Collection and verification of KYC is basis of the most significant Anti-Money Laundering obligations of an investment firm. The reason KYC measures are applied is the AML law itself.
CySEC has its own AML Directive based on the AML law of the country and the 4th AML EU Directive, for now and until the 5th EU AML Directive will be adopted.
Collecting KYC from clients, however, it is not always easy. Clients can be reluctant to send their documents, or delay in doing so. This can lead to the closure of the account which is bad for both the client and the business. Thanks to the electronic verification method however, traditional KYC collection may be deemed unnecessary in most cases as the client’s identity verification can be done fully electronically. The electronic identity verification involves a few must conditions that are not difficult to fulfil.
Performing an electronic verification as per the CySEC AML Directive
Electronic identity verification can be carried out through a 3rd party service however the following conditions must be fulfilled by the 3rd party in order to be considered eligible for electronic KYC of the clients of a Cypriot Investment Firm:
- the electronic databases kept by the third party or to which the third party has access to for the performance of the checks, are registered and/or approved by the Data Protection Commissioner or the corresponding competent authority in order to safeguard personal data;
- the electronic databases provide access to information referred to both present and past situations showing that the person really exists and providing both positive information (at least the customer’s full name, address and date of birth) and negative information (e.g. committing of offences such as identity theft, inclusion in deceased persons records, inclusion in sanctions and restrictive measures’ list by the Council of the European Union and the UN Security Council).
- the electronic databases include a wide range of sources with information from different time periods with real-time update and trigger alerts when important data alter.
- transparent procedures have been established allowing the Firm to know which information was searched, the result of such search and its significance in relation to the level of assurance as to the customer’s identity verification.
- procedures have been established allowing the Firm to record and save the information used and the result in relation to identity verification.
Information must come from two or more sources. The electronic verification procedure shall at least satisfy the following correlation standard:
- identification of the customer’s full name and current address from one source, and
- identification of the customer’s full name and either his current address or date of birth from a second source.
The identity electronic verification is often confused with the name check method which merely searches the client/prospective client’s name into databases of PEPs or sanctioned persons.
Some of the popular systems that are used for electronic verifications are Trullio and GBG and name/background checks are World-Check, Lexus Nexus and World-Compliance among other.