Know Your Customer (KYC) is a standard due diligence process used by investment firms i.e., wealth management, broker dealers, private lenders, commercial real estate investment, among others to assess investors they are conducting business with. Apart from being a legal and regulatory requirement, KYC is a good business practice as well to better understand investment objectives and suitability, and reduce risk from suspicious activities.
So, what is KYC? In a nutshell, it is the process of identifying who your investors are and their wealth status, verifying the sources of the customer's funds (if they are legitimate or not), and requiring detailed anti-money laundering (AML) information from the customers. Getting the detailed information about your customer protects both parties in a business transaction and relationship. KYC serves an important purpose for providing superior service, preventing liability, and avoiding association with money laundering, and types of fraud.
The importance of KYC
KYC is a standard requirement globally within the investment industry. It’s a process from industry regulatory bodies to protect all stakeholders within the industry and it’s in the best business interest of any investment firm or investor, especially if there is a lot of money at stake.
In addition to the KYC process for new investors, it’s also a requirement to conduct KYC on repeat investors or “renew” the KYC profile on file at the firm. Maintaining accurate and updated records firmwide is critical.
If a business or issuer complies with KYC policies, they will reduce the financial risks of their business arrangements with particular customers. Knowing the source of a customer’s income, gauging their capability of investing in your market, and obtaining their complete financial portfolio and background are important aspects of KYC requirements. Those checks can also be vital risk management strategies to avoid getting entangled in business relationships with potential customers who have participated in illegal activities.
KYC procedures also help establish trust in a business relationship and give an organization insight into the nature of customer activities. On top of that, they are a crucial part of the onboarding process and can significantly improve the servicing and management of investors over the course of the relationship.
The importance of KYC may not be evident from the investor's point of view, however their own protection is the priority of regulators. These rigorous checks can be a burdensome process for the investor, however they create a secure and trustworthy environment to enable financial or investment activities with the company. Digital technology has allowed for a much smoother, streamlined onboarding experience, that transforms a process that used to take months into an intuitive experience that can be performed in minutes on any device. The technology behind protecting sensitive information has also evolved, with methods such as advanced authentication and encryption giving the customer base confidence in every KYC procedure.
Seamless KYC workflows will make your customers feel they are working with a legitimate company and more comfortable allocating funds to your firm or not.
What is the KYC process?
While the exact steps may differ based on KYC laws across different countries, most of the frameworks include the same elements. A KYC process usually consists of verifying the customer’s identity, investment suitability, and due diligence on various documentation such as proof of address and income.
A critical element to a successful KYC methodology is risk assessment, and it’s up to the individual organization to determine the exact KYC policy to counter any potential issues and ensure compliance.
The minimum requirements for customer identification include the following information:
- Date of birth
- Identification number
- Tax Number
- Investment Experience
- Investment Preferences
- Income and Assets
After gathering this information during onboarding, an organization must make sure to verify the identity of the account holder within a reasonable timeframe. This process can include documents, non-documentary methods (depending on information availability), as well as a combination of the two.
KYC policies are decided based on the risk assessment strategy within an organization, with factors such as the type of account and services offered, the customer’s geographic location, the organization’s size and others playing a role.
Customer Due Diligence
For any organization in the investment industry, one of the other aspects of KYC requirements is based on being able to trust the investor. A key component of determining that is Customer Due Diligence (CDD). There are multiple levels of CDD based on the potential risks involved in the business relationship. Simplified Due Diligence refers to situations where the risk of fraud or other illegal activities is perceived as low. As a result, the information needed to verify a customer’s background is not as comprehensive as in other cases. Basic CDD is the standard approach to collecting information, whereas Enhanced Due Diligence is applied in higher-risk situations. With EDD, factors such as the location and occupation of the customer are taken into consideration, as well as their pattern of activity, transaction types, methods of payment and other similar types of information.
Customer Due Diligence usually incorporates some of the following steps:
- Determining and verifying the identity and location of the potential customer
- Gaining a clear overview of a customer’s business activities
- Determining the potential risks associated with the customer
- Storing and monitoring information about a customer
- Performing periodic due diligence assessments to determine if the existing risk category is still applicable
It is essential to keep records of all the CDD- and EDD-checks performed on a customer or potential customer, as they may need to be presented during a regulatory audit.
Checking your customer’s background once is not enough for establishing long-term trust. Some regulations envision a level of monitoring on an ongoing basis. This might include overseeing financial transactions and accounts with a focus on thresholds determined during the risk assessment process.
Some of the factors to look out for during monitoring include unusual spikes in activities, media mentions pointing to fraud or illegal undertakings, unexpected activities in other countries, the inclusion of the customer on sanction lists, and others. In these cases, a Suspicious Transaction Report may be created. The level of monitoring generally depends on the risk-based assessment and risk management strategy. Information about an account always needs to be up-to-date for the company to be able to determine the risk level correctly.
Requirements and regulations across the globe
KYC requirements are standard practice around the world when dealing with financial transactions and investments. Each country has variations in terms of the exact information and documentation necessary to collect from investors, however the processes are similar and with the same intentions to better safeguard the financial industry and provide investor protections. Below are a few overviews of KYC regulations in countries that Katipult has active customers:
Canada’s financial intelligence unit, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), made amendments to its Know Your Customer/Anti-Money Laundering (KYC AML) regulations in 2019, with most changes coming into effect in 2020. Despite Canada being one of the founding members of the Financial Action Task Force (FATF), multiple evaluations in recent years unearthed some deficiencies which needed to be corrected. For example, Customer Due Diligence regulations in Canada did not require verifying the source of wealth of its regulated entities.
As a result, numerous refinements were made, with one of the most impactful ones being a change in the definition of an acceptable document to determine a customer’s identity. Instead of an “original, valid and current”, a document now has to be “authentic, valid and current.” Using scanned or photocopied documents had previously been explicitly prohibited, whereas it can now significantly expedite the verification process.
In the United States, Know Your Customer practices have been mandatory for banks since 2001 and the proclamation of the Patriot Act. The act was created to combat and prevent money laundering, terrorism funding, and other illegal activities.
Various industries in Singapore are subject to Anti Money Laundering/Know Your Customer requirements, with the Monetary Authority of Singapore acting as the central intelligence unit. Singapore has been a reputable international financial center since its independence in 1965, but its relatively simple verification process in the past led to illegal investor activities becoming commonplace. In an effort to stop this, Singapore restructured its anti-money laundering laws in 2007.
Additionally, close to 200 jurisdictions across the globe have committed to recommendations from the Financial Action Task Force (FATF), a global organization aimed at preventing money laundering.