KYC stands for Know Your Customer and is an evolving set of standards designed to protect businesses from fraud and individuals from identity theft via thorough identity verification.
Originally introduced under FINRA Rule 2090 in 2012 to help reduce the risk of money laundering and other financial crimes, KYC requires businesses to “use reasonable diligence, in regard to the opening and maintenance of every account, to know (and retain) the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer.”
But what does this mean in practice? What types of businesses are subject to KYC regulations, and what steps do they need to take to become KYC compliant?
Here’s what you need to know about knowing your customer better.
What exactly is KYC?
Put simply, KYC is the practice of collecting and verifying enough information about individuals that you can be confident in their identity.
KYC is a critical step in reducing the chance of money laundering and the financing of terrorism. By asking individuals to provide key identity data and ensuring the verification of this data is both robust and well-documented, businesses can both mitigate fraud and protect themselves from punitive legal action.
What types of businesses must be KYC compliant?
KYC regulations used to focus primarily on traditional financial institutions, such as banks, investment firms, and credit unions. They’ve now expanded to include other businesses that regularly handle large sums of money, such as casinos and other gambling establishments, financial technology (fintech) companies, and startups that provide technology infrastructure for financial organizations.
More recent additions include cryptocurrency exchanges and wallet providers — after a 2019 joint statement from FinCEN, CFTC, and the SEC, crypto platforms were classified as money service businesses (MSBs), in turn making them subject to KYC regulations.
Common uses of KYC
KYC is now a requirement for most financial transactions. For example, one of the most common KYC use cases is opening a bank account: before banks allow individuals to open checking or savings accounts, they must ask for proof of identity and verify that the documents provided are legitimate to the best of their ability.
Businesses also often apply KYC when individuals invest in mutual funds, withdraw funds from online casino accounts, or request access to protected fintech services. Additionally, as noted above, cryptocurrency firms are now required to complete KYC processes before allowing individuals to create wallet accounts or transfer large sums of money. This has created pushback in the crypto industry, however, with some firms arguing that it undermines the anonymous appeal of crypto-based transactions. As a result, some firms no longer allow American users to make new accounts, while others have adopted post-account-creation processes that only flag users for review if problems are discovered after transfers are sent.
What does it mean to be KYC compliant?
KYC compliance requires companies to collect and verify specific pieces of information provided by customers. These pieces of information often include the individual’s full name, date of birth, and address, but may also include their Social Security number (SSN) or other identifying information, depending on the company’s risk tolerance, type of transaction, and more.
To remain compliant, companies also need to obtain this data from verified sources such as passports, ID cards, or driver’s licenses — either in person or via a secure KYC platform online. Failure to collect and record this data can lead to fines or other penalties if they’re found to be significantly negligent.
Evaluating your KYC compliance
According to Section 326 of the US Patriot Act, financial institutions are responsible for “verifying the identity of any person seeking to open an account to the extent reasonable and practicable.” In addition, organizations are responsible for “maintaining records of the information used to verify a person’s identity including name, address, and other identifying information.”
This provides a straightforward framework for evaluating KYC compliance. First, your company must determine which customer requests and transactions fall under KYC regulations. Next, you need to implement processes to collect the appropriate information, and deploy tools capable of verifying and storing customer data.
If you have no KYC processes in place or are unable to consistently verify or track customer information, you may be at risk of non-compliance, which could result in costly penalties. In 2020, more than $10 billion in fines were assessed for anti-money laundering (AML) and KYC breaches, with investment firm Goldman Sachs on the hook for $6.8 billion worth of enforcement actions.
How to become KYC compliant
KYC frameworks originally relied on physical documentation. For example, customers opening bank accounts at brick-and-mortar locations might provide their driver's licenses and passports as proof of identity, then businesses would check to make sure the documents were legit and make a manual or digital copy to ensure compliance.
Today, many financial transactions are conducted online. Regardless of the use case (e.g. account opening or funds withdrawal) or type of business (e.g. neobank or cryptocurrency exchange), customers want the ability to verify their identity instantly. Businesses want the same thing, since speed helps drive sales and satisfaction. However, they must be careful to ensure KYC compliance.
Not sure how to comply with KYC regulations online? Identity verification solutions such as Persona can help streamline KYC processes while helping you meet constantly evolving compliance standards. Our robust infrastructure makes it possible for individuals to get verified within seconds, and you can customize everything from what forms of verification are acceptable to how many attempts individuals can make in a specific timeframe. Additionally, we securely store all personally identifiable information (PII) so you don’t carry the liability of any potential breaches or leaked customer data — while still having easy and reliable access to it whenever you need.
Choose your level of protection by selecting from one of the industry’s widest range of verification components, including biometric selfie scans and government IDs from more than 200 countries and territories worldwide.
The result? Improved KYC compliance that’s speedy, simple, and secure.
Know your customer to ensure your compliance
KYC regulations exist to protect both companies and customers. To achieve compliance with evolving KYC rules, you must confidently know who each customer is before allowing them to do business with you.
Not there yet? Build compliant KYC processes with identity verification from Persona. Let’s talk.