Implementing KYC Practices to Meet Regulatory Challenges
Making Sense of Data Protection Regulations and Associated On-Going ChallengesAnti-Money Laundering (AML) and Know-Your-Customer (KYC) guidelines, and the regulatory requirements driving them, are constantly evolving. In the United States, the federal organizations responsible for setting data protection laws for financial service providers are the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC). These organizations are housed within the United States Department of Treasury. However, it is essential to understand that many international counterpart organizations are within foreign, federal governments and international bodies, including the European Banking Authority (EBA) or the United Nations Office of Drugs and Crime (UNODC). The United States central banking regulations related to anti-money laundering and know your customer requirements are:
- The Bank Secrecy Act: Rolled out in 1970, the Bank Secrecy Act (BSA) remains America's most significant piece of anti-money laundering legislation. This act intends to restrict criminal organizations' and banks' conspiracy to commit financial crimes and launder money earned through illicit activities. The BSA forces any organization conducting business in the United States to fulfill certain compliance obligations and have a risk-based AML program. That includes customer due diligence (CDD) measures for reporting activity, collecting records, and responding to suspicious activities and customers.
- USA Patriot Act: Though the USA Patriot Act was passed as a response to the September 11th Terrorist Attacks, it has become an essential piece of legislation frequently cited in financial crime court proceedings. This law gives law enforcement agencies the enhanced ability to conduct surveillance and gather information about customer activities. This law also created specific frameworks for analyzing and reporting on cross-border payment issues raising red flags.
- Money Laundering Control Act 1986
- Money Laundering Suppression Act 1994
- Money Laundering and Financial Crimes Strategy Act 1998
- Suppression of the Financing of Terrorism Convention Implementation Act 2002
- Intelligence Reform and Terrorism Prevention Act 2004
Cybersecurity Professionals Have an Expanded Role When It Comes to Legal and Compliance Advisory Issues and ResponsesCybersecurity professionals serve cross-functional aims and initiatives in the modern business world, linking different business divisions and operations. In the future, it seems likely that information security professionals continue to take leading roles in setting critical legal and compliance frameworks in place by developing and administering different programs and operations connected to AML and KYC best practices. Information security experts and those employed in cybersecurity positions are likely to find themselves connected to decisions around how to implement the following operations and processes related to AML best practices and reporting guidelines:
KYC (Know Your Customer)Know Your Customer (KYC) protocols require companies and financial institutions to collect adequate information to verify a customer's identity before providing them with products or services. Anyone who has tried to purchase cryptocurrencies lately has probably experienced KYC regulations in action. Increasingly, it is becoming essential for businesses to verify that people are who they say they are and the information they are providing is accurate and up-to-date. Areas such as airports, where challenges including rolling out vaccine passports are, we can see ongoing operational challenges beyond simply knowing someone's identity.
KYC standardsSome KYC practices such as evaluating a customer's passport could occur in person. In contrast, others take place online from a remote location or via a touch-free kiosk without a staff member located anywhere nearby. Digital or online KYC does not differ from in-person practices. However, there are increased demands for data protection and ensuring a swift and seamless process that upholds the law without taking too long or creating too many hurdles for new or prospective customers to jump through. Many customers are much less interested in fulfilling KYC requirements as government bodies enact new and ever more demanding policies.
KYB (Know Your Business)In many situations, it is essential to know who they say they are and confirm that their business or organization is legitimate and legal where it was founded and in your jurisdiction. An example of this is when determining the qualification for a commercial real estate loan.
Due DiligenceDue diligence is an extension of quality management and assurance protocols that help prove efforts were undertaken to prevent money laundering and other financial crimes from knowingly taking place by following all laws and legal requirements. Due diligence is also related to creating auditing and reporting practices protecting businesses when things do not go correctly, and crimes occur.