KYC compliance is conformity to regulatory guidelines governing Know Your Customer policies and procedures. Different countries have their own KYC regulations. Here we’ll focus on KYC regulations which apply in the United States. If you’re doing business in another country, you’ll need to follow that country’s KYC guidelines as well.
What Is KYC Compliance?
In the United States, KYC compliance centers around adherence to regulations prescribed by four specific sets of laws:
- The Bank Secrecy Act (BSA) aka Financial Recordkeeping and Reporting of Currency and Foreign Transactions Act
- Foreign Assets Control Regulations (OFAC)
- The USA PATRIOT Act
Let’s look at what each of these laws requires.
Bank Secrecy Act (BSA) aka Financial Recordkeeping and Reporting of Currency and Foreign Transactions Act
The Bank Secrecy Act, also known as the Financial Recordkeeping and Reporting of Currency and Foreign Transactions Act or Currency and Foreign Transactions Reporting Act, was passed in 1970 and forms the foundation of U.S. anti-money law. Other KYC regulations build on the BSA.
The BSA requires all national banks to file a Suspicious Activity Report (SAR) with the FinCEN division of the Treasury Department if they detect known or suspected violations of federal law or suspicious transactions related to money laundering or violations of the BSA. An SAR must be filed for potential criminal activity involving:
- Allegations of insider abuse, regardless of dollar amount involved
- An identifiable suspect making a transaction of $5,000 or more
- No identifiable suspect for transactions involving $25,000 or more or for suspicious activity indicative of money laundering or BSA infringements involving $5,000 or more
A SAR is an alert to government regulators and investigators of a potential crime, but it is not an allegation of an actual crime. Authorities may or may not open an investigation depending on the details. SAR reports are confidential and are not conveyed to the party involved in the suspicious activity.
The BSA also includes provisions for financial recordkeeping. They require that financial institutions maintain sufficient records to reconstruct transactions and activities in customer accounts in the event of an audit.
Foreign Assets Control Regulations
The Office of Foreign Assets Control (OFAC) is a division of the Treasury Department tasked with administering and enforcing economic and trade sanctions which implement U.S. foreign policy and national security goals. These sanctions are formally designated Foreign Assets Control Regulations.
Sanctions range from partial to full embargoes and are enforced in addition to standard export controls. They are intended for use against targeted foreign nations, narcotics traffickers, terrorists, proliferators of weapons of mass destruction and other national security threats.
OFAC regulations specify prohibited transactions with foreign countries and prescribe corresponding sanctions for violations. Prohibited transactions cover:
- Designated foreign countries and their nationals
- Securities transactions involving designated nationals
- Importation and dealing in specified merchandise
- Holding certain types of blocked property in accounts bearing interest
- Dealing with specific entities and individuals listed as “specially designated nationals”
OFAC sanctions apply to all persons under U.S. jurisdiction. This includes American citizens, permanent resident aliens, corporations organized under U.S. law operating in the U.S. or abroad, other individuals and entities located in the U.S. and any entities owned or controlled by any of these categories.
OFAC’s website publishes lists of current sanctions and specially designated nationals.
USA PATRIOT Act
In the aftermath of the September 11, 2001 attacks on the World Trade Center, Congress passed the USA PATRIOT Act to combat terrorism. Title III of the PATRIOT Act includes provisions to strengthen existing AML regulations. The Treasury Department’s FinCEN branch is tasked with enforcing these provisions.
The PATRIOT Act amends the BSA by mandating that financial institutions implement customer identification program (CIP) procedures to verify the identities of customers and customer due diligence (CDD) procedures to assess the risk of customer relationships and transactions. These measures are designed to prevent terrorists and organized crime groups from using companies as fronts to conceal the transfer of funds from illegal activities.