What You Should Know About “Know-Your-Customer” Laws

Know your customer (KYC) is the due diligence and bank regulation that financial institutions and other regulated companies must perform to identify their clients and ascertain relevant information pertinent to doing financial business with them. In the USA, KYC is typically a policy implemented to conform to a customer identification program mandated under the Bank Secrecy Act and the USA Patriot Act. Know your customer policies have becoming increasingly important globally to prevent identity theft fraud, money laundering and terrorist financing. In a simple form these rules may equate to answering twelve questions, but this is the tip of the iceberg and regulators now expect much more. KYC should not be thought of as a form to be filled - it is a process to be undergone from the start of a customer relationship to the end.

One aspect of KYC checking is to verify that the customer is not on any list of known fraudsters, terrorists or money launderers, such as the Office of Foreign Assets Control’s Specially Designated Nationals list.  This list contains thousands of entries and is updated at least monthly. As well as sanctions lists there are lists of third party vendors that track links between persons regarded as high-risk owing to negative reports in the media about them or in public records.

Beyond name matching, a key aspect of KYC controls is to monitor transactions of a customer against their recorded profile, history on the customer’s account(s) and with peers.

KYC monitoring for anti-money laundering (AML) and Counter-Terrorism Financing (CTF) purposes increasingly use specialized transaction monitoring software, particularly names analysis software and trend monitoring software. The generated alerts identify unusual activity which is then subject to due diligence or enhanced due diligence (EDD) processes that use internal and external sources of information on the subject, including the internet. This helps to determine whether a transaction or activity is suspicious and requires reporting to the authorities. In the US it would require Suspicious Activity Reporting (SAR) filing to Financial Crimes Enforcement Network (FinCEN). In the UK it would require a report to Serious Organised Crime Agency (SOCA)