KYC: Know Your Customer Requirements

KYC stands for Know Your Customer and is the process of verifying the identity of your clients, assessing their risk level, and continuously monitoring them. Conducting a KYC process is a necessary step in ensuring compliance with anti-money laundering (AML) legislation.

All obliged entities must conduct KYC checks to ensure they only do business with trustworthy entities.

KYC (Know Your Customer)

For example, auditors need to perform a KYC verification before accepting an audit engagement in order to confirm that the client is who they claim to be and to determine the client’s risk level.

Verifying the identity of potential clients and assessing their ML/TF risks protects auditors from establishing business relationships with suspicious people or companies that are likely to be involved in illicit activities.

In cases where the client is a company, the auditors must also take reasonable measures to identify the ultimate beneficial owners of the client. The ultimate beneficial owners are the persons who ultimately control the company.

This blog post aims to help businesses stay on top of AML compliance by answering some of the most frequently asked questions about the KYC process.

Why is the KYC process important?

KYC verification is a necessary step in ensuring compliance with the Anti-Money Laundering (AML) legislative package. Know Your Customer processes help companies understand and monitor the risks associated with each customer and protect them from working with entities involved in money laundering or terrorist financing.

Ultimately, KYC checks help companies to comply with the law, mitigate risks, protect their reputation, and steer clear of penalties and hefty fines.

Does your company need to comply with AML rules? Do you want to automate your KYC process and simplify compliance? Then keep on reading.

Which businesses and persons are covered by Anti-Money Laundering legislation?

The businesses and persons covered by AML legislation include, but are not limited to:

  • Auditors, accountants, and tax advisors
  • Bookkeepers
  • Lawyers and notaries
  • Real estate agents
  • Trust and company service providers
  • Financial institutions
  • Gambling service providers
  • Trust and company service providers
  • Other entities that sell high-value goods (diamonds, fine art, collectibles, etc.) and accept cash payments of €10,000 or more
Businesses that need to carry out KYC checks

What are the Know Your Customer requirements?

Generally, a KYC process consists of customer due diligence measures such as customer identification and verification, establishing the purpose and nature of the business relationship, and ongoing monitoring. Besides CDD measures, client risk assessment, and record-keeping are essential steps in the KYC process.

KYC process

1. Customer identification and verification

The first step of a KYC process is collecting data about potential customers.

If the customer is an individual or the beneficial owner of a company, the information you need to ask for commonly includes their full name, address, date and place of birth, and national identification number. You can verify the accuracy of the provided information either by requesting copies of official documents such as passports or national identity cards or with the help of trusted electronic identification means, such as an electronic ID.

KYC verification when the client is a natural person

For businesses, you should collect information regarding the company’s legal name, business structure, registration number, products/services, address, and beneficial owners. In some cases, you also need to ask for supporting documentation such as certificates of incorporation, articles of association, organizational charts, and shareholder registers.

KYC verification when the client is a company

The collected information must also be checked against sanctions and PEP lists for individuals/beneficial owners and against official business registers for companies.

Keep in mind that the necessary information and supporting documents can differ based on the ML/TF risk posed by the customer. For low-risk customers, you can collect less data while for high-risk customers additional information is always needed.

2. Establishing the purpose and nature of the business relationship

During this step, you need to understand why the client wants to use your products or services. For example, a person opens a bank account with the primary purpose of keeping their money in a safe place and having easy access to them.

You also need to understand how the customer intends to use your product/service. To do so, you need to collect information about:

  • the types of transactions
  • expected size and frequency of transactions
  • countries involved in the transactions

For example, a person who just opened a bank account to get their salary credited to it. The client expects to withdraw a maximum of €100 per month and make cash deposits of a maximum of €500 every year. They don’t intend to make any cross-border transfers.

Knowing the intended nature and purpose of the business relationships will help you detect any suspicious activity potentially related to money laundering. In the example above, a suspicious transaction would be transferring a large amount of money to a cross-border bank account.

3. Client risk assessment

The next step is assessing the customer’s risk level.

To determine the risk posed by individuals, you’ll need to ask questions such as:

  • Is the customer a PEP (politically exposed person)?
  • Is the customer running a business that presents a higher risk for financial crime, such as a cash-intensive business?
  • Do you have any face-to-face contact with the customer?
  • Do you sell the product directly to the customer or do you rely on intermediaries?
  • Is the customer asking about loopholes to reduce or eliminate their tax liability? And if yes, do you think this leads to a higher risk for money laundering or terrorist financing?
  • Is the customer interested in a high-risk product/service such as correspondent banking?

