- Know your customer
Know your customer (KYC) is the
due diligence andbank regulation thatfinancial institutions and other regulated companies must perform to identify their clients and ascertain relevant information pertinent to doing financial business with them. In the USA, KYC is typically a policy implemented to conform to a customer identification program mandated under theBank Secrecy Act andUSA PATRIOT Act . Know your customer policies have becoming increasingly important globally to prevent identity theft fraud,money laundering andterrorist financing . In a simple form these rules may equate to answering twelve questions, but this is the tip of the iceberg and regulators now expect much more. KYC should not be thought of as a form to be filled - it is a process to be undergone from the start of a customer relationship to the end.One aspect of KYC checking is to verify that the customer is not on any list of known fraudsters, terrorists or money launderers, such as the
Office of Foreign Assets Control 'sSpecially Designated Nationals list. This list contains thousands of entries and is updated at least monthly. As well as sanctions lists there are lists of third party vendors that track links between persons regarded as high-risk owing to negative reports in the media about them or in public records.Beyond name matching, a key aspect of KYC controls is to monitor transactions of a customer against their recorded profile, history on the customers account(s) and with peers.
Banks doing KYC monitoring for
anti-money laundering (AML) andCounter-Terrorism Financing (CTF) purposes increasingly use specialised transaction monitoring software, particularly names analysis software and trend monitoring software. The generated alerts identify unusual activity which is then subject todue diligence or "enhanced due diligence" (EDD) processes that use internal and external sources of information on the subject, including the internet. This helps to determine whether a transaction or activity is suspicious and requires reporting to the authorities. In the US it would require Suspicious Activity Reporting (SAR) filing toFinancial Crimes Enforcement Network (FinCEN). In the UK it would require a report toSerious Organised Crime Agency (SOCA).KYC has different connotations and the definition above is from an AML/CTF perspective.
Know Your Customer processes are also employed by regular companies of all sizes, for the purpose of ensuring their proposed agents', consultants' or distributors' anti-
bribery compliance. Banks, insurers andexport credit agencies are increasingly demanding that customers provide detailed anti-corruptiondue diligence information, to verify their probity and integrity.Some specialist consultancies help multinational companies and SMEs conduct Know Your Customer processes when entering new markets.
Enhanced due diligence
EDD has not been internationally defined. As a result financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money laundering Specialists) suggests the following:
“A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.”
Using a risk-based, tiered approach the definition can be tailored to suit a particular product or service.
It is assumed that usually EDD is triggered by regulatory requirement, risk-scoring and detection systems and that in a tiered approach, the process becomes more manual as the level of EDD increases.
Characteristics of EDD
Rigorous and robust
Generally this means consistent, thorough and accurate. The process must be documented and available for inspection by regulators.
The process must be SMART (Specific, Measurable, Achievable, Realistic and Timebound), [ [http://www.goal-setting-guide.com/smart-goals.html "Learn How to Make Your Goals SMART" web page, retrieved November 5, 2006] ] scalable and proportionate to the risk and resources.
Over and above KYC procedures
EDD files rely upon initial client screening. This definition requires revalidation of the customer’s identity – knowing the client’s identity, not who they say they are. EDD processes should use a tiered approach dependent upon the risk.
Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results.
Searching on Google, for example, means different things to different people. Experience has shown poor returns from staff that believed they were experienced, but in practice were not and consequently failed to find relevant information.
Reasonable assurance
What is reasonable depends upon factors including jurisdiction, risk and resources. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof i.e. on the balance of probability.
Relevant adverse information
Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offenses.
Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized regulatory bodies.
KYC in different countries
In USA: Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before
October 26 2002, so KYC is now mandatory for all US banksIn India: RBI has introduced KYC guidelines for all banks first time vide circular DBOD. No. AML.BC.18/ 14.01.001/2002-2003 dated
August 16 2002. Later vide circular no DBOD.NO.AML.BC.58/14.01.001/2004-05 datedNovember 29 2004, RBI has directed that all banks shall ensure that they are fully compliant with the provisions of this circular beforeDecember 31 2005. Therefore KYC is fully implemented in India.In South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)
ee also
*
Anti-money laundering
*Anti-money laundering software
* Anti-bribery
* Anti-corruption
*Politically exposed person
*Certified copy References
External links
* [http://feinsearch.com Verify Employers, through their EIN in the US]
* KYC directions in India : http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=2039&Mode=0
* [http://www.occ.treas.gov/handbook/bsa-amlintro-overview.pdf AML Intro in FFIEC Manual, US Government]
* [http://www.offshorebusiness.com KYC News]
* [http://www.moneylaunderingnews.tv]
* [http://www.profilersolutions.com Profiler: Automated KYC Business Process Management Solution]news reports from:
* http://www.moneylaunderingnews.tv
Wikimedia Foundation. 2010.