Understanding KYC
What is KYC?
KYC?is the acronym for Know Your Customer and refers to the set of processes that both financial institutions and companies, subject to regulation, must carry out to verify the identity of their customers and know the nature of their activities, as well as determine the degree of risk that this client would be able to carry out illicit activities such as money laundering or the financing of terrorism.
KYC was born as a result of the need to verify that the clients of the entities of certain sectors are who they say they are, and that they are not enacting fraud or identity theft.
Complying with KYC procedures and regulations is mandatory for certain sectors, such as finance. However, the strong acceleration of digital transformation has led other industries to rely on these processes to improve the security and usability of their own processes, protect the integrity of their customers and the transactions carried out.?
According to Finanso.se, 56% of Europeans have experienced at least one type of fraud in the last two years, with a third of these frauds being identity theft (the second most widespread type of fraud in Europe).
Although in recent years there has been an exponential leap in adopting technologies and solutions against identity theft, it is still a global problem that has been aggravated after the strong digitalization suffered as a result of Covid-19.
The?main objective?behind identity theft by?cyber criminals?is to access services or purchase products through digital platforms pretending to be someone else. That is why companies that check identities play a key role in fighting this crime, by providing the main defensive shield against these attacks.
Although initially it may be thought that the main victims of this type of crime are the people whose identity has been stolen to use it for malicious purposes, those who really suffer a severe blow to their financial health are the companies that offer services in digital environments. , being helpless when it comes to being able to demand responsibility.
A deeper knowledge of the techniques used by identity theft networks, as well as growing concern on the part of society, have motivated a series of changes in international protocols and legislation in recent years.
Complying with KYC measures
The process of?Know Your Customer?begins at the moment that a person or entity contracts a product or begins a business relationship with a regulated entity. From that moment there are several important steps that must be carried out to achieve compliance with the KYC requirements.
One of the first steps is to verify that a client can really be trusted.?CDD (Customer Due Diligence)?is a set of steps that allow optimal management of the degree of risk that a transaction has by identifying the client that carries it out. This is an extra layer of security to avoid business relationships with criminals, terrorists and politically exposed persons, who may represent a risk.
The steps to follow to comply with due diligence programs, are determined by the degree of risk that each operation has, as well as the main business on which the company is based. Depending on the country and the sector, there are different levels with different requirements.
In some sectors, such as?Gambling and Online Betting in Spain, the obligation to carry out an identity verification by the gaming operators used to be done at a later stage when the player wanted to withdraw their prizes.However,?since March 2019, the regulations have become more restrictive, forcing new players to verify their identity during the onboarding process.in the early stages.
Therefore, depending on the sector and the regulations that are applied, one different requirements are demanded during the registration process. Nevertheless?KYC checks usually include the following points::
Types of KYC according to the risk of the transaction
The?“Know Your Customer”?procedures are inherent in regulations such as the?Anti Money Laundering?legislation, which has been established at a European level. One of its pillars is to leave anonymity behind in order to ascertain the identity of the clients and users known as reporting entities, in order to establish secure business relationships, as well as mitigate the impact of money laundering and the financing of terrorism. In this way, greater transparency and security are achieved.
The law on the prevention of money laundering and financing of terrorism in Spain establishes different categories for specific entities and individuals that have the status of regulated entities due to their work activity. Due to this, they will have to implement different protocols for prevention, detection and communication of suspicious activities.
The obligations in terms of identification of the different players that interact with these obligated subjects are called?due diligence measures, and have as their object the?Identification and knowledge of those natural or legal persons who intend to establish business relationships with these subjects.
