KYC and AML regulation are increasing to cope with the rising demand for financial services and the pressing need for increased security and protection against fraud. Financial institutions and businesses are struggling to master these procedures. With various acronyms flying around, it can be confusing when trying to decipher the true meaning of these processes. What is KYC? What is AML? And how do these practices protect you and your customers?
Short for ‘Know Your Customer’ and ‘Anti-Money Laundering’, KYC and AML compliance are mandatory procedures, required by law, to mitigate the risks of banks and companies being used as vehicles for financial crime. Consisting of various verification, monitoring, and cross-checking procedures, these policies need to be watertight to prevent malicious actors from slipping through the net. If not, these entities face high non-compliance fines from regulatory bodies.
While the two terms are often mistakenly used interchangeably, they mean different things. The main difference between KYC and AML is that KYC is a procedure, whereas AML is a full framework. KYC refers to identity verification procedures used to ensure customers are who they say they are. AML is the umbrella term for the entire set of mechanisms deployed to protect against money laundering and financial crime. KYC is one of such mechanisms.
The issue with this confusion is that entities are failing to fulfill all regulatory specifications for AML, falsely assuming that KYC processes are enough to pass. However, while KYC procedures aren’t enough on their own, installing full AML operations can be costly and time-consuming.
Luckily, as regulation and demand increases, technology is rising up to meet the needs of service providers. Thanks to the automated KYC technologies offered by GetID.ee, entities can cut costs, delays, and clerical errors associated with manual identity verification. This allows service providers to better manage their AML budgets and compliance teams, while KYC processes take care of themselves.
What is AML?
The Bank Secrecy Act of 1970 demands that financial institutions cooperate with the U.S. government to help eliminate financial crime. This includes terror funding, tax evasion, money laundering, bank fraud, and so on. Known as ‘Anti-Money Laundering’ regulations, financial institutions are required to obtain and verify every customer’s data, monitor their activity, and report anything suspicious to the relevant authorities. In this sense, the term ‘AML’ refers to the whole scope of techniques employed to help meet the requirements of this legislation.
AML can be considered a framework rather than a procedure, itself. AML policies tend to be comprised of several protective arms to help intercept financial crime as or before it occurs. AML compliance programs consist of internal and external systems that apply risk assessments during the onboarding process (KYC), detect suspicious activity (such as flagged transactions), manage internal risk controls, offer compliance training for staff, and submit regular independent audits. By combining these systems, financial entities have a far higher chance of immediate detection and reporting. This leads to a greater prospect of preventing illegal activity.
The problem is that increasing demand for financial products is being met with heightened AML regulation. Now financial institutions and service providers are struggling to keep up. This often leads to AML compliance feeling like bureaucratic nonsense. However, money laundering is on the rise, with countries like the UK seeing all-time record numbers of instances occurring in the system. It’s predicted that around $300 billion of criminal funds are ripe for laundering through the USA each year. This includes significantly large sums from drug cartels linked to Mexico.
The impact of such drastic money laundering can have a devastating ripple effect on nations. On the one hand, sums of this magnitude nurture and expand criminal cartels, terrorist cells, illegal arms dealers, corrupt officials, human traffickers, and more. But what is perhaps more distressing is that such large sums of money flooding into a country negatively affects the economy. When rivers of illicit money are pumped illegally into a nation, economies are undermined and currency values suffer. It’s argued that an economic shakedown of such epic proportions can be classed as a threat to national security.
In this sense, introducing strong AML frameworks across the financial sector helps to weed out undesirable applicants. This protects customers against fraud, institutions against financial loss, and economies and countries against currency collapse and criminal expansion.
So, What is KYC?
KYC or ‘Know Your Customer’ is one of the numerous AML mechanisms installed to meet regulatory compliance. Most often used during application processes, KYC helps to identify and verify customer identity. The purpose is to ensure that a potential or existing customer is who they claim to be. In this sense, KYC is predominantly an identity verification process. A thorough and necessary risk assessment, KYC is often, but not exclusively, applied during the customer onboarding process.
