In an increasingly globalized economy, businesses that handle money – especially banks – are considered more vulnerable to illicit activities. Know Your Customer (KYC) laws are designed to secure banks against potential fraud, money laundering, and terrorist activities. Global standards have been put in place to limit access by criminals presenting as potential customers.
In the United States, banks are required to follow KYC regulations according to the 2001 Patriot Act. Financial institutions and other businesses that handle money are responsible for complying with KYC to decrease fraud, money laundering, and terrorist activities. Years later, KYC is still important. In 2017, more than 2 million suspicious activity reports were filed, according to the
Understanding Know Your Customer
“Know Your Customer” is a set of regulations for businesses that handle money, and the meaning is in the name. The more familiar you are with your customer and their spending habits, the better able you are to spot suspicious activity. There are several key components of KYC, and we’ve broken them down – as well as why they matter – below.
Verifying Customer Identity
The first step to KYC compliance is to verify the identity of customers before they open an account. Businesses must have a written Customer Identification Program (CIP) that lays out how they confirm a new customer is who they say they are. The specifics of an individual CIP vary according to the size and type of business, but CIPs generally require the following information from customers:
- Date of birth (for individuals)
- Identification number
Banks verify customer information through documentation – such as a passport or a government-issued I.D. They may also confirm with third-party sources, like a public database or another financial institution.
Verifying a customer’s identity prevents identity theft and fraud, but this step is also important for ensuring they are not a known terrorist or criminal. A bank must also run a customer’s name against federal government lists of known or suspected terrorists or terrorist organizations.
Anticipating Financial Behaviors
Once you know the identity of your customer, the next step to know your customer is to anticipate and monitor their spending habits. Modern databases and data science make this easier. Banks create a spending profile for each new customer that predicts the types of transactions they will be making. This is based on known characteristics and similar customers’ behavior. Then, if the customer behaves outside of the bank’s predictions it will be better able to flag it as suspicious behavior.
CDD monitoring helps protect banks from losing funds to fraud, hits to their reputation, and compromised security. It also offers a side benefit for customers. Monitoring spending strengthens banks’ ability to alert customers to suspicious activity on their account.
You can find more information on CDD best practices here.
Early on, banks also assign a risk rating to a new customer. This indicates how likely it is that the person will attempt fraudulent activity like money laundering. If the customer is seen as too high-risk, the bank may decline to do business with them. According to their risk rating, the bank should indicate how often and how heavily the customer’s transactions should be monitored for suspicious activity. Common red flags may include repeated wire transfers, transactions with offshore accounts, and moving money internationally.
Higher-risk customers may be flagged for Enhanced Due Diligence (EDD) based on a variety of factors. For instance, the customer may be a politically exposed person (PEP), meaning they’re in public office and vulnerable corruption. Additional monitoring should be set for that person based on the level of risk they pose.
FinCEN regularly issues advisories with information on the latest threats and vulnerabilities to financial institutions.
Know Your Customer combines thorough initial work and ongoing due diligence to hopefully decrease financial institutions’ risk to illicit activities and fraud. The more information you can gather from your customers, and feel confident about their true identity, the better able you are to anticipate risk and catch suspicious activity – before it causes significant damage.