You’ve probably heard of KYC, the abbreviation for Know Your Customer. But what exactly does that mean? This is a company’s customer verification process, the primary aim of which is to combat fraud, money laundering and the financing of terrorism (LCB-FT). For some companies, such as banks and financial institutions, this is a legal requirement.
Definition of KYC (Know Your Customer)
What is KYC?
KYC, also known as “Know Your Customer”, refers to a process put in place by companies to verify and authenticate the identity of their customers.
As part of the KYC process, companies are required to obtain specific information about their customers, such as their full name, address, date of birth and passport ID. This enables companies to ensure that their customers are who they say they are.
What is the purpose of KYC?
KYC enables companies to :
- Reduce the potential risks associated with criminal activity and financial fraud
- Comply with current regulatory requirements (AML5 / LCB-FT)
- Protect their reputation by offering their customers a highly secure service
- Gain a better understanding of customers, their needs and preferences, making it easier to personalize offers and improve the overall customer experience.
Why is KYC mandatory?
For some companies, KYC procedures are regulatory obligations aimed at collecting and updating customer data. Framed by European and national legislation, these obligations are based on several anti-money laundering directives (notably the 5th LCB-FT Directive, also known as AML5). Most of them are integrated into the Monetary and Financial Code (CMF)The main aim of these directives is to reinforce the risk-based approach (ensuring that the major risks to which a company is exposed are properly identified, assessed and managed) and to combat money laundering and the financing of terrorism.
KYC procedures: what are the regulatory requirements?
To comply with regulatory requirements, the companies concerned must meet a number of obligations meeting two objectives, as set out inarticle R. 561-12 of the CMF.
The first objective is to gather and analyze the information needed to understand the customer and the nature of the business relationship. This includes the following points:
- Precise identification of the customer (moral or physical) and its nature (professional or non-professional)
- Identifying the beneficial owner
- Establish the customer’s risk profile: investment culture and experience, objectives and investment patterns.
- Know the origin and destination of funds involved in operations
The second objective is to put in place remediation procedures to ensure that the data collected is kept up to date throughout the duration of the commercial partnership.
Indeed, as stipulated inarticle R. 561-12, the companies concerned must collect, update and analyze “the information required to maintain an appropriate knowledge of their business relationship“.
In the event of aCNIL audit, the professional establishments concerned must be able to provide their continuously updated register of processing activities, in order to justify the following points:
- Ongoing compliance with all LCB-FT standards and obligations
- Compliance with regulations governing the processing of personal data (RGPD)
- Compliance with enhanced IT security requirements
Last but not least, individuals and professional establishments subject to the KYC procedure are obliged to report any suspected cases of fraud, money laundering or terrorist financing to Tracfin, the institution in charge of collecting reports. This French intelligence service is attached to the Ministry of the Economy, Finance and Industrial and Digital Sovereignty.
Penalties for non-compliance with KYC standards
TheAutorité de Contrôle Prudentiel et de Résolution (ACPR ) is the French banking and insurance supervisory body. In France, it has the power to penalize establishments failing to comply with KYC standards, ranging from a simple warning (“blâme”) to a fine of up to 100 million euros (or 10% of total sales). In the most serious cases, the ACPR can impose aban on business activities. Here are the 4 grounds for sanction:
- Insufficient customer authentication
- Suspected fraud, money laundering or terrorist financing not reported to Tracfin
- Inadequate KYC remediation procedure (updating customer data)
- Insufficient LCB-FT compliance action plan
In 2022, the ACPR handed down 7 decisions, for a total of over 14 million euros in fines. The vast majority of these sanctions concern the insurance sector (60%) for breaches of KYC obligations.
Contact one of our solution experts and find out how Netheos can help you comply with KYC obligations.
Who is subject to KYC?
Article L561-2 of the CMF lists all “persons subject to obligations to combat money laundering and the financing of terrorism”. Here is a summary, listed by industry:
Banking and financial services
Insurance and health
Persons engaged in the following activities with transactions of €10,000 or more
When should you carry out a KYC?
