The modern KYC practices have revolutionized the banking and financial sectors, ensuring enhanced security measures and reduced instances of fraud.
Nowadays, one of the most important aspects to consider for KYC (Know Your Customer) issues is data. To make an informed decision, and therefore, to make the best use of data available, there are several key measures, which are crucial to be aware of for a normal KYC:
Using electronic documents, wherever possible, can prove to be very valuable for almost every KYC. By using official data or documents, such as from banks, insurance, telecommunication providers, or official municipal or administrative registers, it can often easily, quickly, and efficiently be confirmed that a certain person exists.
If possible, companies should also strive for a biometrical confirmation that a person’s face matches their passport, verifying the respective person’s identity. For this use, copies of driver’s licenses, national IDs, or passports can be asked from customers and then checked pursuant to a certain procedure.
Regarding certain, sanctions-relevant questions, such as whether there is an involvement of a sanctioned or SAN or politically exposed person or PEP or a Reputational Risk or RR there are certain specialized databases that can prove very valuable. These databases, such as Refinitiv or KYC6, continuously monitor the names of sanctioned individuals from significant lists of governmental and non-governmental organizations, such as the Office of Foreign Assets Control (OFAC), EU, UK, and others.
By using such a database, in the best case even by using more than just one of them, a company can then screen their customers and get at least a solid first impression, if not even a match. Depending on the strength of the match (%), further steps can then be taken to build up on this.
The Modern KYC Practices
One of these further steps, which is almost always part of an in-depth KYC screening, is the so-called Adverse Media Check or AMC: This method contains a search through public records, websites, and other sources to identify any relevant, potentially damaging information, which could potentially pose a risk associated with a customer. It has to be set up beforehand how this check should be conducted, e.g. which sources should be searched and in which ways (How many pages of Google results, etc.) to guarantee a uniform approach when checking more than just one customer (which is usually the case).
Usually, the above checks will comprise only a rudimentary KYC check. However, since they are conducted by using new and different ways of processing data, they can be done fast and combined with each other. By this, a broad check, which is usually quite reliable, can be done in quite a short time with an adequate amount of effort.
The choice of the specific check and the depth and amount of different checks have to be made based on the individual situation of the company and its risk exposure. For this, strategic decisions based on customer risk and costs have to be taken, usually by the company’s management or its MLRO. For example, in a case where only a relatively low risk was found, it may be decided that just an elementary check is enough to be comfortable with the respective customers.
On the other hand, in cases with a higher risk, it may be advisable to choose a combination of different, maybe even manual/individual and digital checks to minimize the company’s risk as much as reasonably possible and necessary. Still, there are many more ways to check certain KYC-relevant information, such as anti-fraud solutions or an IP address check.
In some circumstances, it may even make sense to engage a video ID provider that can get respective customers on a video chat with an expert to confirm that the person is alive and exists.
Another way of collecting data is by asking the customers to provide the relevant information or data themselves. Where this may make sense, the company should, as part of the planning, consider how much data it wants the customer to provide. This has to be evaluated for the potential negative effects, which can result from customers having much effort, e.g. when they have to fill out forms. As a general rule applies here (again), a company will have to collect more data, the more risk it usually faces.
Another crucial aspect to consider in this respect is that the collected data must be clear and reliable. This is now even more important digitalization makes data not only more easily available but they can also more easily affected by forgeries of misinformation. This is strongly connected to the question, of where the collected data come from and how much this source can be trusted.
Therefore, if possible, the relevant data should be derived straight from official government sources, e.g. from documents held with the company registries, and municipal and tax authorities.
Another big challenge in this respect is nowadays, how to include more AI-based solutions into the KYC process. This, however, can also have both advantages and cause issues. At the moment, it is, e.g., still a question of how reliable AI solutions are in this context.
Final Thoughts
In the evolving landscape of Know Your Customer (KYC) procedures, data stands as the fulcrum. Leveraging electronic documents from credible sources, such as banks and administrative registers, expedites the verification process, ensuring the existence of an individual. Biometric confirmations further solidify this verification. Specialized databases like Refinitiv and KYC6 are indispensable for monitoring potential sanctions, while the Adverse Media Check delves deeper into the public realm for potential risks. While these methods provide a foundational KYC check, the level of scrutiny should be calibrated based on company risk profiles, emphasizing strategic decision-making.
Engaging customers directly can supplement data collection, but a balance between comprehensive data and user ease is paramount. The veracity of data is imperative, especially in an era susceptible to digital misinformation; hence, reliance on government sources is advised. Integrating AI into KYC procedures presents promising advances, though its reliability remains a subject of scrutiny.
