KYC stands for "know your customer," - but do you know which measures are legally binding and how decisions in Brussels affect your business? Read along as we review what you need to know to understand your KYC.
KYC stands for "Know Your Customer" and is part of the Money Laundering Act. The Money Laundering Act is, in its simplicity, about reducing economic crime and money laundering. KYC is a crucial concept here. It is a requirement that companies subject to the Money Laundering Act must get to know their customers to avoid everything from money laundering to you as a company not doing business with criminals.
The concept includes that you can document that you know your customer; This includes, among other things, control of identity and financial activities and identifying the risk posed by individual customers.
When you establish an effective KYC process, it helps to comply with the Money Laundering Act and to be able to secure an effective business model in your organization.
Which companies are under the Money Laundering Act and KYC?
All companies within the financial sector are under the Money Laundering Act; this means they are also required to perform a KYC check.
The Money Laundering Act applies to, e.g., these companies:
- Banks and financial institutions
- Loan companies
- Credit, currency, and securities companies
- Auditors and audit bodies
- Lawyers and lawyers
- Estate agents
EU directives and national legislation
AML 5 is a European law (a so-called EU directive). When the EU Parliament issues a directive, the individual member states have a period during which they implement the directive into local legislation. This action typically takes place in the form of adjustments in, for example, the existing laws or new executive orders.
Guidance on the Money Laundering Act
In Denmark, the Danish Financial Supervisory Authority has the general duty to supervise companies within the financial sector. The supervisory authority for auditing and bookkeeping firms is the Danish Business Authority, and for lawyers, it is the bar association.
The Financial Supervisory Authority guides the areas of application of the Money Laundering Act and the obligations that follow from the Money Laundering Act. One of the obligations under the Money Laundering Act is the directive AML 5. This directive must ensure that companies know their customers to a greater extent.
The Danish Financial Supervisory Authority has thereby drawn up guidance on money laundering for companies covered by the law. According to the direction, some examples can help inspire compliance with the Money Laundering Act. Ultimately, it is up to the individual company to determine the framework for how they will comply with the requirements of the Money Laundering Act.
What happens when companies don't comply with the anti-money laundering act?
When the Financial Supervisory Authority inspects the companies, there will be a follow-up supervisory report. The inspection report can express criticism as an injunction, but it can also be in the form of police reports. These reports will always be available on the Danish Financial Supervisory Authority's website.
However, it is also a requirement that the companies put the report on their website to be available to all current and future customers.
If the companies are caught not living up to their obligations, the company's name and reputation can also suffer from a bad report. For large companies, this is often worse than a fine, as they can lose customers on a tarnished name and reputation.
A risk-based approach
According to the latest directive, AML 5, enforced in January 2020, companies must make greater demands on assessing customer relationships. For each customer, companies must evaluate and determine the risk of being misused for money laundering or terrorist financing. Thereby, one of the most fundamental aspects of the Money Laundering Act is:
- Risk assessments
- Administrative procedure
The risk-based approach focuses more on legitimacy control and ongoing KYC procedures.
Companies answering to the Money Laundering Act must prepare a risk assessment. In this risk assessment, you identify the risks you believe apply to your customer.
To prepare a risk assessment, the company must:
- Customer by customer deals with the risk of being exploited for money laundering or terrorist financing.
- Explain and justify the assessment and its precautions to the relevant supervisory authority.
- The risk assessment must also contain the company's precautions to prevent money laundering.
A company's policy describes the company's general risk appetite. This policy includes descriptions of:
- Which type of customers do you find eligible for business relation
- Which types of customers do you find ineligible for a business relation
When you talk about business conduct, it means, in short, that you have a written procedure for what you as an employee or as a company must do in certain situations. A business process helps to:
- To provide an overview of the risks assessed with different customer groups.
- To describe the actions employees should take to meet the risk.
Remember to check for PEP - Politically Exposed Person
Politically exposed persons are people whose political position means that they pose a high risk of being subject to money laundering. This action is because they are to a greater extent exposed to extortion, bribery, or otherwise involved in financial crime.
One can identify PEPs by cross-checking these people with public databases. It can, for example, be: Finanstilsynets PEP-liste.
However, this list is not exhaustive of all PEPs in the country. It is only those mentioned to the authorities. Spouses of the primary PEP are in the database as well.
How often is a check of the customer's identity carried out?
You must validate a customer's identity every time a new customer relationship is established. Furthermore, if there is a change in the customer's circumstances, you are required to check.
This procedure occurs once a year for high-risk customers, whereas for low-risk customers, the process is every five years.
How can the company ensure that they know their customers?
With the help of a customer familiarization procedure which is carried out based on the risk assessment - also known as KYC, the companies can assess the risk they take when negotiating with customers.
Thereby, a customer familiarization procedure includes obtaining identity information about the customer.
Most often, the identity information will include:
- CPR or CVR number, depending on whether it is a natural or legal person.
- Information that describes the desired customer relationship.
- Information that describes the customer's business and activities.
After that, a reliable source must validate the information. The documents must be verified against other sources validating the customer's identity; this can, e.g., be an address or a passport.
Thereby, the customer knowledge procedure will be able to describe what the company must do to say that they know their customers. Know your customer is also known as KYC.
A tiresome process
The Money Laundering Act can be a headache and is resource intensive.
What was in effect yesterday could suddenly be insufficient, making KYC a good workflow that takes a lot of manual time to prepare.
It can therefore be time-saving to use a system to systematize and automate this workflow. At Visma Creditro, we have developed Creditro Comply. A platform where we automate and ensure compliance, so you are on top of regulations and have all matters in order When the Financial Supervisory Authority inspects your company.
In the first half of 2022, Visma Creditro surveyed over 4,000 users about the time spent on the KYC procedure. More than 75% of users had shortened their annual time spent on KYC by more than 95%; this happens because documentation is automatically obtained, the right questions are asked, and the controls are in place. These functions occur while all users are monitored in real-time.