In the latest instalment of our Wired-In webinar series, we were joined by Corinna Venturi, Director of Financial Crime at Cosegic. Corinna explored the ways in which we can achieve best practice KYC (Know Your Customer) compliance in 2023, and in this article we will highlight some of the key takeaways from her session.
You can watch the whole webinar on demand here.
Balancing risk appetite with skills for KYC compliance
Different types of customers pose different levels of risk to a business. These risks might include potential for money laundering, fraud, or involvement in other criminal activities. A company’s risk appetite refers to the level of risk it is willing to accept.
A high risk appetite may allow a company to serve more customers or types of customers, but could lead to more exposure to potential financial and reputational harm. Conversely, a low risk appetite could protect the company, but may limit its market. Therefore, in terms of KYC compliance, understanding a company’s risk appetite helps it decide which customers it will do business with and what sort of due diligence it needs to do.
Performing KYC compliance requires specific skills, including understanding of local and international laws and regulations, ability to verify and authenticate documents, understanding how to conduct background checks, and the ability to monitor and identify suspicious behaviour. If a company does not have the skills to comply with KYC requirements, it may fail to identify high-risk customers, potentially leading to legal problems. Additionally, lack of skills may lead to inefficiencies, which can be costly and disruptive.
In assessing risk appetite versus skills, relevant firms must carefully evaluate the risks associated with their customers, as well as the underlying beneficial owners. This evaluation should encompass various aspects, including products and services offered, transaction processes, delivery channels, and the geographical scope of operations. Subsequently, firms must develop and implement effective controls to manage and mitigate the identified risks within the context of their risk appetite.
“Having thoroughly assessed the financial crime risks to your business, the firm can then create a meaningful financial crime risk appetite statement. If that appetite is quite high and they’re willing to tolerate a lot of risk, then they have to have compliance staff, and first-line staff. Anyone relevant to that business has to have the necessary skills and experience to meet that risk and then mitigate it appropriately.”
Corinna Venturi, Cosegic
The balance between risk appetite and skills is critical. If a company has a high risk appetite but lacks the skills to manage this risk, it could face significant legal and financial consequences. On the other hand, a company with excellent skills but low risk appetite may miss opportunities for business expansion. Therefore, in order to achieve optimal business performance and compliance, it’s essential for a company to understand and balance its risk appetite and skills.
Customer verification
Customer verification is paramount for KYC compliance, a critical regulatory requirement in many industries. It safeguards businesses against fraudulent activities, financial crimes, and potential reputational damage by ensuring that the identity of customers is accurately confirmed and their risk level assessed.
By establishing a customer’s legitimacy at the outset, KYC not only aids in preventing identity theft, money laundering, and terrorist financing, but also facilitates stronger, more secure customer relationships. Furthermore, non-compliance can result in significant penalties, underlining the crucial role of customer verification in maintaining KYC compliance.
“There are several ways to verify documents that identify a customer, and the level you go to has to be linked to a customer risk assessment. Without that, you could end up applying verification as a one-size-fits-all and there are lots of possible repercussions from doing this. The key ones could be something like, if you apply enhanced verification across the board resulting in additional time and resources on every single customer, you could be annoying the customer, being really inefficient as well, all that time and money being spent when you don’t necessarily have to. Conversely, if you did the opposite and applied a light touch verification across the board when all your customers wouldn’t be considered low risk, then you’d be open to missing flags.
Corinna Venturi, Cosegic
There are different methods of verification that can be used, which may depend on factors like what type of customers a business has, how many, and how much money can be spent on automation:
- In-person
- Manual certification
- Electronic sources
- A hybrid of these
Information vs. evidence in KYC compliance
In a Know Your Customer (KYC) onboarding context, both information and evidence are essential, but they serve slightly different roles.
Information to data that tells us something about the customer’s identity, profession, financial background, or other aspects related to their risk profile. Information might include things like name, date of birth, address, occupation, or financial details. This is generally what is asked for in the initial stages of KYC onboarding, but could also include proving source of wealth
Evidence is the proof that backs up the information provided. This could be documentation or other confirmatory resources that validate the customer’s provided information. Evidence may include documents like a passport, driving licence, utility bills, tax returns, bank statements, or references from credible sources.
While both information and evidence play crucial roles in the KYC onboarding process, they represent different aspects of the customer’s identity and risk profile and serve different purposes in the overall process.
“You’ve got to be thinking about this all the time and not just going: “we’ve got this information, here’s a bit of paper.” You’ve got to be thinking about what it means in reality. Does it really evidence it? Is someone trying to pretend to be someone else? What you’ve got in front of you, what you’ve been provided, does that strongly mitigate that risk?”
Corinna Venturi, Cosegic