Know Your Customer (KYC) regulations emerged in 1970 as a response to rampant financial crimes. They were first outlined with the enactment of the Bank Secrecy Act (BSA) in the United States, aimed at combating money laundering. Subsequent significant amendments followed in the wake of the terrorist attacks on September 11, 2001, and the global financial crisis of 2008.
Furthermore, the 2016 Panama Papers leak revealed global offshore financial activities, implicating individuals and entities in tax evasion and money laundering. Originating from the Panamanian law firm Mossack Fonseca, the leak sparked investigations and calls for stricter financial transparency. This outcry led to the enactment of the Customer Due Diligence (CDD) Final Rule in May 2016, aimed at identifying the true owners of business bank accounts.
Other reforms, like Dodd-Frank and the Fair and Accurate Credit Transaction Act, also strained KYC obligations to mitigate growing counterparty risks. Specifically, new KYC on-boarding and reporting provisions in 2020, and the 2024 Beneficial Ownership Information (BOI) database are designed to limit client risk in the form of anti-money laundering (AML), terrorism financing, tax evasion, and politically exposed persons.
These amendments and additions disrupted compliance operations for financial institutions, forcing them to adopt more rigorous KYC rules. From stricter due diligence in the onboarding phase to the more rigorous monitoring and reporting demands of an expanding BSA, firms of all sizes struggle to keep up with the new laws and rising costs of KYC compliance.
The benefits of KYC
While the administrative burdens and high costs of implementing a compliant KYC program may be overwhelming, especially for smaller financial institutions firms, the obstacle also creates an opportunity for organizations to enhance their competitive advantage. The new value proposition reverts to trust — the old and oft-touted keystone of the financial industry. Nowhere is the issue of trust more relevant than consumer protection.
Deficient counter-party risk management adversely affects consumer protection. While recent cases show that the onboarding of high-risk and unlawful clients may lead to increasingly punitive fines and severe reputational damage, legitimate clients also incur disturbing "privacy taxes." Specifically, regulatory action against non-transparent or delinquent firms may involve the auditing and disclosure of private client data from valid accounts that would otherwise remain undisturbed.
This breach of client trust only compounds operational and reputational harm, causing some customers to close their bank accounts with the delinquent institution and seek new banking partners. Alternately, heightened regulatory scrutiny over large firms may drive bad actors to smaller banks that have weaker KYC compliance controls.
KYC compliance costs
Despite reduced compliance demands relative to larger firms, the proportional costs incurred by smaller regional and community bank operators render them particularly vulnerable to cost challenges.
A survey of 1,091 community banks in 2015, 2016, and 2017 conducted by the Federal Reserve Bank of St. Louis found that compliance costs represented nearly 10% of non-interest expense for banks with $100 million or less in assets. The BSA accounted for nearly 22% of total compliance costs, and the 2023 Thomson Reuters Cost of Compliance report further shows a full 73% of respondents expect costs to be slightly to significantly higher over the next 12 months.
Obstacles aside, institutions must rise to this challenge and turn stricter KYC controls into a competitive advantage. New automated solutions can optimize onboarding due diligence efficiencies and reduce investigative costs for overwhelmed operators. If KYC is to drive value for your firm, it is crucial that you stay current on new regulations, create contingency plans to meet new compliance deadlines, and leverage technology to do the heavy lifting.
Stay current on KYC law
Current KYC laws include the customer identification program, customer due diligence, reporting currency transactions of $10,000 or more, and suspicious activity reports, which flag anomalous account activity.
The Customer Identification Program (CIP) requires banks to collect:
- Name
- Date of birth
- Address
- Identification number
This information is often gathered at account opening, but institutions must verify the account holder's information and identity within a "reasonable" amount of time using CDD, which breaks down as follows:
- Simplified CDD is generally for low-value accounts.
- Standard CDD involves collecting documents to verify customer identity, address, and occupation.
- Enhanced CDD is for higher-risk customers, such as those with frequent financial transactions, or corporate customers.
Ongoing Monitoring is the third leg of KYC requirements. This includes:
- Transaction monitoring
- Suspicious activity flags
- Activity spikes
- Cross-border activity
There are additional KYC requirements for corporate customers. These include:
- Company vitals such as address and personnel
- Beneficial owners
- AML and KYC checks
These extensive KYC requirements are redirecting banks' focus towards detecting terrorism financing. Moreover, high-profile cases of political graft in the developing world also shift regulators' attention towards the corruption of government officials.
