KYC Documentation Guide for KYC Analysts

This article serves as a guide for KYC Analysts when handling KYC documents by discussing the process of extracting useful information from KYC documents. Let us begin with understanding the meaning of KYC. Know Your Customer (KYC) is an important component of the Customer Due Diligence (CDD) process. The Anti-Money Laundering (AML), Combatting the Financing of Terrorism (CFT), and Counter-Proliferation Financing (CPF) obligations. The Regulatory regime of the UAE obligates regulated entities to conduct KYC to identify their customer and verify their identity. For this purpose, regulated entities collect KYC documents to establish the identity of their customers and validate the same from reliable, independent sources.

What is KYC?

KYC, which is Know Your Customer, is a systematic process that is used by business entities to verify the identity of their potential customers, and Re-KYC is the process of periodically updating and refreshing the KYC details of existing customers. Verifying customers’ identities ensures that they are the ones they claim to be and the information contained in the identity document is valid, accurate, and relevant.

What is a KYC Analyst?

A KYC Analyst is the person responsible for carrying out the KYC process in a regulated entity. While performing the KYC process, the KYC Analyst has to ensure compliance with the AML regulations. The KYC Analyst helps regulated entities, such as Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Assets Service Providers (VASPs), counter financial crime risk by verifying the identity of their potential customer. They weed out suspicious individuals or entities and assist the AML Compliance Officer with timely identification, escalation, and reporting of suspicious activities and transactions. The KYC Analyst is responsible for conducting the KYC process and ensuring compliance with the customer onboarding guidelines that are prescribed within the regulated entity’s AML/CFT/CPF Policies and Procedures.

Guiding KYC Analyst with KYC Documentation through the Customer Onboarding Process

KYC Analysts play a pivotal role in handling KYC documentation and extracting useful information from KYC documents. This can be done after collecting identity documents from the customer and verifying the validity and authenticity of the ID document, followed by verifying the extracted information across valid and reliable independent sources or validation gateways to verify the identity of the customer.

Conducting KYC is important for regulated entities as it protects the business from being misused as a vehicle for conducting illegal financial transactions by identifying customers with criminal intentions. It also helps in ensuring compliance with Anti-Money Laundering (AML), Combatting the Financing of Terrorism (CFT), and Counter-Proliferation Financing (CPF) laws and regulations.

Key Responsibilities of KYC Analyst

Here are some key responsibilities of KYC Analyst that help guide with KYC documentation management:

Customer Due Diligence (CDD):

CDD is the procedure by which the KYC Analyst satisfies himself if the information obtained from the customer is sufficient to establish a profile of the customer.

Let us discuss the key information that the KYC Analyst must collect as a part of his customer due diligence process:

Full name and aliases
Identification Document Number
Official Address Detail
Date of Birth or Place of Incorporation
Current Nationality
Details as to persons associated (UBOs in case of corporate entity)

In this process, he identifies and assesses risks associated with a customer and determines if additional documents are required to complete the due diligence. After collecting the basic information, the KYC Analyst provides that information to the screening analyst for sanctions screening. The screening analyst then provides findings and comments regarding the screening, adverse media, and Politically Exposed Persons (PEP) checks. The Risk Analyst gives the risk rating based on the findings and comments of the Screening Analyst. There are 3 types of CDD measures that are undertaken based on the risk-based approach adopted by the reporting entity. These are Simplified Due Diligence, Standard Due Diligence, and Enhanced Due Diligence.

Customer Onboarding:

The KYC Analyst helps in customer onboarding by becoming a link between the compliance team and the customer. He communicates with the customer if there are additional requirements, if any, and finally helps onboard the customer.

Regular Monitoring:

The other responsibility of KYC analysts is to monitor customers’ information regularly and keep it updated all the time. There can be changes at the customer end after the initial onboarding. Say, change in the structure of the company, expiry of trade licenses, etc. The KYC Analyst communicates with the customer and keeps this information updated.