KYC and AML compliance procedures have been compulsory for US banks since the US Patriot Act of 2001. The ID verification mechanism helps to mitigate risk for banks and the economy. It is the first port of call against money laundering and terrorist funding. While previously reserved for banks, increasing regulations mean that KYC processes are now being used by all sorts of service providers for various activities. KYC checks may apply when processing large transactions, modernizing authentication systems to meet new regulatory compliance, registering users, and updating records.
A multi-stage operation, KYC procedures involve collecting and analyzing customers’ ‘Personally Identifiable Information’ (PII). This stage is sometimes referred to with its own acronym: CIP or Customer Identification Program. There is no standardization for this step. Different institutions may request different forms of PII. Typically, this may include the customer’s full name, address, date of birth, and so on. Customers must also submit supporting government identification to help verify this information, such as a passport, ID, driver’s license, and proof of address. As there is no standardization, customers may find this procedure varies each time they apply to a new financial institution.
To verify this data, institutions send this information to a plethora of independent third-party verifiers. These actors run it against official databases to confirm that the information is correct and that it matches across the board. Following this, verifiers will also run a person’s information against global watch-lists. This indicates whether the applicant is a ‘Politically Exposed Person’ (PEP) or has been identified as a risk. PEPs are people entrusted with prominent public positions of power, such as politicians. For financial institutions, people in political positions pose a higher risk due to their potential for corruption.
From these procedures, financial entities and service providers can allocate a level of risk to each customer. Risk levels and a record of regular transactional behavior are outlined in a ‘Customer Profile’. Future monitoring of transactions will be compared against this profile to flag any unusual activity.
This can also extend to atypical activity with associated peers. While this may seem a little intrusive, monitoring customer payments to others helps protect against unwitting financial crime, where customers aren’t aware they’re being used for illegitimate means. Often referred to as ‘Money Mules’, naive accomplices are often selected by criminal organizations to launder money through their accounts. Often, but not always, these vulnerable parties are unaware of what they are doing or the true gravity of their actions. In 2018, there were more than 40,000 potential cases of money mules in the UK, alone. Criminals are said to mainly target teenagers on social media or unwitting middle-aged men with no criminal records. Sometimes people are offered money to let transactions run through their accounts, whereas sometimes the money appears and disappears without account holders noticing.
When all the statistics of fraud and illicit activity are considered, it’s no wonder that KYC regulations are increasing. In the UK, alone, the number of Suspicious Activity Reports rose 9.6% between 2017-2018. In the US economic crime increased by 17% between 2016 and 2018. Stricter KYC regulations are being imposed to try to stem this ‘dirty money’ crisis.
If KYC and AML are So Important, What’s the Problem?
The widespread increase in economic crimes and money laundering worldwide needs to be addressed. Regulatory bodies are taking on this role by imposing far more stringent KYC and AML standards.
This should seem to be a positive step toward ridding the economy of ill-gotten gains and bad actors. However, the increasing demand for financial products means that service providers are swamped. With more customers under the AML umbrella than ever before, companies are struggling with the growing delays. Thanks to the backlog on KYC applications, onboarding timeframes have risen from 28 to 32 days between 2016 and 2017. Such dramatic onboarding friction has caused 12% of businesses to switch banks.
On top of this, entities are shelling out huge KYC and AML costs to meet stricter regulations. For service providers, manual processing means sending documentation to third-party verifiers. Not only is this slow, but these services are also expensive. On top of this, companies need to hire a ream of compliance staff, who are in desperately short supply (meaning they charge outrageously high salaries). Alternatively, companies are spending unprecedented sums on training existing staff on ever-increasing compliance. The average cost of annual compliance training is $45/hour per member of staff, with an average of 5 hours needed. For firms with 1000+ employees, compliance training can cost in excess of $225,000 a year.
What’s more, if these AML mechanisms aren’t up to par, companies face unimaginable fines. This year alone, from January to April, $7.7 billion of fines have been handed out by global authorities for poor AML and KYC practices.
