(Redirected from KYC)'Know Your Customer' ('KYC') is the
due diligence and
bank regulation that
financial institutions and other regulated
companies must perform to identify their clients and ascertain relevant information pertinent to doing financial business with them. Typically, KYC is a policy implemented to conform to a
customer identification program mandated under the
Bank Secrecy Act and
USA PATRIOT Act. Know your customer policies have becoming increasingly important globally to prevent identity theft fraud,
money laundering and
terrorist financing. In a simple form these rules may equate to answering twelve questions, but this is the tip of the iceberg and regulators now expect much more. KYC should not be thought of as a format to be filled - it is a process to be undergone from the start of a customer relationship to the end.
One aspect of KYC checking is to verify that the customer is not on any list of known
fraudsters,
terrorists or
money launderers, such as the
Office of Foreign Assets Control's
Specially Designated Nationals list. This list contains thousands of entries that is updated at least monthly. As well as sanctions lists there are lists of third party vendors that track links between persons regarded as high-risk owing to negative reports in the media about them or in public records.
Beyond name matching, a key aspect of KYC controls is to monitor transactions of a customer against their recorded profile, history on the customers account(s) and with peers.
Banks doing KYC monitoring for
anti-money laundering (AML) and
Counter-Terrorism Financing (CTF) purposes increasingly use specialised transaction monitoring software, particularly names analysis software and trend monitoring software. The generated alerts identify unusual activity which is then subject to
due diligence or ''enhanced due diligence'' (EDD) processes that use internal and external sources of information on the subject, including the internet. This helps to determine whether a transaction or activity is suspicious and requires reporting to the authorities. In the US it would require
Suspicious Activity Reporting (SAR) filing to
Financial Crimes Enforcement Network (FinCEN). In the UK it would require a report to
Serious Organised Crime Agency (SOCA).
KYC has different connotations and the definition above is from an
AML/
CTF perspective.
Know Your Customer processes are also employed by regular companies of all sizes, for the purpose of ensuring their proposed agents, consultants or distributors anti-
bribery compliance. Banks, insurers and
export credit agencies are increasingly demanding that customers provide detailed anti-
corruption due diligence information, to verify their probity and integrity.
Specialists consultancies such as
Interchange Solutions Limited (UK) help multinational companies and SMEs conduct Know Your Customer processes when entering new markets.
Enhanced due diligence
EDD has not been internationally defined. As a result financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money laundering Specialists) suggests the following:
“A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.”
Using a risk-based, tiered approach the definition can be tailored to suit a particular product or service.
It is assumed that usually EDD is triggered by regulatory requirement, risk-scoring and detection systems and that in a tiered approach, the process becomes more manual as the level of EDD increases.
Characteristics of EDD
Rigorous and robust
Generally this means consistent, thorough and accurate. The process must be documented and available for inspection by regulators.
The process must be S.M.A.R.T. (Specific, Measurable, Achievable, Realistic and Timely),
[1] scalable and proportionate to the risk and resources.
Over and Above KYC Procedures
EDD files rely upon initial client screening. This definition requires revalidation of the customer’s identity – knowing the client’s identity, not who they say they are.
EDD processes should use a tiered approach dependent upon the risk. A suggested model for Client Risk Scoring (CRS) is provided at Figure 1.
Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results.
Searching on Google, for example, means different things to different people. Experience has shown poor returns from staff that believed they were experienced, but in practice weren’t and consequently failed to find relevant information.
Reasonable assurance
What is reasonable depends upon factors including jurisdiction, risk and resources. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof i.e. on the balance of probability.
Relevant adverse information
Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offenses.
Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized regulatory bodies.
KYC in different countries
'In USA :' Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before
October 26 2002, so KYC is now mandatory for all US banks
'In India :' RBI has introduced KYC guidlines for all banks first time vide circular DBOD. No. AML.BC.18/ 14.01.001/2002-2003 dated
August 16 2002. Later vide circular no DBOD.NO.AML.BC.58/14.01.001/2004-05 dated
November 29 2004, RBI has directed that all banks shall ensure that they are fully compliant with the provisions of this circular before
December 31 2005. Therefore KYC is fully implemented in India.
'In South Africa :'The Financial Intelligence Centre Act 38 of 2001 (Fica)
See also
★
Anti-money laundering
★
Anti-money laundering software
★ Anti-
bribery
★ Anti-
corruption
★
Certified copy
References
1. ''Learn How to Make Your Goals SMART'' web page, retrieved November 5, 2006
External links
★
'AML Risk Models' from Rohanbedi.com
★ KYC directions in India : http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=2039&Mode=0
العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
Español
