Anti-Money Laundering (AML) and Know-Your-Customer (KYC) guidelines, and the regulatory requirements driving them, are constantly evolving.

Learn more about implementing KYC practices to meet regulatory challenges and associated ongoing challenges.

< Back to Tag
Mar 14, 2022

Implementing KYC Practices to Meet Regulatory Challenges

Making Sense of Data Protection Regulations and Associated On-Going Challenges 

Anti-Money Laundering (AML) and Know-Your-Customer (KYC) guidelines, and the regulatory requirements driving them, are constantly evolving.  In the United States, the federal organizations responsible for setting data protection laws for financial service providers are the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC).  These organizations are housed within the United States Department of Treasury. However, it is essential to understand that many international counterpart organizations are within foreign, federal governments and international bodies, including the European Banking Authority (EBA) or the United Nations Office of Drugs and Crime (UNODC).  The United States central banking regulations related to anti-money laundering and know your customer requirements are: 
  • The Bank Secrecy Act: Rolled out in 1970, the Bank Secrecy Act (BSA) remains America's most significant piece of anti-money laundering legislation. This act intends to restrict criminal organizations' and banks' conspiracy to commit financial crimes and launder money earned through illicit activities. The BSA forces any organization conducting business in the United States to fulfill certain compliance obligations and have a risk-based AML program. That includes customer due diligence (CDD) measures for reporting activity, collecting records, and responding to suspicious activities and customers. 
  • USA Patriot Act: Though the USA Patriot Act was passed as a response to the September 11th Terrorist Attacks, it has become an essential piece of legislation frequently cited in financial crime court proceedings. This law gives law enforcement agencies the enhanced ability to conduct surveillance and gather information about customer activities. This law also created specific frameworks for analyzing and reporting on cross-border payment issues raising red flags. 
Other key AML and KYC laws passing over the years include: 
  • Money Laundering Control Act 1986
  • Money Laundering Suppression Act 1994
  • Money Laundering and Financial Crimes Strategy Act 1998
  • Suppression of the Financing of Terrorism Convention Implementation Act 2002
  • Intelligence Reform and Terrorism Prevention Act 2004
It is essential that financial service providers, even those at small community credit unions and banks, and those at new financial technology startups, take the time to educate employees, partners, and customers about up-to-date financial reporting requirements and regulations. This education should occur in the United States and any physical locations or legal jurisdictions where business is taking place. 

Cybersecurity Professionals

Cybersecurity Professionals Have an Expanded Role When It Comes to Legal and Compliance Advisory Issues and Responses 

Cybersecurity professionals serve cross-functional aims and initiatives in the modern business world, linking different business divisions and operations. In the future, it seems likely that information security professionals continue to take leading roles in setting critical legal and compliance frameworks in place by developing and administering different programs and operations connected to AML and KYC best practices.  Information security experts and those employed in cybersecurity positions are likely to find themselves connected to decisions around how to implement the following operations and processes related to AML best practices and reporting guidelines: 

KYC (Know Your Customer)

Know Your Customer (KYC) protocols require companies and financial institutions to collect adequate information to verify a customer's identity before providing them with products or services. Anyone who has tried to purchase cryptocurrencies lately has probably experienced KYC regulations in action.  Increasingly, it is becoming essential for businesses to verify that people are who they say they are and the information they are providing is accurate and up-to-date. Areas such as airports, where challenges including rolling out vaccine passports are, we can see ongoing operational challenges beyond simply knowing someone's identity. 

KYC standards

Some KYC practices such as evaluating a customer's passport could occur in person. In contrast, others take place online from a remote location or via a touch-free kiosk without a staff member located anywhere nearby.  Digital or online KYC does not differ from in-person practices. However, there are increased demands for data protection and ensuring a swift and seamless process that upholds the law without taking too long or creating too many hurdles for new or prospective customers to jump through. Many customers are much less interested in fulfilling KYC requirements as government bodies enact new and ever more demanding policies. 

KYB (Know Your Business)

In many situations, it is essential to know who they say they are and confirm that their business or organization is legitimate and legal where it was founded and in your jurisdiction. An example of this is when determining the qualification for a commercial real estate loan.

Due Diligence

Due diligence is an extension of quality management and assurance protocols that help prove efforts were undertaken to prevent money laundering and other financial crimes from knowingly taking place by following all laws and legal requirements. Due diligence is also related to creating auditing and reporting practices protecting businesses when things do not go correctly, and crimes occur. 

The Game Has Changed

The Game Has Changed: Is Your Organization Ready to Respond? 

If you thought being a modern information security wiz meant going to school, starting work, and avoiding professional development at all costs, then chances are you won't be involved with complex legal and compliance advisory tasks any time soon.  While this business area continues to expand daily, it is not necessarily for the faint-hearted or those who shy away from research. We mean compliance and legal issues are extraordinarily complex and demanding by their nature. That is not to say, like network architecture or learning how to code in Malbolge; these are not skills you can develop over time.  Suppose you are interested in learning how to serve compliance and legal advisory tasks as a cybersecurity professional. In that case, we recommend the Cybersecurity Compliance Framework & System Administration course by IBM at Coursera or one of the Global, Risk, and Compliance-focused courses currently available at Global Knowledge. The game has changed, and winning requires developing the skills of the future. Launch an exciting and rewarding career in cybersecurity by learning more about the trends and ongoing demands of modern legal and compliance and advisory roles.  Build the future you've always wanted by developing the in-demand infosec skills of tomorrow!