What Is Know Your Customer (KYC) Software?

Mike Engle

KYC software can provide vital reassurance to many financial institutions that their customers aren’t laundering money through their organization.

What is KYC software? Know your customer software is used to help banks verify their customers, employees, users, etc., via biometric scans, ID checks, and other advanced authentication processes. This verification helps to prevent potential financial fraud from occurring.

What Is Know Your Customer in Banking?

KYC is an approach to customer identification that provides additional security and identification steps when a customer opens a bank account and periodically during their time as a customer. A KYC model includes understanding a client’s identity, risk profile, and suitability for financial or business relationships in more general business interactions.

KYC is closely related to anti-money laundering and anti-bribery compliance efforts as well as typical due diligence practices. Essentially, this process is intended to help banks ensure that they can prevent insider threats or rogue elements in their company from using organizational assets for money laundering or fraud.

Most know-your-customer policies include four elements:

  • Customer Acceptance Policies: These policies include any rules, guidelines, and objectives that an organization uses to govern how they assess and accept customers and clients.
  • Customer Identification Procedures: These procedures include the compliant identification practices and procedures for onboarding clients and customers, such as screening and background checks.
  • Transaction Monitoring: Banks should always have a way to trace transactions. Under KYC, they will dedicate resources to manage customer profiles related to their transaction behaviors and the legitimacy of those transactions.
  • Risk Management: Risk management is a complex discipline, but in essence, the bank understands customers based on potential risks, particularly in how they may negatively impact the organization through poor security or fraud potential. For example, a customer with a heavy debt load or a problematic background could be susceptible to blackmail or bribes and thus pose a potential threat to the bank.

Identification and risk management approaches are critical to proper KYC. The Financial Crimes Enforcement Network implemented new requirements for banks. As of 2016, all banks were expected to collect the names, birth dates, addresses, and Social Security numbers of anyone with 25% or more equity in a customer corporation.

Additionally, many banks have turned to more advanced authentication processes outside of this information, including identity proofing through select documents and liveness tests during authentication processes.

How Does KYC Relate to the U.S. Patriot Act?

Following the attacks of Sep. 11, 2001, and the subsequent creation of the Department of Homeland Security, there came a push to address issues of money laundering in the U.S. banking system (many terrorist groups were known to funnel money into the United States through fraud and bribery).

The passing of the Patriot Act led to strict financial regulations around banking and fraud. Governed by the DHS and other U.S. agencies, KYC moved from best practices to regulatory requirements. Financial compliance also included new requirements for know-your-customer processes.

One of the critical parts of compliance is adherence with the Customer Identification Program. The CIP requires that financial institutions identify any individuals with whom they will conduct transactions. More specifically, the financial institution must do the following:

  • Implement processes to reasonably ascertain the true identity of a customer.
  • Conduct risk assessments of their customer base and services.
  • Develop opening account procedures that include risk assessment and the types of identifying information that the bank will collect.

KYC is at the heart of financial compliance under the Patriot Act.

What Should I Look for in KYC Software?

Fortunately, KYC is a predictable process that can be built into compliance software to help a financial institution manage their verification and auditing practices. Good software can help you maintain compliance with financial regulations while effectively vetting your customers.

Some features to look for in a KYC software solution include the following:

  • Expansive Document Processing: A solid software platform should be able to utilize hundreds, perhaps thousands, of unique documents for identification. This capability should include the ability to process ID documents from countries worldwide.  There will be nuances in how identity data is verified depending on the document type and the country.  For example, in the United States drivers licenses can be verified through the AAMVA organization, and in other countries they may have a “License Bureau”.
  • Identity Proofing and Liveness Testing: Your platform should have advanced authentication or readily integrate with authentication services. This includes advanced biometrics, liveness testing, and identity proofing through official documents, ideally compliant with IAL2 standards.  In addition, the biometric should be certified to prevent “Identity Decisioning Bias” and presentation attack detection (PAD).
  • Reverse Lookups: Background checks are a critical part of compliance, and your solution should include features like reverse phone lookups, reverse email assessments, and digital identity assessments for user data.
  • Risk Assessment and Scoring: Risk profiles are a huge part of know-your-customer compliance. A platform supporting your KYC efforts should provide tools to create risk metrics, standards, assessments, and rankings for your customers and across your products and services.
  • Blockchain Support: Expanding applications for blockchain ledgers is innovating identity management and authentication. Furthermore, blockchain-ready software can help perform KYC processes for cryptocurrency transactions alongside traditional ones.

Support Advanced KYC and Authentication with 1Kosmos

KYC can be a complex regulatory requirement. Having the process built into identity management and verification can streamline your security, compliance, and customer care policies and save your organization time and money.

1Kosmos BlockID has certified to NIST800-63-3 Digital Identity guidelines for enrollment and identity proofing and supports compliance with IAL2 and KYC government requirements. BlockID also comes with several critical identity and access management features:

  • Identity Proofing: BlockID includes Identity Assurance Level 2 (NIST 800-63A IAL2), detects fraudulent or duplicate identities, and establishes or reestablishes credential verification.
  • Identity-Based Authentication Orchestration: We push biometrics and authentication into a new “who you are” paradigm. BlockID uses biometrics to identify individuals, not devices, through identity credential triangulation and validation.
  • Integration with Secure MFA: BlockID readily integrates with a standard-based API to operating systems, applications, and MFA infrastructure at AAL2. BlockID is also FIDO2 certified, protecting against attacks that attempt to circumvent multi-factor authentication.
  • Cloud-Native Architecture: Flexible and scalable cloud architecture makes it simple to build applications using our standard API, including private blockchains.
  • Privacy by Design: 1Kosmos protects personally identifiable information in a private blockchain and encrypts digital identities in secure enclaves only accessible through advanced biometric verification.

To learn about 1Kosmos KYC and security, read our whitepaper on how to Go Beyond Passwordless Solutions. Make sure to sign up for our email newsletter to learn more about how 1Komos supports security and compliance for financial institutions.

FIDO2 Authentication with 1Kosmos
Read More
Meet the Author

Mike Engle

Co-Founder and CSO

Mike is a proven information technology executive, company builder, and entrepreneur. He is an expert in information security, business development, authentication, biometric authentication, and product design/development. His career includes the head of information security at Lehman Brothers and co-founder of Bastille Networks.