Know Your Customer (KYC) compliance regulation has proved to be one of the biggest operational challenges banks, accountants, lawyers and similar financial service providers worldwide have had to overcome.
World-Check, the industry standard KYC compliance solution, provides an overview of KYC compliance and its origins, and outlines the compliance mandate as applicable to banks, accounting firms, lawyers and other regulated financial service providers – not just in the UK, Europe and the USA, but all around the world. Relied upon by more than 3,000 institutions worldwide, this KYC database solution provides effective legal and reputational risk reduction.
Why “Know Your Customer?”
The 9/11 terrorist attacks on the World Trade Centre revealed that there were sinister forces at work around the world, and that terrorists activities were being funded with laundered money, the proceeds of illicit activities such as narcotics and human trafficking, fraud and organised crime. Overnight, the combating of terrorist financing became a priority on the international agenda.
For the financial services provider of the 21st century, “knowing your customers” was no longer a suggested course of action. Based on the requirements of legislative landmarks such as the USA PATRIOT Act 2002, modern Know Your Customer (KYC) compliance mandates were created to simultaneously combat money laundering and the funding of terrorist activities.
What is Know Your Customer (KYC)?
Know Your Customer, or KYC, refers to the regulatory compliance mandate imposed on financial service providers to implement a Customer Identification Programme and perform due diligence checks before doing business with a person or entity.
KYC fulfils a risk mitigation function, and one its key requirements is checking that a prospective customer is not listed on any government lists for wanted money launders, known fraudsters or terrorists.
If preliminary KYC checks reveal that the person is a Politically Exposed Person (PEP), for example, Advanced Due Diligence must be done in order to ensure that the person’s source of wealth is transparent, and that he or she does not pose a reputational or financial risk in terms of their finances, public positions or associations. Beyond customer identification checks, the ongoing monitoring of transfers and financial transactions against a range of risk variables forms an integral part of the KYC compliance mandate.
But to understand the importance of KYC compliance for financial service providers better, its origins need to be examined.
Origins of Know Your Customer (KYC) compliance
The arrival of the new millennium was marred by a spate of terrorist attacks and corporate scandals that unmasked the darker features of globalisation. These events highlighted the role of money laundering in cross-border crime and terrorism, and underlined the need to clamp down on the exploitation of financial systems worldwide.
Know Your Customer (KYC) legislation was principally not absent prior to 9/11. Regulated financial service providers for a long time have been required to conduct due diligence and customer identification checks in order to mitigate their own operation risks, and to ensure a consistent and acceptable level of service.
In essence, the USA PATRIOT Act was not so much a radical departure from prior legislation as it was a firmer and more extensive articulation of existing laws. The Act would lead to the more rigorous regulation of a greater range of financial services providers, and expanded the authority of American law enforcement agencies in the fighting of terrorism, both in the USA and abroad.
In October 2001, President George W. Bush signed off the USA PATRIOT Act, effectively providing federal regulators with a new range of tools and powers for fighting terror financing and money laundering. During July 2002, the US Treasury proceeded to introduce Section 326 of the PATRIOT Act, a clause that removed some key burdens for regulators and added significant enforcement muscle to the Act.
What 9/11 changed, in essence, was the extent to which existing legislation was being implemented. Using the provisions of the earlier anti-terrorism USA Act as a foundation, it included the Financial Anti-Terrorism Act, which allowed for federal jurisdiction over foreign money launders and money laundered through foreign banks. Significantly, it is this anti-terror law that would make the creation of an Anti Money Laundering (AML) programme compulsory for all financial institutions and service providers.
Section 326 of the USA PATRIOT Act dealt specifically with the identification of new customers (“CIP regulation”), and made extensive provisions in terms of KYC and the methods employed to verify client identities.
In accordance with this piece of updated KYC legislation, federal regulators would hold financial institutions accountable for the effectiveness of their initial customer identification and ongoing KYC screening. Institutions are required to keep detailed records of the steps that were taken to verify prospective clients’ identities.
Although current KYC legislation does not yet demand the exclusion of specific types of foreign-issued identification, it recommends the usage of machine-verifiable identity documents. The ability to notify financial institutions if concerns regarding specific types of identification were to arise, combined with a risk-based approach to KYC, proved to provide a robust mechanism for addressing security concerns.
Effectively, the risk-based approach to customer due diligence grants regulated institutions a certain degree of flexibility to determine the forms of identification they will accept, and under which conditions.
KYC compliance: Implications for banks, lawyers and accounting firms
The KYC compliance mandate, for all its positive outcomes, has burdened companies and organisations with a substantial administrative obligation. Additionally, KYC compliance increasingly entails the creation of auditable proof of due diligence activities, in addition to the need for customer identification.