Know Your Customer (KYC)
Everything you need to know about a KYC check that complies with the Money Laundering Act
To ensure that they are only offering their financial products and services to reputable customers, banks and other financial institutions need to know who they are dealing with. In fact, the financial sector, along with many others, is legally required to have secure processes and systems in place to carry out such checks.
And that’s where KYC comes into play: KYC stands for “Know Your Customer”. This article is about what KYC is, what a modern KYC process looks like, what the obligations are for banks and other financial institutions – and companies – and which solutions are available for a secure KYC process.
Why is KYC important?
Knowing one’s customers helps to prevent criminal activities. Or to say it another way: a seamless KYC process can help to prevent money laundering, the financing of terrorism and other types of white-collar crime. In addition to banks and other companies in the financial sector, many other industries (such as the insurance, real estate, or e-commerce sectors) are now legally required to establish comprehensive KYC processes. The basis for this is the EU Money Laundering Directive, the UK Bribery Act, the UK Modern Slavery Act, and the regulations of the Financial Action Task Force (FATF).
Compliance with KYC regulations is therefore a must. Non-compliance can result in severe penalties, which means that banks and other financial institutions must implement rigorous KYC procedures to comply with legal requirements.
The basis for the correct approach is the EU Money Laundering Directive. It is the mandatory framework for banks and financial institutions for customer identification. Its aim is to prevent money laundering.
Money laundering is a real problem!
Money laundering, financing of terrorism and identity fraud are real concerns for the EU. They pose a real threat to the global and European Union economic system and not only for financial institutions and the countries themselves, but also for the population.
For more than 30 years, the fight against money laundering has been a top priority. The first Money Laundering Directive was issued in 1991 and has been regularly updated since then – and for good reason, after all, new risk factors are constantly emerging, including:
- technological innovations such as blockchain or crypto currencies
- terrorist organizations that are globally networked and active
- loopholes that are exploited by criminals.
The EU Anti-Money Laundering Directive: continuously adapted
The first Money Laundering Directive was drafted in 1991. At that time, the primary focus was on combating drug trafficking. Even then, banks and financial service providers were already required to comply with the requirements of the Money Laundering Act (AML).
The second version of the directive extended anti-money laundering measures beyond banks and financial service providers to include non-financial sectors such as insurance, real estate, gambling, auditing and notaries.
Over the years, the law has been continually refined and tightened. For example, the due diligence requirements were more strictly regulated and a national central office for suspicious activity reports was introduced. In 2015, high payments were also targeted and the due diligence requirements for customers were tightened again.
The fifth anti-money laundering directive also considered virtual currencies such as Bitcoin. Such currencies allow participants to carry out their transactions under a pseudonym, which of course makes it more difficult to track illegal activities – making legal intervention and the implementation of appropriate KYC procedures all the more important here.
The current Money Laundering Directive contains revised provisions for the central reporting offices, the supervisory authorities and the transparency register. It allows for stricter punishments.
Legal basis of the KYC verification
The legal basis for the KYC principle is provided by Article 8 of the Third EU Money Laundering Directive, the Fourth EU Money Laundering Directive and the Money Laundering Act. Together with the UK Bribery Act, the UK Modern Slavery Act and the Financial Action Task Force (FATF), the EU directives form the legal framework for KYC procedures.
Anti-corruption laws, such as the UK Bribery Act 2010, require appropriate verification and monitoring of business partners and, due to their transnational effect, entail liability risks for many companies. To comply with international guidelines, the KYC principle must be adhered to. Companies face severe penalties for violations, such as the revocation of their business license.
Procedure for a KYC check that meets the legal requirements
In principle, all companies in the financial sector – such as banks, credit institutions and financial service providers – must process customer data in accordance with the KYC principle. And insurance companies, lawyers, notaries, auditors, tax advisors and real estate agents are also affected by the law.
Every KYC check begins with the verification of the following two factors:
- The identity of the business partner or the person who wishes to conclude a contract with the company is obliged to carry out the KYC check or to open an account. This information, respectively the required data, is determined with the help of proof of identity, for which an ID card is usually required, or alternatively a passport.
- Verification of the address. This can be checked, for example, with the help of a current bill from a utility company (e.g. an electricity, telecommunications or gas provider) or an official document (registration certificate). A current rental contract may also suffice.
KYC verification for a natural person
If a KYC check is to be carried out for a natural person, the following information must be checked and verified:
- First name and surname of the person
- Place of birth
- Date of birth
- Nationality
- Address
Once this personal data has been recorded, it must be compared with sanction lists to ensure that no business relationship is entered into with the person to be identified during a KYC process if there is reason to believe that a business relationship should not be entered into due to critical events.
If the person identified is a politically exposed person (PEP), the enhanced due diligence requirements under Section 15 of the GwG apply, as there may be a higher risk of money laundering or terrorist financing. Therefore, an enhanced due diligence (EDD) check must be carried out in this case.
