Know your customer (KYC) requirements are an integral part of any MSB compliance program. KYC is the business process of identifying and verifying the identity of customers. Every transaction must be thoroughly vetted, recorded, and reported (if necessary), but new customers present the greatest risk for fraudulent activity. Adhering to the KYC requirements outlined by FinCEN helps MSBs identify risky customers and prevent fraudulent transactions before they start.
The Birth of KYC
In 2001, President George W. Bush signed an Act of Congress into law. The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 is referred to by its acronym, the USA PATRIOT Act. Title III of the PATRIOT Act amends the Money Laundering Control Act of 1986 (MLCA) and the Bank Secrecy Act of 1970 (BSA) to encourage further cooperation between agencies to detect, investigate, and prosecute financial criminals.
Title III also made FinCEN a bureau of the United States Department of the Treasury, giving it the authority to guide regulatory requirements. FinCEN outlines regulations and issues rulings on Customer Due Diligence (CDD) requirements for financial institutions. These rulings provide supplementary information for financial institutions so that they can effectively translate regulations into practices. FinCEN’s rulings on CDD elaborate on BSA requirements, and KYC practices, for financial institutions.
KYC requirements deal specifically with the collection and interpretation of customer data and are designed as a part of a broader CDD program. Together, these efforts help financial institutions and MSBs correctly identify customers and their business associates to avoid illegal transactions. At their heart, KYC practices seek to identify and verify the identity of the customers of financial institutions, including money service businesses.
For financial institutions and MSBs, a customer is defined as:
- A person or entity that maintains an account and/or has a business relationship with a financial institution
- A person on whose behalf the account is maintained
- Beneficiaries of transactions conducted by professional intermediaries
- Any person or entity connected with a financial transaction which can pose significant risk to the bank
KYC practices include:
- The collection and analysis of basic identity information
- Name matching against relevant databases
- The determination of a customer’s risk in terms of their propensity to commit a financial crime, including money laundering, terrorist financing, or identity theft
- The creation of an expectation of a customer’s transactional behavior
- The monitoring of a customer’s transactions against behavioral expectations
Beyond KYC, larger customers and transactions require enhanced due diligence (EDD), a more detailed standard of KYC procedures. EDD analysts rely on detailed and integral data to identify patterns and predict behavior. For the large part, how KYC and EDD are implemented and what additional measures are taken is at the discretion of the money service business. MSBs adhering to KYC and other regulatory requirements are more desirable customers for MSB banks. These MSB friendly banks are also following federal regulation to stay compliant.
KYC Practices for MSBs
Why is it important for MSBs to know their customers? Customer due diligence processes help MSBs assess risk on the front end, record pertinent information about an individual, and report this information when necessary. KYC helps MSB employees spot red flags and aids in the investigation and prosecution of financial crimes if they do occur.
Customer Due Diligence (CDD) is required for all transactions, no matter the size. KYC and CDD play an integral role in the detection and prevention of money laundering and other financial crimes. Collecting and verifying the appropriate customer data aids in the detection of red flags, patterns, and suspicious activity in general. If illicit activity makes it through your doors, this same data will help law enforcement track down and prosecute the criminals responsible.
MSBs typically collect the following information for individuals: name, date of birth, residential or business address, and identification number. For non-individual entities, MSBs will collect: name, principal place of business, office location, or physical location, and an identification number. To verify the information provided by individuals, MSB can require an unexpired government-issued identification card with a photograph like a driver’s license or passport. For non-individual entities, MSBs can require documents establishing the existence of the entity like articles of incorporation, a partnership agreement, or government-issued business license.
Pymnts reports that SWIFT is making its KYC database available to banks around the world. By opening up this information, SWIFT is aiding the coordination of AML efforts across the globe. This will encourage cooperation across borders to encourage correspondent banking relationships and international transactions. The Office of the Comptroller of the Currency recently issued a clarification on KYC requirements designed to encourage US banks to work with foreign banks.
MSB Risk Management
There is no substitute for understanding your unique risk and assessing your customers beyond KYC requirements. Compliant MSBs take care to build robust business processes that arm their employees with the knowledge and tools they need to detect red flags. Understanding the inherent risk for your location, local and regional trends, and the historical behavior of your customers can help you keep your handle on financial fraud. Is there a rash of identity theft in your city? Seeing reports of tax fraud in your region? Stay on top of these trends so that you don’t fall prey to the same criminal activity.
How can processes help? Detailed MSB processes help employees when they are “in the moment.” When faced with an overwhelming amount of new data, a process keeps your employees focused so that they can do a thorough job of vetting new and existing customers. Supplementing federally mandated requirements with your own internal processes helps you minimize your risk for financial fraud. Going beyond the minimal requirements is always best practice for MSB compliance and risk management.
Advanced POS technology can help your MSB gather customer data and check this data against your databases. When technology can supplement the process, you are freeing up your employee to analyze the customer and the transaction in front of them from additional angles. As criminals advance their techniques, the MSB industry must advance their financial crime detection and prevention techniques.
Ready to understand and lower your risk with comprehensive MSB processes and technology solutions? Learn more about NCC’s integrative MSB financial services, including reliable money service business banking.