Now we can hear about this concept everywhere – the KYC (Know Your Customer) process is implemented in various industries. A real asset for fighting against fraud and identity theft, a properly implemented KYC process is offering now a lot of benefits to both users and businesses.
What does KYC mean?
The KYC acronym, meaning « Know your customer », is the name given to the process by which a company verifies the identity of its customers. This process includes different stages, the purpose of which is to ensure that the person who wants to benefit from a service or good is the one who he/she pretends to be.
Where did the KYC process come from? Well, the term originated in the financial sector, due to the need to establish the traceability of customers and their transactions. Indeed, in order to prevent the involvement of banks in money laundering or illegal financial activities, it was necessary to implement processes that control the customers’ identity, as well as the use of their capital.
The AML/CFT European Directive (Anti-Money Laundering/Combating the Financing of Terrorism) is defining now regulatory measures in the financial sector and asks the parts to integrate a customer knowledge process into the purchase of their goods and services. So, what is the purpose of this directive? Preventing financial crime, money laundering and terrorist financing.
What are the KYC requirements?
The classic KYC process, derived from the financial sector, generally includes three main stages, that are reported according to the company’s risk assessment strategy.
First and foremost, there is the identification program that consists of collecting information about customers (such as first name, last name, address or even date of birth) upon subscribing/purchasing. This process may also include the verification of identity documents and the supporting documents, as well as the verification of the holder’s identity, by the means of a facial recognition system. These verifications may either be carried out independently of each other, or merged to a complete and secured customer onboarding.
Secondly, financial institutions determine the trust level and the vigilance that has to be kept well in mind, regarding a customer. This is called the « Customer Due Diligence (CDD) » and is one of the most important components of the aforementioned AML/CFT Directive.
The Customer Due Diligence consists in proving the fact that the client truly is the person who he/she claims to be and that he/she is transparent regarding the nature of his activities. This involves analysing the customer’s detailed information and history to determine the level of risk they pose to the business. In order to have a comprehensive view, investigations are also carried out in correlation with precise databases.
Finally, the last step consists of applying continuous monitoring when the initial check is not enough to build a trust relationship between the company and the customer. This usually involves an analysis of the transactions and activities of the latter.
Why is the KYC so necessary?
The main goal of the KYC process is therefore to verify a customer’s identity and ensure its probity and integrity against anti-corruption laws, but it does not end there.
A KYC process for regulatory compliance
Nowadays, financial institutions are legally required to integrate a KYC process into their customers’ onboarding. The KYC requirements are different in every country, but in Europe, the 5th Anti-Money Laundering and Combating the Financing of Terrorism Directive (AML/CFT) and the General Data Protection Regulation (GDPR) are the two documents that make reference to knowing the customer. In addition to these regulations, there is also the eIDAS Regulation, that aims to increase the electronic transactions trust and defines security levels in terms of identification.
Each country may also request additional requirements by transposing the Directive and its requirements. Let us take the example of France, where ANSSI (French National Cybersecurity Agency) has developed a set of requirements for Remote Identity Verification Service Providers (PVID).
The lack of conformity with these regulations may result in very high penalties for the concerned companies.
A KYC process for fighting against fraud and identity theft
The KYC helps fighting against fraud and identity theft attempts. This plays a key role not only in the financial sector, but in many other activity fields, such as online gambling or telecommunications.
The massive digitization of goods and services made fraud become a real plague that affects a large number of companies. In fact, as sales are made remotely more and more, online fraud, and especially identity theft, has increased tremendously.
Therefore, companies need to be very vigilant and protect themselves against identity theft by incorporating a KYC process to verify and control the identity of their customers. KYC is serving then as a double protection. It protects not only companies from potential fraudsters, who could jeopardize their business by involving them in litigation, but also customers. Their identity check helps to prevent possible identity theft by stealing documents or by simply making usage of the personal data.
Because it protects both parties, the KYC process becomes a reassuring tool for both users and companies.
A KYC process for building a trust relationship
The KYC process concerns financial institutions that are legally subject to it, but not only. The KYC can also be implemented to secure the exchanges between parties from multiple areas. The collaborative economy, that connects individuals in the context of the exchange of goods or services, is the perfect example.