Know your customer
- 1 Standards
- 2 Typical KYC controls
- 3 Laws by country
- 4 Enhanced due diligence
- 5 KYC Process Capability Maturity Model
- 6 KYC Day
- 7 See also
- 8 External links
The objective of KYC guidelines is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities. Related procedures also enable banks to know or understand their customers, and their financial dealings better. This helps them manage their risks prudently. Banks usually frame their KYC policies incorporating the following four key elements:
- Customer Policy;
- Customer Identification Procedures;
- Monitoring of Transactions; and
- Risk management.
For the purposes of a KYC policy, a Customer/user may be defined as:
- a person or entity that maintains an account and/or has a business relationship with the bank;
- one on whose behalf the account is maintained (i.e. the beneficial owner);
- beneficiaries of transactions conducted by professional intermediaries, such as Stock Brokers, Chartered Accountants, Solicitors etc. as permitted under the law, and
- any person or entity connected with a financial transaction which can pose significant reputational or other risks to the bank, say, a wire transfer or issue of a high value demand draft as a single transaction.
Typical KYC controls
KYC controls typically include the following;
- Collection and analysis of basic identity information (referred to in US regulations and practice a “Customer Identification Program” or CIP)
- Name matching against lists of known parties (such as “politically exposed person” or PEP)
- Determination of the customer’s risk in terms of propensity to commit money laundering, terrorist finance, or identity theft
- Creation of an expectation of a customer’s transactional behavior
- Monitoring of a customer’s transactions against their expected behaviour and recorded profile as well as that of the customer’s peers
Laws by country
- India: The Reserve Bank of India introduced KYC guidelines for all banks in 2002. In 2004, RBI directed that all banks ensure that they are fully compliant with the KYC provisions before December 31, 2005.
- New Zealand: Updated KYC laws were enacted in late 2009, and entered into force in 2010. KYC is mandatory for all registered banks and financial institutions (the latter being given an extremely wide meaning).
- South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)
- United Kingdom: The Money Laundering Regulations 2007 are the underlying rules that govern KYC in the UK. Many UK businesses use the guidance provided by the European Joint Money Laundering Steering Group as a guide to compliance.
- USA: Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before October 26, 2002 making KYC mandatory for all US banks. The related processes are required to confirm to a customer identification program (CIP)
Enhanced due diligence
Enhanced due diligence (EDD) is a more detailed standard required for larger customers and transactions. The USA PATRIOT Act dictates that institutions “shall establish appropriate, specific, and, where necessary, enhanced, due diligence policies, procedures, and controls that are reasonably designed to detect and report instances of money laundering through those accounts.” US regulations require that EDD measures are applied to account types such as Private banking, Correspondent account, and Offshore banking institutions. Because regulatory definitions are neither globally consistent nor prescriptive, financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money Laundering Specialists) suggests the following: A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk; assess the potential for money laundering and / or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.
Characteristics of EDD
Rigorous and robust
Generally this means consistent, thorough and accurate. The process must be documented and available for inspection by regulators. The process must be SMART (Specific, Measurable, Achievable, Relevant and Timebound), scalable and proportionate to the risk and resources.
Over and above KYC procedures
EDD files rely upon initial client screening. EDD processes should use a tiered approach dependent upon the risk. Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results. Commercial intelligence companies such as Dow Jones, World Compliance, Red Flag Group, Steele Foundation, Bureau van Dijkand C6 Intelligence Information Systems Ltd. (“C6 Database”), aggregate this information and compile it daily into a comprehensive database. Many of these commercial intelligence companies are serviced by in-country providers with researchers on the ground who can obtain information that is not otherwise easily accessible. Companies such as KYC Israel, and SGS Nigeria are examples of in-country due diligence investigation companies.
What is reasonable depends upon factors including jurisdiction, risk, resources, and technology state of the art. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof i.e. on the balance of probability.