What’s more, the constant back and forth of documentation leaves significant room for interception by corrupt actors, as well as a trail of clerical errors. In fact, 32% of corporate actors feel that security is a real issue during the KYC process.
To add to this, manual processing requires humans to identify cases of fraud. With sneaky face spoofing techniques and the growing proliferation of fake document vendors, it is becoming increasingly easy to commit application and identity fraud. In just 12 months, from 2017 – 2018, fiscal losses due to new account fraud increased by $400 million, from $3 billion to $3.4 billion. Of the 3 million fraud cases in the US in 2018, over 15% of these were reported as identity theft — A problem that seemed to be decreasing from 2015-2018, only to rise again in 2018. With this in mind, manual KYC procedures are clearly not effective enough at protecting against financial crime.
With this in mind, the current AML and KYC landscape is untenable due to its lack of scalability. Where manual processes are currently used for identity verification, both service providers and customers are becoming frustrated with the slow processing and high costs — Not to mention poor security.
With more and more customers handing over personal data every day and AML regulations tightening, more scalable mechanisms must be installed to cope with the demand. Not only are manual KYC practices a hotbed for malicious interception, but poor data storage is also leading to an epidemic of data breaches. In the last year, 12% of businesses have admitted to being subject to cybercrime, leaving customers vulnerable to further fraud. Take the huge KYC data leak that occurred at Binance in August. This simply isn’t an effective route to protecting customers and economies against fraudsters.
How Can Automated Digital ID Verification Solutions Help?
It is pretty clear that the issue is not with the idea of AML and KYC procedures. Most institutions and customers agree that these strict safeguards are vital. The problem lies in the shoddy execution of manual processing. This approach is peppered with vulnerabilities and costs financial institutions an arm and a leg.
In this sense, it’s about time that this outdated workflow had a facelift. New solutions need to iron out the bottlenecks that leave entities unguarded against identity fraud and inaccurate processing. Simultaneously, new systems must cater to the increasing regulations being passed down from above. It’s clear that KYC and ID verification procedures, in particular, need to be faster and more affordable, with increased security and accuracy. In the current state of passing around PII information, service providers are opening customers and themselves up to a whole realm of potential fraud, while paying an incredible amount of money for the pleasure.
Identifying the key mishaps in the system, it’s clear that the weakest links in the chain arise from outsourcing to a series of external third-party verifiers. Not only does this add time and expense to the process, but the constant changing of hands also leads to clerical errors and the misappropriation of data. What’s even more worrying is the inaccuracy in the process and its vulnerability to fraud. Despite the high costs and lengthy KYC procedures, 84% of businesses still feel burdened as current manual procedures can’t guarantee a customer’s identity. The human elements in the system can easily be tricked.
Using automation, service providers and financial entities can significantly streamline this process for more efficient KYC practices. Instead of PII being sent to a torrent of different expensive, slow (and often questionable) verifiers, automation can verify individuals using far more accurate systems in seconds.
Equally, automated systems increase efficiency. Currently, customers have to send their personal data out multiple times for different applications. With automated KYC processes, customers only have to create a verified digital identity once. Financial entities and service providers can now instantaneously access this verified identity. This virtually eliminates the time, cost, and potential inaccuracies of the manual KYC process.
When the impact of such increased productivity is considered, onboarding costs could drop by as much as 90%. Equally, onboarding times would diminish from weeks to minutes or seconds. Take the example of Smart-ID in Estonia. Not only does this enable 99% of public services to be delivered securely online, this digital identity system means that Estonians can pass KYC checks much faster, vote online, pay taxes digitally, buy cryptocurrencies, and so on. Studies show that this saves Estonia 1407 hours of labor annually.
Through the implementation of digital identity systems, it’s clear that automated customer verification systems increase efficacy and efficiency. e-KYC procedures reduce the time, costs, and inaccuracies currently inherent in manual processing.
