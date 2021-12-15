KYC may seem like a simple concept, but when working with some of the largest financial entities in the world, the processes of customer identity verification and customer due diligence are critical to a successful AML program. There are three components of KYC compliance.



The first pillar of a KYC compliance policy is the customer identification program (CIP). CIP was imposed under the USA Patriot Act in 2001 to better protect the world’s financial systems in response to the September 11 attacks. The Patriot Act made it mandatory for all banks to implement written CIPs based on the bank’s size and its customer base. The act also required all banks to implement CIPs into their larger AML policies. CIPs verify the customer's identity using credentials like their name, date of birth, address, social security number or other documents.



The second pillar of KYC compliance policy is customer due diligence (CDD). CDD is a KYC process in which all of a customer’s credentials are collected to verify their identity and evaluate their risk profile. It is broken down into two separate tiers: simplified due diligence (SDD) and enhanced due diligence (EDD). SDD is used for accounts at low risk for money laundering or terrorism funding, like standard bank accounts or low-value bank accounts. EDD is used for customers that are at a higher risk of infiltration, terrorism financing or money laundering. If a customer is determined to be a higher risk, additional information collection is necessary. EDD procedures also include transaction monitoring. It’s important to keep track of the typical amount and frequency of a customer’s transactions to better find irregularities. It is the financial institution’s responsibility to determine each customer’s risk profile to determine if SDD or EDD is necessary. Learn how to drive ROI with CDD solutions.



The third pillar of KYC policy is continuous monitoring. Checking a customer once isn’t sufficient to ensure security. Understanding a customer’s typical account activity and monitoring the activity is necessary to catch irregularities and eliminate risks as they arise.