Financial crime continues to be a major issue in the UK.
But the government and law enforcement agencies are cracking down on those that break the law or fail to meet regulations.
This article explains everything you need to know about KYC regulations in 2023.
This year saw the biggest money laundering trial in history, as eight defendants were accused of channeling £266m in illicit funds through a Bradford-based gold dealer.
Elsewhere, Santander UK has been fined over £100 million after the bank failed to oversee and manage money laundering controls on 560,000 business customers over five years.
If you want to avoid your business becoming involved in financial crime and facing a fine then you need to have robust anti-money laundering (AML) policies and procedures in place.
Following know your customer regulations (KYCs) are an important part of this
What Is KYC?
‘Know your customer’ is a general term given to processes that involve checking and verifying the identity of customers.
It ensures that customers are who they say they are and helps to fight fraud, money laundering and other economic crime.
What is the KYC process?Know your customer processes are usually part of a larger anti-money laundering regime.
A company assesses the level of risk a customer presents to decide whether to perform advanced anti-money laundering checks.
Some of the things that indicate that a person is an AML risk include:
- The business relationship is likely to involve high-value transactions.
- The person fulfils a prominent public function—for example, they are an ambassador.
- The person has criminal or terrorist connections.
If they are high risk, then the company goes through the AML KYC process. This includes:
Customer identification programme
Sometimes known as IDV, a customer identification programme is where you ask a customer to send you a government-approved identity document. This could include a driver’s licence or a passport.
This is when you check the customer’s ID document against the relevant government database to ensure it is real.
Conducting ongoing monitoring
You perform regular checks on your customer to ensure that their risk profile doesn’t change. You also recheck their ID annually.
If the person is considered high risk or there is doubt over whether their ID is genuine, you may need to conduct full anti-money laundering checks.
These include address verification and checking if the person is on sanctions or politically exposed persons (PEPs) lists.
What are KYC and Money Laundering Regulations?
KYC is governed by the same laws as AML and customer due diligence.
In the UK, the main KYC law is the Money Laundering Regulations 2007.
Below is a checklist of regulatory requirements that customers must meet. There are five key areas:
✔️Create a customer identification programme. In other words, identify customers based on verified documents.
✔️Collect information on the purpose and intended nature of the business relationship.
✔️Identify the level of customer risk depending on:
✔️The type of customer
✔️The business relationship
✔️What the product is
✔️Details of the transaction
✔️The KYC officer must be able to prove that they measured the risks posed by the customer and took appropriate action.
✔️The customer and ultimate beneficial owner’s identity needs to be verified before a business relationship can be started—unless they are deemed to be very low risk, in which case it can be verified during the relationship.
✔️Money laundering officers should monitor financial transactions for any suspicious behaviour.
✔️They should regularly renew customer due diligence records by conducting new checks.
✔️Higher-risk relationships should be monitored more often and with greater scrutiny.
Simplified customer due diligence
✔️ If a company falls into certain categories then they can skip most KYC processes. The only exception is ongoing monitoring of the customer’s transactions and risk.
✔️ It’s worth checking with your industry regulator to find out which transactions qualify for simplified due diligence in your sector.
✔️ You should always conduct full enhanced AML checks if you suspect money laundering or criminal activity.
Enhanced due diligence
✔️Certain types of people are considered to present a higher risk of being involved in financial crime. For these clients you need to conduct enhanced due diligence. This involves investigating the individual more thoroughly and taking a risk-based approach when making a decision.
✔️Enhanced due diligence is required if the customer:
✔️Is not physically present for identification purposes (note: digital identity checks count as being physically present).
✔️Is a credit company with a correspondent banking relationship with a non-EEA institution
✔️A customer is a politically exposed person (PEP).
✔️The money laundering officer perceives a higher risk of money laundering or terrorist financing.
✔️ A company can appoint a third party to carry out KYC checks on their behalf.
✔️ However, they remain liable for the processes and policies, as well as any failures.
✔️ Companies must also keep records of their customers’ identities, transactions and any supporting documents.
✔️ The company should be able to produce records immediately when asked by a regulator.
✔️ Regulated companies should establish and maintain KYC policies and procedures related to:
- KYC measures and ongoing monitoring
- Record keeping
- Internal controls
- Risk management
- Customer risk assessment
- Monitoring, managing and updating procedures and policies
✔️ All relevant staff should be made aware of the law on money laundering and terrorist financing. They should also be trained in how to identify and deal with high risk and suspicious transactions or customers.
✔️ Companies should appoint a nominated officer whose job it is to take responsibility for:
✔️Manage and implement AML policies and procedures
✔️Keep abreast of the latest regulatory changes
✔️Submit suspicious activity forms to the National Crime Agency
✔️Train staff on AML-related matters
These apply to businesses in certain sectors, including:
Who is subject to KYC regulations?