This is why GetID.ee has devised a high-performing omnichannel platform for automated e-KYC procedures. The platform is the ideal tool to kickstart this transition away from manual KYC processing. GetID.ee enables service providers to instantly access verified customer identities all in one place, without the need for costly third-party intermediaries.
How Does GetID.ee Reduce KYC/AML Bottlenecks Through Automation?
By automating the KYC process, businesses and financial institutions can ease the early-stage costs in the AML pipeline. Where currently customers manually submit PII, GetID.ee uses a multi-layered autonomous omnichannel route to provide automated identity verification.
For users applying for a digital ID through GetID.ee, submitted PII and related official documents are submitted digitally and run through our next-generation software that pulls out relevant data and verifies it automatically against relevant databases and sanctions lists.
Using Optical Character Recognition (OCR) the state-of-the-art system can scan text documents to isolate all relevant written PII information. Complemented by our Face Match software, users’ official ID photographs are compared to a selfie take upon application, using biometric technology.
In order to increase accuracy and eliminate the possibility of biometric spoofing, GetID.ee offers up state-of-the-art Liveness Detection. This software requires users to complete a task live on camera (like raising eyebrows or smiling). This automatically proves it’s the applicant, live in the exact moment, as opposed to a pre-recorded video.
Once verified, users are automatically compared against global watch-lists to indicate any sanctions they may have against them, or to identify them as a Politically Exposed Person (PEP).
Unlike traditional KYC processes, customers only need to do this once. Instead of having to submit data for every different bank or application, customers simply create a digital ID once. Entities that need the verified data can access this verification through the GetID.ee platform instantly, and as many times as necessary without the customer having to resubmit data.
This automated practice significantly speeds up the process. Equally, by cutting out third-party intermediaries and the need for a full compliance team, the costs of KYC are far lower, with clerical errors practically eliminated. What’s more, no personal data is stored in centralized silos, protecting users from hackers entering via one single point of failure.
In short, GetID.ee’s automated KYC solution provides faster, cheaper ID verification, on a highly secure platform, without any of the onboarding friction associated with manual KYC mechanisms.
To Sum Up
With the terms used interchangeably, KYC and AML are often confused. But, while KYC refers to the ‘Know Your Customer’ process of identity verification and risk assessment, AML refers to the entire range of ‘Anti-Money Laundering’ techniques used to help protect against, flag, and report financial crimes.
The distinction is important to understand as many financial entities fail to fully embody one or both of these aspects, mistakenly assuming they are the same task. However, not only do poor AML and KYC processes lead to a higher risk of financial crime and economic impact, but this kind of oversight can also lead to hefty fines imposed by regulatory bodies.
Despite the pressing need for these policies, staying compliant with increasing KYC and AML regulation is extremely expensive and can take a long time. Employing multiple independent third-party verifiers and a whole team of compliance staff can be a big strain on a firm’s budget. Not only that, the yo-yo-ing of PII documents and unsophisticated centralized data silos can lead to data breaches, identity theft, and malicious interception.
GetID.ee is proposing a new solution. By automating the KYC process using GetID’s digital ID platform, financial entities and service providers can now significantly reduce the costs and time taken for KYC and identity verification. By using GetID.ee’s multi-layered cutting-edge identity verification architecture, financial entities and service providers can confidently be sure that customers are who they say they are, without having to wait days or spend thousands. Automatically highlighting PEPs and sanctions, as well as autonomously verifying ID, GetID’s next-generation technology helps service providers all over the world take care of KYC. This relieves a huge burden from the AML framework.
If you’re looking for an e-KYC solution to help streamline your AML framework and ease customer onboarding in 2020, try GetID.ee. A reliable and robust solution that protects you and your customers from fraud and financial crime, you’ll find GetID.ee to be a refreshingly straightforward answer that saves considerable time and money. Gone are the days of worrying about compliance, GetID.ee’s automated KYC solution keeps your compliant with all KYC and AML regulation now and into the future. Try it today by heading to GetID.ee.