Industry

Know Your Employee (KYE): How identity verification fits in the picture

A thorough Know Your Employee (KYE) process helps you verify the identity, credentials, and background of new and existing employees to control for fraud.

icon of a person with a checkmark
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Know Your Employee (KYE) refers to the processes a business uses during the hiring and onboarding process, and throughout an employee’s employment, to ensure that they are who they say they are.
  • KYE is required by law for certain regulated industries, such as banks, but it can also offer benefits to businesses operating in other industries where it isn’t required. 
  • An identity verification (IDV) tool can help you with certain parts of the KYE process, especially if you are already leveraging IDV for other uses such as KYC or fraud prevention.

When many companies think about risk, it’s often through the lens of external threats: Outside forces seeking to harm or defraud the business and its customers. While these external threats are very real, they are far from the only risks that a business must account for. Internal threats, which often originate with a business’s employees, must also be considered. 

Your employees can be a significant source of risk. They can facilitate fraud directly — for example, by siphoning off company funds, stealing customer data, or selling trade secrets to competing firms. They can also facilitate fraud indirectly and accidentally — for example, if their log-in credentials become compromised or they fall victim to phishing schemes

It’s essential that you account for these risks and take steps to minimize them as much as possible. A thorough Know Your Employee (KYE) process that begins during hiring and onboarding, and which continues throughout an employee’s employment, can help.

Below, we take a look at what KYE is, how it works, and why it’s important. We also discuss the different ways that identity verification (IDV) can address some of your KYE needs. 

What is Know Your Employee (KYE)?

Know Your Employee (KYE) is a concept that refers to the steps a business completes in order to confirm that an employee is who they claim to be. It involves checking and verifying an employee’s identity, credentials, and background. In some industries, such as the financial industry, businesses are required to conduct KYE by law. 

A well-designed KYE program helps a business understand what, if any, fraud risk would be involved in hiring a particular individual. For example, it can help you uncover whether or not a person:

  • Is using somebody else’s Social Security number or TIN to engage in tax fraud
  • Has lied about their credentials, education, or work history
  • Has a criminal history that should disqualify them from a particular job
  • Is connected in any way to known bad actors that could threaten your business

The point of conducting KYE on new hires is to gather the information you need to make an informed decision about the risk an employee could introduce to your organization if you hire them. In this way, it is similar in concept to Know Your Customer (KYC) or Know Your Business (KYB)

How does KYE work? 

Know Your Employee processes typically take place just prior to an employment offer being made to an applicant or immediately following an offer acceptance. But, as with other protective measures, it shouldn’t be a one-time thing. Instead, KYE should be an ongoing effort that assesses and reassesses an employee’s risk throughout the course of their employment. 

With this in mind, a full KYE process will usually involve the following steps:

  1. Identity verification: Confirming that the individual is who they claim to be, often through the use of government ID verification, document verification, database verification, selfie verification, and other methods. 
  2. Employment authorization verification: Confirming that an individual is authorized to work in the United States. 
  3. Background check: Collecting additional information about the individual that will be used to assess their risk. What is included in a background check will vary, and may consist of checking an individual’s criminal history, educational history, employment history, and credit history. Note that Persona does not provide background checks as a service.
  4. Reverification and ongoing maintenance: Periodically reverifying the individual’s identity and reassessing their risk throughout the course of their employment, and updating records as necessary. 

Persona and KYE

Persona’s suite of identity tools can be used to support your KYE process in a number of different ways.

Initial verification during onboarding

Verifying an employee’s identity during onboarding is probably the most obvious way that IDV impacts the Know Your Employee process, but it’s also one of the most important. After all, if an individual is lying about their identity or their ability to legally work for you, you’ll know if there are discrepancies between the information they present to you and your verification checks. 

How you choose to verify your employees’ identities is unique to your business and should be informed by the industry you operate within, the regulations you are subject to, and your risk tolerance. That’s why we’ve built our Verifications solution to be flexible and customizable. Build the employee IDV flow that makes the most sense for your business, whether that includes government ID verification, document verification, database verification, or other reports

Case study
Remote verifies workers quickly and compliantly with Persona

Catching account takeover (ATO) attacks

Once you’ve verified an employee’s identity once, it becomes possible to reverify their identity in the future. This ability empowers you to minimize the threat of bad actors taking over an employee’s account in the event that their credentials or device are ever compromised. 