To identify the risk level associated with a company, answer the following questions:

  • Does the company have a complex structure that makes it difficult to establish the identities of the beneficial owners?
  • Is the client’s industry prone to money laundering or terrorist financing (e.g., financial industry)?
  • Do the products, services, or delivery channels they provide pose a high risk for financial crime (e.g., private banking services or non-face-to-face interactions)?
  • Does the customer operate in countries outside of the EU that don’t have sufficient money laundering regulations in place?
  • Is the company making large cash transactions that are abnormal for their industry?

By answering these questions, you can identify the level of money laundering and terrorist financing risks associated with each potential customer. The three levels of risk are low, medium, and high.

KYC risk assessment

If a customer poses a high risk of money laundering, you will have to carry out enhanced due diligence for that client.

4. Ongoing monitoring and updates

Customer circumstances change over time. Therefore, you should regularly review and update all KYC data to make sure the information you hold is accurate.

For example, let’s say one of your existing customers is appointed as the senior executive of a state-owned corporation, thus becoming a PEP (politically exposed person).

Since PEPs pose a higher level of money laundering, you’ll need to update the customer’s risk level and collect additional information and supporting documentation.

Continuous monitoring

5. Record-keeping

The time period during which obliged entities need to retain KYC documents and personal data depends on their national AML legislation:

  • 🇧🇪 Belgium: 10 years
  • 🇩🇰 Denmark: 5 years
  • 🇳🇴 Norway: 5 years
  • 🇸🇪 Sweden: 5 years
  • 🇫🇮 Finland: 5 years

Anti-Money Laundering in Europe

Each EU member state has its own national anti-money laundering legislation, meaning that certain KYC requirements vary from country to country. For country-specific requirements, check out the following articles:

Common KYC documents

KYC documents are documents collected from independent and reliable sources that can prove the identity of the client.

If the customer is an individual, the documents that you normally have to collect during a KYC process include documents issued by public authorities, such as passports, national ID cards, and driver’s licenses.

If the customer is a legal person, the KYC documents you should collect often include the customer’s articles of association and extracts from official UBO registers.

KYC documents

The difference between KYC and AML

As mentioned above, KYC refers to the process of identifying and verifying the identity of your clients and their beneficial owners, determining the risk of money laundering associated with each client, and keeping client records in accordance with the law.

KYC

AML, on the other hand, refers to all of the legal obligations set out by anti-money laundering laws, including the KYC process.

AML

Therefore, the difference between KYC and AML is that the KYC process is only a component of AML compliance.

How can digital solutions simplify KYC verification?

Digital KYC solutions automate manual work, reduce errors, cut down costs, and save you time. What’s more, KYC software encrypts your client’s personal data and official documents to protect them against hackers.

Penneo KYC is a digital solution that starts the KYC verification by automatically retrieving all available client data from official business registers (e.g., registration number, beneficial owners, business structure, address). The beneficial owners are then automatically screened against PEP and sanctions list.

Digital KYC verification

The next step is the client risk assessment. Penneo KYC streamlines this process by offering a risk assessment questionnaire, developed in collaboration with local anti-money laundering experts. This ensures that the client’s ML/TF risk is assessed in compliance with each country’s national AML legislation.

Once the client’s risk level has been assessed, users can select documents they need to collect from their client and send the request.

When the customer gets the request, they can use any device to upload the documents in the app.

Once you get the documents, you can either approve or reject them. Our system stores the client’s KYC information you can easily retrieve and access it when needed. Users can also schedule the automatic deletion of KYC documents to ensure compliance with the GDPR and AML retention requirements.

What’s more, our digital KYC solution regularly screens your customers against PEP and sanctions lists and business registers throughout the whole duration of the business relationship. If any changes are detected, Penneo KYC will notify you about them.

Explore more resources

Security and trust: How Penneo ensures compliance and protects data

Security and trust: How we ensure compliance and protect data 

READ MORE

Building trust in the age of AI: Reflections on competitiveness, democracy, and digital transformation

Building trust in the age of AI: Reflections on competitiveness, democracy, and digital transformation

READ MORE

Kickstart your company’s digital transformation

READ MORE