The recent aftermath of the global financial crisis, and the more than several recent cases of fraud that rocked banks, have called for action. One of these actions is to know your customer better. This may be accomplished by conducting background checks using background check companies to verify facts such as: education and license verifications, checking the sex offender registry, as well as checking for any criminal records. Such background checking is not limited to the above measures.
What is KYC in a Nutshell?
Simply put, KYC or know your customer, covers steps that are taken by a business or a financial institution- such as a bank- to confirm the identity of the customer, to grasp the source of the client’s money, and to determine the risk involved in adding this client to their client list, in terms of fears such as of money laundering.
However, to set up and manage an effective KYC program, three elements must be adhered to. The three elements are: a customer identification program, customer due diligence, and ongoing monitoring.
Customer Identification Program
Identity fraud is costing the US over $16 billion a year, with fraud occurring in three main areas. These areas include tax ID fraud, in which a person will use someone else’s social security number to file an incorrect tax return; medical ID fraud, in which medical services are obtained using someone else’s health insurance member number, or even submitting fake bills to the health insurer; and social ID fraud, in which someone pretends to be someone else, citing a fraudulent ID.
In the US, for example, the Customer Identification Program came about as a result of the Patriot Act. The CIP is used to verify clients. There is, however, growing support for KYC, not only for credit and insurance companies, but also for banking institutions. Banks need to prevent themselves from offering services to people involved with bribery, corruption, and possibly even money laundering.
This process is, in fact, a risk assessment on behalf of the institution or company. Using predetermined means, banks and other institutions can determine the risk of leaning towards the applicant, based on these calculations.
The outcome of the results must be compared with the applicant’s peers, based on similar careers, and backgrounds, and not just at one moment. Such an outlook must also offer a projected outcome for the near future.
As mentioned, these reports could also raise a red flag, which would impact the health of the company in terms of its own financial well-being. It could also impact on their reputational standing, having a knock-on effect for future interest from future applications for loans, or for those wishing to obtain insurance cover.
The minimum information required by the Customer Identification Program is the name, date of birth, address, and identification number of the applicant. However, many online background check services are not compliant with the Fair Credit Reporting Act (FCRA).
Therefore, this act also offers limits to those who are allowed to view the data. For instance, lenders are permitted to ask for a credit report if a client applies for a personal loan, a home loan, or for any other form of credit. Insurance companies can view a client’s credit report if the client applies for an insurance policy with them. Then again, employers could ask for an employee’s credit report as part of a job application. However, the prospective employee will need to consent before the employer can view these reports.
A key factor a company needs to determine is whether the customer is trustworthy. This is also for companies and banks to protect themselves against terrorists and other criminals. As such, added information beyond what is required for the customer identification program may be asked, for instance, the occupation of the applicant, the transaction type they are conducting, the frequency of such, as well as the payment methods they will be using.
Conducting a once-off check is not enough. Instead, ongoing checks will need to be conducted to prevent criminals from trying to cheat the system. Thus, companies should check whether customers have been placed on sanction lists since being approved, or whether there are any strange spikes of activities taking place.
The extent of the background checking an institution or company will need to conduct on a customer will be guided by the nature of the risk the institution might incur. Either way, it is vital that these companies are aware of who they are doing business with, not only to prevent reputational damage, but also to be compliant with various legal acts that are applicable within different countries.
However, these actions taken by companies and/or financial instructions must not impede the rights of the consumer, in that information gathered must only be shared with those who will have the right to view it. Personal information must not be made public, affecting the privacy of the consumer. Finally, even though the process of gathering information is important, in ensuring that the data is kept private, companies also need to see to it that the information is kept current, by updating the data regularly.