Complete the Know Your Customer Checklist: 5 Essential Elements for Compliance

Know Your Customer (KYC) procedures are essential for verifying clients' identities, assessing potential risks, and preventing illegal activities like money laundering, terrorist financing, and identity theft. Building a KYC checklist makes mitigating risks and achieving compliance easier, especially for businesses in heavily regulated industries like banking.

In this article, you'll discover the requirements of KYC compliance and what to include in a know-your-customer checklist.

‍

What is KYC compliance?

KYC compliance refers to the procedures and regulations that financial institutions and other regulated entities must follow. KYC is a key part of the broader Anti-Money Laundering (AML) framework. It involves ensuring that the institution's clients are who they claim to be and that they do not pose a financial or reputational risk.

Businesses must integrate KYC into the first few steps of welcoming new customers or clients by verifying their identities. In this process, the institution can assess customer risk and the possibility of illegal activities, including money laundering, terrorist financing, fraud, and other financial crime.

‍

What are documents needed for KYC

KYC's goal is to verify customers' identities, assess risk, and ensure compliance with AML and counter-terrorism financing (CTF) regulations. Typically, KYC documents are categorized as proof of identity, proof of address, and, in the case of businesses, proof of registration and ownership.

‍

Proof of Identity (PoI) documents

Documents for verifying the individual’s identity must be government-issued and contain a photograph and signature. Common documents include:

• Passport: This globally recognized identity document contains an individual’s essential information, such as their photo, signature, and other vital details.
• Driver’s license: Similar to a passport, a driver's license includes a photograph and a signature and is widely accepted as proof of identity.
• National identity card: In many countries, national ID cards are used to establish proof of identity. It's important to note that not all countries have a national ID.
• Social Security card or tax ID card: In some jurisdictions like the U.S., Social Security Numbers (SSN) or Tax Identification Numbers (TIN) are required to verify identity.

Some institutions may accept other government-issued identity documents, depending on the regulatory requirements in their jurisdiction.

‍

Proof of Address (PoA) documents

In individual KYC, proof of address confirms where the individual resides. The address on the document must match the individual’s residential address as declared to the institution. Commonly accepted proof of address documents include:

• Utility bills: Gas, water, electricity, or telephone bills that clearly display the individual’s name and residential address. These must typically be recent (within the last 3-6 months).
• Bank or credit card statements: Statements from a recognized bank or financial institution showing the individual’s name and address.
• Rental/lease agreement: A rental or lease agreement showing the individual’s residential address and signed by both parties.
• Government-issued documents: Documents from government agencies that include the individual’s address, such as a voter registration card or tax assessment letter.

‍

Additional documents 

Sometimes, a business or institution may require additional documents for Enhanced Due Diligence (EDD). Escalating the process can be triggered if an individual is flagged as a high-risk customer Politically Exposed Person (PEP), if they are considered ultimate beneficial owners (UBOs) to a business. These may include:

• A second form of identification: Another valid, government-issued ID.
• Proof of income or wealth verification: Documents showing the source of funds, such as salary slips or tax returns.
• Biometric verification: Some institutions require biometric verification like fingerprints or facial recognition to supplement documentation.

‍

5 Elements that should go into your Know Your Customer checklist

When you're creating a KYC checklist, it's important to remember that requirements vary depending on the jurisdiction. Still, they generally involve several vital components to ensure that customers are who they claim to be and that their financial activities are legitimate.

‍

1. Customer Identification Program (CIP)

The Customer Identification Program is a foundational part of KYC, which mandates that financial institutions verify the identity of their customers before opening an account or conducting transactions. CIP requirements ensure that financial service providers know each customer's true identity.

At this stage, required documents are also gathered to prove the authenticity of any provided information and evaluate their customer risk.

‍

CIP Requirements:

• Full name of the customer
  The customer's legal name as it appears on official identification documents.
• Date of birth
  For individuals, the date of birth is required to verify the identity of the person.
• Residential address or business address
  A valid address where the customer resides or operates a business. This is used to cross-verify their identity.
• National identification number
  Depending on the country and the customer's nature, this could be a Social Security Number (SSN) in the U.S., National Identification Card (NIC), passport number, driver’s license, or tax identification number (TIN).

‍

2. Customer Due Diligence (CDD)

Customer Due Diligence concerns risk assessments and evaluating the customer’s potential to conduct illegal activities such as money laundering or fraud. Financial institutions must conduct different levels of due diligence depending on the perceived risk associated with the customer.

There are three main points of interest CDD must address.

