🎉Middesk partners with Socure to automate KYB and KYC compliance processes end-to-end

Read more
All Posts

Know Your Customer (KYC) and why it's required

Jennifer DunnJuly 28, 2022

In brief:

  • Know Your Customer (KYC) is a financial institution’s regulatory and legal obligation to combat fraud and financial crime by verifying the identity of its customers. It’s also sometimes referred to as Know Your Client.
  • Banks, fintechs and other financial institutions can use both “documentary” (government ID, etc.) and “non-documentary” (credit reports, public databases, etc.) evidence to verify a customer’s identity.
  • Combined with Know Your Business (KYB), KYC ensures that a fintech, bank or other financial institution does not assist in money laundering, fraud, or other financial crimes.

Fintechs, banks, and other financial institutions are required to ensure that the customers they are doing business with are not involved in crimes such as:

  • Money laundering
  • Financing terrorism
  • Committing fraud
  • Sanctions evasion

To do this, entities that handle and move money are legally required to verify their customers’ identities with a due diligence requirement known as Know Your Customer (KYC).

Why are KYC procedures required?

In short, KYC is required due to United States’ Anti-Money Laundering (AML) laws. These were first codified in the Bank Secrecy Act (BSA) of 1970, then were further refined in the Patriot Act of 2001.

The BSA was mainly concerned with money laundering and scrutinizing foreign transactions. The Patriot Act added complexity to customer identity verification by requiring that banks and other financial institutions implement a Customer Identification Program (CIP). The overall process of verifying customer identities is now commonly known as KYC.

In 2016, the US government issued an expanded set of identity verification guidelines for business accounts. These requirements are known as Know Your Business (KYB).

Any bank, fintech or financial institution who handles money is generally required to implement KYC checks. If that business also has other businesses as customers, then they’re also required to implement KYB checks. Combined, KYC and KYB due diligence programs ensure a company isn’t aiding bad actors and abetting financial crimes.

What is the difference between KYC and Know Your Business (KYB)?

The actual process of KYC and KYB is similar. Both involve verifying identity information. The main difference between these two regulatory requirements are the specific entities being verified. With KYC, individuals are being verified. With KYB, business entities and people associated with those businesses are being verified.

What is the process for KYC compliance?

Banks, fintechs and other financial institutions are required by law to implement a KYC identity verification process, but the law doesn’t spell out exactly what measures each business must take.

On the bright side, this means that these institutions are able to incorporate best practices and their own risk tolerance when implementing AML/KYC programs. For instance, a small credit union that only serves a local area sees lower risk activity than an international bank with money moving across twenty countries. In this case, the small credit union's KYC requirements may be less stringent.

But every entity must still ensure that they have a written KYC procedure and that it encompasses the FDIC’s rules for a Customer Identification Program (CIP).

What does that mean?

Non-Documentary Customer Identification

In many cases, a KYC check can be performed with non-documentary evidence. (Also known as “keyed-in verification.”) For example, a customer provides their social security number and the bank or other financial institution verifies that information against a public (or private) database.

This customer-provided info is often sufficient for institutions to verify a customer’s identity.

Non-documentary evidence may include:

  • Comparing customer provided information to public databases
  • Pulling a customer’s credit report
  • Checking references with other financial institutions
  • Obtaining the customer’s financial statements

But what if this check fails?

Documentary Customer Identification

If the first KYC check fails that doesn’t necessarily mean that the customer is committing fraud or should otherwise be denied an account. There are many reasons why a KYC check might fail or require more verification, including:

  • The customer is young, with limited credit history
  • The customer recently changed their name
  • The customer is a recent immigrant to a new country

If non-documentary evidence isn’t sufficient to verify customer identity, an entity can fall back on documentary evidence.

This might mean asking the customer for documents such as:

  • A copy of their driver’s license
  • Passport
  • Social Security Card
  • Other identifying documents

Some KYC programs even require the potential customer to submit a selfie or video of themselves holding their identification.

As a downside, asking for documentary evidence creates more friction in the onboarding process, which might cause customers to drop out or seek out a competitor.

CIP rules also impose recordkeeping requirements on any entity subject to these regulations. Businesses who perform KYC checks must keep a record of the information they used to make a KYC decision. In general, they must keep this documentation for at least five years after the customer has closed their account.

In effect, documentary and non-documentary sources can be used in conjunction to verify that a customer really is who they say they are.

What happens if a customer doesn't pass KYC verification?

According to FDIC rules, banks, fintechs and other financial institutions must also implement policies on what to do if a KYC verification takes longer than usual. In this case, a bank may allow an unverified customer to use their account on a limited basis.

Of course, verification can also fail. In that case, the institution is obligated to deny the customer’s account.

But no fintech or other financial institution wants to lose out on a customer due to faulty KYC processes. And that’s where automated KYC comes in.

How to automate KYC processes

We recently partnered with Socure, the leading platform for digital identity confirmation. Together, we now offer both Know Your Business (KYB) and Know Your Customer (KYC) services to both Middesk and Socure customers.

Want to learn how you can start verifying business and customer identities, speed up onboarding, reduce risk and lower client acquisition costs? Learn more about Middesk.

Explore the next generation of business identity solutions