The main due diligence measures required to be carried out by these reporting entities are:
Depending on the level of risk that a client may present to an entity, different measures are enacted in order to guarantee security in critical transactions
In Spain, according to?Law 10/2010, of April 28, on the prevention of money laundering and the financing of terrorism?classification is for two perfectly differentiated groups:
Although most regions of the world that have due diligence measures tend to make the same distinction between these two groups, in this section we are going to focus on Spanish regulations:
Simplified due diligence measures
These are the measures that can be carried out when the level of risk is low or medium. For this reason, the use of these measures will never be implemented when there are indications or certainty of money laundering and they must be consistent with the risk that there are suspicious activities of money laundering or financing of terrorism. The possible measures to be adopted by the regulated entity, in substitution of the normal due diligence measures, could be:
These measures will be carried out by the regulated entities with respect to the following products or operations:
Enhanced Due Diligence Measures
Characteristics of the operation, business relationship or distribution channelIn cases of higher risk or that have been determined by the regulated entity according to its risk analysis, the regulated entities will have to verify in any case the activities declared by their clients and the identity of the beneficial owner,?in addition to a series of risk-based measures::
These measures will be carried out by the regulated entities with respect to the following?products or operations:
In addition, the regulated entities may determine in the internal control procedures other situations that, according to their risk analysis, require the application of enhanced due diligence measures.
To determine these higher risk assumptions, companies will take into consideration, among others, the following factors:
a) Customer characteristics:?
b) Characteristics of the operation, business relationship or distribution channel:?
KYC in the world
Just as we are enjoying unprecedented levels of digitization today, KYC has also become more relevant globally.
In that sense,?the EU has been a pioneer in legislative matters, marking the standards that have been replicated in the regulations of other regions of the planet.
However, despite the existence of a common base, the international regulations of Know Your Customer can differ a lot from one country to another.
In Spain we have Law 10/2010, of April 28, on the prevention of money laundering and the financing of terrorism. Furthermore, within the financial environment, the?Sepblac?is the supervisory authority in matters of prevention of money laundering and prevention of terrorism, while in the online gaming and betting sector it would be the?DGOJ (Directorate General for the Regulation of Gambling), the one in charge of issuing the different resolutions that regulate the activity of the game.
European regulations (KYC / AML)
Among the different regulations, in Europe we have the?Directive of the (EU) 2018/843 of the?European Parliament and Council of Europe?regarding the prevention of the use of money laundering or the financing of terrorism.
The European Directive?AMLD5 is a renewal of the previous anti-money laundering law AMLD4, which promotes a set of tools based on the prevention of the use of the financial system for money laundering from illicit activities.
It is a directive aimed at the financial sector and aims to establish measures that allow banks to shield themselves and protect themselves against these threats.
AML5 affects companies from multiple sectors, including online gaming providers, cryptocurrency platforms, providers of cryptocurrency wallets and insurance policies,?which are required to identify and verify the identity of customers through remote or electronic identification processes.
Regulatory framework of KYC and AML regulations in Latin America
Similarly, in Latin America, the implementation of laws and regulatory frameworks that allow the practices of Know Your Costumer and Anti-Money Laundering measures have been carried out:
Mexico
In Mexico in October 2012?the Federal Law for the Prevention and Identification of Operations with Resources of Illicit Origin (LFPIORPI), known as the “Anti-Money Laundering Law” came into force.
It is a very demanding and rigorous law that obliges regulated entities to provide information to the government, not only for banks, stock market companies, credits and other financial entities, but also art galleries, real estate agencies, car dealerships, etc.
The management and supervision of compliance with its stipulations depends on the?The Attorney General’s Office (PGR), the Ministry of Finance and Public Credit (SHCP), the National Banking and Securities Commission (CNBV) and the Financial Intelligence Unit (UIF)?among other organisations.
?
Chile
The main law in Chile’s regulatory framework against?money laundering and identification of the nature of funds?is the?Law 19,913, enacted in 2003 creating the Financial Analysis Unit, the institution in charge of supervising the Chilean financial system, whose objective is to prevent and impede the use of financial instruments to carry out crimes of money laundering and financing of terrorism.
?
Peru
There is a Plan to Fight Money Laundering and Terrorism, promoted by the State, which favours the implementation of KYC and AML measures in the country. In order to protect the integrity and stability of the nation’s economic-financial system, as well as to reduce the economic power of organized crime and terrorism, and to fight corruption.
Reforms and updates to the?Criminal Law Against Money Laundering?and the creation of the?Financial Intelligence Unit?(FIU) are some of the measures that have been developed by the program.
The body in charge of supervising and managing information in Peru is the FIU, whose main function is to analyze and share information for the detection of Money Laundering and the financing of terrorism.