What is KYC and how can it help the financial sector?
KYC technology stands for ‘Know Your Customer.’ KYC is an online security process whereby organisations gather information on the identity of their customers, ensuring government regulations around financial services aren’t being misused or breached. The ultimate objective of KYC in financial services is to prevent services from being manipulated by criminal elements for money laundering activities and fraudulent activity. It also enables financial service companies to better understand their customers and their financial dealings, meaning they’re able to serve them better and manage risks.
The KYC process requires organisations to collect and verify basic details of customers, including their name and authorised signature. The procedure kicks in as soon as a bank customer applies to open an account. Banks are also required to periodically update their customers’ KYC details to make sure information remains secure.
KYC requirements for banks
Banks are required to carry out several legal Know Your Customer (KYC) checks to combat financial crimes such as money laundering and fraud. The specific KYC checks may vary by jurisdiction, but generally, banks are required to carry out:
- Customer Identification: Banks must verify the identity of their customers. This involves collecting and verifying information such as name, date of birth, address, and identification documents.
- Customer Due Diligence: Banks must conduct a risk assessment on their customers to determine the level of due diligence required. This includes assessing the customer’s background, source of funds, and risk profile.
- Enhanced Due Diligence: For high-risk customers or transactions, banks are required to perform enhanced due diligence. This may involve additional scrutiny, such as verifying the source of funds, conducting more frequent reviews, or obtaining additional information.
- Ongoing Monitoring: Banks must monitor their customers’ transactions on an ongoing basis to detect any suspicious or unusual activities. This includes evaluating the nature and purpose of transactions and monitoring for red flags that may indicate potential money laundering or other illicit activities.
- Reporting Suspicious Activities: If banks identify any suspicious activities, they are obligated to report them to the appropriate regulatory authorities. This helps in the fight against financial crimes and ensures compliance with anti-money laundering (AML) regulations.
It is important to note that KYC requirements may vary depending on the jurisdiction and the specific regulations in place. Banks are required to adhere to the KYC regulations set forth by their respective regulators to ensure compliance and protect the integrity of the financial system.
How familiarity can prevent fraud
Banks and other financial institutions must have strong KYC procedures in place to identify instances of money laundering or other financial crime. These will subsequently help to protect banks from incurring financial penalties imposed by regulators for any breaches. As we all know, the banking industry is one that’s particularly vulnerable to financial fraud and money laundering schemes – so customer background checks and screening procedures must be carried out to mitigate fraudulent activities.
For KYC to work effectively, a financial institution must first develop a deep understanding of their customer’s profile and how they’ll be using their accounts, as well as assessing the risks of their profile and monitoring their typical transactions. That way, should any transactions be completely out of character, banks can quickly identify them and put the brakes on any further suspicious account activity.
The overall importance of KYC is that it helps to establish trust in a customer profile, as well as allowing banks to understand the nature of customer activities to ensure protection from fraud and losses.
To that end, a Forbes article written by the CEO of Jumio, Robert Prigge found that regulators across Europe, the US, APAC, and the Middle East have levied nearly $26 billion in financial penalties against financial institutions for AML, KYC, and other violations over the past decade alone. In today’s ever-evolving regulatory and business climate, organisations should not only be concerned with making profits but also be able to accurately identify exactly who they are doing business with. It’s here where the true value of KYC technology lies.
How telco data can help financial institutions stay secure
The concept of KYC is now most often used in the world of financial services, and its origins can be traced back as far as 1882. In today’s online climate, particularly with the recent explosion of online usage, there’s no big surprise that there has been an increase in online fraud. This poses the question, can your organisation put 100% trust in the identities of your customers?
Banks and financial institutions traditionally used to perform KYC checks in person and make physical photocopies of passports or other forms of ID. However most checks have now moved online and can even be carried out using a mobile device. Which in itself poses a whole new threat.
Mobile number verification can also be used as an additional verification step. This involves the customer providing their mobile phone number which is then verified against our database. By cross referencing with our mobile number intelligence data we are able to provide accurate information and risk scores to determine the accuracy of the information provided.
Mobile device intelligence can then be paired with the mobile number data to provide insights on the device being used for verification. One of the main indicators is checking whether the actual device matches the expected device, reducing fraud such as sim-swap fraud.
The risks of improper KYC checks
Not performing full KYC checks can expose banks and financial institutions to various risks, including:
Increased Exposure to Financial Crimes: KYC checks are designed to verify the identity of clients and assess the potential risks of illegal intentions, such as money laundering, fraud, and terrorist financing. Without proper verification and due diligence, banks may unknowingly facilitate transactions involving illicit funds, which can lead to reputational damage, legal consequences, and significant financial losses.
Regulatory Non-Compliance: Failure to perform full KYC checks can result in non-compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. Financial institutions are subject to regulatory scrutiny, and non-compliance can lead to severe penalties, including fines, license revocation, and criminal charges.
Increased Operational Risks: Not conducting comprehensive KYC checks can expose banks to operational risks. This includes the potential for increased transactional errors, customer disputes, and exposure to fraudulent activities.
