What is KYC Verification?
Know Your Customer or KYC is a set of protocols designed to verify the identity of a client or entity before conducting business with them. The KYC process typically involves collecting certain information from a prospective client, verifying this information to ensure veracity, and then using this information to estimate the potential business risk of onboarding the client.
The KYC verification process is required by Anti-Money Laundering (AML) and Terrorist Financing (TF) protocols the world over to combat illicit activities and financial crime. KYC checks also play a prominent role in data management, workflow automation, and risk management. The KYC information collected from clients can be analyzed to estimate potential risks and create risk profiles.
The difference in efficiency when leveraging KYC verification is also sizeable. KYC verification APIs enable businesses to retrieve and verify client KYC almost instantly, with secure verification workflows and easy integration capabilities.
KYC verification is not a monolith and may be sub-divided into its constituent processes.
The Key Components of KYC Verification
Any KYC verification procedure will consist of four critical components, determining the steps involved in a KYC check. These components are mandated differently according to jurisdictional AML requirements, but the components themselves are unchanging across geographies and industry segments.
The four components of every KYC verification process, are –
Customer Acceptance Policy
The first step required to undertake KYC verification is creating a policy. The customer acceptance policy outlines how the business or organization will verify clients, and the rules to be followed while onboarding a new customer.
The customer policy mentions the criteria to be used for verification, which documents are acceptable, and other requirements to be adhered to during KYC verification.
Customer Identification Program (CIP)
The next component in KYC verification involves collecting identifying information from a customer and verifying this information to ensure authenticity. The modes to be used for verification such as OCR, APIs, AI-powered document verification, etc, are also laid out in the CIP.
The minimum information businesses would require for CIP include – Name, Date of Birth, Address, and ID number.
Customer identification may be performed using three criteria –
- Possession – The customer is verified using something he or she possesses. This could be a photo ID, Officially Valid Documents (OVDs), an OTP received on the customer’s Aadhaar-registered number, etc.
- Inherence – The customer is verified using something that he or she is. This usually refers to a unique biological criterion such as fingerprints, retina, iris, etc.
- Knowledge – The customer is verified using something he or she knows. This could be a password, a private key, a pin, etc.
The most commonly used methods to verify individual customers involve furnishing government-issued identification such as –
- Voter ID
- Driving Licence
- GST certificate
For businesses, the CIP usually requires –
- Certificates of Incorporation
- CIN / DIN
- Partnership agreements
- Business Licences
Customer Due Diligence (CDD)
The third component of KYC verification involves performing due diligence procedures for verified customers. Regulated businesses are required to conduct extensive assessments and scoring to anticipate the level of risk potentially posed to the business.
CDD regimes can be classified into three types –
- Simplified Due Diligence
Simplified CDD is undertaken for low-value accounts where risks of money laundering are low.
- Basic Due Diligence
This is the required level of due diligence to be performed when money laundering risks are not low enough to warrant simplified due diligence.
- Enhanced Due Diligence
This is conducted when Financial Institutions (FIs) need detailed information regarding the customer’s transactions and financial activities. Politically Exposed Persons( PEPs) typically require enhanced due diligence.
Transaction & Activity Monitoring
Finally, FIs must continuously monitor the transactions of clients for anomalous activities, capital transfer patterns indicating money laundering, or any activity that might warrant a Suspicious Activity Report (SAR).
SARs are routinely sent to regulatory bodies for further action.
Types of KYC Verification
KYC verification can be performed in a number of ways, each with its own set of drawbacks and advantages.
Here are the most prevalent types of KYC verification.
This is the form of KYC verification most people are familiar with. In manual KYC, customers provide paper-based IDs and documents to an FI. These IDs are then manually verified, copied, and stored.
Once the customer’s KYC information is verified, manual KYC is completed. This process typically takes several weeks to complete and often results in lost documents, errors in data collection, and inefficient onboarding cycles.
Electronic KYC or eKYC is a quick and paperless verification process that makes use of the UIDAI Aadhaar database to verify customer identities. The demographic and biometric information of all Aadhaar holders is stored in the UIDAI database and leveraged to quickly retrieve information for KYC verification.
eKYC can be completed using OTP-based authentication, biometric verification, or offline methods. The latter includes extracting information from a downloadable Aadhaar XML file or scanning the QR code present on any Aadhaar card.
Accounts opened after just eKYC verification are usually called half KYC accounts and have several restrictions, with most FIs requiring customers to complete full KYC within a year of opening the account.
Read all about eKYC here.
Central KYC or cKYC is a paper-based method for KYC verification created to remove the redundancies present in the regular KYC process. To complete cKYC, clients must send copies of the cKYC form, proof of identity, proof of address, and a photograph to an FI, KRA, distributor, or an AMC.
