Know Your Customer (KYC) compliance regulation has proved to be one of the biggest operational challenges banks, accountants, lawyers and similar financial service providers worldwide have had to overcome

The 9/11 terrorist attacks on the World Trade Centre revealed that there were sinister forces at work around the world, and that terrorists activities were being funded with laundered money, the proceeds of illicit activities such as narcotics and human trafficking, fraud and organized crime. Overnight, the combating of terrorist financing became a priority on the international agenda.

Know Your Customer, or KYC, refers to the regulatory compliance mandate imposed on financial service providers to implement a Customer Identification Program and perform due diligence checks before doing business with a person or entity.
KYC fulfils a risk mitigation function and one if its key requirements are checking that a prospective customer is not listed on any government lists for wanted money launders, known fraudsters or terrorists.

If preliminary KYC checks reveal that the person is a Politically Exposed Person (PEP), for example, Advanced Due Diligence must be done in order to ensure that the person’s source of wealth is transparent, and that he or she does not pose a reputation or financial risk in terms of their finances, public positions or associations. Beyond customer identification checks, the ongoing monitoring of transfers and financial transactions against a range of risk variables forms an integral part of the KYC compliance mandate.

The arrival of the new millennium was marred by a spate of terrorist attacks and corporate scandals that unmasked the darker features of globalization. These events highlighted the role of money laundering in cross-border crime and terrorism, and underlined the need to clamp down on the exploitation of financial systems worldwide.

Know Your Customer (KYC) legislation was principally not absent prior to 9/11. Regulated financial service providers for a long time have been required to conduct due diligence and customer identification checks in order to mitigate their own operation risks, and to ensure a consistent and acceptable level of service.
In essence, the USA PATRIOT Act was not so much a radical departure from prior legislation as it was a firmer and more extensive articulation of existing laws. The Act would lead to the more rigorous regulation of a greater range of financial services providers, and expanded the authority of American law enforcement agencies in the fighting of terrorism, both in the USA and abroad.

In October 2001, President George W. Bush signed off the USA PATRIOT Act, effectively providing federal regulators with a new range of tools and powers for fighting terror financing and money laundering. During July 2002, the US Treasury proceeded to introduce Section 326 of the PATRIOT Act, a clause that removed some key burdens for regulators and added significant enforcement muscle to the Act.

What 9/11 changed, in essence, was the extent to which existing legislation was being implemented. Using the provisions of the earlier anti-terrorism USA Act as a foundation, it included the Financial Anti-Terrorism Act, which allowed for federal jurisdiction over foreign money launders and money laundered through foreign banks. Significantly, it is this anti-terror law that would make the creation of an Anti Money Laundering (AML) program compulsory for all financial institutions and service providers.

Section 326 of the USA PATRIOT Act dealt specifically with the identification of new customers (“CIP regulation”), and made extensive provisions in terms of KYC and the methods employed to verify client identities.
In accordance with this piece of updated KYC legislation, federal regulators would hold financial institutions accountable for the effectiveness of their initial customer identification and ongoing KYC screening. Institutions are required to keep detailed records of the steps that were taken to verify prospective clients’ identities.

Although current KYC legislation does not yet demand the exclusion of specific types of foreign-issued identification, it recommends the usage of machine-verifiable identity documents. The ability to notify financial institutions if concerns regarding specific types of identification were to arise, combined with a risk-based approach to KYC, proved to provide a robust mechanism for addressing security concerns.

The KYC compliance mandate, for all its positive outcomes, has burdened companies and organizations with a substantial administrative obligation. Additionally, KYC compliance increasingly entails the creation of auditable proof of due diligence activities, in addition to the need for customer identification.

In order to meet KYC compliance requirements, financial institutions must:

• Verify that customers are not or have not been involved in illegal activities such as fraud, money laundering or organized crime
• Verify a prospective client’s identity
• Maintain proof of the steps taken to identify their identity