Get the latest news right in your inbox
The concept of KYC - Know Your Customer - is now, more than ever, part of the common vocabulary of any company concerning customer acquisition. However, this term has been a reality for years, especially in sectors such as banking and related, although it applies to any industry.
KYC provides guarantees and a security framework in organization-user relationships and is the starting point for an organization to convert a potential customer into a full-fledged one.
Definition of the KYC concept - Know Your Customer
KYC is the acronym for Know Your Customer, Conoce a Tu Cliente (sometimes also referred to as Customer Due Diligence (CDD)). It is a process by which organizations identify and verify the identity of customers in a specific way and according to the regulations that affect their sector and the nature of the operations to be performed.
During the Know Your Customer process, a series of technical and regulatory controls are carried out to prevent identity fraud, verify that the customer is who they say they are and mitigate the risk of entering into a business relationship with individuals who engage in money laundering, corruption, terrorist financing and other types of illegitimate activities.
Know Your Customer and Digital Onboarding - or Customer Onboarding - are terms that are often confused and intertwined with the AML (Anti-Money Laundering) concept. The KYC process helps to comply with the requirements of AML regulations.
Digital Onboarding is referred to as the set of phases that a user goes through to register with an organization. Whether it is an employee joining a company or a user registering on a platform. One of these phases is KYC, to verify that the person is who they say they are. Similarly, the definition of Customer Onboarding is similar but refers only to customer registration.
Identity Verification in KYC
As we have already mentioned in the definition of the concept, one of the main objectives of Know Your Customer is to formalize a process by verifying the identity of a subject.
Identity verification is often confused with the term KYC. However, it is simple: Identity verification occurs within the KYC process. This is crucial, and helps us, to completely eradicate illegitimate activities based on impersonation.
Identity verification consists of a series of steps that confirm that the subject is who they say they are.
The Know Your Customer process
The KYC process can be performed through different methods and according to different standards depending on three factors: the security needs, the risk involved in the subsequent operation, and the resources you wish to invest in to provide a specific type of experience to the user who performs it.
Standards and methods for KYC
- Face-to-face identification: This is the traditional KYC process. In a commercial office, store, or establishment, a qualified agent identifies a person by performing all the steps of the KYC process himself. It is a process - for example - like the one carried out at airports.
- Asynchronous identification: Also known as unattended video identification, it allows the KYC process to be carried out in a fully automated, digital, and remote manner. Through a streaming video transmission and recording, the different phases of the process take place simply on a device without the intervention of another person, only the user and the platform that guides him through each step (narrator and interface). Subsequently, a human agent trained for this purpose follows the established protocol of verification of the video and the data provided in the background. This agent can be part of the KYC process provider, the customer, or a tertiary partner. It has the same legal value as face-to-face. It is the most agile for the user, the most secure, efficient, and fast for the company, and the most compliant.
- Fully automated identification: The only difference with the previous method is that it does not require review by a human agent. AI and machine learning techniques and controls work to perform accurate and error-free checks to corroborate identity and cross-reference data.
- Synchronous videoconferencing: This standard identifies people remotely in a guided manner. Also known as attended or assisted identification, the process is performed remotely but continuously assisted by a human agent through a recorded video call, who tells the user what to do and explains what data will be extracted in an automated way.
- Identification through static images: Popularly known as "through selfie", it obtains evidence through photographs instead of videos. Unlike the rest, it is not suitable for high-risk processes, although it is the most suitable for many use cases.
Phases of the KYC process
It can often seem confusing to establish where and at what point in the onboarding process KYC begins and finishes. Broadly speaking, KYC is considered to occur at the points where data is obtained and checks are performed to verify the identity of the customer and confirm that they are who they say they are.
As we have seen, the different methods of performing KYC will be chosen based on the needs and nature of three factors: the nature of the business, the operations to be performed subsequent to digital onboarding, and the regulatory security required by them.
