Enter your details below and we'll get back to you.
Share this article
The digital transformation of the UK business scene has been something of a whirlwind over the past decade. It seems that every service and security measure that was once completed with pen, paper, phone or in person has now been transferred online. Not only have we seen the complete automation of administrative tasks but even an ability for computers to do much more complex work – including checking identification and analysing fraudulent activity. Whether it’s the faking of documents or unusual payment activity on an account, it seems that machines have become as discerning (if not more so) than the humans who once performed these tasks.
This shift is of particular interest in light of the tightening of regulations around data, privacy and identity. By introducing stricter guidelines and harsher punishments for data protection breaches, the arrival of GDPR in May 2018 has changed the way businesses think about the information they hold.
Among the many ways GDPR has impacted businesses is through their KYC regulations. But what exactly is KYC, and what it could it bring to your business’s security?
Whereas in the past companies largely established relationships based on face-to-face interactions, nowadays businesses can perform extensive KYC and Anti-Money Laundering (AML) checks online, helping to reduce the time and resource required to remain compliant.
KYC can be an important part of identifying suspicious transactions, but it requires further consideration in the age of GDPR.
To put it simply, KYC is the process by which a business verifies the identity of its clients, assessing their suitability and searching for potential risks of illegal intentions and damage to the business relationship.
Understanding more about the benefits and considerations involved in KYC can give you a better idea of whether it can be an asset to your business security.
With KYC in place, customers can enjoy having more control over their information. This is because the process of obtaining, storing and managing data must be transparent to your clients.
KYC also provides a streamlined process for businesses. It can easily be implemented into organisations, whether though document-based check or through technologically advanced methods like facial recognition.
KYC is important in preventing scammers, establishing criminality, ensuring safety and combating criminal acts like money laundering. For many businesses, KYC provides an essential safety net that gives you peace of mind regarding the security of their company and customer data.
While few would argue with the sentiment that KYC can be a useful tool for organisations such as banks, solicitors and utility companies, it is important to understand how using KYC can affect a company’s risk posture – and how it changes your protection requirements.
These days, KYC data must be protected and stored more securely. Under GDPR regulations, institutions must follow a number of best practices for storing and accessing data. If KYC data is compromised, GDPR penalties can be severe. In some cases, it can be as much as 2% of your global annual revenue.
This means that, among other things, businesses using KYC must:
It’s also important that you define exactly what information you are storing and why you are storing it. The more secure your KYC data, the better, and this requires a lot of preparation and consideration.
Any decision regarding the security of your business requires careful planning, which is why it is always worth consulting with an information security expert. At SRM we help organisations to implement more rigorous and robust processes and procedures that help them to embrace valuable technologies without compromising their security.