Know Your Customer or KYC is a set of processes and a banking regulation term that many regulated companies, most specifically banks and other financial institutions must follow to obtain, analyze, maintain and in some cases share customer information and activities with government agencies. The purpose of KYC is to ensure that organizations in which there are high risks of money laundering, identity fraud, terrorism financing and other financial fraud take the necessary steps to prevent, detect and report these activates. Increasingly, various regulations and business activities are aligned to protect consumers and nations in a synergistic manner. In a future article, we will discuss how various regulations are addressing identity risks independently and collectively. Although many regulations are interrelated and complement each other, they sometimes overlap and propose similar requirements such as the FFIEC Supplement to Authentication in an Internet Banking Environment, Customer Identification Program, Sarbanes Oxley Act and Red Flags Rule. I often recommend that companies manage their regulatory compliance program centrally within the organization in order to avoid redundant regulatory activities, improve controls, and reduce compliance costs. Although the compliance program can be centrally managed with an oversight committee, regulatory activities such as customer identification, transaction monitoring, and fraud investigation can be distributed across the organization based on group capabilities.
Usually, financial institutions develop Know Your Customer policies for customer identification and acceptance, and, transaction monitoring. A customer refers to a person or entity that can pose great reputational, financial and other damages to the institution. Such person may be one who:
As mentioned, banks maintain KYC policies and procedures to address anti-money laundering laws or AML, and combat terrorism financing or identity fraud. Organizations generally have two main objectives by developing and managing a Know Your Customer program; first, they want to reduce fraud costs by detecting and preventing identity fraud as early as possible by continuously monitoring customer transactions for the purposes of establishing patterns and detecting suspicions transactions, and second, organizations are concerned with regulatory compliance. Complying with regulations especially when the compliance program is mismanaged such as when redundant laws are not effectively managed can be very costly, however, in some cases such as when monitoring and reporting Suspicious Activity Reports to the government, automated software can be deployed for ensuring the lowest cost possible compliance function. Although the use of software to support organizations with these specific regulatory and risk management activities can improve the process and reduce regulatory compliance expenses, there are still huge upfront and continuous costs associated with these activities which are ultimately transferred to customers. Although some of the costs are later recovered such as when preventing identity theft and limiting fraud losses, other costs have no financial benefits and therefore increase the price of services offered to customers.