How KYC goes beyond identity verification
It might be obvious that you can identify someone without really knowing them, and yet for so many businesses, KYC (know your customer) checks stop at identity verification. Identity verification to carry out KYC checks is one of the biggest growth areas in the biometrics market, but must be combined with other measures to comply with regulations and prevent fraud. Here’s what makes KYC checks different – and why identity verification isn’t enough to mitigate risk.
The roots of KYC trace back to the 1970s, when the G7 countries established the Financial Action Task Force (FATF) to fight money laundering, according to a post from Finextra. In the ‘80s and ‘90s, governments and financial institutions began putting measures in place to prevent money laundering. Over 200 countries have committed to implementing standards set out by the FATF, and those that do not adhere to those standards are placed on a gray or black list.
The Patriot Act was introduced in 2002 in response to the terrorist attack on the U.S. that took place on September 11th, 2001. It updated the Bank Secrecy Act and was designed to prevent further attacks by closing loopholes for the financing of terrorism. The UK similarly put the Proceeds of Crime and Terrorism Act in place.
Since then, online banking and financial services have been widely adopted by businesses and consumers, dramatically altering the way that financial institutions engage with their customers. This has led to the introduction of identity verification through checks of government-issued identity documents and biometrics. Along with checks against databases of known fraud incidents, international sanctions and other risk factors make up remote KYC.
While it’s critical to verify a customer’s identity as part of a KYC process, much more goes into assessing risk and determining someone’s trustworthiness. KYC can act as prevention against fraud, money laundering, and identity theft, where a bad actor impersonates someone else through stolen identity documents.
KYC is typically carried out with comparisons of selfie biometrics with facial images on ID documents, along with verification of biographical details, document validation, risk assessments, and customer activity monitoring. Data analytics make it easier to identify risk factors such as anomalies in customer data.
While KYC regulations can prevent money laundering from and financial fraud, KYC is distinct from anti-money laundering (AML). While KYC and identity verification is a part of AML, determining the level of assurance that the identity verification process must meet, financial institutions follow AML regulations to prevent money laundering specifically.
KYC processes are also less regulated, while AML standards are typically put into place by countries and jurisdictions. Financial institutions must establish their KYC processes to be compliant with AML requirements in their jurisdictions.
Since 2008, regulators have placed over $403 billion in fines for KYC and AML violations. Top banks spend as much as $1 billion on KYC and other operations to prevent financial crime.
As the finance industry grows increasingly digitized, the measures financial institutions have historically used for KYC and AML aren’t as effective at addressing newer, more sophisticated forms of fraud.
Fragmented and unverified information can make it difficult to accurately assess risk and can lead to false alerts. This can lead to excessive time being put into reviewing customer profiles and result in backlogs. Moreover, less than 10 percent of Suspicious Activity Reports received by Financial Intelligence Units can be immediately used by authorities.
As countries and jurisdictions establish stronger AML frameworks in response to the impact tech advancements have on crime, financial institutions are at risk of failing to comply with these increasingly complex regulations and could be fined as a result.
KYC procedures have a limited scope, however, and may not detect more sophisticated techniques that criminals may use to misrepresent their identity or conceal funds.
Human error can lead decision makers to overlook red flags. A lack of standardization gives criminals the opportunity to take advantage of inconsistencies, and outdated tech systems can hinder financial institutions’ ability to perform effective KYC processes.
KYC processes may require such a volume of documentation and data that it may cause delays for customers – disproportionately affecting low risk customers who feel their personal data is needlessly being reviewed.
By focusing on regulatory compliance and risk management, entities have established standardized ways of carrying out KYC, leading to a generic approach to customer verification that falls short in assessing risks and preventing financial crime.
And the extensive amounts of documentation used to conduct KYC checks does not always equate to effective fraud and crime prevention. KYC checks may fail to detect false or misleading information. They may also fall short in catching more sophisticated money laundering or terrorist financing.
The digital KYC market was forecast in 2022 to reach $1.96 billion by 2029, on compound annual growth of 22 percent from 2017 figures.
Article Topics
AML | biometrics | fraud prevention | identity verification | KYC
Comments