AML driven KYC and KYB
AML, KYC (Know Your Customer) and KYB (Know Your Business) refer to the obligation of regulated entities such as financial service providers, real estate brokers, cryptocurrency providers, accountants, and law firms, to identify their customers and assess their associated risks for money laundering on an ongoing basis. They must report to the authorities (FIUs) if they find suspicious activities. International Anti-money laundering (AML) regulations drive KYC and KYB checks. With the introduction of the 6th AML directive, the requirements are more detailed than before and better aligned across borders.
Still, many regulated entities struggle to comply with AML driven KYC and KYB practices. They already have a hard time handling anti-money laundering measures themselves, let alone automating related processes.
In this video series, Signicat's VP of Identity & Innovation John Erik Setsaas explains the core concepts of AML in plain terms.
A challenging task that never ends
According to a 2020 survey report from Deloitte, reliance on manual processes and poor quality/inadequate data were among the top challenges for banks when managing an AML compliance programme. Even 62% of the respondents indicated that insufficient/outdated technology to manage AML compliance obligations was the biggest AML compliance challenge they faced. This corresponds to what we see as major challenges in the market regarding AML driven KYC and KYB practices:
- How to handle the trade-off between compliance and conversion rates?
- How to create a trustworthy automated solution that limits the amount of manual work and reduces costs?
- How to create a compliant solution that adapts to the ever-evolving local best practices and international requirements of AML?
- How to manage multiple technology suppliers that deliver “a piece to the puzzle” of AML compliance and KYC/KYB activities?
What are typical KYC and KYB activities?
On a high level, KYC and KYB processes consist of 4 core activities:
Here, details that uniquely identify the customer (such as name and identification number) are retrieved from the customer and verified against reliable sources. In addition, the person “on the other side of the screen” is identified on remote - is the person really who the person claims to be? You validate that this is an existing person and you validate that the person is present.
During this step, extra customer information is retrieved from reliable sources which serve as input to the next step, the risk assessment.
- For KYC, examples of this step are verifying an address against a reliable source or screening the person for the politically exposed person (PEP) and sanction status.
- For KYB, an organisation’s ownership-, control structure and UBOs (ultimate beneficial owners) must be established and verified against reliable sources.
- For both KYC and KYB, the source of funds and wealth also need to be verified.
- For EDD, more in-depth information must be retrieved from a reliable source.
The previously collected information is reviewed, and the customer's risk profile is established. Risk can be influenced by many different parameters: customer entity type/structure, type of offered product, field of industry, country, PEP/sanction status, and transparency and reputation.
KYC and KYB are not one-time activities that only need to be performed during onboarding. Customer information and risk must be kept up to date on an ongoing basis, requiring changes in previously retrieved data to be monitored. In addition to the KYC and KYB data, financial transactions also need to be monitored and assessed on an ongoing basis.
That's a lot to cover... tap into the Signicat platform!
With our comprehensive platform, you can automate the KYC/KYB processes that cover core activities 1, 2, and 4. You get access to tons of digital identification methods and international identity data sources to comply with AML regulations. All the tools you need to build a solution that covers your business's local and international needs. Eliminate the burden of managing multiple vendors, reduce costs by minimising the amount of manual work, and start to maximise your conversion rates for onboarding new customers.
Signicat offers a comprehensive range of reliable identity data sources on our platform, ranging from electronic identities (eIDs), ID-document verification services (eIDV), and registry lookups. We can advise you on which sources to use based on your (1) risk-based approach, (2) applicable regulation(s), (3) desired end-user convenience and (4) costs.
Signicat offers different remote identification solutions. The most convenient one is without doubt an electronic identity or eID. Electronic IDs have been created by national governments and banks, providing verified identity data. Our platform offers integration to more than 30 eIDs covering most European countries. The end-user simply logs in using an app or mobile phone and can share their verified data with your company.
Alternatively, Signicat offers Electronic Identity Document verification services (eIDV). High-quality services to securely scan ID documents to obtain verified identity data, compare facial patterns between the picture in the ID and the document holder (holder verification), and do liveness checks to avoid identity fraud. Our platform gives you access to all leading eIDV techniques: image-based, video-based, NFC technology, and biometrics.
Each method has its own level of assurance. Signicat can help you evaluate and choose the right method for your business needs.
Signicat connects you to trusted third party registries, which you can use to:
- Verify identity information provided by the user
- Enrich user and organisation data
- Ensure AML/KYC compliance
On businesses, our API can provide the following types of information from local and international registries: search, basic information, roles, ownership structure, UBO, screening, authorisations, and financial information.
For consumers or business-related persons, our API provides the following types of information from local and international registries: address, basic information, financial information, address verification, and bank account holder checks.
Signicat offers convenient APIs to monitor changes in the data sources on our platform. You can configure what to monitor, how often, and from which source. The API will then only inform you in case changes occur.