Know Your Client (KYC) in Banking: An Overview

KYC means Know Your Client or Know Your Customer and refers to an industry standard that requires advisors in the investment and financial services industry to verify client identities, investment knowledge, and financial situations before providing investment advice or opening an account. Banks can refuse to open an account for anyone who fails to meet KYC checks.

KYC regulations stem from a history of unchecked financial crimes. The first set of guidelines was enacted in 1970 with the U.S. Bank Secrecy Act (BSA), a law designed to deter money laundering. They were then enhanced following the terrorist attacks on Sept. 11, 2001, when Congress passed the USA PATRIOT Act to enhance KYC regulation to safeguard financial institutions from terrorism and money laundering threats. Additional modifications to the KYC requirements were adopted after the 2008 global financial crisis.

There are three major components of KYC:

• Customer Identification Program (CIP): Section 326 of the USA Patriot Act requires banks and other financial institutions to have a CIP. CIP forms the bedrock of KYC procedures. The primary purpose of the CIP is to establish the identity of a customer. This involves collecting and verifying essential information such as the customer’s full name, address, date of birth, and identification documents. The CIP is a crucial step in preventing fraud, money laundering, and other financial crimes.
• Customer Due Diligence (CDD): Established by the BSA, CDD takes KYC a step further by delving deeper into a customer’s profile. This includes gathering comprehensive information about their financial history, such as their source of wealth, employment details, beneficial ownership, and investment objectives.CDD enables financial institutions to assess the risk associated with a particular customer and tailor their services accordingly. It allows for a more nuanced understanding of the customer’s needs and risk tolerance.
• Enhanced Due Diligence (EDD): EDD is implemented when a customer is deemed to pose an elevated risk. This heightened scrutiny is necessary for individuals and entities considered to pose a higher risk of financial crime. Examples of such individuals include Politically Exposed Persons (PEPs) and those operating in high-risk jurisdictions.EDD involves more rigorous checks, such as background checks, source of wealth and funds check, and continuous monitoring. The goal is to identify heightened risks associated with these individuals, implement controls to mitigate those risks, and ensure compliance with regulatory requirements.

There are other forms of KYC, such as Know Your Business (KYB), which is a set of practices to verify a business, and eKYC, which sets out to identify a customer’s identity using the internet and other government or passport database retrieval methods.

Know Your Customer (KYC) requirements are not uniform across the financial landscape. They are tailored to the specific risks associated with the type of financial institution and the individual customer.

For instance, a Money Services Business (MSB) processing high volumes of international wire transfers is inherently exposed to a greater risk of money laundering and terrorist financing compared to a local community bank primarily serving retail customers. Consequently, MSBs face more stringent KYC obligations, including enhanced due diligence and transaction monitoring.

Other financial institutions subject to KYC regulations include investment banks, which deal with complex financial instruments and high-net-worth clients; brokerage firms, which facilitate securities trading; credit unions, serving member-based communities; and insurance companies, managing substantial funds through premiums and claims.

The regulatory foundation for KYC and related Anti-Money Laundering (AML) efforts is built upon several key legal and regulatory frameworks:

• Bank Secrecy Act (BSA): BSA is the cornerstone legislation, which mandates that financial institutions maintain detailed records of transactions and report suspicious activities to the Financial Crimes Enforcement Network (FinCEN).The BSA is a critical tool for law enforcement in investigating and prosecuting financial crimes such as money laundering, terrorist financing, and tax evasion. It requires institutions to file Currency Transaction Reports (CTRs) for cash transactions exceeding $10,000 and Suspicious Activity Reports (SARs) for any potentially illicit activity.The BSA, through the USA Patriot Act, also mandates Customer Identification Programs (CIPs) which are a vital part of KYC.
• FINRA Rule 2090 (Know Your Customer): In the context of broker-dealers, FINRA Rule 2090 requires registered firms to gather and maintain comprehensive customer information. This includes understanding the customer’s investment objectives, financial situation, and risk tolerance.Furthermore, it necessitates identifying any individuals authorized to act on the customer’s behalf. The overarching goal is to ensure that all recommendations and advice provided are suitable and aligned with the customer’s specific circumstances.
• FINRA Rule 2111 (Suitability): Complementing Rule 2090, FINRA Rule 2111 mandates that broker-dealer recommendations are suitable for the individual customer. This requires a thorough assessment of the customer’s investment objectives, financial status, and risk tolerance. Like Rule 2090, Rule 2111 necessitates meticulous documentation of the suitability determination, ensuring transparency and accountability.
• 31 CFR Part 1023: This is the section of the Code of Federal Regulations that specifically addresses Anti-Money Laundering Regulations for Brokers or Dealers in Securities. It is vital to know that this regulation is what implements the BSA for broker dealers.

These regulations collectively aim to protect the integrity of the financial system by preventing its use for illicit purposes. Effective KYC practices are essential for financial institutions to comply with these regulations and mitigate the risks associated with financial crime.

The decentralized and anonymous nature of many cryptocurrencies are key feature for many but also makes it easier for criminals to launder money. To combat this, regulators are looking at ways to bring KYC rules to the crypto world.

