Industry

Know Your Customer (KYC) in banking: A comprehensive guide

See why KYC is important, and how to make it work for your business

Last updated:
11/15/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • In banking, Know Your Customer (KYC) is a three-part process for verifying a potential customer’s identity and assessing their risk.
  • The key components of KYC in banking include a Customer Identification Program (CIP), Customer Due Diligence (CDD), and continuous monitoring.
  • Best practices include using progressive risk segmentation to control friction, deploying automation to make it easier to scale, and having a plan for the threats posed by generative AI.

Every day, millions of financial transactions move trillions of dollars between bank accounts and financial networks all around the world. A key part of ensuring that those transactions are legitimate and free of fraud? The Know Your Customer (KYC) processes that banks implement to identify their customers and assess risk.

But what, exactly, is KYC anyway?

Below, we take a closer look at what KYC is and why it’s so important for banks and other financial institutions to get it right. We also highlight the three key components of a KYC program and offer some best practices and advice that you can use to inform and shape your own strategy. 

What is Know Your Customer (KYC)?

In banking, Know Your Customer (KYC) refers to the processes that a bank undertakes to verify the identity of a prospective customer and assess the risk that customers may pose to the institution before they are allowed to open an account and do business with the bank. 

In this way, KYC is an important part of the Anti-Money Laundering strategy that banks are required to implement. KYC consists of three primary components: a customer identification program (CIP), customer due diligence (CDD), and ongoing monitoring, which we discuss below.

KYC isn’t limited to the banking industry. In a number of other industries — such as e-commerce, online gaming, and even social media — businesses are also required to verify the identities of their customers or users. For the purposes of this article, we will focus on KYC as it applies to banks and other financial institutions. 

What is KYB?

When a business or organization wants to open an account or do business with a bank, it must go through a similar vetting process. This process is called KYB, or Know Your Business. The primary focus of KYB in banking is identifying (and verifying the identity) a company’s ultimate beneficial owners (UBOs) who control the company. 

Why is KYC so important in banking?

In banking, KYC serves two main purposes: Fraud and crime prevention, and risk management.

Around the world, banks and other financial institutions are required to complete KYC before allowing any new customer to open an account. The goal? To make it more difficult for criminals to use the global financial system to conduct financial crimes such as:

  • Money laundering
  • Embezzlement 
  • Counterfeiting and forgery
  • Financing terrorist activities
  • Tax evasion
  • Identity theft
  • and more

It works like this: By establishing a person’s identity, the bank is essentially initiating a paper trail that makes it easier for regulators to “follow the money” and investigate potential crimes. 

A thorough KYC process also makes it possible for a bank to gauge how much risk (of money laundering and other financial crimes) an individual might pose. This in turn facilitates a risk-based approach to AML that has become the bedrock of modern anti-money laundering processes around the world.

Regulatory requirements for KYC in banking

In the United States, the Anti-Money Laundering (AML) law that laid the groundwork for KYC in banking was the Bank Secrecy Act (BSA) of 1970. The BSA required banks to identify customers and maintain records of financial transactions, among other requirements. Since then, a number of additional AML laws have built upon the framework established with the BSA, including:

  • The Money Laundering Control Act of 1986
  • Anti-Drug Abuse Act of 1988
  • Annunzio-Wylie Anti-Money Laundering Act of 1992
  • Money Laundering Suppression Act of 1994
  • USA PATRIOT Act of 2001
  • Anti-Money Laundering Act of 2020 (AML Act) 

Other countries have their own AML laws and regulations requiring KYC. Though these laws do vary from country to country, they are all informed by the Financial Action Task Force’s (FATF’s) 40 recommendations to combat money laundering. This means that while differences do exist, they are often subtle in nature instead of dramatic changes. An important set of AML/KYC laws for banks that serve European customers include the EU’s Anti-Money Laundering Directives (AMLDs).

Banks that don’t meet the KYC requirements of the jurisdictions in which they operate risk significant fines and regulatory action, as well as damage to brand reputation and customer trust. 

Key components of KYC for banks

The KYC process consists of three distinct components that work together to manage customer risk: a customer Identification Program (CIP), Customer Due Diligence (CDD), and continuous monitoring.

1. Customer Identification Program (CIP)

What it is: A Customer Identification Program (CIP) is a set of procedures that a business uses to identify and verify the identity of a potential customer before they are granted access to an account or other financial product. At a minimum, banks are required to collect and verify an individual’s name, address, date of birth, ID number (such as a TIN or SSN), and a government-issued ID. 

The goal: To verify that a potential customer is who they say they are

Methods used: Government ID verification, selfie verification, document verification, database verification, address verification

2. Customer Due Diligence (CDD)

What it is: Customer Due Diligence (CDD) is a set of processes that a bank performs to assess a customer’s risk of money laundering and other financial crimes. In addition to identity verification, banks are required to understand the nature and purpose of customer relationships and develop customer risk profiles. To that end, CDD will often include various AML screenings designed to surface risk factors about the individual. When risk factors are detected, banks are required to perform enhanced due diligence before working with an individual.

