If your business works in a regulated industry, or if you deal with high-value transactions, then you need to conduct know your customer (KYC) checks on clients.
How To Protect Your Business From Economic Crime
Know your customer checks are an important part of your anti-money laundering (AML) regime and should be taken seriously.
Depending on what sector you work in, failing to conduct adequate know your customer checks either leaves your business exposed to economic crimes, like fraud, or at risk of a fine from industry regulators.
In this article, we explain everything about know your customer checks, including what they are, who needs to do them and how you conduct them.
What is a KYC Check?
A know your customer check is when you collect information on customers and verify their identities.
This protects you from working with customers who may be involved in economic crimes like money laundering. It also helps your own business avoid being the victim of fraud.
What’s the difference between KYC, AML and CDD?
A company’s anti-money laundering (AML) regime is the framework of systems and processes that companies need to have in place to comply with economic crime legislation. When conducting an AML check, you might be running checks against several activities.
The know your customer (KYC) process is one of these systems. If you don’t do adequate know your customer checks, then you won’t have adequate AML systems.
Know your customer is a general term that can refer to various types of checks that companies carry out on their customers.
Customer Due Dilligence(CDD), on the other hand, is a specific term for a set of procedures that must be followed by law. A customer due diligence program usually comes under the umbrella of KYC processes.
Why Are KYC Checks Important?
KYC processes are important for many reasons. These include:
They help fight economic crime.
That’s according to the United Nations Office of Drugs and Crime between 2% and 5% of global GDP is laundered around the world each year. That’s between $800 billion and $2 trillion.
This staggering figure shows that money laundering and other financial crimes are still prevalent around the world.
The UK is no exception. According to the National Crime Agency (NCA), organised crime costs the country’s economy at least £37 billion per year.
However this might be a conservative figure as Transparency International puts it many times higher at £325 billion.
They combat terrorist financing and corrupt regimes.
Terrorists and corrupt governments around the world use money laundering to finance their operations.
By meeting your KYC obligations, you help to stop terrorist financing and reduce the power of corrupt governments.
It’s a requirement under money laundering laws.
The UK government has implemented strict anti-money laundering legislation to crack down on economic crime.
Companies working in regulated sectors like finance, property or legal, must have comprehensive AML systems and processes.
Failing to do this could lead to companies receiving a fine. This can be up to €5m, or 10% of your company’s annual turnover—whichever is higher.
There have been several high profile cases of large financial institutions being fined for breaching AML legislation. Some recent examples are:
In 2021, NatWest was fined £265 million for failing to prevent £400 million being laundered by one of its clients.
The client, Fowler Oldfield, was a gold-trading business with an annual turnover of £15 million. However, the company deposited £365 million over five years. In one incident, £700,000 was deposited at a branch in black bin liners.
According to a BBC report, NatWest’s AML systems generated warnings but its staff decided to ignore them and even disabled one warning.
This is the biggest fine given to any of the UK’s financial institutions.
Also in 2021, the Financial Conduct Authority (FCA) fined HSBC Bank Plc £63,946,800 for weaknesses in the bank’s automated transaction monitoring system.
This meant that it missed many instances of suspicious activity. As a result, it inadvertently facilitated financial crime worth millions of pounds.
Both HSBC and NatWest would have been fined a lot more. However, their fine was reduced by 30% because they didn’t contend the accusations. HSBC is one of several UK financial institutions that has been fined several times for inadequate KYC compliance.
The Glasgow Trio
This event shows how money laundering can involve smaller businesses. Three men in Glasgow were accused of laundering £1.5 million.
Prosecutors have accused the trio of:
- Arranging a £1.48 million deposit into a “client account” at a law firm.
- A fraudulent sale of a £240,000 property.
- Moving £985,025 of illegal cash.
Three other individuals connected to the case face separate charges under the Proceeds of Crime Act.
This case clearly shows how legal firms, estate agents, financial institutions and companies in other regulated industries can easily get involved in channeling illegal funds—whether knowingly or unknowingly.
KYC procedures protect your reputation.
If your company is prosecuted for enabling economic crime, then people are less likely to want to work with you. There are two main reasons for this.
The first, is they want to avoid supporting criminal activity themselves. Secondly, corrupt practices or an inability to meet regulations show that a company is poorly managed.
If you want to be respected in your industry then you need to meet the highest regulatory standards.
Who Needs to Have KYC Processes?
If you work in a sector that is subject to AML regulations, then you need to have KYC procedures.
Even if you aren’t subject to AML regulations it might be worth conducting checks to protect your business from fraud risk, clients who can’t pay, or getting involved in financial crime.
Examples of regulated sectors are:
- Money service businesses.
- Financial institutions.
- Tax specialists.
- Estate agents.
- Art dealers.
- Lettings agents.
What if you don’t work in a regulated sector?