Documentation and Reporting:

The KYC Analyst is responsible for maintaining and recording the documents related to the CDD process. These documents include customer verification processes, risk assessments, monitoring activities, etc.

Documents to be Collected for KYC of Individual Customers

KYC documents are required for identity verification and address verification. Here are the KYC documents required for individual customers.

For the Customer Identity verification: Emirates ID/Passport/Driving License/Any other government-issued document having a photograph

For the Customer’s address verification: Utility Bill (not older than 3 months)/Municipal Tax Record/Property Purchase or Rent Agreement/Bank Statement/Insurance Policy/Any other Government document capturing address.

Role of KYC Analyst in KYC Document Management by Extracting Useful Information from an Individual Customer's KYC Documents & its Validation

What should a KYC Analyst look for in Key KYC Documents?

When extracting and interpreting useful information from KYC documents, the KYC Analyst must consider the following:

Passports and Identity Documents:

Validate Authenticity and Expiry Dates: The passport and identity documents should be checked carefully to see whether they are authentic or not. It can be checked by comparing the attributes of the document as mentioned on the applicable government websites. Moreover, the expiration date of a document is important to check, as expired documents cannot be used in the normal course of business.
Cross-Check Personal Details Against Other Provided Documents: The personal details of clients, like name, date of birth, etc, should match the other provided documents. This information is not likely to change, so it should be matched with the details provided in some other documents.
Examine Security Features to Detect Forgeries: Forgery is an act of falsifying information or a document with the intention of defrauding the other person. The security feature of the KYC document must be checked to detect forgeries, which will help in curbing instances of fraud. For instance, security features in identity documents include holograms, specially made intricate designs, the embedding of electronic chips containing biometric information, and the use of Public Key Infrastructure (PKI) to prevent misuse or forgery of identification documents. The examination of security features can help detect false information, thereby making the KYC Analyst aware of forged documents or information.

Memorandum and Articles of Association (MOA and AOA):

Verify the Company’s Purpose and Business Activities: MOA and AOA provide the complete information about a company. With the help of MOA and AOA, the name, address, purpose, and work of any business can be understood. It even verifies that the business is legally registered. Before proceeding with a corporate customer, the KYC Analyst must verify the corporate customer’s MOA and AOA.
Confirm Authorised Share Capital and Shareholding Structure: It is also important to be aware of the company’s share capital and shareholding structure. It provides information regarding the distribution of power, decision-making authority, etc. This also throws light on the ultimate beneficial owner (UBO) of the corporate entity.
Assess Provisions Related to the Appointment of Directors and Decision-Making Processes: The provisions related to the appointment of directors and decision-making processes provide a brief understanding of the company. Knowing a company’s policy and procedures will help in making informed decisions as to whether the customer is authentic or not.

Trade License:

Ensure Validity and Authenticity: A Trade license is an important document as it provides information about the legal registration of a company. The document needs to be valid and authentic, as this will help determine whether a customer is genuine and whether an entity can proceed further with the customer. The validity and authenticity of a trade license reduce the chances of any fraud by the customer. The trade license helps identify the type of business activity the customer conducts and compares it with the actual purpose of the business relationship to identify if there is an inconsistency between the business’s intended purpose and actual business activity.
Confirm the Scope of Permitted Business Activities: The scope of permitted business activities should also be checked. It helps in identifying if the nature of the business relationship is in alignment with the scope of permitted business activities; if the subject matter of the business relationship is not aligned with the business’s approved scope, this should raise a red flag as such deviation might indicate involvement of ML, FT, of PF activities.
For instance, if the customer of a regulated entity is a company whose permitted scope of business is jewellery manufacturing and sales but the subject matter of business with the regulated entity is the purchase and sale of real estate property not for corporate but for private purpose, then this must alert the AML compliance officer to look into the business relationship closely for suspicious activity.
Check for Any Restrictions or Special Conditions: The entity should also check for any restrictions or special conditions imposed upon a company. Compliance with such conditions will help the regulated entity know more about the customer company and that it is complying with all the requirements. It will help safeguard the entity from potential ML, FT, or PF threats.