Once this information is verified by the Central Registry of Securitisation, Asset Reconstruction and Security Interest of India (CERSAI), it’s stored in the Central KYC Records Registry (CKYCR) where it will be available for future KYC verification.
The customer will then receive a 14-digit KYC Identification Number (KIN) on their mobile number, which can be provided to any FI for instant KYC verification. This means that with cKYC, customers need to verify their KYC just once.
Read all about cKYC here.
Video-based KYC verification is the most robust iteration of KYC verification yet. Introduced in 2020, Video KYC is an AI-powered and completely digital method for FIs to verify customer KYC instantly and remotely.
Video KYC involves video-based interactions between customers and executives from FIs, where the customer’s identity is verified using facial matching techniques. KYC documents are validated by capturing live images of these documents and using OCR technology to extract KYC data. AI-powered verification algorithms verify these data against information retrieved from databases using APIs and authenticate customer identity within minutes.
Video KYC takes different forms based on the industry segment and regulator in charge. Banks and NBFCs, for example, must comply with the protocols of the Video-based Customer Identification Program (V-CIP). While insurers and investment firms have their own versions of Video KYC.
Learn all you need to know about Video KYC here.
What is the Purpose of KYC Verification?
- Prevention of money laundering & financial crime
Combating illicit financial activities and cutting off terrorism financing are two of the main objectives of KYC verification.
Money laundering can occur unencumbered when banks and FIs are unaware of who exactly possesses an account with them, how money is being transferred, and where it’s going to or coming from. KYC verification takes the shroud off of criminal activities and exposes them to the authorities.
Criminal organizations frequently rely on money laundering to “clean up” ill-gotten money in both organized and unorganized sectors. Professional Money Laundering Organizations (PMLOs) employ bulk cash smuggling to pick up and transport funds connected with drug trafficking, human smuggling, cybercrime, or other criminal activities.
This money is then deposited in the retail banking system following which the money is laundered using casinos, front companies, and domestic or foreign bank accounts.
Strong KYC verification nips money laundering in the bud either at the customer identification stage or via the monitoring of suspicious account activities.
- ID fraud & risk mitigation
Fraud is a steadily rising challenge for FIs across the world. According to PwC, nearly 46% of companies experienced some form of fraud. If a business’s revenue is greater than USD 10 billion, it’s more than half as likely to have experienced attempted fraud.
KYC verification is the first line of defense against fraud and cybercrime for FIs. The CIP of KYC verification ensures that clients are who they say they are, by using strong facial matching techniques and ML-enabled profile filters.
CDD programs also play an important role in risk mitigation, by calculating & assigning risk scores to customers and enabling FIs to continuously monitor activities.
- Data management & auditing
The data collected by FIs during onboarding is often disorganized and unqualified. This prevents FIs from creating client profiles for risk management and other functions.
KYC verification lays out protocols for data collection and management and creates a streamlined process for FIs to secure and manage customer KYC data. Additionally, KYC verification creates robust pathways for customer onboarding which increases the audit efficiency of onboarding processes and helps FIs comply with regulations.
- Streamlined onboarding
By closely following the procedures outlined in the KYC verification program, banks and NBFCs can ensure that the onboarding process is transparent and well-organized. This helps increase risk and KYC visibility while making the process easier to control and analyze.
Global Rules & Regulations for KYC Compliance
AML regulations vary by country and regulatory organization. Here’s a list of a few major regulators and the main AML laws, respectively.
|Global||Financial Action Task Force (FATF)||FATF Standards|
|USA||Office of the Comptroller of the Currency (OCC)||Bank Secrecy Act, Sections of the Patriot Act|
|Canada||Financial Transactions & Report Analysis Center of Canada (FINTRAC)||PCMLTFA|
|Australia||Australian Transactions Report & Analysis Centre (AUSTRAC)||AML/CTF Act, FTR Act|
|European Union||European Banking Authority (EBA)||6AMLD, PSD2, MiFID II, GDPR|
|Hong Kong||Hong Kong Monetary Authority (HKMA)||AML & CTF Ordinance|
|India||Reserve Bank of India (RBI)||Prevention of Money Laundering Act, 2002|
Why Businesses Need To Verify KYC
- AML/TF Compliance
Businesses operating in regulated sectors are required to comply with certain AML/TF regulations, in the absence of which compliance fines are levied.
Global AML compliance fines are steadily rising and crossed USD 1.6 billion in 2021. Compliance with AML regulations has become an expensive affair for FIs, with the majority of FIs leveraging RegTech such as KYC verification technology to comply with regulatory regimes and reduce compliance fines.
KYC verification is the easiest way to ensure that money laundering is mitigated and that FIs are in compliance with TF requirements.