Despite minor differences in the methods, taking the asynchronous identification standard as an example, the phases of the KYC process generally run as follows:
- Step 1. Data extraction: The data provided by the user when wanting to join as a customer or user of an organization is recorded and will be used to be corroborated and cross-checked with the evidence provided in the following steps.
- Step 2. Verification of identity documents: The front and back of the identity document are displayed. In an automated way, the data on it is extracted and very specific security checks are performed such as - for example -checking the concordance between the front and back, the materials and integrity of the document, verification of the hologram, possible alterations, etc.
- Step 3. Face verification: The user looks at the camera and shows his face, making some gestures such as smiling or moving his head from one side to the other to avoid identity fraud. A cross-check is made between the face obtained in this step with the one present in the identity document and a unique and mathematical facial biometric pattern of the person is created, in order to subsequently perform authentication processes once he/she is a customer.
- Step 4. Subsequent verification: Programmatically, through an API or the interface provided by the supplier, the completed process is sent to the verification queue. In an automated way, the process will have already been validated or not, in parts, by the system (AI and machine learning), only requiring a second "ok" by a human.
It is very important to keep in mind that not all KYC service providers are able to offer all these steps and controls, especially those sensitive checks such as those that occur in steps 2 and 3. The difference between having a simple Know Your Customer solution or an advanced one means being able to operate in the market or not.
Its relationship with the financial industry
The banking, financial, and related industries must set very exhaustive controls when onboarding new clients. Risk management and fraud prevention are crucial for these institutions and companies, as they are often the target of fraudulent practices.
Public authorities have legislated to make the industry safe and committed to acquiring customers in a way that complies with these standards. KYC in the financial sector is a mandatory imperative. The regulations and compliance standards that affect the area determine in a very concrete way how to proceed - for example - to be able to open a bank account online.
Thanks to KYC, a person can open an account, invest, manage their insurance or perform any type of financial management from any digital device with a camera and internet connection. This can be done from anywhere in the world and at any time of the day.
Likewise, for physical offices, digitizing the process means turning a process that on average took 3 weeks into one that does not exceed 3 minutes, with total safety and without errors.
Additionally, if the KYC service subsequently offers user authentication for access to platforms, agility and productivity will be multiplied exponentially for both organizations and users.
Leaving aside the obligation of KYC identity verification and its steps to combat money laundering and terrorist financing, as well as establishing a secure framework in which customers and users of FinTech companies and traditional banking can operate, in the onboarding process, before Know Your Customer, companies must require a series of data.
This data must be handled according to current regulations, with privacy and IT security techniques that guarantee its safekeeping. The data most frequently requested by banks, insurance companies, FinTech or WealthTech, or similar industries are:
- Identity document.
- Profession and work activities
- Name of the employing company, type of contract, estimated annual income, or payroll.
- Information about the person's residence, type of contract, estimated annual income, or payroll.
- Details about the person's residence, address, and tax situation.
- Why do they want to open the account?
- Information about possible money transfers to foreign accounts.
- Estimation of the type of usual operations to be carried out.
- Information about taxation abroad or receipt of an inheritance.
KYC Crypto requirements
Nowadays, most countries are regulating the cryptocurrency sector through KYC processes to ensure that the purchase and sale of digital currencies are carried out safely and always in compliance with current regulations.
In Europe, the update of the European directive (AML5) - which took place in 2018 and establishes user verification processes as a basis for ensuring security - led to this transformation in the world of virtual currencies.
Since then, crypto companies are pushed to integrate identity verification processes, obeying very specific measures and following the steps, as happens in traditional banking. In this way, the customer must provide a legal identity document confirming that the person behind the screen corresponds to the person on the document. Also, companies must verify that the user is not on a list of people involved in money laundering contacts.
Additionally, the creation of a single digital space for the identification of customers with all the data of the users of those who register in these services was notified. That data will become public and cross-referenced with records from other European Union countries.
Leading platforms such as Binance have recently incorporated KYC processes for their operations as both blockchain and cryptocurrency companies - and those who make use of cryptocurrencies - are required to operate according to these legal standards to prevent fraud and money laundering offences.
