What is KYC?
Know Your Customer Compliance Guide for Banks
In 2016, Forbes reported that banks spent over $100 billion on regulatory compliance, and predicted that the regulatory costs will rise from 4% to 10% of revenue by 2021. This year, banks scrambled to comply with two new regulations: the new FinCEN rule and GDPR regulations, which both rolled out in May. KYC regulations are another important area for banking compliance, so in this blog, we outline what Know Your Customer (KYC) is, why it’s important for banks, and what steps you can take to build a KYC compliance program.
What is KYC?
Know Your Customer or KYC is the process by which banks and financial institutions verify the identities of their clients and assess any potential risks of forming a business relationship with them. The goal of KYC is to prevent banks from being used, intentionally or not, for money laundering and other illegal activities. Know Your Customer processes include the collecting or monitoring of:
- Identity documents and information like names and social security numbers
- Cash financial transactions above $10,000
- U.S. citizens or residents with large financial withholdings outside of the United States
- Transportation of cash or monetary instruments across the U.S. border
History of KYC Regulations in the United States
In 1950, the Federal Deposit Insurance Act was passed to govern the Federal Deposit Insurance Corporation (FDIC). The bill included a list of regulations that banks must comply with in order to remain insured by the FDIC, forming the foundation of modern KYC laws.
In 1970, the U.S. Congress passed the Bank Secrecy Act (also known as the Federal Deposit Insurance Act Amendments). The BSA is an amendment to the Federal Deposit Insurance Act and requires banks to file five types of reports with FinCEN and the Treasury Department:
- Currency Transaction Reports (CTR): Any cash transaction that exceeds $10,000 in one business day (can include multiple transactions).
- Suspicious Activity Reports (SAR): Any cash transaction where it looks like a customer is trying to skirt BSA reporting requirements.
- Foreign Bank Account Report (FBAR): Any U.S. citizen or resident that owns a foreign bank account with at least $10,000 is required to file an FBAR report each year.
- Monetary Instrument Log (MIL): Banks must keep a record of all cash purchases of monetary instruments (money orders, cashier’s checks, traveler’s check, etc.) valued between $3,000 and $10,000 for at least 5 years.
- Currency and Monetary Instrument Report (CMIR): Anytime a person or institution that physically transports monetary instruments in excess of $10,000 into our outside of the United States must file a CMIR.
In 2001, the US federal government passed the USA Patriot Act. Title III of the Act, known as the “International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001”, included a series of regulations designed to limit the power and funding of terrorist organizations. The act included a mandate for banks to develop a Customer Identification Program (CIP) that would be incorporated into their Bank Secrecy Act and anti-money laundering compliance program. CIP programs require banks to:
- Verify the identity of any customer seeking to open an account using documentary and non-documentary verification
- Maintain records of that CIP verification process for 5 years after the account is closed
- Compare the customer’s name against the government’s list of known or suspected terrorists
- Provide customers with adequate notice of the requirements for customer identification
In 2016, the new FinCEN rule required all banks to collect the name, birth date, address, and social security number of individuals who own 25% or more of an equity interest in a legal entity. This does not include sole proprietorships or unincorporated associations since neither of those are separate legal entities from the associated individual(s), and thus beneficial ownership is not inherently obscured.
How US Banks can Build a KYC Compliance Program
There are two primary components for building a KYC program: the Back Office, which is the system that banks use internally to manage customer onboarding and review documentation, and the Front Office, which is the experience that customers have when submitting and verifying application information like name, address, workplace, income, etc.
While most banks have a Back Office system in place, it’s actually the Front Office experience that is most impactful for improving and streamlining customer onboarding. As we detailed above, recent regulations further increased the burden on customers to provide information, especially around beneficial ownership, making the onboarding process even longer. The longer and more burdensome an application process, the higher the risk of attrition, making it even more important for banks to build focus on a great onboarding experience.
At Temenos we specialize in digitizing and automating the front office and KYC experience for banks through a six-step process:
- Rapid Time to Market: By leveraging re-usable components, real-time design reviews, and the ability to quickly build proofs of concept, a KYC process can be designed and implemented within days, instead of weeks or months, with Temenos.
- Adaptive Forms: Temenos Infinity Journeys adaptive forms can be customized to ask for information dependent upon previous answers, significantly streamlining the number of questions needed to ask customers during the onboarding process.
- Mobile Responsiveness: Temenos Infinity Journeys forms were built to “Design Once, Deliver Everywhere”, which means you can spend less time worrying about how your forms will display across different device sizes and browsers.
- Flexible Integration to Existing KYC Systems: Temenos integrates with a wide range of partner solutions as well as systems of record that can be used to deliver and receive customer data from KYC databases.
- Loose Coupling with Back Office Systems: Temenos Infinity Journeys is a customer engagement layer that pushes updated customer records to the bank only once the package is complete, which means no changes or release cycles to the bank back-office systems of record.
- Security, Privacy, and Local Hosting: Temenos Infinity Journeys meets the most stringent requirements for security, encryption, personally identifiable information (PII) and hosting location.