Even though it’s not always mandatory, many crypto platforms are already starting to do KYC checks, just like traditional banks. And most cryptocurrency platforms are considered MSB’s, and these types of entities require customer identification and tight recordkeeping. Nevertheless, significant gaps exist in the AML and KYC requirements of many cryptocurrency platforms.

KYC is an important process for businesses to safeguard their operations, protect their customers, and comply with legal and regulatory requirements. Institutions who fail to meet the BSA’s or FinCEN’s AML, KYC, or recordkeeping requirements may face consequences, including:

• Civil Penalties: Massive financial penalties can be imposed for violations of AML regulations.
• Criminal Charges: In severe cases, individuals and institutions can face criminal charges, including imprisonment.
• Reputational Damage: Non-compliance can severely damage an institution’s reputation, leading to loss of customer trust and business.
• Regulatory Action: FinCEN and other regulatory agencies can take enforcement actions, such as cease-and-desist orders, license suspensions, or revoking operating licenses.
• Increased Scrutiny: Non-compliance can lead to increased scrutiny and heightened regulatory oversight, which can be costly and burdensome for the institution.

Whistleblowers who know of a financial institution in violation of FinCEN’s AML requirements can file report anonymously to report their concerns under FinCEN’s whistleblower program and potentially receive an award and protection from adverse action like retaliation.

Key benefits of this program include the following:

• Whistleblower Awards: Whistleblowers are eligible to receive an award between 10% and 30% of the sanctions imposed by FinCEN if their original information leads to a successful enforcement action involving monetary sanctions in excess of $1 million.
• Anonymity: Whistleblowers are eligible to report their concerns anonymously, but it must be done with the assistance of a U.S-based attorney.
• Anti–Retaliation: An employer may not terminate, demote, harasses, or otherwise take consequential action against a whistleblower for blowing the whistle. Whistleblowers who are subject to retaliation may be eligible for reinstatement, back pay, and other damages.
• Open to Non-U.S. Citizens: The AML program extends to international whistleblowers who report voluntarily, as well as U.S. persons.

A large range of individuals may become eligible for an award, including the following:

• Bank Employees: Tellers, loan officers, compliance officers, and other personnel who suspect illegal activity.
• Former Employees: Individuals who have left a financial institution but have knowledge of ongoing misconduct.
• Customers and Clients: Individuals who have firsthand knowledge of suspicious activity.
• Third-Party Vendors and Contractors: Individuals who work with financial institutions and have access to sensitive information.

If the violation involves securities or commodities, whistleblowers can submit a tip to the SEC or CFTC as well, both of which have their own whistleblower award programs.

Again, depending on the nature of the tip or complaint, it is possible for a whistleblower to file under more than one of these laws simultaneously.

If you know of a KYC violation, we suggest getting in touch with one of our attorneys for a free and confidential case evaluation.

Bitcoin Mixer (Larry Dean Harmon)

On October 19, 2020, the Financial Crimes Enforcement Network (FinCEN) imposed a $60 million civil penalty on Larry Dean Harmon, the operator of cryptocurrency “mixers” Helix and Coin Ninja, for violating anti-money laundering laws. Harmon operated these services, which are designed to obscure the origin of cryptocurrency transactions, without registering with FinCEN and failing to comply with other anti-money laundering requirements.

Harmon’s businesses facilitated transactions for criminals involved in drug trafficking, counterfeiting, and fraud. FinCEN’s investigation revealed that Harmon deliberately avoided collecting customer information and actively deleted records, hindering efforts to track and prevent illegal activity. This action underscores the importance of compliance with anti-money laundering regulations, even in the evolving cryptocurrency space.

If you know of a financial institution that has violated or is violating the AML or KYC requirements, look no farther than Kohn, Kohn & Colapinto. Our firm has over 35 years of experience representing high-profile whistleblowers.

In 2022, our team spearheaded a grassroots campaign that advocated for the adoption of the Anti-Money Laundering Improvement Act, which protects and incentivizes whistleblowers who report sensitive information about Russian oligarchs, sanctions violations and criminal financial operations.

Our Cases

Our cases include representing Bradley Birkenfeld, an international banker and wealth manager at UBS Bank in Switzerland, who blew the whistle on a massive tax evasion scheme under the IRS whistleblower program, which forced UBS to pay a fine of $780 million and turn over the names of over 4,450 U.S. taxpayers. Birkenfeld was awarded $104 million for his information.

Our team also represents Howard Wilkinson, a former employee of Danske Bank manager who confidentially raised concerns over a $234 billion money laundering scheme that moved rubles out of Russian, converted them to dollars in Estonia, then moved them to New York with help from Bank of America, J.P. Morgan, and Deutsche Bank.

Our Expertise

Our Securities and Commodities Group is led by former SEC Commissioner Allison Herren Lee, and former Senior Counsel in the SEC’s Division of Enforcement, Andrew Feller. The group also includes world-renowned attorney and founding partner, Stephen M. Kohn, who was lead attorney on the two cases mentioned above.

Get In Touch

If you’d like to report AML or KYC related violations, get in touch with our firm today for a confidential consultation. We work on a contingency fee basis, ensuring you pay nothing unless we secure a successful outcome for your case.