With regulators primarily focused on large institutions, undesirable clients and the illicit flow of their funds shifted to smaller community and regional banks. Community banks are especially attractive to money launderers because they are off the radar, have reduced reporting demands, and possess less sophisticated due diligence and monitoring resources. And while a bulge-bracket firm has the reserves to absorb large monetary penalties for KYC negligence, the increasingly punitive nature of regulatory fines could potentially bankrupt a smaller operator.
Financial operators can avoid costly KYC legal problems by staying on top of continuously evolving bank secrecy laws, the legal standing of clients, OFAC sanctions, high-risk jurisdictions, and reporting requirements. Achieve these objectives by vetting new compliance hires for expertise in high-priority legislation.
Furthermore, firms need to leverage digital solutions such as electronic and mobile KYC, real-time monitoring, and database checks.
Electronic KYC (eKYC) provides:
- Speed and efficiency
- Reduced cost
- Adaptability and integration
- Improved customer experience
Mobile KYC adds:
- Biometrics
- Artificial intelligence (AI) data
Real-time monitoring and database checks enable firms to cross-reference and monitor the legal and financial standings of clients across domestic and international jurisdictions to mitigate counterparty risks.
Big data technology helps large institutions address volume while optimizing efficiency, accuracy, and cost reduction for smaller operators.
Create a contingency plan
The BSA requirement for banks to obtain beneficial ownership information on account holders who own 25% of more of a corporate entity was streamlined on Jan. 1, 2024, with the launch of FinCEN's Beneficial Ownership Information (BOI) database. Financial institutions subject to customer due diligence requirements have authorized access to BOI, yet they must develop and implement administrative, technical, and physical safeguards reasonably designed to protect the information.
Organize compliance data
Financial institutions must organize themselves and ensure that compliance objectives are aligned with the goals of senior management and the board of directors. Repurposing KYC and regulatory data to drive business value is a bank-wide enterprise that will not work without the support of bank leadership.
Make data more available
Bank silos need to be dissolved to make client data more readily available and sharable throughout the organization without compromising legitimate privacy concerns. This undertaking requires the judicious determination of relevant KYC data assets.
Align goals with KYC objectives
Financial institutions’ business goals must be strategically aligned with KYC objectives and deadlines so that each enterprise process signifies a step closer to full compliance. Additionally, banks must train and recruit qualified personnel capable of grasping the business, data, and regulatory dimensions of KYC in an ever-expanding climate of BSA legislation.
Define KYC success
Establish clearly defined metrics for KYC compliance success and test pilot programs in pre-deadline phases to help guide optimal KYC revenue-growth strategies. Ultimately, these provisions cannot be properly employed without a cultural repurposing, which bank leadership must always exemplify.
Pick the right technology partner
In 2024, it’s nearly impossible for any bank to demonstrate an honest commitment to KYC compliance without investing in appropriate data technology. Data collection, analysis, provision, and sharing are central to the KYC dilemma. Today, banks have access to law enforcement-grade investigative software capable of scanning millions of data points simultaneously and across jurisdictions — domestic and foreign.
Modern technology includes AI-based ID systems, such as that created by a New York company, Clearview AI, for facial recognition, and the photo ID requirement for the FinCEN BOI database.
Older technology allows banks to pull data from utility records, DMV files, property ownership, public records, private records, watch lists, criminal cases, business information, healthcare provider content, and social media data.
Additionally, the solutions of today enable the intuitive navigation of KYC queries and relationships through centralized dashboard interfaces. The holistic, “one-view” benefits of modern investigative software speed up the learning curve for the technology training of relevant personnel.
Furthermore, today’s resources can capture in real-time adverse changes in client risk profiles, flag suspect accounts, and escalate issues to compliance managers. Beyond real-time risk tracking, more sophisticated investigative software grants banks access to comprehensive social media, cell phone, VoIP, landline, and pager coverage of all 50 U.S. states, Puerto Rico, various territories, and even Canada.
Leveraging the tools of compliance
Today’s investigative innovations enable large organizations to process high data volumes more efficiently and intelligently. Smaller banks leverage these new KYC compliance software tools to cover gaping regulatory blind spots and use state-of-the-art tech to detect illicit funds migrating to their remote branches. What’s more, smaller operators can leverage sophisticated tech to drastically reduce their rising compliance cost burdens.
As banks struggle to realign themselves with the KYC compliance regime, a consistent, comprehensive, and defensible technology solution is key. Firms of all sizes should be reassured that the right KYC solution exists and that this resource is well within their means.
Combat fraud and comply with anti-money laundering (AML) and know-your-customer (KYC) regulations.