• Identify the purpose of the business relationship
  The financial institution should understand why the customer is opening an account and the nature of their business or personal transactions, whether for a savings account or high-frequency trading.
• Source of funds
  Customers may be required to explain the source of the deposited funds. This is particularly important for large payments and transactions with unusual frequency. For businesses, this involves verifying revenue streams or capital sources.
• Expected account activity
  Institutions may ask for an overview of expected transaction types, volumes, and frequency, which helps detect suspicious activities later.

‍

3. Ongoing monitoring

KYC is not a one-time process. Continuous monitoring of customer accounts and transactions is a necessity that should be conducted to identify any changes in risk profile or potential suspicious activities.

‍

Ongoing monitoring requirements:

• Transaction monitoring
  Financial institutions must monitor customer transactions to detect patterns that deviate from the customer’s expected activity. Large transactions, frequent international wire transfers, or unusual account activity could trigger further scrutiny.
• Regular updates
  Customer information should be reviewed and updated periodically, particularly when there are significant changes, such as a new address, occupation, or transaction patterns.
• Suspicious activity reporting
  Suppose the financial institution detects suspicious activity, such as possible money laundering or fraud. In that case, it is required to file a Suspicious Activity Report (SAR) or equivalent report with the relevant authorities.
• Watchlist screening
  Screen customers regularly against global watchlists, such as those maintained by the Office of Foreign Assets Control (OFAC), the EU Sanctions List, or the UN Sanctions List, to ensure compliance with international regulations.

‍

4. Sanctions and PEP screening

KYC compliance also requires financial institutions to screen customers against sanctions lists and identify politically exposed persons considered at higher risk due to their positions of influence on a group of people and potential exposure to corruption.

‍

Screening requirements:

• Sanctions screening: Financial institutions must screen customers against international sanctions lists (OFAC, UN Sanctions, EU Sanctions) to ensure they are not doing business with individuals or entities prohibited from accessing the financial system.
• PEP identification: Customers who are PEPs (senior government officials, politicians, or military personnel) must be identified and subjected to enhanced due diligence due to their higher risk of involvement in corruption or money laundering.

‍

5. Record-keeping and reporting

Regulated institutions must maintain records of all KYC-related documents and transactions for a specific period, usually several years. These records serve as evidence of compliance in regulatory audits.

‍

Record-keeping requirements:

• Retention of records: KYC documentation, including identity verification documents, transaction records, and risk assessments, must be retained for a specific period, typically 5 to 10 years, depending on jurisdictional requirements.
• Data privacy and security: Institutions must also ensure that customer data is stored securely and handled in compliance with data protection laws such as GDPR or CCPA.

‍

Reporting Requirements:

• Suspicious activity reports (SARs): Financial institutions must report suspicious transactions to the relevant regulatory bodies, such as FinCEN (Financial Crimes Enforcement Network) in the U.S. or FATF in international jurisdictions.
• Currency transaction reports (CTRs): Certain large cash transactions (often over $10,000) must be reported to authorities to prevent money laundering.

‍

How to automate the process

Automated KYC solutions leverage modern technologies such as artificial intelligence (AI), machine learning (ML), optical character recognition (OCR), and biometrics to expedite the onboarding process, reduce human error, and enhance security.

‍

Integrate digital identity verification tools

One of the first steps in automating KYC is implementing digital identity verification tools that allow customers to submit their personal information and documents online. Using a digital onboarding process can speed up the process and make it more accessible for customers.

Vespia's onboarding flows are fully customizable, allowing you to select what information to ask from your clients. Our systems fills any grey areas to ensure financial service companies have all the essential information needed.

‍

Leverage biometric authentication

Biometric technologies such as facial recognition, fingerprints, and voice recognition can automate and strengthen the KYC process, ensuring that the individual submitting the documents is who they claim to be.

Automated screening and monitoring

A good screening and monitoring tool will automate screening customer data and continuously monitor them. With it, you'll be able to instantly check customers against global watchlists and sanctions lists to ensure they are not involved in illegal activities or high-risk financial transactions. An efficient software like Vespia's solution should have custom features that allow you to choose what notifications you receive.

‍

Use Machine Learning for Risk Assessment and Customer Due Diligence (CDD)

Machine learning (ML) algorithms can automate CDD and assess the risk associated with customers based on various factors such as their financial history, location, transaction patterns, and business activities.

‍

Acing KYC compliance

Implementing an effective KYC checklist is crucial for ensuring compliance, mitigating risks, and protecting your business from money laundering and other financial crimes. By incorporating the five essential elements, businesses can verify customer identities, assess risk, and adhere to regulatory standards.

Vespia understands the need to create a KYC process that keeps your operations compliant and secure. That's why our AI Compliance Officer runs risk assessments and analytics before recommending actionable comments and suggestions to ensure your business's security.