Why Is KYC Necessary for Banking Institution Security?

5 mins

The aircraft hijackers who carried out the deadliest attack on America on September 11, 2001 used The Hudson United Bank of New Jersey as one of the financial institutions to facilitate their attack. According to the 9/11 Commission, money-laundering safeguards in the financial industry at the time were not designed to identify or disrupt the kind of deposits, withdrawals, and wire transfers that assisted in the attacks. As a result, Know Your Customer (KYC) rules were created as part of the Patriot Act to prevent terrorist operations and financial crimes.


What is the difference between KYC and AML?

In the regulatory compliance space, the terms KYC and AML are often used interchangeably and are seen as the same thing. However, this is far from the truth, as both KYC and AML differ greatly in their meaning, especially in a regulatory context. The full forms of AML and KYC are Anti Money Laundering and Know Your Customer, respectively.

To combat the rising problem of money laundering, national and international agencies all over the globe issue guidelines to the banking industry. These impose certain screening and monitoring processes on all financial institutions so that the financial system is safeguarded from abuse by criminals. These AML checks in general are called AML-KYC compliance programmes.


Why KYC (Know Your Customer) Was Implemented for Banking

Know Your Customer (KYC) legislation was enacted as part of the Patriot Act to combat terrorism financing and financial crimes.
Because money launderers and other criminals frequently use false identities to conceal their true identities during the onboarding process, KYC policies require financial institutions to “get to know” their customers by confirming to a high level of assurance that those customers are who they say they are.

With so much relying on KYC and Customer Identification Procedures (CIP) in banking getting it right, and with increasing customer onboarding taking place online, it’s no wonder that financial institutions are searching for effective technology to remotely verify consumers’ identities. In this article, we’ll look at some of those technologies and how they’re being utilised in financial services to meet KYC and enhanced due diligence standards.

Why is KYC compliance required?

For decades, the United States Department of the Treasury has enacted legislation requiring financial institutions to help the government in identifying and combating money laundering.

For example, the Bank Secrecy Act of 1970 mandates financial firms to preserve specified documents related to money laundering, tax evasion or other criminal activities. In 2016, the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a series of rulings to clarify and tighten Customer Due Diligence (CDD) obligations and Anti-Money Laundering (AML) measures.

Requiring financial institutions to perform due diligence in order to understand who their customers are and what types of transactions they engage in is a critical component of combating all forms of illicit financial activity, from terrorist financing and sanctions evasion to more traditional financial crimes.

Banks spent more than $100 billion in 2016 to satisfy KYC compliance and regulators, and it is expected that compliance costs would climb by four to ten percent by 2021. Despite these massive investments, according to Fenergo data, approximately $26 billion in fines were levied on financial institutions in the previous decade for noncompliance with AML and KYC standards.

KYC Procedures Used by Banks and Financial Institutions

FinCEN specified four minimal elements needed for an efficient KYC procedure in order to clarify and reinforce CDD regulations and fulfil KYC in the financial industry.
These regulatory obligations include:

  1. Identifying and validating consumers’ identities
  2. Monitoring client activity for suspicious transactions on a continual basis, as well as preserving and updating customer information depending on risk indicators.
  3. Identifying and authenticating the identification of legal entity customers’ beneficial owners (i.e., natural individuals who own or control legal entities)
  4. Recognising the nature and purpose of customer connections in order to create a customer risk profile


What is required from customers during the onboarding process?

To comply with these KYC regulations, financial institutions must collect and verify identification information when onboarding new customers. The criteria differ depending on whether the bank account is for an individual or a corporation. Individual clients who visit a bank in person will carry some kind of identification, such as a driver’s licence or passport, as well as proof of address and any other documentation that may be necessary for the transaction. The banker examines the customer’s documents to ensure that they are who they claim to be.

Additional documentation establishing the identity of beneficial owners (e.g., articles of incorporation) and business activity (e.g., profit and loss statements) is necessary for business accounts.

When clients open accounts online, the processes become significantly more complicated. Customers’ digital identities must now be verified by financial institutions to ensure that they correspond to their actual, physical identities. To establish a trustworthy link between a digital identity and a real person, a rigorous identity verification mechanism is required to ensure the person is who they claim to be and to monitor any questionable behaviour. This approach may employ a combination of biometrics for example, machine learning, and/or document or ID verification.

Regtech for KYC and AML compliance

Apart from having skilled professionals, financial institutions should also invest in effective software solutions to run their AML compliance programmes successfully. Many of the current AML-KYC solutions are not robust to capture the complexities of modern-day customer risk management. Customer AML risk ratings are either carried out manually or are based on models that use a limited set of pre-defined risk parameters. This leads to inadequate coverage of risk factors which vary in number and weightage from customer to customer.

Furthermore, the information for most of these risk parameters is static and collected when an account is opened. Often, information about customers is not updated in the required format and frequency. The current models do not consider all the touchpoints of a customer’s activity map and inaccurately score customers, failing to detect some high-risk customers and often misclassifying thousands of low-risk customers as high risk.

Misclassification of customer risk leads to unnecessary case reviews, resulting in high costs and customer dissatisfaction. Adding to this, the static nature of the risk parameters fails to capture the changing behaviour of customers and dynamically adjust the risk ratings, exposing financial institutions to emerging threats.

Using artificial intelligence and machine learning

Today, modern technologies like AI and machine learning are getting widespread attention for their ability to improve business processes and regulators are encouraging banks to adopt innovative approaches to combat money laundering. In the field of AML compliance, a sophisticated solution that can capture changing client behaviour through effective detection of risk indicators and regularly update customer profiles as underlying activities change is urgently required. There are Regtech solutions available to ensure correct AML- KYC compliance in a long-term way.

Tookitaki’s solutions for AML – KYC compliance

Many financial institutions are now using Tookitaki’s unique solutions.

Tookitaki developed an end-to-end AML-KYC compliance platform called the Anti-Money Laundering Suite (AMLS). It offers multiple solutions catering to the core AML activities such as transaction monitoring, name screening, transaction screening and customer risk scoring. Powered by advanced machine learning, AMLS addresses the market needs and provides an effective and scalable AML compliance solution.

To know more about our AML solution and its unique features, please contact us.