KYC- Necessity , Privacy theft, hack

KYC, as we know, stands for “Know Your Customer”. It refers to the steps taken by a financial institution (or business) to establish customer identity, understand the nature of the customer’s activities (primary goal is to satisfy that the source of the customer’s funds is legitimate), assess money laundering risks associated with that customer for purposes of monitoring the customer’s activities.

Although the phrase “know your customer” may seem insignificant to most people, it has a very important meaning in the business world. The process of knowing your customer, otherwise referred to as KYC, is what businesses do in order to verify the identity of their clients either before or during the time that they start doing business with them.

Banks and companies of all sizes have become big supporters of KYC. It is increasingly common for banking institutions, credit companies, and insurance agencies to require that their customers provide them with detailed information in order to ensure that they are not involved with corruption, bribery, or money laundering.

Many financial institutions begin their KYC procedures by simply collecting basic data and information about their customers, ideally using electronic identity verification. Pieces of information such as names, Citizenship Number, birthdays, and addresses can be very useful when determining whether or not an individual is involved in a financial crime.

Once this basic data is collected, banks generally compare it to lists of individuals that are known for corruption, on a list of sanctions, suspected of being involved with a crime, or at a high risk of partaking in bribery or money laundering.

From there, the bank then quantifies how much of a risk their client appears to be and how likely they are to become involved in corrupt or illegal activity. Once this calculation has been made, the bank can make a theoretical outline of what that client’s account should look like in the near future (mainly through self declaration of Annual Expected Turnover, Expected number and sum of Monthly transaction). Once the expected trajectory of the account is in place, the bank can then consistently monitor the client’s account activity and make sure that nothing appears to be out of place or suspicious.

Doing this for one individual also enables financial institutions to compare that client’s profile to those of his or her peers. If a bank has two clients that have very similar occupations and backgrounds, and they are known for interacting in their respective field, it is assumed that their accounts will look rather similar.

In context to our Nepalese Banking System, generally, we common people go to our desired bank branch with our citizenship and its copies, photos, water or electricity bill for address proof as a basic KYC for opening a bank account.

The loophole here at the first step (that we have practically seen in our nearest branch!!) is the very liberal approach of the immediate junior level staffs of the banks who, without hesitating for a second, fill up the remaining blanks especially the points like Income expected (simply ticking the lowest limits!!), Introducer, expected number of transaction and limits in the KYC forms which the clients of various diversified backgrounds are unable to fill up, just to grab a prospective customer and business for his /her bank branch.

The Customer is happy with the immediate bank account number he receives and thanks the branch for the fastest service without giving any importance to the data filled up by the bank personnel. Then the transaction begins and banking goes smoothly until a year.

However, the renewal date or whenever bank wishes to publish a circular for KYC Updation, arrives. Then the customer is asked, based upon the Account Statement of the same account he/she opened, regarding the limits and transactions. “Sir, as per your KYC, it was Rs. 10 lakhs annual expected transactions with monthly just 3-4 number of expected transactions, but your account shows transactions amounting to Rs.25-30 lakhs with frequency of 10-12 monthly transactions. Please explain.” Then, the customer account gets dormant and is again asked for KYC with new recent Photo!!! And this time with financial records and reports.

So, here arises, the question, why isn’t banking rules and basic KYC guidelines strictly applied at the very beginning and not just at renewal dates???? Why is obtaining businesses and deposits (especially during quarter ends for being shown in quarterly Reports!!!) is very crucial????

“One person, one bank account” – an idea for increasing banking reach to all people in the country is also being misused and used as a publicity stunt of the banks in today’s so called cut throat competition for banks. Banks are seen hiring temporary staffs (as if they are hiring some part time worker for gardening!!) without adequate background checks and sending them door to door for opening bank accounts along with the targets!!

We, general people too are handing over our privacy to these people at our homes itself without visiting the branch. And the result of it is the fraud that has been in the news since few days- Group of people with around 5-7 sacks filled with KYCs of hundreds of people and lakhs of unauthorized withdrawals due to such data theft.

We, general customers,  need to seriously move forward and start learning to use digital banking methods, get SMS alert services activated (paying Rs. 250 annually  is far more better than getting account Nil by hack!!) , get e-banking, mobile banking.

As for the banks, Government is right to force banks to invest in Information Technology- strong, secure, fast, recent and updated so as to prevent huge loss from cyber hacks, ATM hacks (recent Chinese hack). So banks need to seriously consider that. Also, the internal control system for the banking software, time lock for login by banking authorities and staffs beyond banking time period needs to be looked into.

KYC data protection should be given top most priority more than ever now both in paper and after entering into the system.ie. Protection of both KYC forms and digital records from potential breach.

Few months ago, there were news of establishing a central KYC System that shall serve to all places requiring KYC be it banks and financial institutions, broker houses, Government offices.etc. this way the data remains at a single secured platform without compromising the requirement of the other institutions as well as the privacy of the customer.

However, the best way would be the data remains with the owner himself/herself.i.e. Biometrics- the future of KYC now. With a recent rise in identity fraud, correctly verifying the identity of an individual is critical to increasing security and reducing crimes. Biometrics are seen as new weapons against such crimes. With the use of biometric technologies, organizations such as banks are making KYC (Know Your Customer) procedures for customers even more efficient and easy to use. KYC processes are used by these firms to collect and authenticate the identity of their customers to prove their eligibility to access services.

Biometrics in banking and financial services helps to shorten transaction time for customers. These systems verify customers quickly and accurately within seconds. All we have to do is just touch the fingerprint sensor and the system gets us authenticated within seconds.

One of the key driver of using Biometric identification for KYC management is that it inculcates a higher degree of security than manual KYC processes such as passwords, e-mail addresses or PINs which can be hacked using many social engineering techniques and the personal information shared on social media. Forgotten, shared or lost passwords can mitigate security is they come in the hands of fraudsters.

The biometric systems also makes customer authentication in branches and other channels less tedious as they need little or no documentation to transact.

Identifying customers by taking fingerprints and capturing webcam photographs notifies branch staff about the identity of the person who has arrived and can readily have that customer’s information in front of them. Biometric systems also reduce paper consumption costs and time to maintain documentation as all the information would be electronically stored. This saves staff time and increases process efficiency.

Other branch staffs can use biometrics such as fingerprint or voice recognition to log into a system. This enhances security by preventing the use of shared credentials.

So as to conclude, we as a general customer need to be updated with our banking activities in real time and learn to use digital banking as there is no better option in today’s scenario, regularly verify the statements, be careful while sharing our KYC be it at banks, brokers etc. or even at a mobile store for a new SIM card!! And for banks , they need to seriously consider Biometrics, providing digital banking at affordable costs, spreading awareness regarding digital banking while opening bank accounts, adopting strong, secured and updated banking softwares so as to prevent future financial disaster through hacks, breach or thefts of data and money.

CA Ayush Khetan

ayushkhetan2007@gmail.com