Know your customer
Encyclopedia
Know Your Customer refers to both:
In the USA, KYC is typically a policy and process implemented to conform to a customer identification program
(CIP) mandated under the Bank Secrecy Act
and USA PATRIOT Act
. Know your customer policies are becoming increasingly important globally to prevent identity theft
, financial fraud, money laundering
and terrorist financing
.
KYC controls typically include:
Banks doing KYC monitoring for anti-money laundering (AML) and checks relating to combating the financing of terrorism (CFT) increasingly use specialized software such as names analysis software and risk scoring algorithm software. Typically, these software systems will identify potentially suspicious or risky customer accounts. The systems create "alerts" which are then subject to manual due diligence
or Enhanced Due Diligence (EDD) investigative processes.
KYC has different connotations and the definition above is from an AML/CFT
perspective.
Know Your Customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed agents', consultants' or distributors' anti-bribery
compliance. Banks, insurers and export credit agencies are increasingly demanding that customers provide detailed anti-corruption
due diligence
information, to verify their probity and integrity.
Some specialist consultancies help multinational companies and SMEs conduct Know Your Customer processes when entering new markets.
dictates that institutions "shall establish appropriate, specific, and, where necessary, enhanced, due diligence policies, procedures, and controls that are reasonably designed to detect and report instances of money laundering through those accounts."
US regulations require that EDD measures are applied to account types such as Private banking
, Correspondent account
, and Offshore banking institutions.
Because regulatory definitions are neither globally consistent nor prescriptive, financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money Laundering Specialists
) suggests the following:
“A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.”
The process must be SMART
(Specific, Measurable, Achievable, Relevant and Timebound), scalable and proportionate to the risk and resources.
An IT workflow system ensuring that the KYC process and procedures are Defined, Repeatable and Measurable is recommended.
Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results. Open source intelligence companies such as World Compliance and C6, aggregate this information and compile it daily into a comprehensive database.
Estate Engineer (Civil) Sunil Ch.Das,
Agartala
Searching on Google, for example, means different things to different people. Experience has shown poor returns from staff that believed they were experienced, but in practice were not and consequently failed to find relevant information.
Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offenses.
Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized regulatory bodies.
was published http://www.kycnet.com/resources/whitepapers.html and shared with a range of international KYC practitioners in 2009 and 2010. An updated and peer-reviewed version will be published in the ACAMS http://www.acams.org ACAMS Today magazine in early 2011.
The KYC Maturity Model is based on the typical 5 levels of the standard Capability Maturity Model. These levels are typically described as Initial, Repeatable, Defined, Managed and Optimized and have very strict meanings. The KYC maturity has however been somewhat simplified, renamed and re-built as follows: Chaotic, Reactive, Proactive, Service Managed and Value Managed. Practical process improvement learnings have also been taken from common manufacturing and IT productivity methodologies such as Lean
, Agile
, 6-Sigma, ITIL
and Balanced Scorecard
.
- The activities of customer due diligenceDue diligence"Due diligence" is a term used for a number of concepts involving either an investigation of a business or person prior to signing a contract, or an act with a certain standard of care. It can be a legal obligation, but the term will more commonly apply to voluntary investigations...
that financial institutions and other regulated companies must perform to identify their clients and ascertain relevant information pertinent to doing financial business with them - And the bank regulationBank regulationBank regulations are a form of government regulation which subject banks to certain requirements, restrictions and guidelines. This regulatory structure creates transparency between banking institutions and the individuals and corporations with whom they conduct business, among other things...
which governs those activities
In the USA, KYC is typically a policy and process implemented to conform to a customer identification program
Customer Identification Program
According to provisions of the USA Patriot Act, all financial institutions must verify the identity of individuals wishing to conduct financial transactions. The law was implemented by regulations in 2003 which require financial institutions to develop a Customer Identification Program ...
(CIP) mandated under the Bank Secrecy Act
Bank Secrecy Act
The Bank Secrecy Act of 1970 requires financial institutions in the United States to assist U.S. government agencies to detect and prevent money laundering...
and USA PATRIOT Act
USA PATRIOT Act
The USA PATRIOT Act is an Act of the U.S. Congress that was signed into law by President George W. Bush on October 26, 2001...
. Know your customer policies are becoming increasingly important globally to prevent identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
, financial fraud, money laundering
Money laundering
Money laundering is the process of disguising illegal sources of money so that it looks like it came from legal sources. The methods by which money may be laundered are varied and can range in sophistication. Many regulatory and governmental authorities quote estimates each year for the amount...
and terrorist financing
Terrorist Financing
Terrorist financing came into limelight after the events of terrorism on 9/11. The US passed the USA PATRIOT Act to, among other reasons, attempt thwarting the financing of terrorism and anti-money laundering making sure these were given some sort of adequate focus by US financial institutions...