For the sectors concerned, the KYC process becomes mandatory in the following situations:
- Account opening: When a new customer wishes to open an account, for example with a bank or trading platform, the KYC procedure is mandatory in order to verify their identity and establish a reliable business partnership.
- Financial transactions greater than or equal to €10,000: This enables us to comply with LCB-FT standards by identifying the people involved in these transactions.
- KYC remediation: Updating and rectifying existing customer files when certain information is missing, incorrect or obsolete, in order to comply with LCB-FT regulations.
- Carrying out sensitive operations: Certain specific transactions, such as opening an offshore bank account or exchanging large quantities of currency, require strict regulatory verification to prevent abuse and ensure traceability of money flows.
What's the difference between KYC, KYB and KYT?
What is KYB (Know Your Business)?
KYB is a process used by financial organizations to verify the identity and activity of companies with which they have commercial relations. This procedure is an integral part of KYC and is designed to prevent any illegal activities.
When a company wishes to enter into a partnership with a financial institution, the latter is required to collect information about the company in order to understand its structure, economic activities, business model and beneficial owners. This enables the financial institution to assess the level of risk associated with the proposed business relationship.
The information requested during the KYB process may vary depending on the type of business and the regulations in force in each jurisdiction. However, commonly required items include:
- Official documents: such as the company’s articles of association, official registration certificates issued by the competent authority and any document proving its legal existence.
- Information on ownership structure: this includes the list of beneficial owners (UBOs), i.e. the people who hold the majority of the company’s shares.
- Business information: this includes the nature of the company’s activities, its major customers and suppliers, and any other information relevant to assessing the level of risk.
What is KYT (Know Your Transaction)?
KYT focuses on tracking and analyzing financial transactions carried out by a customer or entity. Its main objective is to detect suspicious activities by analyzing parameters such as amounts, frequencies and countries of origin or destination of funds.
Using sophisticated algorithms and machine learning techniques, financial institutions can analyze transaction data in real time to identify any abnormal or fraudulent behavior and report it to Tracfin.
Differences between KYC, KYB and KYT
The difference between the 3 processes lies in their application:
- KYC focuses on identifying and verifying customers’ personal data.
- KYB focuses on gaining an in-depth understanding of the companies with which a business connection is established.
- KYT focuses on monitoring transactions carried out by customers or companies to detect any suspicious activity.
It is important to note that, despite their apparent differences, the 3 concepts are interdependent and share a common objective: to combat fraud, money laundering and the financing of terrorism.
How do I carry out a KYC? 5-step process
In a KYC process, there are several key steps to follow to ensure accurate and reliable customer verification. Here are the main steps to consider:
Customer data collection and verification
Understanding the business relationship
- Is he a politically exposed person (PEP)?
- Does he run a company that presents a high risk of financial crime?
- Is he suspiciously trying to reduce his tax liability?
- Is he interested in a service considered high-risk?
Updating customer data: KYC remediation
The first step in the KYC process is to collect and verify data on your potential customers. The aim is then to create a KYC file containing the customer's essential KYC documents, as well as some of his personal information. If the latter is an individual, you should at least ask for his or her full name, address, date and place of birth, and country of residence. To complete this information and verify its accuracy, you'll also need to collect KYC documents such as your NIC and proof of address. To automate this process, we recommend the use of AI-based verification solutions such as Netheos ID, which provides a complete 4-point check in just 3 seconds: document quality, type, consistency and authenticity.
At this stage, you need to understand why the customer wants to use your products or services, and how they intend to use them. You need to collect information on the type, size and frequency of planned transactions, as well as on the countries involved in these transactions. This understanding will help you detect any suspicious activity potentially linked to money laundering.
The next step is to assess the level of risk posed by each customer. To do this, you'll need to be able to answer a number of questions. Here are some examples:
Customer information changes over time, so it's mandatory to regularly review and update KYC data to ensure its accuracy. This is known as KYC remediation. To give you an example, if due to a new position or an appointment a customer becomes the head of a business with a high risk of financial crime, you'll need to update their risk level and collect additional information.
