Know your customer
From Wikipedia, the free encyclopedia
Know Your Customer (KYC) is the due diligence and bank regulation that financial institutions and other regulated companies must perform to identify their clients and ascertain relevant information pertinent to doing financial business with them. Typically, KYC is a policy implemented to conform to a customer identification program mandated under the Bank Secrecy Act and USA PATRIOT Act. Know your customer policies have becoming increasingly important globally to prevent identity theft fraud, money laundering and terrorist financing. In a simple form these rules may equate to answering twelve questions, but this is the tip of the iceberg and regulators now expect much more. KYC should not be thought of as a format to be filled - it is a process to be undergone from the start of a customer relationship to the end.
One aspect of KYC checking is to verify that the customer is not on any list of known fraudsters, terrorists or money launderers, such as the Office of Foreign Assets Control's Specially Designated Nationals list. This list contains thousands of entries that is updated at least monthly. As well as sanctions lists there are lists of third party vendors that track links between persons regarded as high-risk owing to negative reports in the media about them or in public records.
Beyond name matching, a key aspect of KYC controls is to monitor transactions of a customer against their recorded profile, history on the customers account(s) and with peers.
Banks doing KYC monitoring for anti-money laundering (AML) and Terrorist Financing (CFT) purposes increasingly use specialised transaction monitoring software, particularly names analysis software and trend monitoring software. The generated alerts identify unusual activity which is then subject to due diligence or enhanced due diligence (EDD) processes that use internal and external sources of information on the subject, including the internet. This helps to determine whether a transaction or activity is suspicious and requires reporting to the authorities. In the US it would require Suspicious Activity Reporting (SAR) filing to Financial Crimes Enforcement Network (FinCEN). In the UK it would require a report to Serious Organised Crime Agency (SOCA).
KYC has different connotations and the definition above is from an AML/CFT perspective.
Contents |
[edit] Enhanced due diligence
EDD has not been internationally defined. As a result financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money laundering Specialists) suggests the following:
“A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.”
Using a risk-based, tiered approach the definition can be tailored to suit a particular product or service.
It is assumed that usually EDD is triggered by regulatory requirement, risk-scoring and detection systems and that in a tiered approach, the process becomes more manual as the level of EDD increases.
[edit] Characteristics of EDD
[edit] Rigorous and robust
Generally this means consistent, thorough and accurate. The process must be documented and available for inspection by regulators.
The process must be S.M.A.R.T. (Specific, Measurable, Achievable, Realistic and Timely),[1] scaleable and proportionate to the risk and resources.
[edit] Over and Above KYC Procedures
EDD files rely upon initial client screening. This definition requires revalidation of the customer’s identity – knowing the client’s identity, not who they say they are.
EDD processes should use a tiered approach dependant upon the risk. A suggested model for Client Risk Scoring (CRS) is provided at Figure 1.
Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results.
Searching on Google, for example, means different things to different people. Experience has shown poor returns from staff that believed they were experienced, but in practice weren’t and consequently failed to find relevant information.
[edit] Reasonable assurance
What is reasonable depends upon factors including jurisdiction, risk and resources. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof i.e. on the balance of probability.
[edit] Relevant adverse information
Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offenses.
Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized regulatory bodies.
[edit] KYC in different countries
In USA : Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before October 26, 2002, so KYC is now mandatory for all US banks
In India : RBI has introduced KYC guidlines for all banks first time vide circular DBOD. No. AML.BC.18/ 14.01.001/2002-2003 dated August 16, 2002. Later vide circular no DBOD.NO.AML.BC.58/14.01.001/2004-05 dated November 29, 2004, RBI has directed that all banks shall ensure that they are fully compliant with the provisions of this circular before December 31, 2005. Therefore KYC is fully implemented in India.
[edit] See also
[edit] References
[edit] External links
- 'AML Risk Models' from Rohanbedi.com
- KYC directions in India : http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=2039&Mode=0