KYC (Know Your Customer) processes are the fundamental building blocks of any regulated entity’s AML (Anti-Money Laundering) process. Being confident that you know who you are doing business with, from day one of the relationship, is the first step to ensuring that you are meeting your AML obligations.
As a regulated entity, you are beholden to the regulators when it comes to AML obligations. All regulated entities are required to perform Customer Due Diligence (CDD) checks, to ensure that their clients are who they say they are and that they are not involved in criminal activity. The basic KYC requirements, as laid down by HM Government, are the need to establish the name of any individual, verify them against a photograph on a document that confirms their identity, and to verify their residential address and date of birth.
There are a number of ways of doing this, using a range of official documents (e.g. passports, driving licences, utility bills and bank statements, etc.) and, in the past, this has often required personal, face-to-face interaction with the individual in question. Now, with the advancement of technology (particularly since the pandemic-inspired lockdowns), most, if not all, of these checks can be done remotely. This provides the benefits of speed, accuracy and an audit trail that will satisfy the regulator.
How Complex is the KYC Process?
The complexity of your KYC process will depend on the type of business that you are in. Banks will have a different range of KYC requirements to letting agents, who, in turn, will have different requirements to hospitality and retail companies who often have to manage the onboarding process for a fluid or seasonal workforce. KYC is just as important for recruitment processes for ensuring employee rights to work, as it is for customer onboarding.
Each sector has its own challenges, ranging from the Right to Work requirements for companies recruiting staff, through to the residency requirements needed by the property sector, neither of which are of particular concern to an online retailer selling goods. Regardless of the different elements involved in each sector, the fundamentals remain the same: you must firstly be certain that the person you are dealing with is who they say they are.
The process for determining the identity of an individual can be long-winded, or it can be fairly quick, depending on how much technology you use. Any company still using a manual system for onboarding may still have to use some face-to-face intervention to ensure their level of confidence. Requiring someone to attend a meeting with their passport and other documents might provide a high level of confidence but isn’t fool-proof. It’s also time-consuming, both for the company and for the individual and, in the current ‘always on’ environment, is likely to lead to poor customer satisfaction, due to both the delay and the inconvenience.
Automated KYC Processes
Automated systems provide a much more efficient alternative to manual systems, both for the company and the individual. Using camera-enabled smartphone/device technology, an individual can be visually checked (using facial recognition, lip-syncing and voice technologies, amongst others), whilst, at the same time and within minutes, their documents can be checked online for validity, against a range of national and international databases. Much of this technology is new, but has been validated by the regulators and, as well as providing an almost instant confirmation, also delivers a robust audit trail.
This technology, increasingly using AI and Machine Learning, is continually evolving. It has to, in order to keep up with the bad actors and other criminals, seeking to take advantage of the sheer volume of activity taking place across markets.
What are the ramifications if we get it wrong?
Getting it wrong can bring a whole world of pain to your business, because, as a regulated entity, you have certain obligations and responsibilities to ensure that you are doing ‘your bit’ in the fight against money laundering and other criminal activity, such as terrorist financing and human trafficking. Not doing anything isn’t an option; whilst doing it badly will inevitably lead to fines and/or other sanctions for you and your business.
To be fair, it isn’t difficult to get it right, if you follow your obligations under government legislation. HM Government is very clear about your obligations as a regulated entity:
- Firstly, you must perform Customer Due Diligence, and
- Secondly, you must perform a risk assessment of your business
The second requirement is down to the fact that, as a regulated entity, you are expected to run your business using a ‘risk-based approach’. This means that you have to:
- Identify the money laundering risks relevant to your business
- Perform a detailed risk assessment of your business, including elements such as customer behaviour and delivery channels
- Carry out a risk assessment of your customers
- Implement controls designed to manage and reduce the impact of these risks
- Continually monitor and improve the process
- Keep a detailed audit trail of what actions you performed and the reasons behind them
This might all sound daunting, but, in fact, it helps you enormously in determining the best way of tackling your AML/KYC obligations, by identifying the most efficient and cost-effective methods of managing the risks. Of course, the size and structure of your business will determine how simple or complex this assessment process is going to be.