How KYC in banking is being transformed by software

Skyline of bank buildings at night

Last updated on December 5th, 2023 at 03:49 pm

What is KYC?

In the US, KYC in banking stands for “Know Your Customer” or “Know Your Client” and refers to the systems which a financial institution puts in place in order to protect itself from fraudulent activity. These systems are based on a set of laws enacted in 2001 as a part of the Patriot Act. The Patriot Act was passed in an effort to combat and prevent terrorism after the 9/11 attacks and contains many different laws to that effect; the KYC requirements that we are talking about here are just a slice of that pie. A big part of passing the Know Your Customer laws after 9/11 was to prevent criminals from committing identity theft and fabrication for the purpose of secretly funding terrorist groups, but there is more to it than that. The U.S. government had passed financial protection laws in the Bank Secrecy Act of 1970, but in 2001 these requirements were bulked up in order to prevent fraud, money laundering, and other financial crimes.

Because the KYC requirements are quite broad, each financial institution has its own way of approaching them, but there are elements that must be present for proper compliance for KYC in banking. There are two primary components: the Customer Identification Program (CIP) and Customer Due Diligence (CDD).

Customer identification program (CIP)

The CIP requirements usually include verifying personal identity documents for both business owners opening business accounts and individuals. For business owners, such documents might be a business license, partnership agreement, and/or trust instrument. For individuals, documents may include government-issued IDs, financial references, and/or information from a consumer reporting agency or public database.

Customer due diligence (CDD)

CDD requirements are a way for financial institutions to collect information in an attempt to predict how the account will be used and give each customer a corresponding risk assessment. CDD is not explicitly outlined in the Patriot Act so the details are left to interpretation and what suits the institution best. What is explicit is that banks are required to file a suspicious activity report if they have reason to suspect that suspicious activity is present. However, it’s difficult to know if the activity on an account is suspicious if the bank doesn’t know what a customer’s regular activity looks like. To find out what it looks like, the bank may ask questions like what the source of funds for the account will be, what the purpose of the account will be, and the person’s occupation, just to name a few examples. The bank then assesses the risk involved in conducting business with this person based on how well and how often their account is monitored and who they might do business with.

Why is KYC in banking important?

KYC in banking is important in protecting banks and customers from fraud, and because there is government regulation attached to it, non-compliance results in hefty fines. Know Your Customer also helps prevent financial institutions from engaging with customers whose risk factors make them a potentially bad client. If they aren’t going to adequately monitor their account or if they aren’t financially aware enough to understand the risks of investment, they could lose the bank a substantial amount of money. Additionally, because of the increase in filed suspicious activity reports, the fines for not being KYC compliant have skyrocketed. Billions of dollars in KYC non-compliance fines are issued every year.

How is know your customer done digitally?

In our increasingly digital world, you may be wondering if your institution can maintain KYC compliance digitally. What software is available to this end? IDScan.net offers third party checks to verify identity, criminal background, and whether someone is a politically exposed person (or PEP). All information we process is automatically stored and simply accessed by your institution, but the record storage systems are also secure and up-to-date. This is often a compliance regulation, but it’s also important for your business’ security from personal data hackers. Criminals seeking to commit identity fraud or synthetic identity fraud specifically target databases that potentially have sensitive personal information, as banks’ databases often do. Ensuring that your customers’ information is securely stored is of the utmost importance.

We also offer mobile ID validation which is a simple process. The customer takes 3 images:  

1. Front of the ID 

2. Back of the ID and 

3. A selfie  

The automation performs identity verification by checking that the ID is formatted correctly. It also checks that the information in the barcode matches what is displayed on the front of the ID. It then queries the USPS database to confirm that the address on the ID exists. Lastly, it moves to the pictures, calculating a confidence percentage in facial match between the photo on the ID and the selfie supplied by the customer. The selfie is also run through anti-spoofing processes to assure it is legitimate. 

More specifically, the customer’s picture is first compared to a database of known faces to ensure that a human face is indeed pictured. An algorithm then maps the customer’s face and compares the layout of the pictured face to the face on the ID provided. The identity verification automation can then see more definitively whether or not the faces match and provide a percentage to represent the confidence it has in the faces being the same. Additionally, the confidence percentage threshold is customizable so you can decide what your company is comfortable with accepting. IDScan.net’s digital identity verification experts are available to walk you through the process and determine what percentage is acceptable for your business’ identity verification needs.

Know Your Customer is important to financial institutions who wish to protect themselves from fraud, risky account holders, and substantial government fines. A lot of the way in which businesses go about being Know Your Customer compliant is left up to their discretion, so banks and other financial institutions have some freedom in how they design their KYC processes. Digital solutions are the only way for financial institutions to maintain KYC compliance as they move towards digital platforms.