When it comes to completing Know Your Customer (KYC) reviews, fortune favors the compliance officer who sees Singapore on the list of a multinational onboard. Highly regulated, pro-paperwork countries like “The Little Red Dot” make most other country requirements light work thanks to documents like the Singapore ACRA, which contains extensive details on company ownership, control, and verified identification.
As other jurisdictions, notably the United States, expand corporate transparency requirements in an effort to combat money laundering and other financial crimes, global compliance practices are becoming more widely accepted and therefore easier for banks and other companies to manage. But this doesn’t mean it’s a breeze just yet.
KYC global compliance landscape
Nearly every country has its own regulatory requirements in place. Many take cues from the Financial Action Task Force (FATF), which vetted 40 anti-money laundering (AML) and fraud-fighting recommendations for countries to adopt.
Virtually every AML law requires that regulated companies institute identity verification processes, monitor and report suspicious activities, and develop AML policies. Banks were the original target for money laundering, fraud, the financing of terrorism, and other financial crimes. To keep pace with criminals, however, the definition of a financial institution has expanded to include everything from law firms and insurance companies to antiquities dealers and casinos, depending on local laws.
Below is an overview of the reigning AML compliance laws companies might encounter as they expand operations:
United States
The primary AML law in the U.S. is the Bank Secrecy Act (BSA), which was passed in 1970. The Financial Crimes and Enforcement Network (FinCEN) oversees the BSA and serves as the primary agency managing data and investigations.
Canada
The requirement for companies to complete KYC has been on the books in Canada since 1991, with the law now known as the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA). The law mandates KYC best practices for some 24,000 businesses in Canada. The undertaking is ultimately overseen by the Department of Finance Canada.
Europe
The European Union has released several Anti-Money Laundering Directives (AMLDs) to guide member states in designing KYC and AML laws. The subsequent laws include:
- Italy’s Decree No 197, first passed in 1991 and since updated with EU directives, requires financial institutions to have AML programs. It is broadly overseen by the Ministry of Economy and Finance of Italy within the Department of the Treasury and more specifically by respective industry regulators.
- The German Anti-Money Laundering Act (GwG), passed in 1993, is regulated by the Federal Financial Supervisory Authority. The law stands out among many countries for its especially strong privacy considerations.
- France’s Autorité des Marchés Financiers (AMF) General Regulation, passed in 2009, requires AML compliance from all public and financial companies. The AMF is the main regulator along with insurance, gaming, and licensing agencies. France is especially amenable to remote KYC practices.
United Kingdom
The UK’s AML regulations span multiple industries and are overseen by the respective industry regulators, most notably the Financial Conduct Authority (FCA) for financial institutions (including cryptocurrency companies).
Asia
Among the fastest-growing industries in Southeast Asia and India are international e-commerce and fintech. This makes the need for AML compliance paramount.
- India has required financial institutions to complete KYC reviews since 2005. The Reserve Bank of India has the majority of oversight along with insurance and securities regulators amid an ocean of bureaucracies battling for the most red tape.
- China’s Anti-Money Laundering Law of 2006 is overseen by People’s Bank of China (PBOC) and respective regulators.
- Japan’s KYC regulations are guided by the Act on the Prevention of Transfer of Criminal Proceeds, which was first passed in 2007. The chief enforcer is the Japan Financial Services Agency (FSA).
- Singapore’s AML law is emblematic of its global reputation for safety. The law, first passed in 2007, requires a more extensive data verification checklist than many countries. It is overseen by the Monetary Authority of Singapore. Penalties for non-compliance are notoriously strict and can include high fines and cessation of all business activities.
KYC components
While the basics of KYC remain more or less consistent, respective country regulations dictate the frequency and applicability for across industries as well as their level of risk.
The main components of KYC are:
- Customer Identification Program (CIP): This is the process of verifying the identity of a customer using current and valid IDs and then running them through watchlists and sanctions screenings to root out known risks early. For business customers, CIP includes an extra step of determining the Ultimate Beneficial Ownership (UBO) or person(s) with majority ownership and control and then screening their IDs.
- Customer Due Diligence (CDD): This is the process of documenting a customer’s industry, their location, their customers’ locations and industries, the types of transactions, and any notable results from the identity verification screenings. These are all potential risk factors. Depending on your company’s risk tolerance, you may seek out additional documentation and verification, or due diligence, for certain clients.
- Transaction monitoring: Continuously reviewing a client’s financial transactions enables you to know exactly what customers are doing with accounts, not only to ensure that the average usage is consistent with the client’s reported industry, size, and geography, but also to act quickly in the event of suspicious activity indicative of fraud.
- Periodic review and ad hoc review: KYC doesn’t just happen at onboarding. Depending on the risk level, continuous compliance checks should be completed at certain intervals as well as when certain triggers necessitate recurring assessments, including if ownership or control changes and IDs expire. These reverification strategies ensure that a customer is still “known” long after initial KYC is complete.
Keeping up with compliance
Take the vast number of laws and regulations across jurisdictions, add the speed at which they are changing, and multiply this by the moving target that is criminal enterprise, and you can understand why global compliance is an immense challenge for growing companies with limited resources.
For every fortuitous onboarding that has a Singapore ACRA form to demystify the process, there are just as many customers with complex and layered ownership, blurry photocopies passing as documentation, and owners and executives who are uncomfortable with the KYC process.
FInding the right partners and support for your compliance operation can mean the difference between barely managing to stay above water and skating through with ease.
Persona’s approach to KYC global compliance
Persona enhances compliance with a positive user experience that balances friction with security, streamlines onboarding, and protects data.
Balance user friction and security
Persona allows you to adjust your KYC flows in real time based on users’ risk profiles to deter bad actors while converting good users. This can translate into higher completion and sign-up rates rates with reduced drop-off.
Streamline user onboarding
Persona offers seamless verification for government IDs from around the world in seconds. Selfie verification provides an additional layer of fraud deterrence by comparing a live face to an ID using a 3-point composite and liveness check.
Protect user data
Persona empowers you to fully control who has access and how you use and store data, bolstered by globally compliant and certified security of personally identifiable information (PII) .
Persona’s global ID verification solutions can help streamline the collection, verification, and storage of identity information. Our automated identity verifications use live guidance and auto-capture and easily allow people to switch between devices to verify their identity in seconds.
That’s why companies like Brex use Persona to comply with ever-changing KYC requirements in over 200 countries around the globe.
You can get a demo or start for free today.