Anchorage Digital Selects Modern Treasury to Power Money Movement Infrastructure.Learn more →
In the financial industry, Know Your Customer or Know Your Client (KYC) is a set of guidelines for verifying the identity of a customer and gauging the associated risk of working with them. KYC is part of a larger set of anti-money laundering regulations within the United States.
The goal of the KYC compliance requirement is to prevent money laundering, fraud, financing terrorism, and identity theft among other potential financial crimes. Financial institutions that are required to follow KYC guidelines include banks and credit unions, finance tech applications, private lenders, wealth management firms and broker-dealers. Failure to adhere to KYC can result in penalties, such as fines.
History of KYC
KYC requirements first came into place in the 1990s. They were strengthened even further as part of the Patriot Act, post 9/11, in an effort to limit funds going to terrorist cells.
In 2016, the Financial Crimes Enforcement Network (FinCEN) updated KYC requirements once again. This update aimed to address the fact that KYC did not explicitly require banks to identify stakeholders and beneficiaries of businesses with accounts at their institutions. The issue was that a business could appear outwardly legitimate while sheltering potentially bad actors and completing financial transactions for them. The 2016 update introduced Know Your Business (KYB) to address this gap in the regulations.
How does KYC work?
KYC can be broken down into three key components: the Customer Identification Program (CIP), Customer Due Diligence (CDD), and Continuous Monitoring.
For the Customer Identification Program, financial institutions must prove that a client is who they say they are before opening an account on their behalf. Any individual who controls a legal entity or owns more than 25% of one must have their identity verified via identifying documents (e.g., ID cards and business licenses), proof of address, and in some cases, even biometrics. Potential customers must also provide financial references and statements for review.
To comply with Customer Due Diligence, financial institutions must complete a detailed risk assessment for each customer. The risk assessment involves the financial institution reviewing the potential type and frequency of transactions a customer plans to make. Reviewing these potential transactions allows the institution to be aware of anomalous transactions when the account is opened. The assessment results in a risk rating that dictates how often a customer’s account will be monitored for fraud or other suspicious transactions.
Continuous monitoring is just what it sounds like: financial institutions are responsible for continually reviewing and monitoring customer accounts for suspicious or unusual activity. In the event of suspicious activity on an account, financial institutions are responsible for submitting a Suspicious Activities Report (SAR) to FinCEN.
Learn
Compliance is a crucial function for any company that moves money on behalf of their customers. Dive into the fundamentals behind key compliance processes like KYC, KYB, transaction monitoring, and more.
A Politically Exposed Person (PEP) is someone that might be more likely to break the law or be corrupt because of the power their position affords them.
Specially Designated Nationals (SDN) are individuals and entities tied to countries that the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has hit with sanctions.
Anti-money laundering (or AML) compliance entails a careful adherence to rules and regulations aimed at combating illicit financial activities.
Asset risk management is essentially a fusion of asset management and risk management.
The “Check Clearing for the 21st Century” Act, commonly known as “Check 21,” is a federal law enacted in 2004 to modernize the check payment system.
Compliance risk management (CRM) is the ongoing process of identifying, assessing, and mitigating potential risks that threaten an organization’s business.
Customer due diligence (CDD) is a process used at financial institutions (FIs) when working with potential new customers.
FinCEN, short for Financial Crimes Enforcement Network, is a government bureau that aims to prevent money laundering and other financial crimes—and punish bad actors that commit them.
Know Your Business (KYB) is a set of verification procedures that helps companies avoid getting into business with criminals.
Know Your Customer or Know Your Client (KYC) is a set of guidelines for verifying the identity of a customer and gauging the associated risk of working with them.
The Office of Foreign Assets Control (OFAC) is a financial intelligence and enforcement agency under the jurisdiction of the US Treasury Department.
PCI DSS certification means your business has met the requirements laid out in the Payment Card Industry Data Security Standard (PCI DSS) to secure payment card data.
According to the Department of Labor (DOL), Personal Identifiable Information (PII) is any information from which a person’s identity can be either directly or indirectly inferred.
Service Organization Control 2 (SOC 2) is a voluntary auditing procedure that service providers complete to keep their clients’ data secure from cyber attacks.
Section 314(a) is part of the USA Patriot Act that enables financial institutions (FIs) and law enforcement to work together to fight money laundering and terrorist activity.
Section 314(b) and Section 314(a) of the USA Patriot Act both relate to information requests under the Banking Secrecy Act (BSA).
A currency transaction report (CTR) is a report made by U.S. financial institutions aiming to prevent money laundering.
The Customer Identification Program (CIP), part of the Know Your Customer program guidelines, requires that financial institutions in the U.S. verify that customers (both individuals and businesses) are who they say they are when they open new accounts for themselves or other people.
A Suspicious Activity Report (SAR) is a report that a bank or other financial institution must file if it suspects that a customer might be breaking the law and committing fraud, financing terrorism, or laundering money.
An Agent of the Payee is a person, entity, or other intermediary specifically appointed by a payee to process and collect payments on their behalf.
Identity Verification APIs allow businesses to streamline the process of checking the identities of new users by automatically, and in some cases instantly, verifying their provided identifying information.
An OFAC check is a screening process used by financial institutions, businesses, and government agencies to ensure that individuals or entities involved in a transaction are not listed on sanctions lists maintained by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC).
The Bank Secrecy Act (BSA)—also known as the Currency and Foreign Transactions Reporting Act—is a piece of legislation designed to help prevent fraud.
The Electronic Fund Transfer Act (EFTA) is a federal law in the U.S. that regulates electronic transactions to protect consumers.
The Office of the Comptroller of the Currency (OCC) is a federal agency that "charters, regulates, and supervises" all national banks.