.
KYC controls typically include:
- Collection and analysis of basic identity information (CIP)
- Name matching against lists of known parties (such as politically exposed personPolitically exposed personPEP is an abbreviation for Politically Exposed Person, a term that describes a person who has been entrusted with a prominent public function, or an individual who is closely related to such a person. The terms PEP, Politically Exposed Person and Senior Foreign Political Figure are often used...
) - Determination of the customer's risk in terms of propensity to commit money laundering or identity theft
- Creation of an expectation of a customer's transactional behavior
- Monitoring of a customer's transactions against their expected behavior and recorded profile as well as that of the customer's peers.
Banks doing KYC monitoring for anti-money laundering (AML) and checks relating to combating the financing of terrorism (CFT) increasingly use specialized software such as names analysis software and risk scoring algorithm software. Typically, these software systems will identify potentially suspicious or risky customer accounts. The systems create "alerts" which are then subject to manual due diligence
Due diligence
"Due diligence" is a term used for a number of concepts involving either an investigation of a business or person prior to signing a contract, or an act with a certain standard of care. It can be a legal obligation, but the term will more commonly apply to voluntary investigations...
or Enhanced Due Diligence (EDD) investigative processes.
KYC has different connotations and the definition above is from an AML/CFT
Terrorist Financing
Terrorist financing came into limelight after the events of terrorism on 9/11. The US passed the USA PATRIOT Act to, among other reasons, attempt thwarting the financing of terrorism and anti-money laundering making sure these were given some sort of adequate focus by US financial institutions...
perspective.
Know Your Customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed agents', consultants' or distributors' anti-bribery
Bribery
Bribery, a form of corruption, is an act implying money or gift giving that alters the behavior of the recipient. Bribery constitutes a crime and is defined by Black's Law Dictionary as the offering, giving, receiving, or soliciting of any item of value to influence the actions of an official or...
compliance. Banks, insurers and export credit agencies are increasingly demanding that customers provide detailed anti-corruption
Political corruption
Political corruption is the use of legislated powers by government officials for illegitimate private gain. Misuse of government power for other purposes, such as repression of political opponents and general police brutality, is not considered political corruption. Neither are illegal acts by...
due diligence
Due diligence
"Due diligence" is a term used for a number of concepts involving either an investigation of a business or person prior to signing a contract, or an act with a certain standard of care. It can be a legal obligation, but the term will more commonly apply to voluntary investigations...
information, to verify their probity and integrity.
Some specialist consultancies help multinational companies and SMEs conduct Know Your Customer processes when entering new markets.
Enhanced due diligence
While EDD has not been internationally defined, the USA PATRIOT ActUSA PATRIOT Act
The USA PATRIOT Act is an Act of the U.S. Congress that was signed into law by President George W. Bush on October 26, 2001...
dictates that institutions "shall establish appropriate, specific, and, where necessary, enhanced, due diligence policies, procedures, and controls that are reasonably designed to detect and report instances of money laundering through those accounts."
US regulations require that EDD measures are applied to account types such as Private banking
Private banking
Private banking is banking, investment and other financial services provided by banks to private individuals investing sizable assets. The term "private" refers to the customer service being rendered on a more personal basis than in mass-market retail banking, usually via dedicated bank advisers...
, Correspondent account
Correspondent account
A correspondent account is an account established by a large banking institution to receive deposits from, make payments on behalf of, or handle other financial transactions for smaller financial institutions....
, and Offshore banking institutions.
Because regulatory definitions are neither globally consistent nor prescriptive, financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money Laundering Specialists
Association of Certified Anti-Money Laundering Specialists
The Association of Certified Anti-Money Laundering Specialists is an organization that provides training and certification, runs conferences and disseminates information on detection and prevention of money laundering....
) suggests the following:
“A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.”
Rigorous and robust
Generally this means consistent, thorough and accurate. The process must be documented and available for inspection by regulators.The process must be SMART
SMART (project management)
SMART / SMARTER is a mnemonic used to set objectives, for example for project management, employee performance management and personal development.The first known uses of the term occur in the November 1981 issue of Management Review by George T...
(Specific, Measurable, Achievable, Relevant and Timebound), scalable and proportionate to the risk and resources.
An IT workflow system ensuring that the KYC process and procedures are Defined, Repeatable and Measurable is recommended.
Over and above KYC procedures
EDD files rely upon initial client screening. This definition requires revalidation of the customer’s identity – knowing the client’s identity, not who they say they are. EDD processes should use a tiered approach dependent upon the risk.Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results. Open source intelligence companies such as World Compliance and C6, aggregate this information and compile it daily into a comprehensive database.