- Fraud Prevention
Over 38% of FIs experienced some form of cybercrime and fraud in 2021. Strong KYC verification offers FIs a comprehensive means to mitigate ID fraud. Fraudulent profile filters, ML-powered pattern detection, and DB checks all serve to root out fraudsters, fake IDs, and bad actors.
- Operational Efficiency
Leveraging KYC verification makes the onboarding process faster, cost-effective, and more efficient. Banks & FIs schedule KYC verification flexibly using scheduling capabilities, collect and verify KYC data online using KYC verification APIs, and onboard clients en masse.
KYC verification enables businesses to boost onboarding and documentation efficiency while reducing KYC expenses and mitigating AML compliance fines.
- Risk Management & Smarter Decision-Making
Risk management is one of the most important factors for regulated businesses today. Poor risk management practices result in both extensive fines and loss of reputation.
KYC verification checks help businesses identify fraud and AML risks well ahead of time through ML-enabled profile filters, facial matching techniques, and DB checks. These data also help executives and managers make more prescient onboarding decisions
- Financial Inclusion
Regulatory bodies require banks and FIs to have stringent KYC procedures in place such as Enhanced Due Diligence, to lower overall risk and prevent financial crime. However, these procedures often result in several sections of the population being deprived of inclusion in the formal economy due to several factors such as a lack of access, lack of financial literacy, or a lack of infrastructure.
By leveraging KYC verification solutions, banks and FIs can onboard clients without requiring them to travel to business offices. Clients also needn’t fill out several forms, make copies of their KYC documents, or even carry these important documents around.
KYC verification solutions such as KYC verification APIs enable FIs to remotely and seamlessly onboard customers, bring them into the ranks of the formal economy, and offer key services such as credit access.
Digital Onboarding with KYC Verification – How it Works
eKYC is among the most straightforward forms of KYC verification and can be completed in the following ways.
The steps involved in online eKYC are –
- The client is invited for an eKYC session by sharing an invite via email or SMS
- The client provides their consent for eKYC and proceeds for KYC verification
- The client enters their Aadhaar number to generate an OTP
- The OTP is sent to the client’s Aadhaar-registered mobile number and email address.
- The client enters this OTP to verify their KYC
- In the back-end, the client’s KYC details are pulled from the UIDAI database and used to verify the information provided by the client to the business or FI that’s verifying them.
- Once the client’s KYC is verified, eKYC is completed.
Online eKYC can be conducted with ease using KYC verification APIs.
Offline eKYC can be conducted in two ways.
- Aadhaar XML verification
This method of offline KYC verification employs Aadhaar verification APIs. Here, the client simply enters their Aadhaar number and the corresponding OTP into the KYC portal.
These data are used as input to download and decrypt the client-specific Aadhaar XML file. This reveals KYC information such as the client’s full name, address, date of birth, and more.
- Aadhaar QR code verification
This method simply involves scanning the QR code present on every Aadhaar card. This QR code scan retrieves the client’s KYC information, which is then used for offline KYC verification.
KYC verification with cKYC involves the following steps.
- Since cKYC is paper-based, the client first fills up the cKYC form, attaches a proof of address, proof of identity, and a self-attested photograph with this form, and sends these to CERSAI.
- After an initial verification process, the client’s cKYC is verified. A unique KIN is provided to the client and the KYC information is stored in the CKYCR.
- The client simply needs to provide their KIN for the next KYC verification cycle. Any bank, insurer, or investment firm can use the KIN to retrieve the client’s KYC data and verify these instantly.
Biometric KYC Verification
Verifying client KYC using biometric factors is extremely useful, especially in states with low digital penetration where administrative systems are not robust enough. The steps involved are as follows.
- During Aadhaar registration, the biometric data of clients is collected. These include retina and iris scans, facial scans, fingerprint scans, and more. These data are stored in the UIDAI database.
- To verify eKYC, biometric scanners are used to scan the client’s features.
- If the biometric scan matches the data stored for the client, the FI is permitted to retrieve the client’s KYC information and verify these against the information provided.
- eKYC is completed after client KYC is verified in this way.
Video-based KYC Verification
The latest iteration of KYC verification is video-based verification, a comprehensive and completely online form of KYC verification.
Video KYC verification was introduced recently in 2020, and is leveraged differently in different industry segments. In banking, for example, FIs must follow the Video-based Customer Identification Procedure (V-CIP). Insurers and securities firms need to adhere to VBIP and VIPV respectively.
Video KYC verification involves a video-based interaction between an official from the FI and the customer. The official verifies the client’s KYC documents in real-time on this call and conducts a Q & A session with the client using randomized system-generated questions. This procedure checks for liveliness and ensures the client’s presence. The various versions of Video KYC involve slight variations in the process but the basic outline remains the same.
Video KYC can be conducted either with the assistance of an official from the FI, or it can be conducted without assistance in what is called self onboarding.
