KYC process: ask the right questions
Gus Tomlinson
Know your customer (KYC) simply describes the collection and evaluation of customer-related information to confirm a customer is who they are they are. It covers both onboarding new customers and in-life customer monitoring.
KYC compliance is part of a risk-based approach to anti-money laundering (AML) for regulated industries, including most financial services. In times when online identity fraud is high and rising, however, identity confidence is not just a customer due diligence (CDD) formality but also essential fraud protection at the first point of contact with new customer prospects.
Ask the right KYC questions
The right KYC questions to ask can depend on many things: the type of business, type of customer, product segment and value, location and sales channel as well as your business’s assessment of the level of risk that these attributes represent.
Your customer onboarding journeys should reflect your assessment of these risks and dynamically respond to the presence or absence of risk and fraud signals with a customer experience that’s optimised for both security and speed. So, which checks your business applies online will vary automatically, but there should always be four key questions to ask whenever a new identity appears.
Is this a real person?
With increasingly sophisticated identity fraud attacks, verifying that you are being presented with a real identity, before onboarding a new customer to your business is an essential first step in any KYC customer due diligence (CDD) process.
Cybercriminals routinely disguise themselves by creating a synthetic identity – a combination of stolen and fake personal data used to create a new digital persona for illicit purposes. Generative AI also poses an increasing threat to businesses as it allows fraudsters to fabricate realistic fake identities.
Know your customer with fast, accurate and secure identity data verification
Know your customer checks that use identity data verification to confirm that the identity has been seen and accepted before are common. These match a name, date of birth, ID number and other identity data attributes against trusted global data sources like credit agencies, voter registrations and property records.
With the advent of identity confidence scoring, businesses that rely on data for KYC can now calibrate a more accurate risk-based approach to customer onboarding. By adding identity match accuracy, integrity and frequency to calculate an overall identity confidence score, it’s possible to optimise and automate customer onboarding journeys by the level of risk.
Is this person who they claim to be?
This is a KYC question that quickly comes up for customer categories and transactions identified as high-risk in the regulated industries.
Proving identity by eliciting a government-issued ID and matching it to the unique facial biometrics of the customer provides a high degree of assurance that she or he is who they claim to be. This kind of identity document proofing is a requirement of KYC enhanced customer due diligence (EDD) and a standard escalation in risk-based customer onboarding journeys designed to detect and prevent identity fraud.
The complete buyer’s guide to identity proofing
The best identity-proofing solutions can swiftly guide a customer prospect through the essential steps to document-centric digital identity proofing and biometric authentication. This will typically include forensic tamper-proof tests on documents and liveness or ‘presentation attack’ detection on the individual to ensure the genuine presence of the person claiming that ID.
With the rapid evolution of GenAI, liveness testing must also include countermeasures to new security threats. For example, detecting and defending against deepfake video purporting to present the genuine owner of the ID. AI-powered video analysis of lip movement and mouth shapes can detect synchronisation discrepancies that signal a deepfake.
Onboarding intelligence
Onboarding intelligence is a collective term for a rich combination of consumer identity data references, identity histories and behaviour patterns derived from multiple businesses and government sources.
While the data itself is protected, insights derived from this data can be shared between businesses and across borders. By connecting KYC checks to the positive data matches or suspicious data anomalies that exist in this network, businesses can recognise great, good and bad customer prospects at the first point of contact.
Join the global identity trust network
Can I do business with this person?
This is an essential question in your KYC checklist.
A process of screening customer prospects against global sanctions, politically exposed persons (PEPs) and adverse media lists to identify embargoed individuals and businesses or those with a higher risk of engaging in illegal activities is a must for any multi-layered KYC risk assessment.
There are many global watchlists designed to screen out risks to your business.
To meet regulatory standards for scrutiny and minimize the chance of missing a sanctioned or high-risk individual or entity, fuzzy matching techniques are deployed to the screening process. Fuzzy matching can return good prospects as well as high risks, however, so the best KYC solutions remove these false positives.
If you encounter a high-risk customer prospect, your business must perform enhanced customer due diligence (EDD) checks before onboarding. Beyond onboarding, ongoing monitoring of in-life customer relationships for changes in customer risk profiles is advisable, as these lists are constantly evolving.
Global Fraud Report 2024: get the facts about fraud.
Should I onboard this person?
This is ultimately your call, based on your business’s risk-based approach to AML.
If your customer onboarding process has produced positive answers to the first three KYC questions, the answer is more likely to be ‘yes’. Your commercial instinct to win a new customer, balanced against your business’s tolerance for risk, will determine the answer to this last question. It’s up to you to detail and document a risk-based approach to KYC and customer onboarding.
Many of the national and international AML regulatory bodies produce industry-specific guidance for developing a risk-based approach to AML and KYC around the world. The Financial Action Task Force (FATF) publishes recommendations and risk-based guidance for several industries, including, accountancy services, banking, cryptocurrencies, legal and real estate services. Professional bodies representing highly regulated industries also produce industry-specific guidance.
Partner for KYC confidence
Technology will progress, fraud will mutate and regulations will change. With the right technology partner, your business platform should be able to respond quickly and your customer onboarding journeys should adapt and continue to dynamically respond to the presence or absence of customer risks and identity fraud signals.
Building the simplest and smoothest onboarding process you can for every online visitor is fundamental to the success of most businesses. The right solution provider will align with your business's risk-based approach to KYC and AML, providing trust-building solutions to verify and prove customer identity confidence and protect your business from false claims and fraud.
In an increasingly digital world, we at GBG help businesses grow by giving them the intelligence to make the best decisions about their customers when it matters most. Every second, our global data, agile technology, and expert teams, power over 20,000 of the world's best-known organisations to reach and trust their customers.
Frequent KYC questions
What is Know Your Customer?
Know your customer (KYC) refers to the customer due diligence (CDD) and enhanced due diligence (EDD) that regulated companies carry out to ensure their customers are genuine and do not pose an individual risk to the business at the point of onboarding and as part of continuous monitoring during the business relationship.
What is Anti-Money Laundering?
Anti-Money Laundering (AML) refers to a wide set of laws and regulations mandating steps that financial institutions and other regulated industries must take to prevent criminals from laundering money. These regulations are designed to ‘counter the financing of terrorism’ (CFT) and other illicit activities. Regulated businesses must not knowingly or unknowingly aid these activities.
What is a risk-based AML assessment?
Central to a risk-based approach to AML is an assessment of a product or service’s exposure to individual customer, geographic, channel, transaction or other risk factors occurring. The level (low, medium or high) of that risk and the potential impact on the business is assessed so that mitigating policies and procedures can be devised and implemented.
Sign up for more expert insight
Hear from us when we launch new research, guides and reports.
