Misunderstanding the difference between Electronic Identity Verification (EIV) and Know Your Customer (KYC) is just one of the many ways that Anti-Money Laundering (AML) requirements can be complex and frustrating for businesses. Knowing the requirements and creating a functional, sustainable AML programme can be complicated and time-consuming, taking time away from other revenue generating work. Yet it is crucial, in order to keep compliant with regulations.
Recently, an innovative, hi-tech New Zealand company received a formal warning from the New Zealand regulator (the FMA) for failing to collect enough information about its customers under the NZ AML/CFT Act 2009. The FMA found that the company had failed to obtain information about the nature and purpose of the proposed business relationship from most customers, and had failed to obtain sufficient information to determine whether certain customers should be subject to enhanced customer due diligence.
The requirements are standard practice for AML/CTF reporting entities in completing customer due diligence, including why the person is transacting with a firm. EIV alone is not enough to comply with the AML/CTF Act.
AML procedures are required in Australia, New Zealand and around the world. These regulations place a wide variety of screening and monitoring obligations on financial institutions to avoid possible fraud risks.
“Customers that are not adequately identified, or that are identified incorrectly, can more easily evade AML/CFT controls and exploit financial products to commit crimes.”
Understanding the difference
AML procedures such as KYC programs are used to screen clients and client transactions, in order to verify who your potential customer is and whether they pose any money laundering risks. EIV is a software that is used to remotely verify the identity of a customer. While the terms are sometimes used interchangeably, they mean different things. As AML compliance is critical, from a legal and business perspective, it’s essential to understand the difference.
The practice of customer identity verification is an important AML/CTF obligation: customers that are not adequately identified, or that are identified incorrectly, can more easily evade AML/CTF controls and exploit financial products to commit crimes.
Read on to find out the difference between KYC and EIV.
What are Know Your Customer checks?
A Know Your Customer check is the first step in the implementation of a broader AML compliance program. This process is used to understand the potential risks associated with a new customer, and generally includes steps such as verifying the customer’s identity, and understanding their complete financial situation, to mitigate risk.
A typical AML KYC compliance program consists of the following steps:
- Manually collect the relevant documentation from your client
- Upload the collected AML information and documentation to your relevant database or CRM system
- Send the documentation to your internal approver and await confirmation
- Follow up with clients to ensure they provide the necessary documentation
- Identify the ownership structure of the entity, and list what documents must be collected
- Advise your clients what documents they are required to supply
- Check the documentation is true and correct
Enhanced due diligence
If a customer is considered high risk, a greater level of scrutiny and verification is required. As a result, the KYC process needs to involve enhanced due diligence (EDD). This can consist of the following:
- Requesting additional customer identification
- Analysing and verifying the source of funds
- Conducting on-site visits to verify physical addresses
- Monitoring ongoing transactions
What is Electronic Identity Verification?
Electronic Identity Verification is software that’s designed to confirm and validate the details of a customer’s identity, in a remote or non face-to-face way.
It is the verification of a customer to satisfy one part of AML/CTF regulatory requirements. In simpler terms, this is the regulated process of confirming an individual is who they claim to be through electronic sources. This remote or non face-to-face method of verification has two components:
- Confirmation of identity information via an electronic source
- Matching that person to their identity
An EIV runs your ID document (passport, driver licence, birth certificate) details against the national Australian databases to confirm your ID is current and valid. By confirming that a customer’s date of birth and ID document registration numbers are true and accurate, you can trust that this individual is who they say they are. An EIV also searches against the Dow Jones Watchlist for PEP Checks.
Knowing the difference can remove the risk from your business
KYC is knowing the entire entity structure, knowing who exactly you’re working with, and who is involved in the vehicle – ultimately it means completely knowing who your customer is and what the nature of their proposed business is.
EIV on the other hand, only satisfies one part of the complex KYC process by remotely verifying the identity of one customer. If you were to only use EIV as your AML process, this leaves you with an incomplete understanding of your potential customer and the risks they may pose to your business.
More and more often we are seeing regulators crack down on companies that haven’t abided by the AML/CFT Act, and it’s becoming increasingly more important to be compliant and across all the aspects of AML compliance.
Working with an AML expert can help streamline your AML processes and ensure all requirements are met, without the time investment. First AML offers specialised software to do just that, eliminating the confusion and ticking all the right boxes.
About First AML
First AML is an AML technology provider, and the maker of Source, an all-in-one AML platform. Source powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Its enterprise-wide, long term approach to the KYC / CDD data lifecycle addresses time and cost challenges while minimising compliance, reputational and security risks.