAMS Today (Vol. 11 No. 4 - 2012), the journal of ACAMS, the Association of Certified Anti-Money Laundering Specialists.
The KYC Maturity Model is based on the typical 5 levels of the standard Capability Maturity Model. These levels are typically described as Initial, Repeatable, Defined, Managed and Optimized and have very strict meanings. The KYC maturity has however been somewhat simplified, renamed and re-built as follows: Chaotic, Reactive, Proactive, Service Managed and Value Managed. Practical process improvement learnings have also been taken from common manufacturing and IT productivity methodologies such as Lean, Agile, 6-Sigma, ITIL and Balanced Scorecard.
Laws by country
- India: The Reserve Bank of India introduced KYC guidelines for all banks in 2002. In 2004, RBI directed that all banks ensure that they are fully compliant with the KYC provisions before December 31, 2005.
- South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)
- USA: Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before October 26, 2002 making KYC mandatory for all US banks. The related processes are required to conform to a customer identification program (CIP)
- New Zealand: Updated KYC laws were enacted in late 2009, and entered into force in 2010. KYC is mandatory for all registered banks and financial institutions (the latter being given an extremely wide meaning).
An AML-KYC day is observed in India on first working day of August each year.
- Anti-money laundering
- Anti-money laundering software
- Politically exposed person
- Certified copy
- Learn How to Make Your Goals SMART web page, retrieved November 5, 2006
- "'Know Your Customer' (KYC) Guidelines - Anti-Money Laundering Standards".
- "Why KYC is mandatory now". business.rediff.com. Retrieved 25 Oct 2010.
- "AML CFT 2009".