Even if you don’t work in a regulated sector, it’s worth knowing that your customers are who they say they are. This protects your business from:
- Reputational damage from being caught up in economic crime.
Some companies may have to conduct AML checks even if their business isn’t regulated. If your company deals in high-value goods with individual transactions worth £15,000 or more, then you need to have AML processes in place.
When Should You Conduct a KYC Check?
A KYC check is conducted during the customer onboarding process. They only apply if you expect them to be an ongoing customer.
Other situations where you should conduct a KYC check include:
- If you suspect criminal activity.
- If you suspect your customer information may be incorrect.
- Changes in the customer’s circumstances.
- If the customer has made an unusually large transaction.
- If the customer has made an unusually large number of smaller transactions.
KYC requirements for occasional transactions
There are some situations where you don’t expect there to be an ongoing customer relationship but may still have to conduct a KYC check. There are two main situations when this would happen:
KYC requirements for transactions over £15,000
Any transaction over £15,000 is subject to an AML check and therefore, a KYC check. A good example of this might be a used car dealership. Most of the vehicles would sell for under £15,000, but they would occasionally get a newer car worth more than this. They would need to conduct a KYC for these more expensive vehicles.
High-value dealer transactions over £10,000
Some companies trade luxury goods that may be targeted by criminals. These could include jewelers, art dealers or boat sellers.
For these companies, the transaction threshold is lower. Any deal over £10,000 is subject to a KYC check.
How to Conduct a KYC Check
There are three main stages to KYC:
Customer due diligence
This is where you gather information to identify the client and then verify the information you’ve been given.
There are two stages to CDD:
Customer identification program
KYC verification is usually done by asking customers for a government-approved document like a passport.
Other suitable documents include:
- Driving license.
- Identity card.
- Utility bill.
- Bank statements.
- Electoral register.
- Credit referencing report.
You then check the documents against the relevant government databases.
Our own KYC service allows your customers to do their own self-service identity verification. This is done using the camera on their mobile device which scans their photo ID and then matches it to their own facial features.
This makes the whole KYC process faster and easier for both you and your customers.
2. Enhanced due diligence(EDD)
Certain types of people are considered to present a higher risk of being involved in financial crime. For these clients you need to conduct EDD. It involves investigating the individual more thoroughly and taking a risk-based approach when making a decision.
For example, you would check sanctions lists and research any adverse media mentions on the business or individual.
Read our article for more information on what is EDD, including a full list of people who warrant these checks.
3. Understand the purpose of the business relationship
Here you’ll gather critical information that will help you spot suspicious behaviour later. Before you enter into a business relationship, ask the customer to tell you:
- What their business does and what their role is?
- Where the funds they pay you with will come from?
- What type and how much business activity will take place?
- What the purpose of your financial transactions will be?
- Who has significant control over the company?
- Who are the ultimate beneficial owners?
Also, ask for recent financial statements.
This information is important because it sets a baseline. For example, imagine during customer onboarding the client says their company has a turnover of £100,000 per year. Then, six months later the company suddenly starts spending millions of pounds with you.
This is suspicious and would warrant further checks. Where did the company get all this extra cash from?
4. Give them a customer risk score
The customer’s risk score weighs how likely it is that they are involved in financial crime based on the information they have given you and what you have been able to verify.
Your business will have a level of risk that it considers acceptable, and if the customer’s risk score is lower than this, then they pass the KYC check.
If the customer’s risk score is high, you may opt to reject them or to conduct further checks.
5. Ongoing monitoring
KYC is an ongoing process. You should also regularly monitor your existing customers for any changes in their risk profile or suspicious activity.
You could do this manually by setting yourself calendar reminders to conduct a new KYC check on a client once per year.
Or you can use a system like Red Flag Alert to monitor your clients in real time.
We have detailed financial data on every UK company. By setting up monitoring alerts on all of your customers, we’ll tell you as soon as their risk profile changes.
For example, if the ultimate beneficial owner of a client company changes, then you’ll immediately know. You can then run a KYC check to ensure that this person’s interest in the company is legitimate.
Boost Your KYC Processes with Red Flag Alert
Your business needs robust AML policies and procedures to assess money laundering risks, protect it from financial crime and to remain compliant with regulations. Meeting KYC regulations is a vital element of these procedures.
Red Flag Alert’s database holds detailed financial information on every UK company. We provide a comprehensive AML service that enables you to conduct fast, accurate KYC processes.
- Conducting accurate digital customer identity verification checks on customers in minutes using biometric facial recognition.
- Checking and monitoring clients against international blacklists for sanctions, politically exposed persons (PEPs) and more.
- Ontaining information on company directors, including their other business interests.
- Obtaining company data, including ultimate beneficial owners and what other businesses it is connected to.
- Generating customer due diligence reports so that you have a verifiable audit trail that meets regulatory requirements.
- Setting up monitoring alerts so you know as soon as your client’s risk profile changes.