If you have read our previous articles, you understand how Know Your Customer (KYC) regulations for FinTechs work in different parts of the world, such as Europe & Latam. Now it’s time to go a little bit more in-depth to make sense of how these operate in the USA. For starters, the U.S. is home to the majority of FinTechs in the world. The continued economic growth in the U.S. has attracted capital and investment in the FinTech sector, and historically, it is known to have a strict regulatory environment for FinTech businesses and investments (see our article KYC & AML For Dummies to understand the basis of KYC as a concept).
But before we go into how these regulations work, let’s look at how they began.
Here’s a quick U.S. history lesson for you: in the 1950s, the first modern KYC regulation was passed. It included a list of rules that financial institutions must comply with to remain insured by the Federal Deposit Insurance Corporation (FDIC) which is a type of insurance all banks that store customer’s money must have to avoid tax evasion. This formed the very foundation of modern KYC laws. In the 1960s, Anti-Money-Laundering regulations arrived on the scene and were tied with KYC regulations from the 1950s. In the 1980s and 1990s, Pablo Escobar was being all too successful smuggling cocaine into the U.S., fuelling the ‘crack epidemic’ and draining a chunk of the country’s wealth into Colombia. The Money Laundering Control Act, The Anti-Drug Abuse Act, and the Financial Crimes Enforcement Network (FinCEN) came into effect in the U.S. as part of the effort to fight these Escobar-like, increasingly sophisticated money laundering schemes and structures. Throughout this time, KYC regulations were really just aimed at preventing money laundering and tax evasion stemming from drug trafficking and smuggling, but all that changed in 2001. Following the events of 9/11, the U.S. federal government passed the U.S Patriot Act, in which combating terrorism financing was added to the scope of the regulations as one of its primary missions, making KYC a global concept. Still with us? Alright, let’s take it a step further and break down these regulations.
FinTechs in the US: A regulatory framework ruled by the U.S. Patriot Act 🇺🇸
The U.S. Patriot Act of 2001 introduced KYC regulations after 9/11 and made KYC mandatory for all banks in the United States. The Patriot Act first defined KYC requirements and led to the development of a version that most countries apply today. It also requires financial institutions to comply with tougher AML and KYC, including the Customer Identification Program (CIP) Customer Due Diligence (CDD), as well as Enhanced Due Diligence (EDD), for the collection of additional CDD information about a customer. Typically, you’d conduct EDD for higher-risk customers to get a better understanding of their business activity.
- Focus on CIP: The Customer Identification Program (CIP) was introduced to combat money laundering, terrorism funding, corruption, and other illegal activities. Its main goal is to verify that your customers are who they say they are. It requires that any person handling financial transactions verifies themself. Financial institutions such as FinTechs use CIP to identify individuals that want to conduct transactions with them.
- Focus on CDD: The Patriot Act requires banks or businesses to file reports of suspicious activity when they notice unusual or illegal behaviors. But without knowing its customers, companies are not able to meet these criteria. To achieve KYC compliance in the U.S., you may need CDD. It is a component of risk management and the protection of your company. When you implement CDD, you must monitor and understand your customers’ activities. Then, you can use the information you find to evaluate how risky they are for your business.
That’s a lot to digest, right? Well, bad news… there’s more!
Let’s not forget, the Bank Secrecy Act (BSA) which requires banks and financial institutions to file 5 types of reports with the Financial Crimes Enforcement Network and the Treasury Department, the American authorities regulating AML policies for all financial institutions:
- Suspicious Activity Reports (SAR) for suspicious cash transactions.
- Foreign Bank Account Report (FBAR) for any U.S. citizen or resident that owns at least $10,000 in a foreign bank account.
- Currency and Monetary Instrument Report (CMIR) to report a person or institution that physically transports monetary instruments (cashier’s checks, traveler’s checks, and money orders) of $10,000 or more into or outside of the U.S.
- Currency Transaction Report (CTR) for cash transactions that exceed $10,000 in one business day.
- Monetary Instrument Log (MIL) for banks to keep a record of all cash purchases (e.g., money orders, cashier’s checks, traveler’s checks) for $3,000 and $10,000.
Remember we talked about the FinCEN during our history lesson? Here’s some more:
As of 2016, the new FinCEN rule requires all banks and financial institutions to collect basic data such as name, date of birth, address, and Social Security number of people who own 25% or more of an equity interest in a legal entity.
Phew, that’s definitely a lot of entities and regulations 😰
However, take comfort in the fact that regulations can be made pretty easy to follow with the right solutions in place, given KYC processes are very similar for any business:
- First, you need to make sure you can verify a customer’s identity (preferably through an electronic Identity Verification Service);
- Second, prove that you’re managing the risk factors;
- And third, that you’re able to monitor their accounts in order to create risk profiles and report activity that falls outside of “regular” use.
As you can see, KYC compliance for FinTechs is no different than for other financial institutions in the U.S. And even if the number of stakeholders or regulators here can be a bit scary, let’s not forget that KYC is not only a way to comply but also to protect your business. Right now, due to the COVID-19 pandemic, institutions like banks are feeling the full force of expensive verification procedures and staffing, slow onboarding, and poor KYC accuracy. But since KYC/AML compliance is a must, it might be the right time to implement a modern and automated solution that will enable the customer onboarding process and stay regulatory compliant. Not sure where to start? Our KYC consultants can guide you through this.