Those who has been to a bank to open an account must have gone through a series of questions asking:
“Where is your resident address?”
“Why did you choose to open an account at Xinyi branch”
“You opened an account at XXXX branch 3 months ago, why do you need to open another account now?”
Wait a second, before you get annoyed by all those questions, why don’t you ask yourself the reasons these questions are necessary since the bank clerk has nothing to do with you.
KYC is the abbreviation of “Know Your Customer.” We can dully understand the purpose of KYC’s implementation in the literal meaning: confirm the identity of customers through a series of processes and understand the risks that will be brought by providing services, so as to ensure that he will not affect the business and social stability of financial institutions for money laundering, raising funds for terrorists, drug lords and other criminals.
The current KYC scheme all over the world comes from the “40 Recommendations for Combating Money Laundering and Terrorist Financing” formulated by the United Nations Financial Action Task Force on Money Laundering (hereinafter referred to as FATF). Since the 911 incident in the United States, FATF has revised the original KYC framework to include the policy of combating terrorist financing, and requires member states to keep the system consistent with the 40 core recommendations.
Although Taiwan is not a member of FATF, we still follow the 40 recommendations on anti-money laundering. Therefore, it is meaningful for people living in Taiwan to understand KYC under FATF.
The KYC process can be roughly divided into five steps: collecting customer documents, checking sanctions lists, checking high-risk backgrounds, due diligence, and risk assessment. In short, it is a knockout game with five levels to help banks understand customers and the sources of funds.
1. Collecting customer documents
Collecting customer documents is the most familiar segment for ordinary people: when you go to the bank to open an account, you must prepare double documents (an ID card and a NHI card) and a personal seal. As soon as you sit down in front of the counter, the bank clerk will bring out all kinds of dense documents for you to sign. When you are trying to understand what the documents are for, the bank clerk will take copies of your documents and file them, and cross examine all kinds of questions to confirm that you are indeed the person on your ID card, Make sure you are the only one among the 32000 "John".
2. Sanctions list (blacklist) check
When the financial institution confirms that it has collected all the necessary documents, it will enter the step of checking sanctions list. FATF will produce a global sanctions list, and the names appearing on this sanctions list will definitely be rejected by financial institutions. People whose name will appear on this list include: important figures in terrorist organizations, drug lords, financial money laundering criminals. In addition, each country will also have a list of sanctions that adapt to local conditions and laws of each country. For example, the Hong Kong National Security Law of imposing sanctions on those who "attempt to split the country" and prohibiting financial institutions from serving them just passed in the middle of this year.
3. High-risk background check
After removing those on the blacklist, the financial institution will then decide whether to conduct enhanced due diligence on the customer. Generally speaking, the following situations will be used to determine whether the customer is a high-risk customer influential.
Influential politicians and their relatives
Banking, accountants, real estate brokers, trusts, securities, gem jewelers, silverware shop, etc.
Those from countries/regions that have not implemented FATF guidelines
Most of the countries are with serious civil wars like Africa, North Korea, Albania and so on.
Retrieve the relevant news of the customer based on search databases (such as Google, Baidu, etc.) and observe whether there is any negative news such as crimes.
4. Due diligence
After confirming who belongs to a high-risk group, it is extremely essential to take necessary measures to start a business relationship. Therefore, financial institutions should have a better understanding of the customer's transaction purpose and the relevant beneficiaries of the transaction, and require the customer to fill out the “enhanced due diligence questionnaire.”
5. Issue a risk assessment report for high-risk groups and file all relevant documents together.
When do we need to do KYC?
When starting a business relationship with a customer
Just like when we first meet someone, we are always curious about the person’s background. When financial institutions are about to start a business with customers, they also want to know the background of this person clearly. Therefore, KYC is required for account opening, fund subscription and trust handling.
Regular review in accordance with regulations
We must keep in touch with a person at all times and understand his recent changes, just like updating messages with friends regularly. According to the guidelines on Combating Money Laundering and Terrorist Financing, financial institutions must recheck high-risk customers every three years, while low-risk customers have to do it at least once every five years.
What are the important elements needed to implement KYC?
Manpower or tools responsible for paper collection and risk assessment
Currently, the overall KYC work is a well-known labor-intensive industry within financial institutions which relies on a large number of legal compliance personnel and the work of paper collection, archiving and implementation of risk assessment. According to Thomson Reuters, in-depth investigation of a customer takes at least 24 hours, at most a week. Moreover, they need to not only establish business relations, but also do regular investigations and even doing it while having drastic changes in risk. Therefore, KYC has always been a headache matter for the first-line personnel of financial institutions.
With the innovation of money laundering methods in recent years, the strict compliance standards have made financial institutions invest more in labor costs, making technology sourcing in KYC process a trend. In the field of RegTech, many companies are committed to providing digital KYC services, hoping to improve the efficiency of financial institutions on the premise of compliance, ending the previous situation of consuming a large number of paper and manpower, and struggling under compliance standards.
KYC relies on large databases to provide lists with less noise figure, so that legal compliance personnel can take the first step to filter information in the era of information explosion. The world's famous databases include Dow Jones (which is also the system in Taiwan at present) and World Check of Refinitiv.
KYC, which is rooted in FATF law, is a set of methods to know customers in order to reduce the risk of financial institutions assisting in money laundering and terrorist fund-raising. If financial institutions do not conduct KYC appropriately, they should not be providing services to customers. Now KYC relies more on manpower and paper. On the one hand, the procedures are more complex so it can be well-integrated. On the other hand, the fault-tolerant rate of manpower review is high, leaving financial institutions the opportunity to "turn a blind eye." For example, in the 2012 HSBC scandal, HSBC created the illusion of due diligence with a large number of manpower. In fact, they selectively ignored the information found in the database and secretly helped high-risk individuals to conduct money transactions.