Incidentally, the increased duty of care for politically exposed people assumes that they are more likely to be the target of corruption due to their special role in society.
KYC check for legal entities or partnerships
If a new business relationship is to be entered into with a previously unknown company, the company itself must first be identified. The transparency register, for example, can be consulted to obtain the following information:
- company name, name or designation
- legal form
- registration number, if available
- address of the registered office or principal place of business
- Names of the members of the representative body or the names of the legal representatives and, if a member of the representative body or the legal representative is a legal entity, the data of this legal entity in accordance with letters a to d.
During this check, which must be carried out according to the so-called Know Your Business principle (KYB), the beneficial owners must also be determined.
This process is faster and easier with the use of WebIDs CorporateID. This solution for corporate identification generates the required information and data on legal entities and partnerships in an automated process, accessing the Federal Gazette as the primary source – for many countries in Europe, and even complex corporate structures can be delivered within one business day.
KYC verification of beneficial owners (UBOs)
A beneficial owner is a natural person who directly or indirectly (e.g. through intermediate legal entities) controls 25% or more of the capital or voting rights of the company.
It is mandatory to identify beneficial owners within a company, especially when changes are made to the company structure and beneficial owners change.
The following data must be collected for beneficial owners:
- Status on sanction, watch and PEP lists
- Origin of funds and assets
- Details of the planned customer relationship.
How often must KYC information be updated?
When an account is opened, the customer’s data is requested. However, regular updates of data are also mandatory for existing customers. Therefore, to comply with the general duty of care according to § 10 Abs. 1 Nr. 5 GwG, financial service providers must ask their customers at regular intervals to confirm that their data is up to date.
Banks and other financial institutions typically update KYC information every one to three years. The customer’s risk rating and legal requirements play a role in this. Individuals with a higher risk rating may need to be reviewed more frequently.
Cryptocurrency exchanges often have stricter guidelines to follow and may conduct annual reviews. The frequency may increase, for example, if an individual carries out larger transactions or engages in other high-risk activities.
Investment firms and asset managers should also conduct annual reviews, especially for clients with larger assets or complex investment structures.
Of course, companies can also schedule more frequent reviews. To comply with the general duty of care for customers who have already been identified, also known as “reKYC”, the use of a fully automated identification process is permitted, for example with the WebID identification solution AutoID – even for BaFin-regulated companies.
In addition to regular, scheduled updates, KYC information must also be updated on an ad hoc basis when certain events occur, such as:
- Change of the person’s residence or contact information
- Changes in the person’s business activity or professional status
- Significant changes in transaction behavior, such as a sudden significant increase in the amount of money transferred.
Discrepancies in the KYC verification
If discrepancies are identified during the KYC verification or the prospective customer’s activities are conspicuous, companies should refrain from entering into a business relationship in order not to endanger the security of other customers and that of the company itself.
Implementation of a professional KYC process
The type of KYC process used to identify customers is the responsibility of the respective company, which must comply with the relevant legal requirements. The focus here must be on ensuring that these processes are secure, economical and reliable. The implementation of modern identification and verification technologies can help to ensure this.
The right technologies for implementing a KYC process
Studies show that the use of advanced technologies in KYC processes can reduce the time needed for identity verification by up to 70% and significantly increase the accuracy of data verification.
More than 80 percent of banks and financial institutions in the DACH region have been benefiting for many years from WebID’s identification solutions, which allow for fast, secure and legally compliant implementation of suitable KYC processes in accordance with the requirements of the Money Laundering Act.
The All-In-One Identity Hub
The WebID Hub is the central marketplace for digital KYC processes and online fraud prevention. It is an ecosystem that can be connected to the respective IT infrastructures, products and services of financial institutions and many other industries.
Companies can access a wide range of services for optimal KYC verification via a single interface, including solutions for secure online identification, digital contracting and risk prevention in general.
Customers, on the other hand, benefit from a simplified verification process. They can store their verified digital identities securely on encrypted servers. These servers are securely connected to the WebID Hub.
Implement KYC procedures with WebID
With the WebID product portfolio, various KYC-compliant identification procedures are available that can be used to securely carry out identity checks that comply with the Money Laundering Act – efficiently, accurately and in accordance with the law. Ideal for all companies that want to improve their compliance requirements and minimize the risk of fraud and money laundering.
Preventing Internal Fraud with Know-Your-Employee (KYE)Preventing Internal Fraud with Know-Your-Employee (KYE)
This white paper explores some of the key challenges faced by HR professionals in the remote hiring process, navigates trough the evolution of KYC (Know-Your-Customer) and KYB (Know-Your-Business), culminating in the significance, benefits, challenges, and future implications of KYE preventing candidate and occupational fraud by utilizing online identification.
This white paper explores some of the key challenges faced by HR professionals in the remote hiring process, navigates trough the evolution of KYC (Know-Your-Customer) and KYB (Know-Your-Business), culminating in the significance, benefits, challenges, and future implications of KYE preventing candidate and occupational fraud by utilizing online identification.
