While every business should know their customers, in some industries there are legal requirements and steps you must take to verify who you are doing business with and protect your company from the risks of becoming involved in criminal activities such as fraud, money laundering, or terrorism financing. Proper KYC (know your customer) protocols start with these three essential steps.
The first step in the process is ensuring that your customer is who they say they are. That might seem obvious, but with the growing threat of identity theft, it may not be as easy to verify a person’s identity today as it was in the past.
The Patriot Act of 2001 created a customer identification program (CIP) with specific guidelines on how to verify a person’s identity. The ultimate goal of CIP is limiting money laundering, terrorism funding, and other illegal financial activities. If you do business outside of the U.S., the Financial Action Task Force (FATF) also has a comprehensive framework for more consistent identity verification internationally.
At a minimum, you need to gather:
- Identification number
In addition, you must have a way to verify the person’s identity in a “reasonable time” by gathering appropriate documents or using other non-documentation methods.
Due Diligence Checks
Once you know who a person is, the next step is determining whether they are trustworthy as a potential client. For basic or low-value accounts (like a traditional checking account), a simple identity check may be enough. For high-net-worth individuals or those who plan to make high-value transactions, a more in-depth review is necessary. Some important due diligence steps include:
- Understanding the client’s business activities
- Verifying information from the CIP check
- Confirming types, size, and frequency of transactions the client plans to make
- Putting the client in a risk category based on the information you gather
Once initial checks are complete, you need a process in place to monitor for red flags or suspicious transactions. Look for things like:
- Unusual activities out of the area where the business is located
- Business dealings with people on sanction lists
- Changes in activity, such as a spike in transaction size or frequency
You may have a client that was once low risk and moves into a higher-risk category, so ongoing monitoring and checks are essential to remaining in compliance with all laws and regulations. Companies also have an obligation to report any suspicious activity they find.
Failing to take the proper steps for KYC compliance can lead to fines, sanctions, and criminal prosecution. Even if you avoid these more serious penalties, your business could still suffer reputational damage from working with criminals.
Find out how GuideCX can help you automate KYC during onboarding to limit the adverse impacts on your business.