Questions that help KYC Analysts Determine Customer Risk from KYC Documents Collected

KYC Information Collection Considerations

Ensuring Accuracy and Completeness of Collected Data

While collecting the documents for verification, it is important to extract & interpret useful information from KYC documents to verify each and every piece of information accurately, such as the name, address, etc. Moreover, it should also be ensured that the data provided in the document is complete. All the relevant data should be collected carefully.

Implementing Secure Data Storage Solutions:

The data collected should be stored safely. For this, secure data storage solutions should be considered. The storage of data can be helpful in retracting the data afterwards as well. It will even be helpful if the customer has already been in a business relationship with the entity. In this situation, verifying the information and assessing the customer’s risk would be easy.

Regularly Updating Customer Information:

Along with collecting and storing the information, the periodic updation of customer information is also very important and mandated by UAE’s AML laws. KYC analysts can refer to AML UAE’s eBook: A Complete Guide on Re-KYC Process in AML Compliance to learn more about Re-KYC requirements in UAE.

The KYC Analyst should carry out the ongoing monitoring of business relationships to ensure that customer information is up-to-date. For example, if the customer’s address has been changed, it should be updated accurately. Updating information will help in ensuring compliance with the requirements of UAE’s AML, CFT, and CPF provisions contained in the Federal Decree Law and the Cabinet Decision, requiring regulated entities to ensure that customer details and records maintained with the regulated entity are updated and contain latest customer information. Ongoing monitoring must be done in accordance with the established customer risk profile.

Obtaining Customer Consent for Data Processing:

The KYC Analyst must exercise caution while extracting & interpreting useful information from KYC documents in the context of upholding data privacy and data protection requirements. The Federal Decree-Law No. 45 of 2021 Regarding the Protection of Personal Data protects the personal data of natural persons in the UAE. It states that customer consent is necessary before processing any personal data. This requirement of consent can be exempted in cases where the processing of personal data is important in the public interest.

Complying with Data Protection Regulations:

The Federal Decree-Law No. 45 of 2021 governs data protection in the UAE. While collecting information for KYC, it is necessary to comply with the above-mentioned law. Under this law, before processing personal information, the person’s clear consent is required. The person even has the right to get the personal information corrected.

Detecting Fraudulent Documents During KYC

Common Indicators of Document Fraud: There are certain common indicators of document fraud, like inconsistencies in font sizes and issues in formatting. The expired document is also an indication of document fraud. Alterations in name, photo, and other details are also common indicators of document fraud. While checking a document, every minute detail should also be checked to prevent the chances of document fraud.
Techniques for Manual and Automated Document Verification: The manual technique for document verification includes checking all the details in the documents themselves. In manual document verification, each and every detail should be checked carefully, for example, by matching the photograph of the customer. If the entity has any doubt about a mismatch of information, then they can video call the person to check whether the person is the same or not. Apart from manual document verification techniques, there are automated document verification techniques in which the entity has software that checks the document. The use of software makes the verification task easy and fast. The chances of error are also very low in this case. AML UAE’s article What Is The Role of Technology In Anti-Money Laundering Compliance can be referred to by KYC Analysts.
Utilising Third-Party Verification Services: In third-party verification services, the entity can take the services of some third party for document verification. The third-party verification provides a double check on the document verification, thereby removing the chances of any fraud. However, KYC analysts must be mindful that utilising third-party services does not shift the KYC obligation of the regulated entity under UAE’s AML laws.
Establishing Protocols for Handling Suspected Fraud: There should be certain protocols in place by means of AML policies, governance structures and workflows for handling suspected ML, FT, or PF activities or transactions requiring the filing of SAR/STR and conducting the proper internal investigation in case of any suspicion. The appropriate steps, like offboarding the customer and informing the government regarding the fraudulent documents, should also be taken.

