The concept of KYC - Know Your Customer - is now, more than ever, part of the common vocabulary of any company concerning customer acquisition. However, this term has been a reality for years, especially in sectors such as banking and related, although it applies to any industry.
KYC provides guarantees and a security framework in organization-user relationships and is the starting point for an organization to convert a potential customer into a full-fledged one.
KYC is the acronym for Know Your Customer, Conoce a Tu Cliente (sometimes also referred to as Customer Due Diligence (CDD)). It is a process by which organizations identify and verify the identity of customers in a specific way and according to the regulations that affect their sector and the nature of the operations to be performed.
During the Know Your Customer process, a series of technical and regulatory controls are carried out to prevent identity fraud, verify that the customer is who they say they are and mitigate the risk of entering into a business relationship with individuals who engage in money laundering, corruption, terrorist financing and other types of illegitimate activities.
Know Your Customer and Digital Onboarding - or Customer Onboarding - are terms that are often confused and intertwined with the AML (Anti-Money Laundering) concept. The KYC process helps to comply with the requirements of AML regulations.
Digital Onboarding is referred to as the set of phases that a user goes through to register with an organization. Whether it is an employee joining a company or a user registering on a platform. One of these phases is KYC, to verify that the person is who they say they are. Similarly, the definition of Customer Onboarding is similar but refers only to customer registration.
As we have already mentioned in the definition of the concept, one of the main objectives of Know Your Customer is to formalize a process by verifying the identity of a subject.
Identity verification is often confused with the term KYC. However, it is simple: Identity verification occurs within the KYC process. This is crucial, and helps us, to completely eradicate illegitimate activities based on impersonation.
Identity verification consists of a series of steps that confirm that the subject is who they say they are.
The KYC process can be performed through different methods and according to different standards depending on three factors: the security needs, the risk involved in the subsequent operation, and the resources you wish to invest in to provide a specific type of experience to the user who performs it.
It can often seem confusing to establish where and at what point in the onboarding process KYC begins and finishes. Broadly speaking, KYC is considered to occur at the points where data is obtained and checks are performed to verify the identity of the customer and confirm that they are who they say they are.
As we have seen, the different methods of performing KYC will be chosen based on the needs and nature of three factors: the nature of the business, the operations to be performed subsequent to digital onboarding, and the regulatory security required by them.
Despite minor differences in the methods, taking the asynchronous identification standard as an example, the phases of the KYC process generally run as follows:
It is very important to keep in mind that not all KYC service providers are able to offer all these steps and controls, especially those sensitive checks such as those that occur in steps 2 and 3. The difference between having a simple Know Your Customer solution or an advanced one means being able to operate in the market or not.
The banking, financial, and related industries must set very exhaustive controls when onboarding new clients. Risk management and fraud prevention are crucial for these institutions and companies, as they are often the target of fraudulent practices.
Public authorities have legislated to make the industry safe and committed to acquiring customers in a way that complies with these standards. KYC in the financial sector is a mandatory imperative. The regulations and compliance standards that affect the area determine in a very concrete way how to proceed - for example - to be able to open a bank account online.
Thanks to KYC, a person can open an account, invest, manage their insurance or perform any type of financial management from any digital device with a camera and internet connection. This can be done from anywhere in the world and at any time of the day.
Likewise, for physical offices, digitizing the process means turning a process that on average took 3 weeks into one that does not exceed 3 minutes, with total safety and without errors.
Additionally, if the KYC service subsequently offers user authentication for access to platforms, agility and productivity will be multiplied exponentially for both organizations and users.
Leaving aside the obligation of KYC identity verification and its steps to combat money laundering and terrorist financing, as well as establishing a secure framework in which customers and users of FinTech companies and traditional banking can operate, in the onboarding process, before Know Your Customer, companies must require a series of data.
This data must be handled according to current regulations, with privacy and IT security techniques that guarantee its safekeeping. The data most frequently requested by banks, insurance companies, FinTech or WealthTech, or similar industries are:
Nowadays, most countries are regulating the cryptocurrency sector through KYC processes to ensure that the purchase and sale of digital currencies are carried out safely and always in compliance with current regulations.
In Europe, the update of the European directive (AML5) - which took place in 2018 and establishes user verification processes as a basis for ensuring security - led to this transformation in the world of virtual currencies.
