KYC compliance is not just a one-time practice. It is a thorough verification process that starts with developing a Customer Identification Program (CIP). Then it comes to accessing the risk associated with each client. In the case of a low-risk client, basic KYC is enough but if the customer has a high-risk profile then Enhanced KYC is applied to that customer.
Customer Identification Program is the first step in KYC compliance. It consists of the requirements of regulatory authorities that apply to your business model or industry. CIP protocols are the same in most of the regions in the world. For instance, the CIP requires that every financial transaction must be verified through an in-depth identity verification of the person making the transaction.
The CIP includes the risk assessment of the individual and business accounts of the financial institutions. The financial institutions are required to define their risk appetite. Once it’s set, the businesses and financial institutions are required to assign a risk rating to each of their clients. It helps them define risk measures for clients falling under different risk brackets. KYC procedures are defined uniquely for complete risk prevention in all those risk brackets. This is the point where the financial institution or the business decides the procedure of Customer Due Diligence (CDD) and Enhanced Due Diligence(EDD).
CIP also includes the collection of customer information and the verification of this information. Once completed the customer is assigned a risk rating and CDD or EDD is performed on that customer based on risk rating.
Enhanced Due Diligence (EDD)
In case of a high-risk customer, the financial institutions and businesses perform more strict KYC and AML screening, which is called Enhanced Due Diligence (EDD). Enhanced due diligence includes an in-depth investigation of customer’s identity, financial status, income, etc.
Commonly enhanced due diligence includes collecting information about:
- Customer’s business/occupation
- Transactions pattern and any unusual transaction
- Location, etc.
These EDD measures are designed by businesses as per their risk appetite. It is partially based on regulations and compliance protocols.