Over the years, in a quest to protect the integrity of financial institutions, the banks have implemented a multiplicity of mechanisms to ensure Compliance with both legal and regulatory requirements as well as international conventional banking standards. The global anti-money laundering (AML) and countering the financing of terrorism (CFT) landscape raise tremendous stakes for financial institutions. One of the key banking processes that has remained under scrutiny is customer acquisition process which must be done in accordance with applicable laws especially as they relate to due diligence. This has come to be popularly known as Know Your Customer (KYC) and its considered to be a critical requirement to dealing with the international vices of money laundering and terrorism financing. Know Your Customer (KYC) can thus be described as the mandatory process of identifying and verifying the identity of the client when opening an account and periodically over time.
This article seeks to examine the current KYC requirement for banks and Supervised Financial Institutions (SFI’s) and to provide high level guidance for building a robust compliance framework in respect to KYC.
KYC Regulatory and Implementation Framework For Banks
A number of laws and regulations address KYC for opening and operating a bank account. These include among others; The Financial Institutions Act, 2004(“FI Act ,2004”), the Financial Institutions (Anti-Money laundering) Regulations, 2010, the Anti-Money Laundering Act, 2013, the Anti-Money Laundering Regulations, 2015, the Registration of persons Act, 2015, and the Anti-Money Laundering (Amendment) Act-2017.
There is reasonable consistence in terms of the obligations introduced by the above legal/regulatory framework save for two regulations. The FI (AML) Regulations, 2010 which were developed by the bank of Uganda under the FI Act, 2004 and the Anti-Money laundering Regulations, 2015 which were developed by Ministry of Finance under the AML Act, 2013. Whilst both Regulations deal with the same subject matter, the former appears to allow banks to accept any form of identification for purposes of opening bank accounts. The latter on the other hand requires that only the National Identity Card may be accepted. It is important to note that both regulations are in force.
To further make the KYC seamless, the National Identification Regulatory Authority (NIRA), a body created under the Registration of persons Act, 2015 is in final stages of creation and implementation of real time verification interface whose single source of base information shall be the National ID data. This interface will help lessen the burden the bank would go through to manually verify customer information. The said development however addresses the KYC relating to natural persons yet several customers transacting in huge sums are legal persons whose primary source of information is the registrar of companies.
Current Jurisprudence on KYC
The Courts in Uganda have not lessened the KYC burden. For example, the commercial Court handed down a decision to the effect that while dealing with an existing client, the bank is not entitled to rely on previously submitted information. The bank must therefore seek fresh information from an existing client as long as he/she seeks to open another account. This is aimed at further strengthening the KYC requirements as relating to legal persons. It further extends to personal accounts.
KYC in Other Jurisdictions
Disruptions within the Financial Institutions sector are far and wide.
From May 2018 the US Financial Crimes Enforcement Network (FinCEN) added a requirement for banks to verify the identity of natural persons of legal entity customers who own, control and profit from the companies when those organisations open accounts. A similar wave is being implemented in Europe through the 5th Anti-Money Laundering directive as of 10th January 2020.
Approaches to Seamless KYC Implementation by Financial Institutions
KYC is non-negotiable. That being the case, Financial institutions must put in place a mechanism that will ensure full compliance. The approaches below have proved effective for the said purpose;
- Incorporate mandatory KYC in bank’s automated customer acquisition and maintenance processes. Escalation triggers should be incorporated should any staff skip the mandatory requirement. This approach will ensure that compliance lapses are identified before the acquisition process is closed.
- Financial institutions should repeat the entire KYC Process even when the customer is seeking to open a second or third account with the same bank. The Courts in Uganda have in the recent past found a bank culpable for relying on documentation which the corporate customer had submitted while opening the first account to satisfy KYC requirements for the second account.
- Observe the most stringent KYC requirements where parallel regulations create conflicting requirements. By observing the most stringent, you observe all other less strict requirements. Bank of Uganda has offered the much needed guidance on the conflicting Regulations.
- Incorporate KYC requirement in all continuing customer interfaces during business interactions. This will not only help to observe KYC Requirements but also help to avoid rampant avoidable fraud. There is no reason for example why the bank should not require account holders with a joint mandate to be physically identified whenever a transaction is to be effected.
- Classify failure to observe KYC by staff as gross misconduct. This is important in so far as it sends a clear picture to staff about the importance of this requirement.
Banks and regulated Financial institutions are required to align their KYC policies with all KYC regulatory requirements. Whereas this may appear burdensome and with a likelihood to delay some bank operations, it has the benefit of protecting the integrity of the financial sector as well as protecting the Financial institutions from the growing financial crime.