The impact of GDPR on KYC checks - what you need to know
Are we any closer to understanding the impact on GDPR on KYC? We examine what you need to know, what it means and how it can affect you.
The GDPR (General Data Protection Regulation) came into force in May 2018, and after two years, are we any closer to understanding its impact and how it is affecting businesses especially when it comes to KYC regulations?
Under GDPR, organisations that carry out identity checks, and hold potentially sensitive information about customers, have to be completely transparent about what happens to the data after use. At the same time, KYC checks and procedures are powerful risk management tools.
Banks and financial institutions have been verifying client and customer data well before GDPR came into force. For banks, they needed to be following rules on AML (anti-money laundering) and combating any potential financing of terrorist activities. The rise of cyber-attacks meant that businesses needed some form of KYC to protect their interest, such as perform an online background check on customers, with their consent.
KYC, or Know Your Customer, is the process of identifying and varying the identity of a client or individual. For example, banks undertake these checks when someone opens up a new account. It’s a mandatory process used to identify customers as part of a due diligence process and will include customers providing proof of identity and other relevant documents.
So if companies need to gather large amounts of personal data from individuals to perform the check, doesn’t GDPR and other data protection laws then restrict how they can use this information?
The easy answer is no; there isn’t. At first glance, it might look there is a contradiction, but data protection will never stop companies from conducting due diligence. Still, the regulations are in place to offer best practice advice on how to gather data safely. Checking publicly available information with consent ensures software platforms such as Yoono remain GDPR compliant.
Any firms that are in a regulated sector, such as financial institutions are required by law to screen customers and clients as part of their KYC checks. The ultimate aim for screening is in the name – know your customer – it is essential to see if individuals are linked to activities such as money laundering, bribery, or corruption.
But Yoono is increasingly seeing different types of checks being done on customers, clients, and even candidates applying for roles.
A criminal background check could be used to determine whether a person could create an unsafe work environment, or potentially cause reputational risk to a company.
Typically done by an employer, verification of previous employment would flag up any gaps and reveal insights into their job stability.
It’s common practice for employers to ask for a reference check from applicants. But can also be used when moving into a new rented home.
Although this is more common in industries like driving or aviation, periodic drug and alcohol testing will determine whether an employee can be trusted to perform.
A credit background check will look into a person’s credit history, and credit agencies like Experian or Equifax can provide reports.
A status report can be useful in obtaining information about a person, or candidate, to help determine any potential reputational risk they may pose. For example, a comprehensive reputation check from companies like Yoono can save time and money, in the long run, serving as an add on to other checks.
A Yoono account performs Know Your Customer checks on real time social streams and social networks like LinkedIn, Twitter, and Facebook. The Yoono KYC check service also scans web files and online programs to confirm the reputation status of an individual.
Yoono users can carry out a check via a desktop application and allow the software to scan all publically available web data including live updates. This scan includes multiple platforms such as Google Chrome, Firefox, Yahoo, and even online videos.
There are a variety of different types of KYC checks, and each does have its benefits depending on the situation they are needed in. Businesses and individuals can see the impact of GDPR on KYC through the stringent security measures that companies have put in place and how customers have more control over their information.
Under the general data protection regulation – GDPR- financial institutions, and businesses have needed to be very clear about their data storage policies, as they are subject to stringent GDPR requirements.
Companies are still not being careful enough with their record-keeping. Recently we’ve seen H&M being fined over £32 million for violating privacy regulations and keeping excessive records and personal information on employees. This is the second-largest fine a single company has faced since the laws came into place. Now there are more options for people to have control over their data, businesses need to ensure they are adhering to the criteria.
After KYC onboarding, customers, clients, and individuals have more control over their information. By having customers be able to have a say in what is collected and how it is stored, it means that companies need to keep precise records, and it means that users have the option to delete some or all of the data.
Know Your Customer (KYC) checks are vital for businesses governed by legislation in order to verify their identities. Yoono services support necessary audit documentation. Each Yoono report is non-editable and can be attached to client files and will feature an easy to digest format with instant access to download.
With this feedback, Yoono users have greater peace of mind knowing that no server or software stone has been left unturned. Yoono browser add on helps prevent nasty surprises in the future and ensures that all regulations and legislation are being met in a way that complies with GDPR.
The amount of digital data that can be shared has created a problem in terms of GDPR compliance. Automation will, and has helped this process. It automates the gathering, storing, monitoring, and management of data and reduces employee errors or mistakes.
Companies need thorough checks to ensure compliance, and they need to invest in technology to protect the data. Still, an automated data collection will help with the portability of data which is another aspect of GDPR compliance.
No matter where a business or organisation is in the world, if they can capture data from someone based in the EU, like during a KYC check, then they have to be compliant with regulations.