Wireless and Internet-based technologies, such as mobile banking, remote deposit capture and online payments, have become the de facto platform standard for 21st century banking relationships: It's do it yourself from wherever you are in the world. Traditional customer relationships have been replaced with new technologies that extend customer relationships beyond the physical bank, and there is no turning back. As exciting, efficient and empowering as this has become, knowing your customer (KYC) through a technology-relevant customer identification program (CIP) is increasing in complexity.
KYC compliance & CIP
The essence of KYC compliance has to do with the establishment of an effective customer identification program (CIP) within an organization for meeting anti-money laundering regulations. A customer is a person that can be an individual, corporation, partnership, trust or an estate, and verifying or identifying them (in any context of the definition) using the appropriate documents or through other non-documentary methods. KYC is knowing who those customers are and what activities encompass the relationship they have with an institution.
New technologies don't mix with old CIP compliance procedures
The customer information required to establish any banking relationship typically is name, date of birth (if applicable), address and tax identification number. The next step is to verify the information provided. Depending on the type of relationship, this could be a range of documents from a driver's license, passport or tax return to corporate documents or utility bills, etc.
What complicates matters is that the new technology and the corresponding products make it difficult to apply convention or traditional procedures. Regardless of the product, an organization should not forget that the customer and their documentation still need to be verified. Just because they hit the enter key and sent you some information, doesn't mean that they are real.
For example, a new customer might visit your institution through a Certificates of Deposits (CD's) campaign using the Internet. The Internet helps reach out to new markets beyond the physical limitation of your geographic footprint and compete, but how do you verify the customer? New technology and new markets demand new ways of doing things, thus procedures need to be adapted to assess and mitigate risks the new operating environment presents.
Non-documentary methods for CIP compliance
If you don't have the original identification verification documents, what do you do? There are non-documentary techniques that an organization can use that will suffice and are acceptable to examiners when the original documents are not available for inspection and the customer is not in the lobby or is unable to conduct a site visit of the business location.
The caveat is that any approach an organization elects to use to replace conventional verification methods should be thoroughly documented, an updated risk assessment should be completed and procedures should be approved by senior management and the board in advance of implementing them. Unconventional approaches still require traditional approval.
Non-documentary approaches include:
- Verifying the customer through other banking relationship references (deposit or lending activities).
- Receiving scanned copies of documents, but then verifying the organization using public records such as:
- Articles of incorporation
- Certificates of good standing
- UCC-1 filings
- Accessing credit reporting information and comparing it to the credit report information provided on the online application information. Suggestions include:
- Existing credit relationships
- Current and former addresses
- Current and former employers
- Obtaining employer information and payroll advices (document received in lieu of a check that serves as notice of a direct deposit).
The point is that you can still verify the existence of the customer, company or business in an online environment if you think through the options and develop an approach that relies on creditable sources. The key is to determine the information that is needed, then use verification steps that achieve the same results had you received and inspected the original document.
Monitoring for continued KYC compliance
An all-electronic banking environment is not a bad thing. On the contrary, it opens an organization to a whole new realm of possibilities. Furthermore, when considering or using the Internet, KYC compliance is more different than it is difficult. When creating a virtual relationship, you will also need to develop a means of monitoring the relationship. As you begin to design online products, you should also include a monitoring component that is consistent with the technology. Case in point: After the fact, end-of-month batch reports will not suffice for a product where activity is real time and intra-day. By the time you realize you have a problem, it's too late.
Thinking through all the ramifications of new technologies is the best thing you can do to protect your organization, and at the same time create a successful CIP compliance framework to meet anti-money laundering regulations.
About the author:
Dan Fisher is president and CEO of The Copper River Group, a consulting firm headquartered in Fargo, N.D. that focuses on technology and payment systems research and consulting for community financial institutions. For nearly 30 years, Dan Fisher has worked in the financial industry using technology to improve the bottom line. He has served as a director of the Federal Reserve Board of Minneapolis, chairman of the American Bankers Association Payment Systems Committee, and as a member of the Independent Community Bankers of America Payments Committee. Dan has written numerous articles on banking technology and the payments system. He has authored or co-authored six books and recently published Capturing Your Customer! The New Technology of Remote Deposit. You can contact Dan via email at firstname.lastname@example.org.