For the ever-growing number of businesses interacting with customers solely in the digital world — from insurance agencies to cryptocurrency exchanges — ensuring reliable identity verification (IDV) processes is an absolute must.
Cautionary tales of failed identity verification are not hard to come by: in 2022, Credit Suisse was embroiled in a rolling wave of scandals for failing to verify the identities of criminals, corrupt politicians, and drug traffickers using its services.
The only way to avoid such failures is to understand two key customer identification processes: Know Your Customer (KYC) and Customer Due Diligence (CDD).
What are KYC and CDD?
Know Your Customer (KYC) is a process that involves verifying current or prospective customers’ identities. It’s sometimes referred to as “Know Your Client” or simply “identity verification.” KYC can be applied to both individual users and businesses (though business verification is called Know Your Business (KYB) or corporate KYC and has slightly different requirements).
Many countries legally require specific industries — such as cryptocurrency exchanges, banks, and gambling companies — to meet certain KYC compliance standards to aid in the detection, reporting, and ultimate reduction of fraud and financial crimes.
Customer due diligence (CDD) is a set of ongoing processes designed to assess customer risk, and is a key component of KYC. In the US, CDD is enforced by FinCEN, which requires financial institutions to meet four key requirements:
- Identify and verify all customers or clients.
- Identify and verify all beneficial owners of companies you want to do business with. (It’s generally accepted to investigate any individual(s) who controls and/or owns 20% or more of the company.)
- Understand the nature and purpose of customer relationships to develop customer risk profiles.
- Conduct continuous monitoring of customer activity and transactions to identify and report suspicious activity.
Why are KYC and CDD important?
Some businesses are required to know who they are doing business with. This includes financial institutions — such as cryptocurrency exchanges, insurers, and fintech companies — which are subject to anti-money laundering (AML) rules under the Bank Secrecy Act and related laws. But it also includes businesses that operate in other regulated industries, such as online gambling, travel, and age-restricted commerce, amongst others.
Compliance failures can come at an exceedingly high cost. In 2017, Deutsche Bank AG was fined $425 million by the New York State Department of Financial Services for failing to maintain appropriate AML control policies.
Additionally, KYC protocols can deflect bad actors during the account creation process and help organizations gather information for use in subsequent monitoring — for example, where a user usually logs in and the types of transactions they typically make. Companies that ensure proper KYC and CDD processes safeguard their customers against fraud by continuously monitoring for suspicious activity. CDD can also assist law enforcement by gathering data to document crimes — such as money laundering, terrorist financing, and fraud.
What is the main difference between KYC and CDD?
The biggest difference between KYC and CDD processes is when they occur during the customer interaction.
KYC checks — such as verifying an ID card or a home address — are sometimes limited to the beginning of the customer transaction or account creation process, while CDD explicitly requires continuous monitoring of customers’ interactions with the service.
What are the main functions of KYC?
KYC processes include three main functions:
1. Customer identification program (CIP)
Financial services companies are required by the USA PATRIOT Act to “form a reasonable belief that it knows the true identity of each customer.” This means companies must collect four pieces of identifying information from potential clients: full name, date of birth, legal address, and valid identification number (such as an SSN or TIN).
2. Customer due diligence (CDD)
CDD checks create a risk profile for each customer using identity verification, transaction records, and wealth sources. These checks are ongoing and may occur at any time during the transaction process.
3. Ongoing monitoring
Continuous monitoring includes, at a minimum, monitoring transactions to identify suspicious activity that might point to financial crimes. It can also include additional measures, such as regularly rescreening customers based on relevant risk profiles.
Understanding the different levels of CDD
Companies may enforce different levels of CDD for different types of customer interactions. For example, a customer withdrawing $50 from their banking app should experience only minimal friction, versus if they tried to empty their entire account from a new location.
The three levels of CDD are as follows:
1. Simplified due diligence
Simplified due diligence is applied to low-risk transactions or customers with known and reliable fund sources. While identity verification is still required, simplified frameworks streamline the process by requiring fewer in-depth checks.
2. Standard due diligence
Standard due diligence is generally required by law for any transaction or customer that doesn’t qualify for simplified due diligence. These processes include the collection and verification of basic customer information, such as customers’ full names and addresses, to decrease risk.
3. Enhanced due diligence (EDD)
Enhanced due diligence is applied to high-risk transactions and individuals. This may include high-value transactions or transactions from higher-risk individuals such as politically exposed persons. Enhanced checks often ask for additional identity documentation or verify asset sources before transactions are approved.
Improve your KYC and CDD procedures with Persona
Poorly integrated KYC procedures bog down your user experience. That’s why it’s important to ensure your verification processes are as streamlined and secure as possible.
With Persona’s KYC solutions, identity verification decisions can take just seconds, so users can get verified quickly and be on their way. Thanks to Persona’s customizable platform, you can personalize every element — from theme to copy — along the customer’s journey to ensure it feels native to your brand.
Businesses using Persona can offer a custom eKYC experience for each use case and customer. For example, you might offer different verification options for customers without a Social Security number, or add additional steps for individuals whose password has been leaked in a data breach.
Persona’s KYC solutions are constantly being updated to help businesses meet shifting KYC/AML compliance standards and regulation changes worldwide, giving organizations confidence that they’re meeting the right compliance standards no matter where they do business.
Want to learn more about Persona’s KYC and CDD solutions? Read our case studies from Coursera and Square, or get in touch to speak with our experts about your business’s specific needs. We’d love to chat!