The goal: To assess customer risk

Methods used: Government ID verification, database verification, sanctions screening, watchlist screening, PEP screening, adverse media screening

3. Continuous monitoring & reporting

What it is: KYC isn’t a one-time thing. Continuous monitoring refers to the ongoing review that banks must perform to perpetually reevaluate a customer’s risk. It should include activity and transaction monitoring, where a bank looks for high-risk or suspicious activity as well as routine AML screenings to ensure that a customer has not been added to a list. When suspicious activity is detected, banks are also required to prepare and file a number of corresponding reports, including Suspicious Activity Reports (SAR), Currency Transaction Reports (CTR), and Foreign Bank and Financial Account Reports (FBAR).

The goal: To identify suspicious activity and update risk profiles

Methods used: Transaction monitoring, sanctions screening, watchlist screening, PEP screening, adverse media screening

KYC best practices for financial institutions

Although KYC is a requirement for banks, it can also be difficult to get “right.” Below are some best practices that may be able to help you overcome the challenges commonly associated with KYC.

1. Control friction with progressive risk segmentation

AML laws and regulations understandably require that KYC takes place during the account signup process. But by adding steps in which you ask customers to submit information, you are also introducing friction at a key moment in your customer’s relationship with your business and brand. In many cases, this friction lowers conversion rates. Sometimes significantly.

One potential solution? Using progressive risk segmentation to tailor your KYC processes to each individual depending on the risk signals you collect in real-time. In this way, users who carry a low risk for money laundering may be moved into a simplified verification flow with fewer requirements, while users with greater risk can be moved into a stricter process. 

2. Leverage automation to scale

In today’s increasingly digital world, customers have come to expect near-instant gratification. When they’re opening a new bank account, that means they expect to be able to sign up and login within a few minutes. That’s a service level you’ll likely have difficulty meeting if your KYC processes rely on manual verification, risk assessment, and screenings. 

The good news is that modern KYC doesn’t need to be a manual process. Banks today can automate as much or as little of their KYC processes as they see fit, depending on resources, account volumes, and more. Smart automation means faster verifications without compromising on risk, making it easier than ever to scale.

3. Have a plan for generative AI

In recent years, fraudsters have aggressively begun to incorporate various generative AI tools into their arsenals. Today, fraudsters are using GenAI to create deepfakes, fake selfies, forged documents, and other assets to try and skirt past banks’ KYC processes. 

Combatting the challenges posed by generative AI requires that you have a plan for how your bank will detect and mitigate these threats. While there is no single solution that will work in all cases, we believe a holistic approach that includes robust liveness detection capabilities offers the greatest path forward. 

Persona helps banks get KYC right

Here at Persona, we understand just how critically important KYC is for banks and financial institutions. We’ve used that understanding to build a flexible identity platform that you can use to design and implement the ideal KYC process for your business. 

Pick and choose from a variety of different verification methods — including government ID verification, selfie verification, document verification, and database verification. Leverage workflows and progressive risk segmentation to control friction while maintaining high compliance standards. Assess customer risk with the reports and screenings that make the most sense to your bank, whether that be sanctions screening, watchlist screening, PEP screening, adverse media screening, or a combination thereof. And do so with the confidence that comes from knowing our platform is backed by robust liveness detection capable of detecting and mitigating GenAI fraud.

Interested in learning more about how Persona can help your bank or financial institution get KYC right? Start for free or get a demo today.

Published on:
11/5/2024

Frequently asked questions

No items found.

Continue reading

Continue reading

Identity proofing: what it is and why it matters
Identity proofing: what it is and why it matters
Industry

Identity proofing: what it is and why it matters

Learn what identity proofing entails and how to incorporate it into your business to prevent fraud.

Employment identity verification: what it is and why it matters
Employment identity verification: what it is and why it matters
Industry

Employment identity verification: what it is and why it matters

Find out why you need to verify prospective employees’ identities — and how to actually do it.

How to check if a company is legitimate: a step-by-step guide
How to check if a company is legitimate: a step-by-step guide
Industry

How to check if a company is legitimate: a step-by-step guide

Find out which verification methods to use — and how a KYB tool can streamline the process.

Guide to KYB in banking
Industry

Guide to KYB in banking

A strong Know Your Business (KYB) program is the best way for banks and financial institutions to protect against fraud and other financial crimes.

Sponsor banks & Banking as a Service: The importance of choosing the right tech vendors
Industry

Sponsor banks & Banking as a Service: The importance of choosing the right tech vendors

BaaS allows fintechs to offer financial products and services without acquiring a banking license. Learn more.

KYC: best practices for global compliance
Industry

KYC: best practices for global compliance

How should you approach KYC when you're a global company? Our guide tells you everything you need to know.

Ready to get started?

Get in touch or start exploring Persona today.