When signing up for financial services like Privacy's virtual cards, customers are often prompted to answer a series of questions about their identities and bank account verification details. Many may wonder why such personal information is required, how these details are used in the account verification process, and what steps financial institutions are actually requested to follow to remain compliant with government regulations.
While Privacy is not a bank, financial institutions like credit unions, insurance companies, broker-dealers, money service businesses, fintech apps, private lending platforms and others are generally held to the same compliance and account verification regulations as a bank.
To help our existing and prospective customers understand what happens behind the scenes of our account verification process, we provide an introduction to three common compliance areas that we adhere to - Know Your Customer (KYC), Anti-Money Laundering (AML), and Bank Account Verification. KYC and AML are often discussed in tandem because KYC falls under a subset of the AML requirements. To make these distinctions clear, we discuss how each of these laws and procedures were created so that our customers are equipped to address them with confidence.
What is account verification in banking?
In banking, account verification is the process financial institutions use to confirm a customer’s identity and bank account information. Simply, it’s a way for companies to verify that a customer using their service is the same person named on the bank account that they’ve listed. Through a series of checks and due diligence measures, account verification is implemented to help regulated businesses mitigate fraud and criminal activity.
Beyond fraud protection, account verification is also used to meet compliance obligations in accordance with local, state, and federal laws. In many industries, particularly within financial tech, companies must adhere to regulatory obligations that require account holder confirmation. A financial institution’s failure to comply with these account verification laws can result in strict government penalties and hefty fines, as well as leave it exposed to financial fraud from bad actors.
There are a few common types of account verification processes used in banking, including but not limited to:
- Know Your Customer (KYC)
- Anti-Money Laundering (AML)
- Bank Account Verification
What is KYC?
Know Your Customer, commonly known as KYC, is an information collection and account verification procedure used by financial institutions to collect and verify the identities of their customers and to assess their customer risk.
There were some KYC regulations in place starting as early as the 1970s, primarily aimed at money laundering. After the events of 9/11 , the U.S. Congress enacted heightened KYC requirements under the USA PATRIOT Act, which expanded the search and surveillance powers of federal law enforcement and required more stringent verification procedures.
KYC is a legal requirement for financial services to reasonably establish their customers’ identities. By having better knowledge about customers, regulators, banks, and other actors, financial institutions can better prevent identity theft, financial fraud, money laundering, terrorism and other crimes.
In some cases, the KYC procedure may include requests for ID card verification, face verification, and other proof-of documents such as utility bills, passports, or driver’s license that confirm user addresses and profiles. In instances when financial institutions need to identify information around a business prospect, the equivalent set of procedures is called Know Your Business, or KYB.
What are the steps needed to follow KYC procedure?
Financial institutions must generally follow two key components to the KYC process:
1. Collect relevant KYC information
KYC operations start with identifying the customer. When a customer opens an account with a financial institution, the business must obtain identifying information such as the customer’s name, physical address, date of birth, and an identification number such as a social security number.
Once these KYC elements are collected, the financial institution will verify them to confirm that the user is who they say they are. If there are any inconsistencies, the financial institution must follow-up with the prospective customer for more details.
2. Verify the Information
Simply collecting information about a prospective customer’s identity is not enough to deem them safe. The financial institution must also go through another set of checks. These due diligence measures include:
- Cross-referencing customer identification information, if applicable, to verify the accuracy of user details
- Assessing the purpose of the client’s activities and potential use cases
- Screening the customer against U.S. sanctions lists
Note that KYC operations do not stop as soon a customer initially passes through the verification system. Banks, lenders, and financial institutions are responsible for knowing who their customers within a reasonable amount of time within account opening. Some institutions, depending on their regulatory status, may do periodic KYC audits to ensure that their processes and database continuously meet regulatory standards and banking security measures.
To understand how KYC is associated with other account verification policies as mentioned, we cover anti-money laundering controls next.
What is AML?
Anti-Money Laundering, known as AML, refers to the regulatory framework that financial institutions must follow to prevent criminals from hiding illegally-claimed money.
KYC is a part of the AML function, and both require financial institutions to know who their customers are. AML also more broadly refers to the regulations financial institutions must implement to remain compliant, including assessing a customer’s money laundering risk, employing a properly trained compliance staff, and regulated transaction monitoring that keep these security policies in order.
In the U.S., money laundering originally stemmed from activities in the early 1900s built by organized crime and mafia leaders who hid proceeds from banned liquor sales and illegal activity, by attempting to make the profits appear legitimately earned from legal businesses like laundromats.
Money laundering follows three steps - placement, layering, and integration:
- Placement: get the cash into the financial system - i.e. the illicit funds are transferred to a legitimate business, used as a front, to be hidden.
- Layering: make the illegal paper trail hard to follow - i.e. the illicit funds are hidden through erroneous bookkeeping and/or expensive transactions, such as art, charities, and other large goods and purchases.
- Integration: use the funds - i.e. the illicit funds are withdrawn as “clean money” to be spent.