Reverification can take place at any point after initial onboarding. Many businesses choose to reverify their employees’ identities periodically as part of their identity and access management strategy. 

Other businesses trigger reverification during high-risk moments — for example, when an employee logs in to their account from an unknown device or in a country where they don’t reside, or if they’ve engaged in suspicious activity that may indicate that their account has been compromised, e.g., downloading or deleting sensitive data, trying to access systems without permission, or granting system access to new employees with no clear business reason. 

As with verification, reverification can take many forms and should be tailored to your needs. Here again, Persona’s Verifications solution empowers you to customize your reverification process to align with your business requirements and risk tolerance. 

Access recordkeeping

Businesses operating within certain industries — such as financial services or healthcare — are required to implement measures designed to prevent sensitive customer data from being accessed inappropriately. These regulations also often require that businesses keep records whenever said information is accessed, including the identity of the person accessing the information as well as the date and time that the access took place. 

Once you’ve onboarded an employee using Persona, it’s possible to configure your instance to track the systems and information that your employees access — centralizing your identity operations and providing an auditable data trail for investigators or regulators to follow.  

Interested in learning more? Start for free or get a demo today.

Frequently asked questions

Do banks conduct background checks?

Yes, banks perform background checks before hiring employees. 

At a minimum, banks must perform a criminal background check of all applicants in order to comply with Section 19 of the Federal Deposit Insurance (FDI) Act, which prohibits banks from employing anyone who has been convicted of a crime involving “dishonesty, breach of trust, or money laundering,” as well as those who have agreed to a pre-trial conversion due to their connection with such an offense. 

In addition to criminal activity, background checks typically include:

  • Identity verification
  • Employment and education history verification
  • Credit score check
  • Various reports (sanctions lists, watchlists, etc.)

Does KYE play into the risk-based approach for anti-money laundering (AML)?

By law, financial institutions are required to implement anti-money laundering (AML) processes to prevent criminals from using their platforms to carry out financial crimes. An important part of this is known as the risk-based approach, whereby the institution must consider their own unique risk profile in designing these processes. 

In order to implement the risk-based approach, financial institutions must perform an external risk assessment (focused on their customers’ risk profile) and an internal risk assessment. Gauging employee risk of money laundering or other types of fraud is an integral piece of the AML risk assessment, and as such, your KYE processes should both inform and be informed by the results of the assessment.

Continue reading

Continue reading

Identity challenges in the travel industry: How hospitality businesses can fight fraud
Identity challenges in the travel industry: How hospitality businesses can fight fraud
Industry

Identity challenges in the travel industry: How hospitality businesses can fight fraud

Identity fraud in the travel industry has become increasingly common. Here are some common identity challenges and potential solutions businesses need to know about.

How digital health apps can overcome four barriers to converting users
How digital health apps can overcome four barriers to converting users
Industry

How digital health apps can overcome four barriers to converting users

New patients might abandon onboarding if they’re confused, frustrated, or overwhelmed. Here are four ways digital health apps can improve conversion.

How to create scalable and compliant international KYB processes
How to create scalable and compliant international KYB processes
Industry

How to create scalable and compliant international KYB processes

Industry experts discuss international KYB and debunk common myths while sharing how to build a scalable global KYB process.

Online KYC during user onboarding
Industry

Online KYC during user onboarding

Many businesses need to have a KYC process for onboarding new users. Learn what's required, common steps, and more.

How to create a great digital onboarding experience
Industry

How to create a great digital onboarding experience

Learn how a user-friendly digital onboarding experience can become your competitive advantage.

Build onboarding flows that convert with Dynamic Flow
Announcement

Build onboarding flows that convert with Dynamic Flow

Customers like LedgerX and Coursera drive conversion at every screen with Dynamic Flow.

Ready to get started?

Get in touch or start exploring Persona today.