KYC

Know Your Customer (KYC) requirements are rules and regulations that financial institutions such as banks, insurers, export creditors, and other regulated entities must abide by. Initially, these regulations were imposed solely on financial institutions, but now, non-financial organisations, fintech, non-profit institutions, and even virtual assets dealers are liable to oblige. KYC processes fit the broader scope of anti-money laundering (AML) policies. Companies use them to verify the identity of their clients and assess their potential risks for criminal activity, terrorism financing, and money laundering. It typically involves collecting and verifying certain information such as full name, date of birth, address, and other identification documents.

Laws by Country

Australia – Client identification requirements are set in Australia by the Australian Transaction Reports and Analysis Centre (AUSTRAC), established in 1989. Canada – Canada’s financial intelligence unit was founded in 2000 and is called the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). It updated its requirements in 2016 regarding acceptable methods to determine the identity of individual customers to ensure compliance with KYC and AML regulations. The update created certain controversies that resulted in a pending, active lawsuit challenging the constitutionality of the new legislation. India – KYC guidelines were introduced by the Reserve Bank of India in 2002. Italy – Banca d’Italia exercises regulation power for the financial industry. It implemented KYC requirements in 2007, which applied to all financial institutions operating on Italian territory. Japan – Act on Identification of Customers by financial institutions 2003 Mexico – President Felipe Calderon’s administration promulgated the “Federal Law for Prevention and Identification of Operations with Resources from Illicit Origin” in 2012. The legislation came into force in 2013. Namibia – Financial Intelligence Act, 2012 (Act No. 13 of 2012) published as Government Notice 299 in Gazette 5096 of 14 December 2012. New Zealand – KYC laws were updated and enacted in late 2009 and entered into force the following year. KYC procedures are obligatory for all registered banks and financial entities (the latter has an expansive meaning). South Korea – Act on Reporting and Use of Certain Financial Transaction Information regulates due diligence in the country. United Kingdom – KYC rules in the United Kingdom are governed by the Money Laundering Regulations 2017. Many UK-based businesses use the requirements provided by the Financial Conduct Authority’s ‘Financial Crime and the European Joint Money Laundering Steering Group.

eKYC vs Traditional KYC

Besides conventional KYC procedures, organisations can conduct electronic Know Your Customer (eKYC) processes by using digital and Internet mediums to verify the identity of customers. To open a bank account or use financial or non-financial services, customers must submit ‘proof of identity and address’ and a recent photo of themselves. Known as KYC, a due diligence process that can also be executed manually or digitally. Businesses are obliged to perform KYC on their customers to comply with crime prevention and fraud protocols. KYC and eKYC serve the same purpose. The only difference is the medium with which the verification is done. Companies that conduct KYC either do it manually or automatically. On the other hand, businesses that execute eKYC do it only digitally. Nowadays, most companies use eKYC, but this doesn’t mean manual verifications are obsolete. When using eKYC, customers authorise the service provider via explicit consent to release their identity/address for biometric authentication. Their name, age, gender, and photo are electronically transferred to banks’ branches or business correspondents. Data provided through eKYC procedures can be treated as an ‘Official Valid Document’ under Prevention of Money-Laundering (PML) rules, making it a valid KYC verification process. Customers who do not want their information to be shared digitally are subject to manual verification is possible, which is why traditional KYC is still being used in parallel with its paperless counterpart. Banks and financial/non-financial businesses are required to update their KYC records periodically. It is a part of their ongoing due diligence on accounts. The frequency of the updates varies from account to account, depending on the organisation’s perception of risk. Recurrent updates of records also help with the prevention of fraud in customer accounts.

Benefits of eKYC

In comparison to traditional KYC, eKYC offers the following benefits:

• Faster verification (checks that take weeks can be done in seconds).
• Reduced risk of fraud and forgeries.
• Reduced usage of paper.
• Reduced cost of storage.
• Facilitates instant investment in mutual funds.

How Does KYC Software Work?

Integration

KYC modules are flexible and can easily be deployed into different existing systems. They can be integrated as an Application Programming Interface (API) or Software Development Kit (SDK). API integration is done via an authorisation token based on the user account’s credentials. SDK, however, provides a builder class to initiate enrollment. The process includes document scanning, document reading (if supported and enabled), and facial recognition (if enabled) to check whether the documents belong to the actual user.

How Does It Work

Integrating KYC modules enables businesses to conduct rule-compliant verifications in just a few steps, which are as follows.

1. Users must take a picture of their ID card, driving license or passport.
2. Users must take a picture of themselves.
3. The software will extract the necessary data from the shared document.
4. The data will be matched with their country’s national register.
5. If the document is legit and matches the person on the photo, the verification will be accepted, and the transfer will be allowed. The transaction will be blocked if no matches are found, and the respective authorities will be notified.

Platforms require minimum inputs when conducting a KYC verification. The process needs a set of primary data elements about individuals, such as:

• Name (First, Last, Middle, or Full Name)
• Date of Birth (formatted MM/DD/YYYY)
• Address (Address Line 1, Locality, Post Code, etc.)
• Phone
• Email
• ID Card (both sides)
• Photo

Some input data elements are variable depending on the country issuing the documents or the market in which the business is being verified. Checks involving variable data are executed with the aid of the Worldview API. Application Programming Interfaces (APIs) Authorisation API – Enables the retrieval of an access token via client credentials. Scan API – Allows uploading the front and back of documents using multipart form data. Most software support JPEG, PNG, and PDF formats. 5MB is the maximum file size for each file. A 1080×1920, 500KB picture would work perfectly. High-resolution images don’t improve efficiency and guarantee better results. When PDF files are sent, users have two choices: to send each side in a separate document or in a single file (the software will assume the first image is the front. Info API – It provides the final result of the verification session. It conducts the scanning, facial recognition through web SDK, and background checks. A complete session will not be engaged if only a scan is required. Deletion API – Deletes the session data that has been cached without waiting for automated deletion. Resource API – Downloads the resource based on the resource ID generated during the info result. Background Check API – Initiates the following background-checking procedure: Provides user info to platforms Starts monitoring and generates a risk score Notifies about changes during ongoing monitoring Stops monitoring task Background Check Delete Monitoring API – Permits the deleting of monitoring associated with a specific onboarding process. Background Check Monitoring Notification API – Enables platforms to push an update every time there is a change to a particular background check identified during monitoring. The basis of authentication or open can protect this endpoint. Face Session API – Allows the upload of an image, and the returning session ID can be used in the mobile SDK to start a facial recognition session and perform a liveliness check and face matching against the uploaded photo.