Inadequate Risk Assessment: KYC checks help banks assess the risk profile of their customers and transactions. Without proper due diligence, banks may fail to identify high-risk customers or transactions, leading to incomplete risk assessments and an increased vulnerability to financial crimes.
Reputational Damage: Inadequate KYC checks can damage a bank’s reputation and erode customer trust. If customers become aware that a bank failed to perform necessary checks and inadvertently facilitated illegal activities, it can result in a loss of customer confidence and a decline in business.
By not performing full KYC checks, banks expose themselves to these risks, which can have serious consequences for their financial stability, regulatory compliance, and reputation in the market.
PayPal became a casualty of a fake account epidemic
It’s no secret that the issue of fraud has long since been plaguing fintech businesses of all sizes. However, recent events have been causing some of the most serious issues yet – even for companies as giant as PayPal.
During the fourth quarter of 2021, PayPal’s chief financial officer, John Rainey, made a statement announcing 4.5 million accounts that were believed to be “illegitimately created.” This led to stock slumping by a huge 25% for the company.
A change of strategy
Over the course of the last two years, PayPal enjoyed the surge of an extra 120 million new customers (taking their total accounts up to a massive 426 million). This was largely due to the move towards e-commerce in light of the pandemic. In 2021, Rainey announced on earnings that they had “leaned into incentivized customer acquisition tactics to a much greater extent than we ever have in our history”. PayPal also began running marketing campaigns that offered to deposit $5 or $10 in a new customer’s account once they signed up. However, this tactic soon ran into trouble when bots began to automatically scoop up these incentives to unscrupulously collect the rewards.
Rainey also announced that PayPal plans to change its customer acquisition strategy, moving away from incentive programs to instead focus on “sustainable growth and driving engagement”. However, he did insist that this change in strategy is “separate and apart” from the issues they had experienced with bots and fake accounts.
In fact, since the pandemic began instances of fraud within the fintech space have been rising at a shockingly sharp pace. Vehicle rental companies such as Hertz and Avis have already stopped accepting payments from the likes of Chime, Cash App and PayPal – after Chime users had money taken from their accounts. In response to this, investment app Robinhood created a list of banks that they have prohibited transfers from, as a way to stop the haemorrhaging from fraud losses. But when it comes to PayPal, their fraud challenges can be traced way back to the year 2000 – when the company was losing a staggering $6 million (or $1,900 an hour) to fraud at a time when its total revenue was lower than $5 million.
Vigilance is vital
PayPal’s announcement that 4.5 million of its accounts were fake, ultimately poses the question of how other fintechs are being affected. What we’re seeing at PayPal certainly points towards a larger issue, related directly to the identity theft and synthetic fraud that we witnessed during the pandemic. The trend of bots weaponising personal information that they’ve stolen in data breaches isn’t going to go away any time soon – so companies must simply be on the vigilant lookout for signs of attack.
The challenges of KYC checks and how businesses can mitigate them
Organisations face several challenges when it comes to KYC (Know Your Customer) processes.
Firstly, regulatory compliance requirements related to KYC norms are constantly changing and becoming more complex. Organisations need to stay updated with the evolving regulations to ensure they are conducting KYC checks in accordance with the latest standards.
Secondly, traditional KYC processes often involve manual tasks, which can be time-consuming and prone to errors. This can impact operational efficiency and result in delays for customers.
Thirdly, verifying and validating customer data, such as identity documents, addresses, and contact details, can be challenging. Organisations need efficient methods and tools to ensure the accuracy and authenticity of the information provided by customers.
Finally, lengthy and cumbersome KYC processes can negatively impact the customer experience. Customers may find the onboarding process cumbersome, leading to frustration and potential abandonment of the process. It is crucial for businesses to balance compliance requirements with a seamless and user-friendly customer experience.
To overcome these challenges, organisations can adopt various strategies:
- Automation and Technology: Implementing digital solutions, such as advanced identity verification tools and automated data collection, can streamline the KYC process and reduce manual effort. Using technologies like artificial intelligence and machine learning can enable efficient data verification and validation, improving accuracy and speed.
- Risk-Based Approach: Organisations can adopt a risk-based approach to KYC, focusing more resources on higher-risk customers and transactions. By implementing risk-based strategies, businesses can allocate their resources where they are most needed, optimising efficiency and compliance efforts.
- Streamlined Data Sharing: Collaboration and sharing of non-sensitive customer data among financial institutions and other relevant parties can help streamline KYC processes. This approach reduces duplication of efforts and improves the efficiency of compliance procedures while maintaining data security and privacy.
- Continuous Monitoring and Updates: Regularly monitoring customer data and performing periodic reviews can help organisations keep their KYC information up to date and identify any potential risks or suspicious activities. This allows organisations to maintain compliance and mitigate risks effectively.
Contact TMT to learn more about Verify for financial institutions
Contact our team of experts today at TMT to learn more about how we can help you improve customer onboarding and significantly reduce risk using our Verify software.