To combat this type of “dirty money” crime, AML regulation was introduced in 1970 by way of the Bank Secrecy Act (BSA). The BSA establishes the general framework for all AML regulations, and has been updated through the USA PATRIOT Act in 2001 as well as the Anti-Money Laundering Act in 2020.
Because large sums of money almost always pass through banks to be processed, AML laws require banks and other financial institutions to understand who their customers are and check that none of their financial activities are a part of money laundering schemes and other fraudulent activity. AML regulations help financial institutions know who their customers are and whether customers are engaged in illegal activity.
What are tips for ongoing AML transaction monitoring?
AML laws require financial institutions to conduct ongoing due diligence and transaction monitoring on their users. Banks and financial institutions will create risk profiles based on customer information including: customer location, business type or industry (account purpose), and transaction values. The financial institutions will then rank each of these profiles from low to high risk, which will determine the frequency of ongoing monitoring and customer information updates.
If a user account is flagged, there are a few steps that a financial institution might take to conduct an AML check:
1. Revisit the customer’s profile
Financial institutions need to know their customers’ identities, backgrounds, and risk factors. For example, are they associated with a high risk country? Have they previously been in legal trouble? Because this information may change in the history of a customer’s lifetime, compliance teams should revisit these details and make sure that customer profiles are up to date.
2. Analyze the customer’s transactional activity
When revisiting the profiles, a bank’s compliance team will check for any deviations in a customer’s typical spending behavior or unusual transactions - for example, are they suddenly donating large sums to charities? Are new bank accounts being created to buy large art purchases or transactions? Is the customer taking multiple trips overseas? If any of these behaviors are different from their typical history, there is substantial reason to investigate the user further.
3. Determine if the customer’s risk level needs to be escalated
After reviewing these behaviors, financial institutions must assess whether or not the customer is engaging in any suspicious activity. If money laundering or other suspicious activity has been detected, financial institutions must file a report with the Financial Crimes Enforcement Network (FinCEN), which is the primary U.S. regulator responsible for AML laws. FinCEN has the jurisdiction to pursue fines for AML violations.
What is bank account verification?
In addition to KYC and AML procedures, bank account verification is conducted by financial institutions to ensure that payments being transferred and received between users to financial institutions are properly processed. In short, this step confirms that a user’s bank account information matches what they’ve listed on file with the financial institution.
About bank account verification
Bank account verification is a necessary part of the transaction process to ensure that funds come from and are received by authorized accounts. Verification helps financial institutions mitigate the risk of potential fraud or unwarranted account activity.
What are the steps of bank account verification?
To verify a bank account of a customer, financial institutions will request information like the account holder’s name, bank account number, and routing number. They’ll check these details against other customer documentation to ensure that there are no inconsistencies. Then, to ensure that the bank listed is valid, financial institutions may also test small money transfers, known as micro-deposits, to confirm that transactions can be correctly processed.
Micro-deposits are small money deposits, varying from a cent to a few dollars, that are temporarily removed from an account to verify that the bank account number and routing number provided are valid. It usually takes between 1-3 business days for the micro-deposit to appear in a user’s account. The user will then verify the amount, signaling to the financial institution that their bank account is approved.
Micro-deposits are often used by financial services to verify a user’s bank account legitimacy, but customers should also regularly check their accounts for unauthorized micro-deposits. Because micro-deposits are low in value, fraudsters who get ahold of their targets’ bank details can use micro-deposits to test breached accounts under the radar. If you did not recently link your bank account to a financial service, but you spot micro-deposits in your transaction history, immediately notify your bank.
As explained, KYC, AML, and bank account verification regulations exist in congruence to ensure financial institutions have clear insight into who their customers are and to protect their safety.
Does Privacy follow the account verification process?
Yes. While Privacy is not a bank, we work with banks to provide you with virtual cards. We are contractually and legally required to adhere to all of the account verification policies mentioned - KYC, AML, and bank account verification - to keep our customers’ personal and banking information secure.
Aside from meeting legal requirements, understanding who our customers are and their transaction behavior can help prevent fraud. In the case that bank account information has been stolen, these account verification procedures can help us detect bad actors and potentially harmful activity.
For these reasons, when signing up for Privacy's virtual card services, our customers are prompted to provide personal details such as name, address, phone number, and other information. We ask for these details to ensure that our internal teams can adequately conduct due diligence and protect the rest of our customers from fraudulent activity and harm. Likewise, bank account information is required to thwart anti-money laundering activities and is used confirm card transactions can be properly processed.
Data security and privacy best practices are the core to everything we do at Privacy. From our mission, to our product infrastructure, and to our virtual card services, our goal is to provide customers a solution that keeps their payments safe. If you have any questions around our account verification policies, we encourage you to reach out to us at firstname.lastname@example.org.
Looking for more ways to enhance your privacy while shopping online? Pay with Privacy Cards to generate virtual cards that mask your real card information, and feel confident that your online payments are secure.