KYC Requirements in the US: Requirements in the US Financial Industry

KYC (Know Your Customer) requirements play a crucial role in the US financial industry. These requirements are in place to prevent money laundering, terrorist financing, and other illicit activities by ensuring that financial institutions have a thorough understanding of their customers’ identities and business relationships. In recent years, there has been an increased focus on modernizing and enforcing AML (Anti-Money Laundering) regulations both in the US and abroad. The US’s Financial Crimes Enforcement Network (FinCEN) proposed KYC requirements in 2014, which are expected to be finalized soon.

The Core Elements of Customer Due Diligence

FinCEN’s proposed KYC requirements are part of a broader regulation that sets out the core elements of a customer due diligence program. These elements are designed to help financial institutions avoid illicit transactions by improving their view of their clients’ identities and business relationships. While the proposed requirements establish a baseline for performing customer due diligence, financial institutions are expected to supplement these requirements with their own assessment of each client’s risk profile.

Establishing Beneficial Ownership Thresholds

As part of an effective customer due diligence program, financial institutions are required to verify the identity of the beneficial owner of a customer that is a legal entity. The proposed baseline definition of a beneficial owner is a person who has at least a 25% equity interest in the legal entity. However, financial institutions should lower this threshold for customers with high levels of AML risk. While the proposal does not prescribe a specific ownership threshold for these customers, industry best practices and regulatory expectations indicate that a 10% threshold is generally appropriate.

To establish an institution’s thresholds for beneficial ownership, a risk-based approach should be taken. This process involves considering factors such as the complexity of the customer’s ownership structure, whether the customer operates in a heavily regulated industry, whether the customer’s home jurisdiction is subject to sanctions or home to terrorist organizations, and the extent to which the customer’s business is cash-based. Additionally, institutions should assess whether the customer has taken any measures to mask the identity of its shareholders and the nature of the institution’s relationship with the customer.

The Challenges of Implementing KYC Requirements

Implementing KYC requirements can be operationally challenging for financial institutions. While they can rely on third parties to provide needed information in certain cases, the ultimate responsibility for compliance rests with the institutions themselves. Non-compliance can result in significant penalties, as evidenced by the unprecedented AML-related penalties levied against the industry in recent years. Therefore, institutions should begin their implementation efforts as soon as possible, based on the proposed requirements and industry best practices.

Performing internal AML risk assessments and collecting the required customer information will require significant resources. Institutions must plan ahead and allocate sufficient resources to functions that are most impacted by these efforts, including the compliance function, the first line of defense functions, and the business lines responsible for collecting customer ownership information. It is also important for global institutions to consider regulatory differences across jurisdictions and reconcile them, especially if they are subject to similar requirements in other jurisdictions.

The Role of Third Parties in KYC Compliance

Recognizing the challenges associated with collecting and verifying customer ownership information, US regulators allow financial institutions to rely on customer information provided by specified third parties. This reliance expedites the customer onboarding process and improves the overall customer experience. However, institutions should ensure that the third party has appropriate risk controls and governance in place and should make the decision to rely on third parties based on their own assessment of customer risk.

While reliance on third parties can be beneficial, it does not reduce the amount of customer information that needs to be collected. Financial institutions are still responsible for collecting the necessary information, whether it is obtained directly or through third parties. Jurisdictional differences exist regarding the type of third-party institution that may provide the information and the sharing of customer information with entities outside of a jurisdiction due to privacy laws.

Steps Financial Institutions Should Take Now

Financial institutions should act now to have the required policies, procedures, and practices in place to meet KYC requirements. This is particularly important for global institutions that need to account for jurisdictional variances. Institutions should go beyond the minimum industry standards to ensure they are meeting regulatory expectations. For example, they should collect additional biographical information about ultimate beneficial owners, such as date of birth, address, and identification number. Institutions that are currently undergoing remediation efforts should not wait for the finalization of FinCEN’s KYC requirements before implementing them.

By taking a proactive approach to compliance, financial institutions can demonstrate to regulators that they prioritize their AML risk management. This will improve their regulatory standing and help build trust with their customers. Implementing a robust KYC program will not only help institutions comply with regulations but also protect their business and customers from the risks associated with money laundering and terrorist financing.

Conclusion

KYC requirements are essential in the US financial industry to combat money laundering, terrorist financing, and other illicit activities. Financial institutions are expected to establish beneficial ownership thresholds based on a risk-based approach and to collect and verify the necessary customer information. While institutions can rely on third parties for certain information, the ultimate responsibility for compliance rests with the institutions themselves. It is crucial for institutions to begin implementing KYC requirements as soon as possible, allocate sufficient resources, and go beyond minimum industry standards to meet regulatory expectations. By doing so, institutions can enhance their compliance efforts, protect their business, and build trust with their customers.