Estate Engineer (Civil) Sunil Ch.Das,
Agartala
Searching on Google, for example, means different things to different people. Experience has shown poor returns from staff that believed they were experienced, but in practice were not and consequently failed to find relevant information.
Reasonable assurance
What is reasonable depends upon factors including jurisdiction, risk, resources, and technology state of the art. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof i.e. on the balance of probability.Relevant adverse information
Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offenses.
Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized regulatory bodies.
KYC Process Capability Maturity Model
A draft KYC Capability Maturity ModelCapability Maturity Model
The Capability Maturity Model is a development model that was created after study of data collected from organizations that contracted with the U.S. Department of Defense, who funded the research. This model became the foundation from which CMU created the Software Engineering Institute...
was published http://www.kycnet.com/resources/whitepapers.html and shared with a range of international KYC practitioners in 2009 and 2010. An updated and peer-reviewed version will be published in the ACAMS http://www.acams.org ACAMS Today magazine in early 2011.
The KYC Maturity Model is based on the typical 5 levels of the standard Capability Maturity Model. These levels are typically described as Initial, Repeatable, Defined, Managed and Optimized and have very strict meanings. The KYC maturity has however been somewhat simplified, renamed and re-built as follows: Chaotic, Reactive, Proactive, Service Managed and Value Managed. Practical process improvement learnings have also been taken from common manufacturing and IT productivity methodologies such as Lean
Lean
-In business:* Lean Startup, how to start a company in a lean way* Lean manufacturing, process improvement discipline* Lean construction is a translation and adaption of lean manufacturing principles and practices to the end-to-end design and construction process...
, Agile
Agile
Agile can refer to:*Agility*Agile , an American Thoroughbred racehorse* Agile management*Association of Geographic Information Laboratories for Europe *Agile Software Corporation, a provider of product lifecycle management solutions...
, 6-Sigma, ITIL
Itil
Itil may mean:*Atil or Itil, the ancient capital of Khazaria*Itil , also Idel, Atil, Atal, the ancient and modern Turkic name of the river Volga.ITIL can stand for:*Information Technology Infrastructure Library...
and Balanced Scorecard
Balanced scorecard
The Balanced Scorecard is a strategic performance management tool - a semi-standard structured report, supported by proven design methods and automation tools, that can be used by managers to keep track of the execution of activities by the staff within their control and to monitor the...
.
Continuous due diligence
CDD refers to the monitoring of clients and their activities to see if the client does not change markedly over time. In effect this combats the possibility that an individual (or more often an organisation) that has passed KYC is still who they say they are and doing what they said they would do when they underwent KYC checks. For example a corporate account set up honestly and openly by one person who passes KYC checks could be passed years later to another person that would not, without CDD the services provider would not know that the new owner is present. KYC (CDD) policy would normally demand KYC checks on the new owner regardless of the account history.Laws by country
- India: The Reserve Bank of IndiaReserve Bank of IndiaThe Reserve Bank of India is the central banking institution of India and controls the monetary policy of the rupee as well as US$300.21 billion of currency reserves. The institution was established on 1 April 1935 during the British Raj in accordance with the provisions of the Reserve Bank of...
introduced KYC guidelines for all banks in 2002. In 2004, RBI directed that all banks ensure that they are fully compliant with the KYC provisions before December 31, 2005. The purpose was to prevent money laundering, terrorist financing and theft. - South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)
- USA: Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before October 26, 2002, so KYC is now mandatory for all US banks
- New Zealand: Updated KYC laws were enacted in late 2009, and entered into force in 2010. KYC is mandatory for all registered banks and financial institutions (the latter being given an extremely wide meaning).
See also
- Anti-money laundering
- Anti-money laundering softwareAnti-money laundering softwareAnti-money laundering software is a term mainly used in the finance and legal industries to describe the legal controls that require financial institutions and other regulated entities to prevent or report money laundering activities. Anti money-laundering guidelines came into prominence globally...
- Anti-briberyBriberyBribery, a form of corruption, is an act implying money or gift giving that alters the behavior of the recipient. Bribery constitutes a crime and is defined by Black's Law Dictionary as the offering, giving, receiving, or soliciting of any item of value to influence the actions of an official or...
- Anti-corruptionPolitical corruptionPolitical corruption is the use of legislated powers by government officials for illegitimate private gain. Misuse of government power for other purposes, such as repression of political opponents and general police brutality, is not considered political corruption. Neither are illegal acts by...
- Politically exposed personPolitically exposed personPEP is an abbreviation for Politically Exposed Person, a term that describes a person who has been entrusted with a prominent public function, or an individual who is closely related to such a person. The terms PEP, Politically Exposed Person and Senior Foreign Political Figure are often used...
- Certified copyCertified copyA certified copy is a copy of a primary document, that has on it an endorsement or certificate that it is a true copy of the primary document...