Everything fintechs need to know about the KYC bank process

How fintechs can balance customer convenience with risk management.
Headshot of Sheetal Parikh
Sheetal Parikh
Associate General Counsel & Vice President of Compliance Solutions
,
October 14, 2021
Infographic showing various aspects of KYC navigation

Know your customer (KYC) — also sometimes called “know your client” — refers to processes banking and financial institutions use to verify a customer’s legal identity. Put simply, KYC ensures that the customer opening an account with a financial institution is who he or she purports to be. KYC is at the heart of compliance processes that fintechs need to establish to launch any Banking as a Service (BaaS) product on a platform and creates a benchmark to identify and assess transactions.

This article explores key considerations that you should be aware of as a fintech, and how to balance customer needs with risk management.

What is KYC Compliance?

The KYC compliance process helps organizations to avoid working with people who have been involved in money laundering, fraud or other illicit financial activity. Money laundering is when someone takes money gained through criminal actions and makes it appear the money came from a legal and legitimate source or transaction. The KYC bank process can also help organizations determine creditworthiness where relevant.

As an extension of doing business and banking with banks that are subject to the BSA, fintechs must comply with the Banking Secrecy Act (BSA) and anti-money laundering law. BSA, as amended by the  USA Patriot Act, requires banks and other financial institutions to collect specific information from a person and entity at the time of onboarding.

KYC programs are generally risk-based: the higher risk a customer poses, the more information a financial institution will want to collect. This process is critical in ensuring prospective customers are not known bad actors or unsuitable clients. By learning a customer’s risk profile, KYC is intended to ensure customers are behaving as anticipated. It also empowers a financial institution to detect deviations from activity that can indicate fraud or potentially suspicious activity related to financial crimes.  

Even though a fintech is not necessarily a financial institution, because its transactions flow through a traditional banking platform, even a small fintech must implement a sound regulatory compliance program appropriate to its business. When coming up with a KYC compliance process strategy, fintechs need to balance the need to limit risk with the need to approve customers. You don’t want to miss out on law-abiding customers simply because they lack certain documentation, or they don’t have time for an exhaustive process. As an emerging fintech, your KYC policy will often be guided at least in part by your bank partners’ respective risk appetite. However, it is prudent to organize your own strategy around KYC that balances risk mitigation while creating equal access to financial products.

Customer Verification Process - KYC Process Steps

As part of the requisite KYC process, banks typically request pieces of identifying information including but not limited to full name, residential address, past addresses, place of work, driver’s license, U.S. passport, social security number, resident alien card, international passport, military identification, or other state-issued identification. Banks will ask for multiple pieces of identifying information to confirm someone’s identity before opening their account. Under the plain language of the Patriot Act, banks and other financial institutions can use documentary and non-documentary means to confirm identity. Most banks have established processes of collecting minimum requirements to open depository accounts.

Traditional banks tend to have slower, more nuanced KYC compliance processes. They often have multiple departments that need to review and approve KYC information received. Bank processes may also require applicants to fill out paper documents, or bring paper documents to a physical bank branch. It is not uncommon for an application to be pending for over two weeks before bank approval.

Banks have also historically rejected certain types of identification, such as resident alien cards and international passports because an international customer base is often associated with a higher risk profile. This phenomenon has inevitably created barriers for certain individuals and entities to highly needed financial products like a bank account, creating a rising category of unbanked or under-banked consumers. By offering simpler and more digitized processes for opening accounts, fintechs have the unique ability to collaborate with bank partners to create greater access to financial products like a bank account and simplify the process.  

What does KYC mean for fintechs?

The key for fintechs is balancing the need to limit risk with the need to be accessible to prospective customers. This comes down to asking for the right things, in the right way.

Fintechs already have more accessible processes than many traditional banks just by offering fully digitized products. If your customers can open accounts from their phone without having to head into a bank, you have made their lives easier.

By accepting a more representative sample of documentary forms of identification, you can make your service even more accessible. Prior to determining your KYC process, perform the following steps:

  1. Study the risk profile of your user base and the risks associated with your product offering.  
  2. Determine what forms of identification would be acceptable and reasonable for your customer base to present while also adhering to the bank’s regulatory requirements. For example, in particular instances, it might be reasonable for your end-user to demonstrate proof of identity through an international passport or a TIN (Tax ID Number). Transparent and frequent conversations with your bank partner in designing your KYC strategy will contribute to your goal of increasing access while invoking a strategic risk-based approach.  

Working with the right banking as a service (BaaS) partner will give you options to tailor your KYC process to your customer base. Treasury Prime’s API has a “person” resource that lets you select from a wide range of fields to ask customers for any combination of appropriate identifying information. It’s important to work with a BaaS provider that is knowledgeable about KYC and related regulations.

In addition to satisfying regulatory requirements, a robust KYC program will inevitably lead to more sound business practices by limiting fraud through your platform. To that end, you will also want to use expert fraud and identity products that can accurately detect whether an applicant is legitimate. With applicant permission, you may also want to use mobile-device specific information such as facial recognition, phone usage patterns, and geolocation. This information can both help you verify identity during the KYC process and help you ensure users are who they claim to be when they log back in.

While BaaS partners and third-party products make KYC easier, fintechs still need to be involved with developing their KYC process, as it is a critical step in customer acquisition. You need to make sure you have a process that works for your target audience that is appropriate for the risk your customers and products may pose. And as your company grows and attracts more regulatory scrutiny, you will want to understand all parts of your KYC process in case you need to alter it to adapt to new risks.

The future of KYC

Not being confined by legacy systems, fintechs tend to be more nimble than banks. As a result, fintechs are positioned to unlock innovative approaches to regulatory requirements like KYC while enhancing user experience and creating greater access to the financial services ecosystem as a whole. As discussed above, the synergies between KYC and fraud mitigation present an even more compelling reason for fintechs to understand and be involved in designing its processes.  

In addition to making the KYC process fully digital and accepting more forms of identification that still satisfy the regulatory requirements, fintechs can try out alternative forms of identity confirmation such as video KYC. They can also use artificial intelligence tools to detect suspicious user behaviors.

Ultimately, KYC is all about achieving a delicate balance of verifying customer identity while not propagating clunky processes that prevent access to financial services. From a customer acquisition perspective, it is about building something that limits your risk while still serving your customer base. From a technical perspective, it’s about working with partners who have expertise in KYC and compliance, without sacrificing visibility or control over your product. As your company grows larger, you may need to tweak the process to accommodate changes in your risk profile.

Treasury Prime’s API includes highly customizable KYC checks using Middesk, Alloy, LexisNexis, or your KYC provider of choice. We provide as much guidance as you need while ensuring the process stays entirely under your command.


Want to learn more about our process? View our API reference or play around with our Developer Sandbox. Think Treasury Prime might be the BaaS provider you’ve been looking for? Contact us here.

← Back to blog