Since then, crypto companies are pushed to integrate identity verification processes, obeying very specific measures and following the steps, as happens in traditional banking. In this way, the customer must provide a legal identity document confirming that the person behind the screen corresponds to the person on the document. Also, companies must verify that the user is not on a list of people involved in money laundering contacts.
Additionally, the creation of a single digital space for the identification of customers with all the data of the users of those who register in these services was notified. That data will become public and cross-referenced with records from other European Union countries.
Leading platforms such as Binance have recently incorporated KYC processes for their operations as both blockchain and cryptocurrency companies - and those who make use of cryptocurrencies - are required to operate according to these legal standards to prevent fraud and money laundering offences.
The Know Your Customer process is regulated and has been set in order to establish estandardization. Unlike solutions based on selfies or static images, KYC is valid for any type of transaction thanks to all the electronic evidence provided in it.
The regulations in this area state that the most acceptable and secure methods are asynchronous video identification and automated identification with all the controls required by law.
KYC and AML (Anti-Money Laundering) go hand in hand. AML5 is the most up-to-date European standard relating to the prevention of money laundering and defines how a client's onboarding should be to prevent illegitimate activities. One of the main ways of committing fraud related to this illegal practice is through identity fraud. This is where we see the KYC and AML concepts related.
Regarding eIDAS, the European electronic identity recognition system, it sets all the requirements regarding the creation and use of digital identities, so identity verification in the Know Your Customer process must be carried out taking into account its technical standards.
While complying with AML5 and eIDAS - the pioneer and reference regulations for KYC worldwide - ensures compliance with practically any regulation in the world regarding user verification and onboarding of new customers, also local regulations must be taken into account in order to operate in the markets.
For example, in France, it is important to comply with the rules set by ANSSI and ACPR, in Mexico with the Law of Financial Technology and Credit Institutions of the CNBV and the FATF/GAFI Recommendations at a global level. In many cases, it is the central banks of each country that set the standards and it is necessary to review the recommendations and rules they set.
In any case, it is always important to have an expert RegTech partner to help assess the regulatory framework of the region and sector in which you are working so that you can establish appropriate processes in operations and ensure that the company is in the market according to the laws and safely.
To have a Trust Services Provider is necessary to validate the impartiality in the process and ensure the correct treatment and custody of the data collected, as well as the IT security and traceability technically required. Moreover, lately, and for many sectors, it is mandatory to have more than one supplier in order to operate.
Know Your Customer controls must be integrated into the digital and onsite onboarding and authentication processes of companies. This integration and subsequent implementation should take into account the needs and characteristics of the company, its processes, and systems, and the way it operates.
Companies may only need to integrate the KYC process into an onboarding process that is already polished and working properly. Therefore, the solution must be optimized to integrate into already built processes without damaging them or creating friction. On the contrary, some companies take advantage of the integration of KYC into their business to completely transform their processes or create new ones that were previously not possible without KYC. In this case, it is important that the Know Your Customer provider has experience in business model operations (BPM) and digital transformation.
KYC service providers should not merely facilitate controls but should act as a partner to their customers, exploring their needs and providing expert advice on integration to find the best solution, both in terms of reinventing, transforming, or modifying the process and the way in which it is carried out (types of KYC methods).
There are two options for KYC management: connecting systems via APIs or providing customers with a polished and optimized management platform. To check that a KYC partner provides both options is to ensure its expertise and quality. The accompaniment in the integration process must be comprehensive.
KYC, far from being a headache for companies and clients, has represented a total transformation in the way they relate to each other, improving agility and making possible activities that were not feasible before.
Onboarding processes have been digitized and have minimized all possible frictions and difficulties for users to access remote contracting and use of products and services. Not only in the financial sector, but in any industry.
Trust and the creation of a secure framework have boosted many areas of activity and enable the creation of new products and services. Companies can grow at no additional cost and expand into other markets and regions by simply including 4 simple steps in their customer onboarding processes.
By the same token, digitizing these processes has drastically reduced time and shifted employees from bureaucratic and tedious work to attend more complex tasks and provide better support to customers. Productivity has been boosted and costs reduced. Likewise, improving the User Experience and User Interface care process has minimized abandonment in the registration process and boosted sales in all channels, onsite and online.
Scaling your business, complying with regulations, giving the customer a security framework, trust, and offering new products and services is now possible thanks to KYC (Know Your Customer).