Under current regulations, reporting entities must keep KYC documents for a certain number of years after the end of the business relationship. In France, the retention period for data relating to due diligence obligations is set by law at 5 years.
Which KYC solutions should you choose?
KYC automation solutions from Netheos
To be compliant, KYC solutions must meet 2 of the 6 additional vigilance requirements of the 5th LCB-FT Directive (AML5).
Netheos identity verification solutions are 100% LCB-FT compliant. Thanks to a proprietary facial recognition technology (called ®Facematch) based on state-of-the-art AI algorithms, our solutions are the smoothest on the marketguaranteeing maximum conversion rate ! Depending on your needs in terms of safety and compliance, you can choose between 3 solutions.
The historic solution most used by our customers. Our ®Facematch Photo facial recognition technology eliminates the risk of identity theft. The fully guided tour offers a very high conversion rate, with an average completion time of 48 seconds.
Use: Simple KYC process for customer onboarding, with little need for compliance
LCB-FT compliance: If combined with a SEPAm@il diamond solution
Netheos ID FAST
The Video version of our ®Facematch facial recognition technology not only eliminates the risk of fraud, but also simplifies the entire user experience: the conversion rate is maximized with a completion time of less than 40 seconds, offering the best user experience on the market.
Use: Qualified Electronic Signature (QES), smooth customer onboarding KYC process
LCB-FT compliance: if used for Qualified Electronic Signature (QES)
Netheos ID MAX
Remote identity verification pathway currently undergoing PVID certification by ANSSI to meet legal obligations imposed on certain sectors. The Netheos PVID coursecombines AI with human experts, available 24/7 and based in France, with an end-to-end course taking less than 2 minutes.
Usage: PVID course
LCB-FT compliance: Solution audited and in the process of being certified by ANSSI, 100% LCB-FT compliant.
Make an appointment with our team to find out how Netheos solutions can help you verify the identity of your users quickly and efficiently, without any loss of conversion time.
Documents and information required for a complete KYC file
Article R. 561-12 of the CMF requires regulated professional institutions to “collect and analyze the information necessary to understand the purpose and nature of the business relationship” in order to comply with the LCB-FT regulations. To obtain this information, companies use KYC forms, supplemented by the collection of KYC documents. This customer information is used to compile a complete KYC file.
KYC forms: what basic information should be collected?
Whether customer data is collected using an online KYC form or a paper form, the essential information to be collected is generally the same. They are divided into two categories, depending on whether the customer is an individual or a legal entity.
- Full name
- Maiden name (if applicable)
- Date of birth
- Full postal address
- Active phone (mobile or landline)
- Email address
- Country of residence
- Sector of activity
In addition, we provide information on politically exposed persons (PEPs), i.e. whether the policyholder or a direct member of his or her family has held an important political, jurisdictional or administrative position over the past 12 months.
Finally, companies are required to collect information on the individual’s financial situation and investment objectives:
- Annual net income of taxable household
- Type of income
- Financial and real estate assets
- Borrowings in progress
- Investment objectives and horizon
- Ability to bear risk
- Investor experience
- Testing the customer’s financial culture and understanding
- Company name
Legal form (SA, SARL, SAS, EURL…)
- Name of legal representative
- SIRET number
- APE code
- Activity name
- Head office address
- Email address
KYC documents for individuals
Valid proof of identity (both sides) :
- National Identity Card (CNI)
- Residence permit
And a 2nd proof of identity for people with a bank account outside the EEA (European Economic Area), including a driving license in addition to the 3 above.
Finally, you will be asked to provide proof of address less than 3 months old:
- Bill (electricity, gas or water)
- Telephone bill
- Rent receipt
- Insurance certificate
- Title deeds
KYC documents you need to provide as a company
- K-bis extract less than 3 months old
- Copy of updated articles of association
- Copy of both sides of the identity document of the company’s legal representative or signatory
- List of majority shareholders holding more than 25% of the company’s capital