KYC is a mandatory process, not just a single check, used by businesses (primarily in the financial sector) to verify the identity of their clients, assess their risk profile, and understand the nature of their financial activities.
Think of it as a “background check” for a business relationship. Its primary goals are:
- To Prevent Identity Theft: Ensuring a customer is who they claim to be.
- To Combat Financial Crime: Preventing money laundering, terrorist financing, and fraud.
- To Manage Risk: Identifying customers who might be high-risk (e.g., Politically Exposed Persons, customers from high-risk countries) and monitoring their transactions accordingly.
- To Ensure Regulatory Compliance: Banks and other institutions are legally required to perform KYC by governments and financial authorities. Failure to do so can result in massive fines.
What Data is Used in a KYC Process?
The data collected for KYC can be broken down into stages, following the standard KYC workflow.
Stage 1: Customer Identification Program (CIP) – “Who are you?”
This is the foundational stage where basic identity information is collected and verified. The data used here is typically from official, government-issued documents.
- Full Legal Name
- Date of Birth
- Residential Address
- Documents used: Utility bill (electricity, water, gas), bank statement, rental agreement, or any official government correspondence from the last 3-6 months.
- Official Identification Number
- Documents used:
- Passport
- National Identity Card
- Driver’s License
- Social Security Number (SSN) or equivalent (e.g., Aadhaar in India, SIN in Canada)
- Documents used:
In modern digital KYC, this stage often involves:
- Submitting photos of the ID document.
- Taking a live selfie or video for face recognition to match the person to the ID photo.
- Liveness detection to ensure the person is physically present and not using a photo or video replay.
Stage 2: Customer Due Diligence (CDD) – “What do you do?”
Once identity is confirmed, the institution needs to understand the customer’s profile and the expected nature of their financial activities. This helps establish a “normal” baseline for their transactions.
- Occupation and Employment Details:
- Employer’s name and address.
- Job title and nature of business.
- Source of Funds (SOF): Where does the customer’s money come from?
- Examples: Salary, business income, investments, inheritance, sale of property.
- Source of Wealth (SOW): How did the customer accumulate their overall net worth?
- Examples: Lifetime business earnings, family wealth, successful investments.
- Nature and Purpose of the Business Relationship:
- Why are you opening this account? (e.g., salary credit, personal savings, international trade, investment).
- Expected transaction volume and value.
Stage 3: Enhanced Due Diligence (EDD) – “Are you a high-risk customer?”
For customers identified as higher risk, a deeper, more intensive level of investigation is required. The data collected here is more detailed.
- Politically Exposed Person (PEP) Status: Is the customer (or their close family/associates) a prominent public figure? (e.g., head of state, minister, senior judge, military leader). PEPs are higher risk due to potential bribery and corruption.
- Adverse Media Checks: Searching for negative news about the customer related to financial crime, fraud, or other serious offenses.
- Sanctions and Watchlists Checks: Screening the customer’s name against official lists of individuals/entities involved in terrorism or crime (e.g., OFAC list in the US, UN sanctions lists).
- Detailed Source of Funds & Wealth: Requiring more concrete evidence, such as bank statements, property deeds, or business contracts to verify the stated sources.
- Business Ownership Structure: If the customer is a company, identifying the Ultimate Beneficial Owners (UBOs)—the real people who own or control the company (typically those with >25% ownership).
Stage 4: Ongoing Monitoring – “Has anything changed?”
KYC is not a one-time event. Institutions must continuously monitor the customer’s account and activities.
- Transaction Monitoring: Tracking transactions for suspicious patterns that don’t align with the customer’s profile (e.g., sudden large cash deposits, rapid movement of funds to high-risk jurisdictions).
- Periodic KYC Reviews: Re-verifying customer data every 1, 2, or 5 years (depending on the risk level).
- Trigger Events: Updating KYC information if a “trigger event” occurs, such as a change of address, a significant change in transaction behavior, or a change in job status.
Summary of KYC Data in a Table
| KYC Stage | Purpose | Key Data & Documents Used |
|---|---|---|
| 1. Identification (CIP) | Verify Identity | Name, DOB, Address, ID Number. Documents: Passport, Driver’s License, Utility Bill, Live Selfie. |
| 2. Profiling (CDD) | Understand the Customer | Occupation, Source of Funds, Expected Account Activity. |
| 3. Deep Dive (EDD) | Assess High-Risk Customers | PEP Status, Adverse Media, Sanctions Lists, Detailed Proof of Funds, UBO Information. |
| 4. Continuous | Monitor for Changes | Transaction History, Periodic Re-submission of Documents, Trigger Event Updates. |
In essence, KYC uses a combination of core identity data, biographical information, and real-time financial activity to build a complete, verified, and risk-assessed profile of a customer.