Article

KYC in Banking: Its Challenges & Best Practices

Performing KYC checks in banking should be a straightforward process. Unfortunately, it’s often expensive and slow. Here’s how you could streamline the process.

What Is KYC in Banking?

KYC, which stands for Know Your Customer or Know Your Client, is a legal requirement in banking so that institutions know for certain who they are doing business with. It is part of the larger due diligence process, which also includes identity verification and authentication.

The three goals of KYC in banking include:

  • validating customers’ identities
  • ensuring they can receive your banking services and products
  • avoiding dealing with potential money laundering in banking

While AML in banking (anti-money laundering) is its own process, it is often bundled with KYC for banks as they require similar checks relating to authenticating users, or can even be part of the same legislation.

Improve Your KYC Workflow

SEON’s digital footprint analysis checks 90+ social media networks and messenger apps to support your KYC verification checks and reduce costs.

Ask an Expert

Why KYC Is Important for Banks

KYC is a crucial process in banking and neobanking because it allows banks to know who they are trading with, effectively protecting the banks’ operations, their customers and the national and global economy at large from money laundering, identity theft and financial fraud.

As an example, in the USA, the Patriot Act of 2002 defines strict KYC procedures using a risk-based approach while, in the EU, KYC explicitly forms an essential part of AML and CDD mandates defined in legislation such as Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing.

Here is what may happen if you fail to implement the appropriate checks:

  • Heavy compliance fines: In 2020 alone, these fines amounted to $10.4 billion for financial institutions worldwide. AML laws applicable to banking exist in almost every country that mandate this, including the Patriot Act in the US.
  • Reputation takes a hit: These fines are often noticed by the news industry, which reflects poorly on the bank or fintech.
  • Attracts crime: Criminals and fraudsters who manage to onboard by fooling your KYC checks will either spread the word about their exploits or attempt to create multiple accounts and resell them.
  • Increases fraud in the long term: Once bad agents infiltrate your bank, they can use the accounts for all kinds of misdeeds, such as money laundering – which is a compliance issue in and of itself. 
  • Loss of banking license: In extreme cases, an institution could lose its license if found to be breaking KYC laws repeatedly. This is of particular concern for challenger banks and neobanks, for which the authorities are not as confident, compared to established, legacy institutions.

With all the above in mind, it’s no wonder banks do their best to mitigate the risks of fraudsters opening bank accounts. Unfortunately, the process isn’t as straightforward as one might expect.

KYC in Banking and Customer Due Diligence

Know Your Customer in banking is closely related to the concept of Customer Due Diligence, often abbreviated to CDD, as well as Enhanced Due Diligence, also known as EDD. Such terms are often used interchangeably, yet there are subtle differences:

  • KYC is focused on verifying who your customer is when they first onboard.
  • CDD can be an ongoing process, especially so for banks, as it goes beyond simple KYC to ensure that all customer information is up to date (according to applicable law). It can also include more requests, such as proof of source of funds.
  • EDD is much more stringent than CDD and applies when a customer has been identified to have more opportunity or likelihood to commit money laundering or other types of financial crime. Those who undergo enhanced due diligence are likely to be even more frequently checked against sanctions lists, blacklists and PEP lists, for example.

KYC Requirements for Banks and Neobanks

Banking KYC requirements are largely aligned across most of the world, though there exists some variation from country to country. Both companies and individuals who are looking to access financial products need to prove who they are, where they are based, their date of birth (or incorporation for companies), and ID/registration number.

In general, KYC mandates that banks need to ask individuals and organizations for the following:

IndividualsOrganizations
• proof of full name – comes in the form of an ID card, passport, or other defined documentation
• a list of people with significant control or interest in the company and all individual KYC data for them – this is provided through a register of shareholders and a register of directors, plus KYC documentation for all stakeholders
• proof of residential address – often used are utility bills and correspondence from the government• proof of registered address, from official and often notarized evidence such as a trade register entry
• proof of age – mainly to show that the person is an adult, this is usually confirmed by the documentation that proves their full name• certificate of incorporation and good standing
• company reports and accounts

How Does the KYC Process in Banks Look Like

For most banks, the KYC process will happen at the time of onboarding, and it will look as follows:

  1. A customer will request to open an account.
  2. The bank asks the customer for proof of their identity (passport, driving license, ID card…).
  3. Also, proof of their age (if not in the identification document).
  4. Finally, proof of their address (utility bill, official correspondence, bank statement…).
  5. The bank verifies the above by checking official databases or using identity verification software.

Some banks may also ask for business activity and/or employment information. 

The Challenges of KYC in Banking

Unfortunately, banking KYC isn’t as easy, effective, or cost-effective as regulators make it out to be. Here are some of the key challenges.

1. Lack of ID Standardization

There are around 150 different types of passports and national IDs worldwide. Banks need systems that can authenticate users whether they provide a driving license, an ID card that is printed on paper, a passport that might or might not contain a hologram, etc.

The type of data that needs to be captured also varies from one geolocation to the next. In India, for instance, Aadhaar KYC makes use of the 12-digit identity number assigned to each of the country’s residents and citizens. In the US, a social security number is often the default means of providing PII (personally identifiable information).

2. Absence of Historic Banking Data in Certain Markets 

The underbanked, also known as thin-file users, are notoriously hard to onboard. How can you gather the right data to ensure they are legitimate customers when their information isn’t available?

This isn’t just a problem in emerging countries either, as in the US, for instance, 25% of households are either unbanked or underbanked. SEON’s digital footprinting module provides a solution to this by sourcing alternative data for credit scoring.

