Financial crime continues to be a major issue in the UK.
But the government and law enforcement agencies are cracking down on those that break the law or fail to meet regulations.
This article explains everything you need to know about KYC regulations in 2023.
This year saw the biggest money laundering trial in history, as eight defendants were accused of channeling £266m in illicit funds through a Bradford-based gold dealer.
Elsewhere, Santander UK has been fined over £100 million after the bank failed to oversee and manage money laundering controls on 560,000 business customers over five years.
If you want to avoid your business becoming involved in financial crime and facing a fine then you need to have robust anti-money laundering (AML) policies and procedures in place.
Following know your customer regulations (KYCs) are an important part of this
‘Know your customer’ is a general term given to processes that involve checking and verifying the identity of customers.
It ensures that customers are who they say they are and helps to fight fraud, money laundering and other economic crime.
If they are high risk, then the company goes through the AML KYC process. This includes:
Sometimes known as IDV, a customer identification programme is where you ask a customer to send you a government-approved identity document. This could include a driver’s licence or a passport.
This is when you check the customer’s ID document against the relevant government database to ensure it is real.
You perform regular checks on your customer to ensure that their risk profile doesn’t change. You also recheck their ID annually.
If the person is considered high risk or there is doubt over whether their ID is genuine, you may need to conduct full anti-money laundering checks.
These include address verification and checking if the person is on sanctions or politically exposed persons (PEPs) lists.
KYC is governed by the same laws as AML and customer due diligence.
In the UK, the main KYC law is the Money Laundering Regulations 2007.
Below is a checklist of regulatory requirements that customers must meet. There are five key areas:
✔️Create a customer identification programme. In other words, identify customers based on verified documents.
✔️Collect information on the purpose and intended nature of the business relationship.
✔️Identify the level of customer risk depending on:
✔️The type of customer
✔️The business relationship
✔️What the product is
✔️Details of the transaction
✔️The KYC officer must be able to prove that they measured the risks posed by the customer and took appropriate action.
✔️The customer and ultimate beneficial owner’s identity needs to be verified before a business relationship can be started—unless they are deemed to be very low risk, in which case it can be verified during the relationship.
✔️Money laundering officers should monitor financial transactions for any suspicious behaviour.
✔️They should regularly renew customer due diligence records by conducting new checks.
✔️Higher-risk relationships should be monitored more often and with greater scrutiny.
✔️ If a company falls into certain categories then they can skip most KYC processes. The only exception is ongoing monitoring of the customer’s transactions and risk.
✔️ It’s worth checking with your industry regulator to find out which transactions qualify for simplified due diligence in your sector.
✔️ You should always conduct full enhanced AML checks if you suspect money laundering or criminal activity.
✔️Certain types of people are considered to present a higher risk of being involved in financial crime. For these clients you need to conduct enhanced due diligence. This involves investigating the individual more thoroughly and taking a risk-based approach when making a decision.
✔️Enhanced due diligence is required if the customer:
✔️Is not physically present for identification purposes (note: digital identity checks count as being physically present).
✔️Is a credit company with a correspondent banking relationship with a non-EEA institution
✔️A customer is a politically exposed person (PEP).
✔️The money laundering officer perceives a higher risk of money laundering or terrorist financing.
✔️ A company can appoint a third party to carry out KYC checks on their behalf.
✔️ However, they remain liable for the processes and policies, as well as any failures.
✔️ Companies must also keep records of their customers’ identities, transactions and any supporting documents.
✔️ The company should be able to produce records immediately when asked by a regulator.
✔️ Regulated companies should establish and maintain KYC policies and procedures related to:
✔️ All relevant staff should be made aware of the law on money laundering and terrorist financing. They should also be trained in how to identify and deal with high risk and suspicious transactions or customers.
✔️ Companies should appoint a nominated officer whose job it is to take responsibility for:
✔️Manage and implement AML policies and procedures
✔️Keep abreast of the latest regulatory changes
✔️Submit suspicious activity forms to the National Crime Agency
✔️Train staff on AML-related matters
There are four main reasons for implementing thorough AML and KYC policies and procedures in your business.
Financial crimes like money laundering and fraud are thought to cost the UK economy more than £300 billion each year. Fulfilling AML and KYC requirements means you are doing your part to fight economic crime.
Failure to meet KYC compliance requirements can lead to a criminal conviction, a fine or even a prison sentence of up to two years.
Both companies and responsible individuals can be found guilty of not fulfilling KYC compliance with AML and KYC regulations.
According to the Financial Conduct Authority (FCA), more than £298 million of suspicious money passed through Santander accounts during this period.
The Santander fine described above made national news in the UK. HSBC and NatWest have also both been at the heart of similar fines.
Millions of business customers know that these financial institutions enabled financial crime and their reputations have been damaged.
You can protect yours by maintaining robust KYC and AML policies and procedures.
Criminals might not want to launder money. They may be targeting your business to try and steal money or high-value goods from you.
Verifying the identities of customers helps stop that from happening.
The bill will take effect in early 2023. It will impact KYC regimes in a number of ways.
Two examples of amendments recently added include:
Identity verification: Directors and other persons with significant control (PSCs) at companies will need to verify their identities with Companies House. The government is seeking to extend this to overseas companies that register in the UK.
Discrepancy reporting: If a business conducts customer due diligence on a company and discovers a discrepancy between the information they are given and their own research then they must report it to Companies House. The new bill will set out specific reporting requirements relating to this.
Other changes include:
People setting up new businesses will need to have their identity verified by Companies House.
More information about transactions and people’s identities will be shared between enforcement agencies.
Law enforcement officials could be given powers to seize crypto assets.
The legal sector may be given a statutory duty to prevent and detect economic crime.
Cryptocurrency transactions are anonymous and so are often used by criminals to launder money.
According to the NCA, over £1 billion of illicit cash is transferred overseas via crypto assets each year.
Authorities have long been concerned about the lack of regulation in crypto markets.
In the last year, the crypto industry has been rocked by several high-profile scandals and failures.
The UK government is already planning greater regulation of stablecoins—cryptocurrencies whose value is pegged against real-world fiat currencies—so that they can be used safely.
Another sign of increased regulation is that people within the industry are talking about it. Brian Armstrong, CEO of Coinbase (one of the world’s largest crypto exchanges) has written a blog explaining his thoughts on the future regulation of the industry.
In it, he says that robust AML and KYC policies should be implemented once stablecoin regulations have been set.
Armstrong is an influential figure and so the blog is a good indication of what to expect.
Performing thorough KYC and AML checks is vital to ensure your business avoids regulatory fines and reputational damage.
However, these checks can make your customer onboarding process long and complicated.
This can damage customer relationships as they are left waiting, and it can even delay the start of your business together.
The solution is to use a fast and accurate KYC and AML checking service.
Red Flag Alert’s database holds detailed financial information on every UK company as well as businesses in most countries around the world. We provide a comprehensive AML service that enables you to conduct fast, accurate KYC processes.
We help you keep your KYC compliance costs and your AML risk low.
This includes:
If you want to screen your clients for AML risk quickly and safely then try our new AML checker—it’s hosted on our website and it’s completely free to use. Or Request a Free Trial of Red Flag Alert today.
Check out our Q3 Intelligence Report to find out the issues that have affected the UK economy in 2022.