- Credit and financial institutions
- Management consultants, auditors, insolvency practitioners
- Accountants and tax advisers
- Legal professionals
- Trust providers
- Estate agents
- Art market participants
- Gambling companies
- High-value goods dealers (£15,000 or more)
Why AML and KYC Is Important
There are four main reasons for implementing thorough AML and KYC policies and procedures in your business.
Help fight economic crime
Financial crimes like money laundering and fraud are thought to cost the UK economy more than £300 billion each year. Fulfilling AML and KYC requirements means you are doing your part to fight economic crime.
Avoid regulatory penalties
Failure to meet KYC compliance requirements can lead to a criminal conviction, a fine or even a prison sentence of up to two years.
Both companies and responsible individuals can be found guilty of not fulfilling KYC compliance with AML and KYC regulations.
According to the Financial Conduct Authority (FCA), more than £298 million of suspicious money passed through Santander accounts during this period.
Protect your reputation
The Santander fine described above made national news in the UK. HSBC and NatWest have also both been at the heart of similar fines.
Millions of business customers know that these financial institutions enabled financial crime and their reputations have been damaged.
You can protect yours by maintaining robust KYC and AML policies and procedures.
Avoid becoming the victim of fraud
Criminals might not want to launder money. They may be targeting your business to try and steal money or high-value goods from you.
Verifying the identities of customers helps stop that from happening.
Economic Crime and Corporate Transparency Bill
Predicted Changes to KYC Regulations in 2023
This is a new bill that aims to:
- Allow the government to impose sanctions faster
- Create a register of overseas entities to stop foreign criminals laundering money through UK property
- Strengthen the UK’s unexplained wealth order (UWO) regime
The bill will take effect in early 2023. It will impact KYC regimes in a number of ways.
Two examples of amendments recently added include:
Identity verification: Directors and other persons with significant control (PSCs) at companies will need to verify their identities with Companies House. The government is seeking to extend this to overseas companies that register in the UK.
Discrepancy reporting: If a business conducts customer due diligence on a company and discovers a discrepancy between the information they are given and their own research then they must report it to Companies House. The new bill will set out specific reporting requirements relating to this.
Other changes include:
People setting up new businesses will need to have their identity verified by Companies House.
More information about transactions and people’s identities will be shared between enforcement agencies.
Law enforcement officials could be given powers to seize crypto assets.
The legal sector may be given a statutory duty to prevent and detect economic crime.
Greater KYC policies in crypto
Cryptocurrency transactions are anonymous and so are often used by criminals to launder money.
According to the NCA, over £1 billion of illicit cash is transferred overseas via crypto assets each year.
Authorities have long been concerned about the lack of regulation in crypto markets.
In the last year, the crypto industry has been rocked by several high-profile scandals and failures.
The UK government is already planning greater regulation of stablecoins—cryptocurrencies whose value is pegged against real-world fiat currencies—so that they can be used safely.
Another sign of increased regulation is that people within the industry are talking about it. Brian Armstrong, CEO of Coinbase (one of the world’s largest crypto exchanges) has written a blog explaining his thoughts on the future regulation of the industry.
In it, he says that robust AML and KYC policies should be implemented once stablecoin regulations have been set.
Armstrong is an influential figure and so the blog is a good indication of what to expect.
The Role of AML and KYC in the Customer Journey
Performing thorough KYC and AML checks is vital to ensure your business avoids regulatory fines and reputational damage.
However, these checks can make your customer onboarding process long and complicated.
This can damage customer relationships as they are left waiting, and it can even delay the start of your business together.
The solution is to use a fast and accurate KYC and AML checking service.
Red Flag Alert’s database holds detailed financial information on every UK company as well as businesses in most countries around the world. We provide a comprehensive AML service that enables you to conduct fast, accurate KYC processes.
We help you keep your KYC compliance costs and your AML risk low.
- Perform fast, accurate customer IDV checks using biometric facial recognition.
- Check and monitor clients against international blacklists for sanctions, politically exposed persons (PEPs) and more.
- Obtain information on company directors, ultimate beneficial owners and PSCs, including their other business interests.
- Generate customer due diligence programme reports so that you have a verifiable audit trail that meets regulatory requirements.
- Set up monitoring alerts so you know as soon as customer risk profiles change.
Check your clients’ money laundering risk
If you want to screen your clients for AML risk quickly and safely then try our new AML checker—it’s hosted on our website and it’s completely free to use. Or Request a Free Trial of Red Flag Alert today.
Check out our Q3 Intelligence Report to find out the issues that have affected the UK economy in 2022.