KYC and onboarding: 5 steps fintechs need to know
The world of finance may be innovative and constantly changing, but one thing is for certain: fraud. Know Your Customer, or KYC, is a vital part of fraud-preventative measures and Anti-Money Laundering regulations – it exists to protect both customers and companies.
How does KYC actually work and what information is required for businesses to incorporate it? Below, we'll cover which types of companies need KYC, the crucial parts of it, and some of the universal requirements.
Who actually needs KYC during onboarding?
This depends on the specific regulations in the jurisdiction where the business operates, but it is generally considered that these businesses should conduct KYC during onboarding:
- Banks - due to their involvement in handling significant amounts of money, banks are required to comply with KYC regulations. This is to mitigate the risk of money laundering and other financial crimes.
- Value transfer services - money transfer companies and remittance services that facilitate the transfer of large sums of money are obligated to perform KYC procedures. This is to prevent money laundering through these transactions.
- Cryptocurrency exchanges - to comply with anti-money laundering regulations, cryptocurrency exchanges are starting to adopt KYC requirements to protect customers and themselves. The nature of cryptocurrencies being prone to illicit activities, such as money laundering and drug trafficking, necessitates a thorough KYC process.
- Casinos - casinos, which handle substantial cash transactions, are obliged to implement KYC measures. This is to prevent money laundering and other illegal financial activities.
- Foreign exchange (FX) brokers - FX brokers, involved in facilitating the exchange of significant amounts of money, are mandated to follow KYC protocols to comply with anti-money laundering regulations.
- Real estate agents - in certain jurisdictions, real estate agents need to carry out KYC procedures. This is because real estate transactions can be exploited for money laundering.
- Art dealers - Similarly, in some jurisdictions, art dealers are required to go through KYC processes. Art transactions have been exploited in the past as a means to launder money.
- Car dealerships - much like real estate agents and art dealers, though depending on the country, car dealerships are required to perform KYC procedures before selling any vehicle to a private individual or business.
As you might have gathered, in general, any finance-related company that deals with high-value assets and various currencies needs to practise KYC during onboarding.
The pitfalls of having slack due diligence
Stating that your organisation operates with KYC isn't a marketing gimmick or pesky regulation. In fact, it could save your business from financial failure.
For example, in 2021, Dutch bank ABN Amro was fined $574 million for inadequate KYC procedures. The bank was found to have failed to properly identify and assess the risks of its client acceptance, transaction monitoring and client exit processes. This allowed its systems to abuse ABN AMRO accounts between 2014 and 2020. This lack of KYC meant that ABN Amro paid a settlement of $574 million to investigators in the Netherlands.
While the above example may seem extreme, it is a warning to Fintech companies to take their KYC procedures seriously.
The crucial part of due diligence
KYC typically involves collecting information such as the customer's name, date of birth, proof of address, and government-issued ID. This information can then be verified through a variety of means, such as document checks, credit checks, and government organisations.
The level of KYC required will vary depending on the type of business and the risk profile of the customer. For example, a bank may need to conduct more extensive KYC on a customer who is opening a high-value account than on a customer who is opening a low-value account.
What is the FATF (Financial Action Task Force)
The Financial Action Task Force (FATF) is an intergovernmental organisation founded in 1989 by the G7 countries. Comprising 39 member jurisdictions, the FATF sets international standards for combating money laundering and terrorist financing. These standards, known as the FATF Recommendations, are continuously updated to address evolving methods used by criminals in money laundering and terrorism financing.
The Big Six (blocked countries)
The FATF holds a registry of jurisdictions that are deemed uncooperative in the global battle against money laundering and terrorist financing. These jurisdictions, widely known as the "Big Six," are:
The Big Six are:
- Afghanistan
- Iran
- North Korea
- Pakistan
- Syria
- Yemen
Fintech companies operating within or serving customers from any of these nations must implement additional stringent measures to comply with anti-money laundering (AML) regulations. These measures may encompass conducting comprehensive customer due diligence, closely monitoring customer activities, and promptly reporting any suspicious transactions to the relevant authorities.
Universal requirements for KYC
The following are universal requirements for all KYC procedures:
- The customer must provide essential information, including their full name, date of birth, and address.
- A government-issued ID, such as a passport or driver's licence, is typically required from the customer.
- Depending on the customer's risk profile or the nature of the business, additional information such as occupation or source of income may be requested.
5 crucial steps during KYC
These are the 5 steps your organisation will need to follow during KYC procedures:
- Collect all necessary customer information, including their full name, date of birth, address, government-issued ID, and other relevant details such as occupation or source of income.
- Verify the authenticity of the customer's identity by cross-checking their government-issued ID against a trusted database or using advanced technologies like facial recognition software.
- Establish the customer's true identity by comparing their ID photo with their physical appearance, or by utilising security questions that only the legitimate customer would be able to answer.
- Validate that the customer's claimed country of origin aligns with their actual location. This can involve checking their ID against a database of fraudulent documents or using methods like IP address verification.
- Assess the risk category associated with the customer by analysing their information, employing risk scoring models, and considering factors such as transaction history and background checks that may indicate higher levels of risk.
Appoint a compliance officer
You will also need to appoint a compliance officer, whose job it is to safeguard the company's adherence to KYC regulations. With a keen eye on compliance, the officer ensures that the company meets all relevant KYC requirements. They will also need to be based in the country of incorporation or operation.