Relevant adverse information
Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offences. Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized3
KYC Process Capability Maturity Model
A series of draft KYC Capability Maturity Model papers were published and shared for peer review with a range of international KYC practitioners in 2009 – 2011. An updated version was published in ACAMS Today (Vol. 11 No. 4 – 2012), the journal of ACAMS, the Association of Certified Anti-Money Laundering Specialists. The KYC Maturity Model is based on the typical 5 levels of the standard Capability Maturity Model. These levels are typically described as Initial, Repeatable, Defined, Managed and Optimized and have very strict meanings. The KYC maturity has however been somewhat simplified, renamed and re-built as follows: Chaotic, Reactive, Proactive, Service Managed and Value Managed. The application of common manufacturing and IT productivity methodologies have introduced practical process improvement methods such as Lean, Agile, 6-Sigma, ITIL and Balanced Scorecard.
An AML-KYC (Anti-Money Laundering) day is observed in India on first working day of August each year.
- Anti-money laundering
- Anti-money laundering software
- Politically exposed person
- Certified copy
- “‘Know Your Customer’ (KYC) Guidelines – Anti-Money Laundering Standards”.
- “Why KYC is mandatory now”. business.rediff.com. Retrieved 25 Oct 2010.
- “AML CFT 2009″.
- Learn How to Make Your Goals SMART web page, retrieved November 5, 2006
- http://pugodesk.winwinhosting.net/dailyexcelsior/sbi-celebrates-kyc-compliance-fraud-prevention-day/[dead link]
Anti-Money Laundering: Know Your Customer Quick Reference Guide and Global AML Resource Map
Understanding global KYC differences
Regulatory pressures concerning Anti-Money Laundering (‘AML’) continued to rise during last year and this looks set to continue throughout 2015. Increased pressure surrounding compliance with AML, Know Your Customer (‘KYC’) and sanctions requirements is a key focus for management and firms need to ensure they are following appropriate compliance procedures to meet the increasing regulatory demands. Firms operating on a global basis also need to demonstrate a robust compliance framework ensuring that each territory has sufficient oversight and that AML regulatory requirements are being adhered to at both a local and global level.
Given these challenges, we have developed a Quick Reference Guide which provides easy access to global AML and KYC information which can assist firms operating internationally in mitigating their risk. This Guide has already been extensively viewed by our client base and continues to be of value to those seeking to understand AML requirements globally. This year’s Guide has been expanded to include 86 countries, with Chile, Kuwait, Mauritius, Nigeria, Saudi Arabia and the West Bank and Gaza as new additions for 2015. We are keen to continue expanding our reach, so please let us know if your country is not currently part of our Guide and you would like to be included next year.
Content of the Guide
As well as details around KYC requirements, information about whether local regulators support the use of the risk based approach to AML, how to deal with Politically Exposed Persons (‘PEPs’) and whether doing business with shell banks is prohibited can all be found in our Guide.
The Guide contains updated information on regulatory and other cultural issues which need to be addressed when doing business across territories. Useful links to Financial Action Task Force (‘FATF’) reports and country evaluations are also included. In addition, there are questions on the topic of reporting requirements within the various territories such as whom to report suspicious activity to, reporting obligations and any penalties for non-compliance, as well as questions on AML audits and Data Privacy. Our Guide also provides an insight into the relevant AML regulations affecting each country and includes links where relevant detailing further information.
From time to time, you may need expert advice from AML specialists. We’ve included details of the appropriate PwC AML professionals in the countries featured. They would be happy to discuss any AML issues you might have.
Global AML Resource Map
This year we have also developed a Global AML Resource Map, indicating the number of Partners, Subject Matter Experts (‘SMEs’) and other AML specialist staff working within each territory. All of the countries included in the Quick Reference Guide can be found on our map, which can be used as a reference to see how many AML practitioners are based in each country.
What is KYC ?
Know your customer (KYC) refers to due diligence activities that financial institutions and other regulated companies must perform to ascertain relevant information from their clients for the purpose of doing business with them. The term is also used to refer to the bank regulation which governs these activities. Know Your Customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed agents’, consultants’ or distributors’ anti-bribery compliance. Banks, insurers and export credit agencies are increasingly demanding that customers provide detailed anti-corruption due diligence information, to verify their probity and integrity.
Who has to enforce KYC ?
Know your customer (KYC) falls under the responsability of each financial institution and/or regulated company.