KYC regulatory framework
The Know Your Customer process is regulated and has been set in order to establish estandardization. Unlike solutions based on selfies or static images, KYC is valid for any type of transaction thanks to all the electronic evidence provided in it.
The regulations in this area state that the most acceptable and secure methods are asynchronous video identification and automated identification with all the controls required by law.
The relation between KYC, AML, and eIDAS
KYC and AML (Anti-Money Laundering) go hand in hand. AML5 is the most up-to-date European standard relating to the prevention of money laundering and defines how a client's onboarding should be to prevent illegitimate activities. One of the main ways of committing fraud related to this illegal practice is through identity fraud. This is where we see the KYC and AML concepts related.
Regarding eIDAS, the European electronic identity recognition system, it sets all the requirements regarding the creation and use of digital identities, so identity verification in the Know Your Customer process must be carried out taking into account its technical standards.
Regulations required to operate
While complying with AML5 and eIDAS - the pioneer and reference regulations for KYC worldwide - ensures compliance with practically any regulation in the world regarding user verification and onboarding of new customers, also local regulations must be taken into account in order to operate in the markets.
For example, in France, it is important to comply with the rules set by ANSSI and ACPR, in Mexico with the Law of Financial Technology and Credit Institutions of the CNBV and the FATF/GAFI Recommendations at a global level. In many cases, it is the central banks of each country that set the standards and it is necessary to review the recommendations and rules they set.
In any case, it is always important to have an expert RegTech partner to help assess the regulatory framework of the region and sector in which you are working so that you can establish appropriate processes in operations and ensure that the company is in the market according to the laws and safely.
To have a Trust Services Provider is necessary to validate the impartiality in the process and ensure the correct treatment and custody of the data collected, as well as the IT security and traceability technically required. Moreover, lately, and for many sectors, it is mandatory to have more than one supplier in order to operate.
How to implement a KYC process in customer relationship systems
Know Your Customer controls must be integrated into the digital and onsite onboarding and authentication processes of companies. This integration and subsequent implementation should take into account the needs and characteristics of the company, its processes, and systems, and the way it operates.
Companies may only need to integrate the KYC process into an onboarding process that is already polished and working properly. Therefore, the solution must be optimized to integrate into already built processes without damaging them or creating friction. On the contrary, some companies take advantage of the integration of KYC into their business to completely transform their processes or create new ones that were previously not possible without KYC. In this case, it is important that the Know Your Customer provider has experience in business model operations (BPM) and digital transformation.
KYC service providers should not merely facilitate controls but should act as a partner to their customers, exploring their needs and providing expert advice on integration to find the best solution, both in terms of reinventing, transforming, or modifying the process and the way in which it is carried out (types of KYC methods).
There are two options for KYC management: connecting systems via APIs or providing customers with a polished and optimized management platform. To check that a KYC partner provides both options is to ensure its expertise and quality. The accompaniment in the integration process must be comprehensive.
Implications, advantages, and possibilities when integrating a KYC process
KYC, far from being a headache for companies and clients, has represented a total transformation in the way they relate to each other, improving agility and making possible activities that were not feasible before.
Onboarding processes have been digitized and have minimized all possible frictions and difficulties for users to access remote contracting and use of products and services. Not only in the financial sector, but in any industry.
Trust and the creation of a secure framework have boosted many areas of activity and enable the creation of new products and services. Companies can grow at no additional cost and expand into other markets and regions by simply including 4 simple steps in their customer onboarding processes.
By the same token, digitizing these processes has drastically reduced time and shifted employees from bureaucratic and tedious work to attend more complex tasks and provide better support to customers. Productivity has been boosted and costs reduced. Likewise, improving the User Experience and User Interface care process has minimized abandonment in the registration process and boosted sales in all channels, onsite and online.
Scaling your business, complying with regulations, giving the customer a security framework, trust, and offering new products and services is now possible thanks to KYC (Know Your Customer).