The KYC process explained
Take a look at the key KYC processes that enable financial institutions to ‘know their customer’, stay compliant and enrich the banking experience for their corporate customers.
The KYC process explained
KYC is becoming more rigorous across the financial industry and is even driving business decisions, but what are the key processes that enable financial institutions to ‘know their customer’, stay compliant and enrich the banking experience for their corporate customers?
KYC, or "Know Your Customer", is a set of processes that allow banks and other financial institutions to confirm the identity of the organisations and individuals they do business with, and ensures those entities are acting legally.
Effective KYC protects companies from doing business with organisations or individuals involved in illegal activity, such as money laundering, terrorist financing or corruption. It also allows financial institutions to get a better understanding of their customers’ businesses, which can provide valuable insights for financial institutions.
Why is KYC so important?
In a bid to combat illegal activities that use the financial industry to move or hide money, governments and central banks across the world have been growing the remit and reach of their KYC policies, creating new, or extending existing regulations to cover nearly every part of the global financial ecosystem.
The increased focus on KYC is partially due to the growing prevalence of financial crime across the world today. But, it also reflects the increase in the number of connections between financial organisations and corporate companies across countries and territories.
Across these connections, more value than ever moves across the world each day, making it more difficult to stop and prevent illegal financial activities. Regulators have adapted and strengthened KYC checks to keep pace.
Traditional KYC processes
Financial institutions start the KYC process by asking customers to provide a range of basic information about their business operations and individuals. It includes the names of the company’s directors, business addresses, national insurance or social security numbers, company numbers, and so on. This information is supplemented with publically-available information about the entity from open sources, such as names and addresses, registration numbers, stock exchange listings and annual reports.
The KYC information is then compared to lists of individuals and organisations that are known to governments and law enforcement agencies. The lists have a number of different aims:
- To identify individuals suspected of being involved with criminal activities
- To detail which jurisdiction’s international sanctions companies or individuals fall under
- To provide intelligence on companies or individuals suspected of taking part in bribery or money laundering
- To identify Politically Exposed Persons (PEPs)
A few examples of internationally published lists include:
- US Department of State sanctions lists
- Specially Designated Nationals and Blocked Persons Lists (SDN)
- Financial Action Task Force lists (FATF)
- Transparency Index lists from Transparency International
- State Sponsors of Terrorism list
A risk-based approach
After comparing the collected KYC information with the relevant lists, a financial institution will decide whether or not they can do business with the entity. If they pass the necessary checks, the entity will be given a risk rating, based on their likelihood to pass future KYC checks.
Where an entity’s risk rating is considered above a threshold set by the financial institution, a greater level of scrutiny is needed. This is called enhanced due diligence (EDD).
Risk factors include:
- Companies based in a sanctioned territory or a country that has been identified as having high levels of corruption, money laundering or terrorism financing
- Directors or executives of the company that are politically exposed persons (PEPs)
- Legal persons named in company documents that are also the main ultimate beneficiary owners of the company
- Many clients of the customer being non-residents to the country where the customer operates
- The company being based in a country identified as not having adequate AML or counter-terrorism systems.
- The customer’s business being mainly cash-based
The rise of the KYC registries
Completing KYC checks on all customers and entities puts a costly burden on financial institutions. What’s more, KYC checks need to be completed again and again as company details, regulations and the types of checks evolve over time. This means that financial institutions must contact their customers frequently to request KYC information.
The burden is shared by the customer, who must respond to each request for KYC information or risk delays to their transactions. This is especially true for global and multi-banked corporates who can receive large volumes of individual KYC requests from each of their different banks, putting strain on their business relationships.
The idea of a central KYC registry has recently promised to solve much of this headache for financial institutions and their customers. A KYC registry is a central repository that stores and keeps up-to-date the necessary KYC information for a business and that financial institutions can log into and consume the information they need at any time.
Registries, such as SWIFT’s own KYC Registry, allow the standardised exchange of nearly all KYC information and greatly reduce the burden of the KYC process on both the financial institution and the corporate customer.
The KYC Registry
Find out about SWIFT’s KYC solutions for corporates, banks and other financial institutions.