The KYC (Know Your Customer) process comprises 3 main, successive stages. The Customer Identification Program (CIP). Customer Due Diligence (CDD) and Ongoing Monitoring. These 3 KYC steps are crucial to the implementation of a reliable process and compliance with legal standards. In this article, we take a closer look at the 3 stages of KYC.
Understanding the 3 stages of KYC
KYC comprises a list of regulatory models that companies put in place to secure their tools and comply with legislation. CIP, CDD and continuous monitoring are all part of KYC standards.
Customer Identification Program (CIP)
The customer identification program focuses primarily on verifying the customer's identity. The aim of this model is to confirm or deny the correspondence between digital and physical identity. The Customer Identification Program is mainly implemented during customeronboarding.
Due diligence (CDD)
Due diligence, the second of the 3 stages of KYC, is used to assess the risk of each customer. This phase uses a range oftechnical informationto assess the risk of fraud or theft. There are 3 distinct levels of due diligence. Simplified Due Diligence (SDD), for which verification of identity documents is optional. Standard Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD).
Continuous monitoring
Ongoing monitoring is the final stage of KYC. It lasts over time to ensure ongoing compliance with KYC-related regulatory standards. This phase consists of monitoring customers when activities are suspicious. To achieve this, companies need to set up automatic alerts forunusual events.
Customer Identification Program or CIP
The first of the 3 stages of KYC is the Customer Identification Program or CIP. During this phase, customer information is collected and validated. In general, CIP refers to a set of procedures that a company must put in place and follow to confirm the identity of its customers.
This usually means that customers have to submit their own documents. Among the documents required are:
- Government-issued identification.
- Proof of address.
- Proof of income.
In addition, it is essential for companies toassess the risk associated with each customer. This assessment takes into account factors such as the customer's profession, country of origin, and the type of transactions in which he or she is involved. Customers deemed to be high-risk require additional scrutiny. This leads to the second stage of KYC (which we'll look at in the next section).
The main purpose of CIP programs is to verify that customers are who they claim to be. These programs play a crucial role in identifying and preventing money laundering (AML),identity theft, terrorist financing (TF), and many other types of fraud. If you'd like to find out more about document fraud, read our article detailing 5 types of document fraud.
Customer due diligence or CDD
Customer due diligence involves a series of ongoing procedures designed to assess customer risk. Among the KYC steps, customer due diligence comes second. After verifying a user's identity, organizations need to gather further information and carry out an in-depth assessment of his or her profile through CDD. This risk assessment enables the detection of any suspicious or risky behavior. This process is a fundamental aspect of KYC practices. It helps companies build trust with potential customers.
CDD has 4 key requirements:
- Identify and verify all customers.
- Identify and verify all beneficial owners: individuals who control at least 20% of the company.
- Understand the nature of customer relationships to establish customer risk profiles.
- Continuously monitor customer activities and transactions to detect and report suspicious behavior.
Enhanced Due Diligence (EDD) is implemented for high-risk customers. That is, those for whom there is a reasonable suspicion of unauthorized access or attempted fraud. To decide whether an EDD is necessary, we need to pay attention to several elements:
- Person's location.
- Customer's profession.
- Transactional behavior: value, frequency, and monitoring of suspicion patterns.
- Payment methods used.
Although certain enhanced due diligence requirements are defined by each government, the implementation of EDDs remains necessary. As with the KYC framework, it is the responsibility of each company to assess risk. They have an obligation to take steps to avoid wrongdoing on the part of their customers.
Continuous monitoring: A long-term step
Continuous monitoring, also known as Ongoing Monitoring, is part of the KYC process, even if it lasts over the long term. In fact, ongoing monitoring is a crucial phase in the KYC process. It involves the regular verification of customer information to confirm ongoing compliance with regulatory standards. The aim of continuous monitoring is to help companies detect any potential signs ofsuspicious or illegal activity.
Since customer information can change over time, ongoing monitoring helps maintain account security. This step is designed to ensure that the organization remains KYC compliant, no matter how much time has elapsed since therelationship was first established with each customer. Depending on the customer and the risk mitigation strategy, it is also necessary to monitor various factors. These can help identify suspicious activity:
- Any unusual or cross-border activity that falls outside the norm.
- Sudden peaks in activity (in number or size).
- Unfavorable media coverage.
- Any politically exposed person.
- Individuals sanctioned by government or financial institutions.
If unusual activity is detected, a Suspicious Activity Report must be submitted.
Automate the 3 KYC steps
In order to automate KYC steps (notably the onboarding process), it is necessary to offer reliable and secure identity verification.Artificial intelligence tools enable you to verify customer identity and combat fraud effectively. These solutions help you achieve regulatory compliance at every stage of KYC.
As you may have guessed, Datakeen offers an online identity verification tool : IDify. Our solution supports you incustomer onboarding andrisk assessment. Our AI product can also help you set up remediation campaigns, to ensure ongoing KYC AML compliance.