While these procedures are not exactly alike, they share a similar skeletal structure. Here are the steps involved in assisted Video-based KYC verification, broadly speaking.
- The client is invited for Video KYC via email or SMS. The client consents to the procedure and logs in.
- The client uploads digital copies of their KYC documents. These could be a PAN card, Aadhaar card, Passport, Driving Licence, Voter ID, etc.
- Once these documents are uploaded, the official begins a video call with the client.
- The client holds up their original KYC documents and live images are captured.
- The official then begins the liveliness check by asking the client a round of questions.
- The official finally captures a live picture of the client and ends the call.
- In the backend, AI algorithms and OCR are used to extract data from the captured images. APIs retrieve KYC data from DBs and these are used to verify the details provided.
- If the KYC verification is a success, the client is onboarded. Otherwise, the official can choose to re-start the Video KYC process.
Industry Use Cases for KYC Verification
The BFSI sector is among the most tightly regulated and for good reason. FIs are frequently targeted by hackers and criminals for money laundering, fraud, and other financial crimes. Additionally, FIs need to manage voluminous amounts of customer KYC data for risk management and CDD purposes.
Onboarding is also a major factor in business growth and operational challenges in KYC verification are a major cause of inefficiencies and business loss for FIs.
Banks and NBFCs require robust KYC verification to onboard clients securely and in a scalable fashion. Video KYC in particular helps FIs maintain high standards of CDD via facial matching and AI-powered ID verification.
Video KYC also offers a separate auditing portal for FIs to maintain compliance. SignDesk’s Video KYC solution is compliant with VCIP, VBIP & VIPV regulations, and offers FIs an instant and secure method to verify and onboard customers en masse. Read more.
Retail & FMCG
Vendor onboarding and management is a key aspect of supply chain management. Retailers and FMCG businesses partner with several vendors and distributors to ensure smooth operations, but quick and secure vendor verification is always a challenge.
KYC verification systems with comprehensive KYC checks allow for businesses to quickly onboard vendors using eKYC with integrations to eSign and eStamp distributor agreements on the go.
KYC verification APIs can be easily and quickly integrated with supply chain systems, enabling retailers to streamline vendor management and make supply chain management seamless.
Crypto has positioned itself as the frontier of digital finance, but the potential for misuse cannot be ignored. Due to the decentralized and effectively anonymous nature of transactions using virtual assets, crypto is partly a breeding ground for money laundering and financial crime.
KYC verification, therefore, has a massive role to play for virtual asset providers, crypto stock exchanges, and anyone trading or employing virtual assets and currencies. Strong KYC procedures enable crypto users to be identified and risk factors to be analyzed. ML fraud filters and remote KYC verification can be easily integrated into the virtual asset registration process and could potentially clean up the crypto sector. Read more.
Online Gaming & Gambling
With the market for illegal gambling in India valued at more than USD 1 billion, KYC verification is hugely important for the online gaming and gambling industry.
Risks of money laundering, spoofing attacks from fraudsters, and the conditional legality of the gambling sector all serve to buttress the importance of KYC verification.
KYC checks lower risks of money laundering by identifying users, preventing risks of attacks by maintaining a secure database of customer information, and even streamlining the onboarding process for online gaming which is admittedly too long and convoluted.
KYC verification helps players in the online gambling industry retain customers by shortening the KYC process and automates the extensive due diligence process required from the gambling industry. Read more.
Healthcare & Pharmaceuticals
Strong KYC verification is a must for healthcare and pharmaceutical companies. These businesses manage several hundred business relationships including coordinating with vendors and suppliers, contracting distributors, hiring independent contractors and auditors, and managing a plethora of scientists, health professionals, lab workers, and more.
Due to the strong due diligence requirements inherent to the healthcare and pharma sectors, KYC verification is indispensable for smooth functioning. KYC verification APIs allow businesses to streamline these complex onboarding processes and maintain high visibility for onboarding status and the collected KYC data.
Aadhaar eKYC with integrated eSign and eStamp solutions helps companies draft, negotiate, and execute onboarding documents remotely. Following this, parties are onboarded instantly with a strong audit trail for compliance. Read more.
SignDesk – AI-Powered KYC Verification
SignDesk offers an award-winning and AI-powered KYC verification solution built for efficiency and easy compliance. Our KYC solution enables seamless and instant client verification using OCR technology for image data extraction, AI algorithms for real-time document verification, and customizable onboarding workflows.
Businesses can use our KYC verification APIs for Aadhaar eKYC, biometric KYC, or Video-based KYC verification. With 400+ clients and over 20 million annual transactions, SignDesk’s KYC verification solution is a trusted and proven platform for businesses across industries to digitally onboard clients and maintain compliance with AML procedures.
Learn more about how our KYC verification solution can help you experience total automation by booking a demo with our product experts.