Signature Verification Methods: KYC Analyst's Toolkit

Comparing Signatures with Official Records: In the process of verifying the documents, signature verification is an important step. The first and foremost step is to compare the signature with the official records. The signature should match the signature in the official record. The writing style and spelling should be the same. A slight mismatch in the signature might be a sign of fraud, which might be disguising potential ML, FT, or PF activities. Though it will be difficult for the regulated entities to verify signatures, a comparison of the same with past KYC records will help ensure that they are not forged.
Employing Digital Signature Verification Tools: The digital signature verification tools provide a more secure way of verification. These tools use multi-factor authentication methods such as email, SMS verification, or biometric data. The signer needs to sign the document electronically. If any change occurs in the signature, the hash value will change, which indicates tampering with the signature. Digital signature verification tools make the verification process more robust and secure for KYC Analysts.
Understanding Legal Implications of Electronic Signatures: It is important to understand the legal implications of electronic signatures before employing them. The electronic signatures are legally binding, provided they are reliable. It means that while creating the signature, it was under the control of the signer and should be uniquely linked to the signer.
Training Staff in Handwriting Analysis Techniques: Training the relevant staff in handwriting analysis techniques will help in building a strong system for handwriting analysis. If the relevant staff members are trained properly, the chances of missing out on identifying forged signatures are minimal. The training should include verifying the customer’s handwriting style and spelling, etc.

KYC in Remote Onboarding: Best Practices

Implementing Secure Digital Identity Verification Processes: Secure digital identity verification processes make remote onboarding seamless, AML measures for non-face-to-face customers: Combatting money laundering threats can be referred to know more on AML measures to ensure during remote onboarding. Digital identity verification includes biometric authentication methods and PIN or password validation. By implementing a secure digital identity verification process, the chances of any fraud are nil.
Utilising Biometric Authentication Methods: Biometric authentication is the most secure identification method. The biometric methods include face identification, iris recognition, and fingerprint recognition. These methods verify the face, iris, and fingerprint of the person and match them to see whether the customer is the same or not. It is an accurate method of proving the identity of the customer.
Ensuring Robust Cybersecurity Measures: In the case of remote onboarding, the chances of cybersecurity challenges are high, making it prone to cyber-attacks, phishing, etc. Robust cybersecurity measures can protect against data breaches. The measures can include providing training to staff regarding cybersecurity so that they can become aware of the ways to protect themselves from such cyber-attacks. The entity can also conduct regular risk assessments to identify potential threats.
Providing Clear Guidance to Customers on Remote Verification: Remote verification is a bit complicated, so clear guidance will be helpful to customers. The clear guidance will remove the possibility of any mistake, thereby reducing the chances of any ID fraud by the customers.
Monitoring Remote Transactions for Unusual Activities: Monitoring transactions is important for preventing any instances of fraud or money laundering. An unusual activity in the case of remote transactions can be monitored with the help of software. The software can trace doubtful transaction-related activity. It can be done using a geolocation discrepancy alert, multiple failed login attempts alert, unusual time to transact alert, etc.
Monitoring the activities can help in detecting unusual activity before it can cause harm to an entity. Checkout AML UAE’s infographic on Streamlining Video KYC: A Guide to Best Practices to Understand the best practices when relying on Video KYC.

Challenges in KYC Processes

Dealing with Complex Corporate Structures: The complex corporate structure used by criminals to disguise beneficial ownership poses a challenge in KYC processes, making tracing ultimate beneficial owners difficult. Moreover, complex corporate structures make the way for criminals to create the way for illegal funds. It is important to understand the complex corporate structure to avoid AML non-compliance.
Identifying Ultimate Beneficial Owners (UBOs): Identifying the ultimate Beneficial Owners is important to know about the authenticity of the people controlling the business. The legitimacy of UBOs provides the insight that the company is authentic.
Managing High Volumes of Data and Documentation: It is difficult to derive, analyse, verify, and maintain high volumes of customer information and documentation. The use of technology must be considered to streamline and meet record-keeping requirements in the UAE.
Keeping Up with Evolving Regulatory Requirements: The regulatory requirements are subject to change. To keep up with it is a difficult task. It is difficult to be aware of each and every new guideline and requirement which is introduced frequently. Non-compliance with these requirements might cost the regulated entity badly by way of fines and penalties.
Balancing Customer Experience with Compliance Needs: It becomes difficult to fulfil the customer’s expectations with the compliance procedure. The compliance procedure is long and tiresome, but the customer wants a seamless procedure. It becomes difficult to balance these two.

