March 4, 2024
5 min read

When is KYC required?

Understanding KYC (Know Your Customer) and Its Importance in Preventing Financial Crimes

KYC (Know Your Customer) is the process by which businesses and organizations in regulated industries verify the identity of their customers or clients. KYC aids in the prevention of financial crimes such as money laundering and terrorist financing by ensuring that businesses know who they are dealing with and are able to detect suspicious activity.

In this blog post, we will look in depth at the instances where KYC is required under applicable law in both the European Union (EU) and the United States (US).

KYC Compliance in the European Union

KYC compliance is required in the European Union (EU) by the Fourth EU Anti-Money Laundering Directive (4AMLD) and the Fifth EU Anti-Money Laundering Directive (5AMLD) (5AMLD). These EU directives establish KYC requirements for a variety of organizations and industries, including financial institutions, casinos, and virtual currency exchanges.

In the following situations, businesses and organizations must conduct KYC checks on their customers or clients:

  1. Establishing a business relationship: KYC is required when opening a new account or signing a contract.
  2. Occasional transactions: KYC is also required for occasional transactions that exceed a certain threshold, which varies by industry and member state.
  3. Suspicious transactions: If there is any suspicion of money laundering or terrorist financing, as defined by internal monitoring or reporting, KYC is required.
  4. Changes in customer information: When a customer's information changes, like their address or contact information, KYC checks should be updated and performed.

Situations Requiring KYC Checks

KYC checks include performing a scan of the customer's document and using facial recognition technologies to verify the customer's identity. Furthermore, businesses and organizations that deal with specific types of customers, such as politically exposed individuals, are required to conduct additional checks.

The 5AMLD also requires businesses and organizations to conduct ongoing customer monitoring and update customer information on a regular basis. Organizations must review and update their customer due diligence records at least once every three years, or more frequently if the risk assessment deems it necessary.

In the United States, the Bank Secrecy Act (BSA) and its implementing regulations, which are enforced by the Financial Crimes Enforcement Network, require financial institutions in the United States to comply with KYC requirements (FinCEN).

The BSA mandates that financial institutions implement a risk-based approach to customer due diligence (CDD) and KYC based on the following criteria:

  1. Financial institutions must implement a Customer Identification Program (CIP) to verify customers' identities through reliable documentation and collect their name, date of birth, address, and identification number.
  2. Financial institutions must monitor their customers' accounts on an ongoing basis to detect suspicious activity. To do so, they must implement a risk-based model to assess the frequency of updates to customers' KYC information.
  3. Financial institutions must report suspicious activity via a report (SAR) if they suspect a transaction involves money laundering or terrorism financing.
  4. Beneficial ownership: Under the Corporate Transparency Act (CTA) of 2020, which amends the BSA, certain businesses must also disclose their beneficial owners to FinCEN. This requirement applies to certain entities, including corporations and limited liability companies.

KYC Checks and Additional Requirements

Additionally, the BSA requires financial institutions to maintain records of customer information, such as account opening documents, transaction records, and SARs. These records must be kept for a minimum of five years after the account is closed.

To comply with KYC regulations in the European Union (EU) and the United States (US), businesses and financial institutions must implement adequate procedures based on a risk-based approach, allowing businesses to allocate resources effectively to areas of greatest risk.

Implementing Adequate Procedures and Employee Training

The establishment of internal KYC policies and procedures is a critical component of KYC compliance. This includes developing written policies and procedures that describe the specific KYC requirements for the business or institution, including customer identification, verification, and monitoring procedures. It also involves specifying the roles and responsibilities of the employees in charge of carrying out these procedures.

Another critical component of KYC compliance is employee training on KYC procedures. This ensures that employees understand the policies and procedures along with the knowledge and skills to carry out their responsibilities effectively. Training should be tailored to the specific needs of the business or institution and should be updated on a regular basis to reflect changes in regulations or the risk landscape.

Risk Evaluations and Assessments

Risk evaluations are a crucial part of KYC compliance. This includes identifying and assessing the risk of money laundering and terrorist financing associated with the company's or institution's customers, products, services, and geographic locations. Risk assessments should be performed on a regular basis to inform the development and implementation of KYC policies and procedures.

For instance, a financial institution may conduct a risk assessment to identify the risk of money laundering associated with its customers in high-risk geographic locations, such as countries with weak anti-money laundering regulations. Based on the results of the risk assessment, the institution may implement additional KYC measures, such as enhanced due diligence procedures, to reduce the risk of money laundering.

Similarly, a company may carry out a risk assessment to identify the risk of money laundering associated with its customers in high-risk industries such as virtual currency exchanges.

Consequences of Non-Compliance

Failure to comply with KYC requirements can result in severe legal and reputational consequences in both the EU and the US, including fines, sanctions, reputational damage, and even criminal prosecution. Implementing adequate KYC procedures can assist businesses and financial institutions in mitigating these risks and protecting themselves from legal and reputational harm.

Share this post
Book a Demo

Contact us now to schedule a personalized demo and see how Togggle AML's platform can help your institution stay compliant, efficient, and secure.

Get Started Today!

Start securely onboarding new clients with our automated KYC verification. Get in touch with us today for a free demo.

Book a Demo