Know-Your-Customer (KYC): Digital Identity Verification
Verifying the identity of your customers is not just a smart move - it's a required one.
Today's businesses are built on non-face-to-face relationships. There is no guarantee that the person who approaches you is who they say they are. Moreover, you don't know what they might be involved with. KYC helps you protect your firm, follow the law, and improve customer experience. It's a win-win.
What is KYC (Know-Your-Customer)?
KYC (Know-Your-Customer) is the process performed by companies to verify the identity of their clients. The process allows organizations to ensure that a potential customer is trustworthy. This means that they can prove their identity and the legality of their business.
The identification process must comply with the Customer Due Diligence (CDD) measures. KYC involves running background checks based on the client's risk level. If the client has a higher risk profile - for instance, a Politically Exposed Person (PEP) - a more rigorous CDD is required (Enhanced Due Diligence).
What is corporate KYC?
Corporate KYC, also known as KYB (Know-Your-Business) applies to legal entities instead of individual consumers. Business-to-business companies need to verify the identity of the real person they are doing business with. That is the person who ultimately owns or controls such companies-customers, also known as Ultimate Beneficial Owner (UBO).
How does the KYC process work?
1. Data collection & CDD
The process starts with collecting the clients' personal information and official documents. In the case of KYB, information about the business' management personnel is collected to understand the ownership's structure and identify beneficial owners.
2. Screening & risk assessment
Individual customers and UBO's IDs are verified against trusted sources such as AML watch lists and EU sanctions lists. A risk rating is applied, taking into account risk factors relating to customers' countries, products, services, or delivery channels.
3. Monitoring & reviewing
The risk assessment is to be periodically reviewed and updated. This means regular checks must be performed on the status of existing clients. Any changes in their situation and risk profile must be flagged.
4. Analysis & reporting
The findings are collected in an auditable KYC report and retained for record-keeping obligations. The reports are subject to ongoing tracking to oversee financial transactions and verify cross-border activities.
What are the KYC requirements?
The KYC requirements are the rules to be followed in carrying out the identification process. Such rules are established by the Anti Money Laundering (AML) laws, and are known as Customer Due Diligence (CDD) measures.
1. Identification and risk assessment
The first requirements concern the determination of the customer's identity and risk-profile:
Identification of the customer and the beneficial owner, and verification of their identity
Collection of information on the purpose and intended nature of the business relationship
Ongoing monitoring of the business relationship to ensure that the data held is up-to-date
2. Record-keeping
The identification processes and the risk assessments must be documented, kept up-to-date, and made available to relevant authorities.
Therefore, copies of the identifying documents must be stored for a period of five years after the end of the business relationship with the customer.
3. Reporting
All suspicious transactions must be reported to the Financial Intelligence Units (FIU).
Companies must inform the FIU whenever they suspect that funds are the proceeds of criminal activity. In such cases, organizations must promptly respond to FIU's requests for additional information and provide them with all necessary documents.
Is KYC mandatory for all businesses?
KYC is mandatory for the entities AML laws apply to.
More and more firms are implementing policies for ensuring they are doing business legally with trustworthy entities. Therefore, KYC compliance is rapidly becoming the norm for all industries.
In conclusion, KYC is not mandatory for all companies. Nevertheless, it is highly recommended to protect your business from financial crime.
What are the documents required for KYC?
The most commonly used documents are passports, national IDs, driver's licenses, and health cards displaying the Social Security Number.
In the case of Corporate KYC, registration number, company name, address, status, and key management personnel information are collected to identify UBOs.
Is KYC a one-time process?
No, KYC is an ongoing activity.
The KYC procedure must be performed before establishing a business relationship or carrying out a transaction. Therefore, it’s an integral part of the client onboarding process. However, KYC requirements don’t fade away when the new client has been onboarded.
Companies have to conduct regular identity checks on their customers to re-verify their risk-profile and ensure constant compliance throughout the business relationships.
How often should KYC be updated?
KYC updates and reviews of the business relationship should not only be performed when trigger events occur - such as when a certain transaction threshold is reached. Very few customers report changes to their legal status. This affects the ongoing accuracy of the data held by companies. Therefore, it's highly recommended to update all KYC information at least once a year.
What is eKYC,and what are its benefits?
eKYC is the digital version of the KYC process. With eKYC, the entire identity verification process is digital. Naturally, this helps businesses:
Minimize time and costs
Eliminate bureaucracy
Improve user experience
Ensure regulatory compliance
The traditional KYC process poses numerous challenges:
the need for a physical meeting to share KYC documents
the length of the process
the risks of storing and misplacing sensitive documents
Sharing personal information via insecure electronic channels poses a huge security risk. eKYC was developed as a significantly more secure alternative and is now used by companies everywhere.
Optimize business operations
An eKYC solution helps you reduce manual tasks, get rid of inefficiencies, and speed up processes.Automation offers further benefits such as customization, integrations with existing software, and progress status.Improve customer experience
Modern customers require easy and immediate access to the services they need. Delays and long processing time can jeopardize customer relationships.Therefore, a fully digital KYC ensures a better customer experience.Ensure compliance and security
Awareness about where the data is stored and who has access to it is the basis of AML-compliance.A digital solution will increase the reliability and quality of your data. Moreover, it will let you export it in an auditable KYC report to document compliance.What is the best KYC software?
Regulatory changes and rising compliance costs have accelerated the adoption of digital KYC solutions.
Penneo's digital KYC solution - Penneo CLA - makes things easier for both parties involved.
You will safely identify your clients through an automated, encrypted software in full compliance with AML measures.
Your customers will complete the identity check in a few minutes directly from their computer or smartphone.
Penneo CLA: Secure KYC in a few easy steps
What our customers have to say about us
"By using the system CLA by Penneo, I manage time consuming processes way quicker. Thereby I save time for my customers and I personally save time as well. The time I save by using the system, I can spend it on sales and business development which create value for my company."
"I was extremely surprised at how intuitive and manageable the process is organized and how simple it is to set up and work with the customers in there."
"Before, we often received a copy of passport or driving license by e-mail. However, we have acknowledged that this process is less secure and, furthermore, was not in line with the Personal Data Regulation's requirements for handling sensitive data."
"Penneo's platform is particularly suitable for all companies that are subject to the Anti-Money Laundering Act. If a personal meeting is not necessary, our customers can now validate themselves and sign documents 100% digitally with NemID - directly from their phone."