Leveraging Technology in KYC

Overview of KYC Software Solutions: Using technology in KYC makes the process easy, fast, and error-free. KYC software is used for identity verification, document verification, compliance checks, etc. As this method is more accurate, it helps in avoiding the risk of any fraud.
Criteria for Selecting Appropriate KYC Tools: There are certain criteria for selecting appropriate KYC tools. For example, the tool should be able to grasp the slight change in the customer’s situation and should be able to provide an alert regarding this. Moreover, it should be able to perform customer remote customer verification. The KYC tool should be able to facilitate easy communication with the customer.
Integration of Artificial Intelligence and Machine Learning: The integration of Artificial intelligence and Machine Learning makes the verification process seamless. It is time-efficient and cost-efficient, and it even limits the possibility of any error. With the help of AI, thousands of transactions can be verified quickly. It can even detect any unusual transaction, removing the possibility of fraudulent transactions.
Benefits of Automated Document Verification: Automated document verification helps verify lots of information within less time. It saves time and cost. It is more accurate, removing the chances of any discrepancy. As the process of verification has become seamless, it results in more customer satisfaction.
Ensuring System Security and Data Integrity: Using the technology in KYC ensures data integrity, which further ensures the accuracy and consistency of data. The technology even ensures system security, like the privacy of information. System security and data integrity build the confidence of the customers in the entity. Along with confidence, the chances of any error are minimal.

Best Practices in KYC Implementation

Adopting a Risk-Based Approach to Customer Verification: The risk-based approach includes identifying, assessing, mitigating, and monitoring risk. This approach helps the KYC analyst when making decisions while detecting and preventing instances of ML, FT, and PF. This approach helps the KYC Analyst to segregate the customer into three categories: low-risk customers, medium-risk customers, and high-risk customers, thereby making it easy to conduct thorough scrutiny of high-risk customers while continuing CDD of low-risk customers with lenient measures.
Utilising Advanced Technologies for Identity Verification: The use of technology makes identity verification seamless and error-free. Advanced technologies can be used to verify identification documents in less time. The chances of errors are very low, which ultimately reduces the chances of any financial crimes. Apart from this, the use of advanced technology is cost-effective.
Regular Training for Staff on KYC Procedures and Updates: For efficient work, regular staff training is important. Regular and focused training makes the staff aware of all the updates and procedures related to KYC. Regularly Training the staff will ultimately contribute to improved work quality and decreased chances of errors. In case of any unusual transaction, the staff can identify it easily and promptly escalate it to relevant personnel.
Maintaining Comprehensive Records of Customer Interactions: Maintaining records of customer interactions ensures adherence to KYC protocols and record-keeping requirements in the UAE. It shows that customers’ information is properly documented and stored, which can help in conducting an investigation, due diligence, and risk assessment.
Ensuring Data Privacy and Protection Compliance: In this digital world, data is a valuable asset. It is important to ensure that customer data is protected adequately. Data privacy and adherence to data protection requirements build the trust of customers and protect the entity from any legal repercussions.
Establishing Clear Escalation Protocols for Suspicious Activities: Establishing clear escalation protocols for reporting suspicious activities ensures that prompt action is taken in the event of ML, FT, or PF activities detected.

KYC Document Management by KYC Analyst through Extracting & Interpreting Useful Information from KYC Documents: A Summary

KYC is the process through which an entity can know about its customers, which helps the regulated entity identify, assess, and mitigate the risks associated with the customers. Certain specific information can be extracted from each document. The use of technology in extracting information from KYC documents makes the process of extraction and interpretation of documents easy, seamless, and reliable.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

KYC Documentation Guide for KYC Analysts