The regulations require these entities to adopt KYC procedures. It assists them in knowing / understanding the customers and their financial dealings better to monitor their transactions for identification and prevention of suspicious transactions.
KYC controls typically include the following:
– Collection and analysis of basic identity information (referred to in US regulations and practice a “Customer Identification Program” or CIP)
– Name matching against lists of known parties (such as “politically exposed person” or PEP)
– Determination of the customer’s risk in terms of propensity to commit money laundering, terrorist finance, or identity theft
– Creation of an expectation of a customer’s transactional behavior
– Monitoring of a customer’s transactions against their expected behaviour and recorded profile as well as that of the customer’s peers
KYC Jurisdiction and Locality
KYC regulations are local, and differ from country to country. Jurisdiction is also, on a coutry to country basis.
To know more about your specific country, visit: http://kycmap.com
KYC and Bitcoin Exchanges
Stricter KYC policies:
Bitfinex https://www.bitfinex.com/pages/tos or refer inquiries to firstname.lastname@example.org
BTCChina (only since new PBOC guidance, Dec 2013) (link?)
Kraken https://www.kraken.com/legal/verification (their General Counsel, Constance Choi is a well known specialist in the Regulatory and Compliance field)
Loose or non-existant KYC policies:
LocalBitcoin (p2p based, limited KYC?)
What is AML?
Standing for “Anti-money Laundering”, it is a set of procedures, laws or regulations designed to stop the practice of generating income through illegal actions. In most cases money launderers hide their actions through a series of steps that make it look like money coming from illegal or unethical sources was earned legitimately.
Who has to enforce AML?
In response to mounting concern over money laundering, the Financial Action Task Force on Money Laundering (FATF) was established by the G-7 Summit that was held in Paris in 1989.
The Task Force was given the responsibility of examining money laundering techniques and trends, reviewing the action which had already been taken at a national or international level, and setting out the measures that still needed to be taken to combat money laundering. In April 1990, less than one year after its creation, the FATF issued a report containing a set of Forty Recommendations, which provide a comprehensive plan of action needed to fight against money laundering.
The FATF calls upon all countries to take the necessary steps to bring their national systems for combating money laundering and terrorism financing into compliance with the new FATF Recommendations, and to effectively implement these measures.
Again, as in the case of KYC, financial institutions and/or regulated companies are responsible for the implementation of internal AML policies.
AML Jurisdiction and Locality
AML regulations are also local, and differ from country to country. Some countries choose a top-down approach, inheriting much of their AML policies from the FATF, while others go for a bottom-up approach and then have to reconcile both policies. Extreme countries where such reconciliation is impossible (generally due to Government unwillingness) are excluded from the FATF membership, with the corollary of increased complications to access the international markets and financing.
For a full list of FATF members, visit: http://en.wikipedia.org/wiki/Financial_Action_Task_Force_on_Money_Laundering
AML and Bitcoin Exchanges
Currently in compliance:
Bitfinex https://www.bitfinex.com/pages/tos or refer inquiries to email@example.com
Kraken https://www.kraken.com/legal/aml (their General Counsel, Constance Choi is a well known specialist in the Regulatory and Compliance field)
BTCChina (unclear since new PBOC guidance, Dec 2013) (are they financial institutions?)
LocalBitcoin (p2p based, limited or no AML?)
Assume that restrictions for any Bitcoin to National Currency exchange may become more restrictive at any time in the future. Many exchanges in the past have restricted currency deposits or withdrawals proactively as BitStamp has, without any explicit order from a government agency to do so at the time. Others like BTCChina have in response to concerns made even the ability to continue to login to their platform contingent on supplying further identifying information. In the past surprise changes to AML/KYC requirements have lead users of exchanges to have their access to deposited funds substantially delayed while complying with new requirements or even lost access to their deposited funds completely if they could not comply with the new requirements. Changing AML/KYC exchange enacted AML/KYC requirements have affected users of all major exchanges that handle both Bitcoin and National currency. People who continue using such exchanges should prepare for the contingency that their exchange of choice will change their AML/KYC requirements in the future.