3. KYC vs Data Privacy 

Collecting data is important. Safeguarding it is a challenge – especially in the age of the GDPR and other data privacy regulations.

Banks and financial institutions have to walk a tightrope between reducing risk and meeting compliance goals by creating data silos that can easily be deleted if requested.

4. KYC Adds Friction to Onboarding

Last but not least, you have to consider how quickly you want to perform your verification checks. For a brick-and-mortar bank, this isn’t so much of an issue.

Yet, for, say, a digital bank that puts customer experience above all else, introducing too many obstacles in the signup process creates churn and lost opportunities. 

5. Ineffective Automated Identity Verification Software

Because banks tend to outsource the open banking identity verification part of the KYC check, third-party providers become a point of failure that’s hard to manage.

For instance, we’ve seen an increase in the sophistication of fraudsters who use video deepfakes, document doctoring services, and synthetic IDs to open bank accounts with false identities. 

In that sense, IDV and KYC tool vendors and fraudsters are playing a constant game of cat and mouse, where the fraud-fighting technology is only effective until a new attack method becomes the norm.  

Adding insult to injury, this kind of risk software can add a tremendous amount of friction to the onboarding journey. False positives abound, and customers can quickly become frustrated with the technology if it doesn’t work right away. Last but not least, it is also pricey, which means your overheads increase before you can even consider a new application.

Saving Money on Banking KYC With Pre-Checks

While the KYC process is heavily regulated by government bodies, it’s worth considering what kind of checks you put in place – and at which stage of the application process.

kyc: light vs heavy

At SEON, we know that a pre-KYC check can:

  • help banks instantly filter out junk users
  • reduce KYC costs
  • gathers data early useful in AML and risk monitoring
  • improves the user experience for good customers by reducing friction

Here is how it works:

  1. Start gathering data on a new customer as soon as possible.
  2. Enrich this data to gather more real-time information.
  3. Feed the results through risk rulesets.
  4. Calculate the onboarding risk.

From there, you can automatically block high-risk users, have your experts conduct manual review of suspicious yet uncertain cases, and let through those who are obviously legitimate customers, so you don’t have to do more due diligence than required by law on the latter.

The above can happen near-instantaneously, behind the scenes, with no friction. The result is happier good customers and less money spent on KYC, as you are no longer wasting money running expensive identity verification checks on criminals.

As you can see in the short demo above, a lot of the success of a pre-KYC check hinges on the quality of the data you can gather. It has to come from real-time sources (social signals, for instance).

Inversely, you cannot rely on stale databases or shared blocklists – as the former can be no longer valid and the latter can be manipulated by competitors, as has happened in certain online industries.

Our world is becoming increasingly social, so having access to a website visitor’s digital footprint as soon as they click on your application page is the quickest way to learn with confidence who you’re dealing with.

Reduce fraud rates on average by 70-80%

Use SEON to speed up KYC and compliment AML checks, flag suspicious users with behavioral analytics and a real time scoring engine.

Ask an Expert

How SEON Helps With KYC for Banks

SEON is an end-to-end fraud detection platform. We’ve also been increasingly partnering with banking KYC and AML specialists as a provider of data enrichment.

The reason our solutions work so well? We deliver high-quality insights on customers based on accessible data points such as an IP address, email address, or phone number. Using one or more of these, we create a comprehensive profile for them from 90+ real-time online sources, which we also combine with digital fingerprinting and velocity checks.

This is the accelerated way to instantly filter out bad applications, save on KYC costs, and gather better data for your customer due diligence process. The same data can also help you spot suspicious connections between accounts to immediately flag potential money laundering, fraud rings, and digital bank multi-accounting

Customer conections

The ultimate goal? Helping your bank get access to better data with less friction, and reaching the ultimate goal of unifying your KYC and AML processes.

FAQ

What is meant by KYC in banking?

KYC in banking refers to the Know Your Customer or Know Your Client process. It’s a legal requirement to ensure you only offer financial products or services to legitimate customers who pose no risk threat to your establishment and to society at large (for instance, money launderers).

What is banking KYC verification?

A KYC verification includes some form of name, address, and ID verification. Different regulating bodies have different standards, including proof of income, age, or PPI (personally identifiable information) such as a social security number in the US.

Is KYC mandatory for opening a bank account?

Yes. Whether it is with a global financial institution with retail locations or a digital-only neobank, a KYC check is mandatory to open a bank account. However, banks can save on expensive KYC checks by using a pre-KYC filter to weed out bad applications.

How is KYC done in banking?

The KYC process can be broken down into different steps, but the idea is always to filter out bad users and verify the identity of potential customers. A form of identity verification is part of the process. The bare minimum KYC standards for each locale are defined by the authorities.

What Is eKYC?

eKYC stands for Electronic Know Your Customer/Client and it’s simply the digital version of the KYC process. It’s highly popular with banks that operate digitally only (neobanks, challenger banks), but also increasingly for financial institutions that are moving away from the traditional brick-and-mortar model, where customers used to bring in hard copies of documentation to a branch of the bank.
eKYC is the prevalent KYC model for certain markets – for instance in India, where 99% of the adult population has a digital identity called Aadhar.

Sources

  • Compliance Week: Fines against financial institutions hit $10.4B in 2020
  • CNBC: 25% of US households are either unbanked or underbanked
  • BiometricUpdate: Indian farmers’ digital ID proposed as Aadhaar reaches 99 percent adult coverage