KYC: Know your customer requirements

What are the KYC requirements? Is it everyone who is obligated to perform a KYC check? And if not – which companies are obligated to do so and why? Read on as we list and explain the companies and requirements for KYC.

KYC is a term used in the financial sector. KYC means "Know Your Customer" and is a process that helps verify the identity of your company's customers and assess their level of risk. Carrying out KYC on your company's customers is necessary to ensure compliance with anti-money laundering (AML) regulations.

All units within, e.g., finance, legal, audit, and properties, must perform KYC to ensure they only deal with trustworthy clients. E.g., banks must perform a KYC verification when a potential customer wants to open a bank account.

They must go through this verification to confirm to the bank that they are who they claim to be. This type of verification of potential customers helps banks avoid doing business with customers involved in financial crime.

The KYC verification is a necessary step to comply with money laundering legislation.

Which companies are subject to a KYC process?

KYC checks are mandatory for companies regulated under the AML rules. However, many companies are not required to implement KYC but do so for a simple reason: To protect their company from financial crime.

Companies that must implement KYC are:

• Financial institutions
  
  
• Real estate agents
  
  
• Auditors
  
  
• Providers of gaming services
  
  
• Lawyers
  
  
• Companies that sell goods of high value – can be diamonds or art

Customer identification and verification

One of the first steps in the KYC process is to collect data on potential customers. If the customer is an individual or the actual owner of the company, the following information is required:

• Full name
  
  
• Address
  
  
• Date of birth

The company can then verify the information provided by the potential customer. The validation happens by checking that the information provided matches up with official documents such as their passport.

When there is talk of companies becoming customers of another company, a few other things must be obtained:

• The company's legal name
  
  
• The company's legal form
  
  
• Registration number
  
  
• Address
  
  
• Information about the actual owner of the company

After obtaining the information above, you check the information against PEP and sanction lists.

However, you can collect less data from customers with a low risk of AML. On the other hand, with customers at high risk of AML, further information must be obtained than initially provided to protect the company as best as possible.

To determine the purpose of the business relationship

You need to know why customers want to use your company's products or services. E.g., when a person opens a bank account, the purpose is to store their money safely and have easy access to it.

As a company, you must also understand how your customer will use your product or service. To do, so companies collect information about:

• Types of transactions
  
  
• Expected size and frequency of transactions
  
  
• Countries involved in the transactions

Knowing the purpose of the business relationship helps your company detect suspicious activity. It can, for example, be money laundering or terrorist financing.

Risk assessment

To be able to assess a customer's risk to the company, you can investigate:

• Is the customer a PEP?
  
  
• Does the customer run a business with a high risk of financial crime?
  
  
• Have you met the customer?
  
  
• Whether you sell directly to the customer or through an intermediary
  
  
• Whether the customer is interested in a high-risk product

These indicators can give the company a sense of whether the customer is at high or low risk.

Continuous monitoring and updates

All customer relationships will change over time, and that is precisely why you as a company should review and update the KYC data approx. Once a year. It is a good idea to ensure that your company information is accurate and correct.

Record keeping

Each nationality has different periods in which they must keep KYC documents and personal data of previous customers. It is five years in the Nordic countries such as Norway, Sweden, Finland, and Denmark. In Belgium, however, it is ten years.