A core tenet of building account-based financial products that are compliant and safe is ensuring you know your customers. The primary purpose behind Know Your Customer regulations is to protect against money laundering and fraud. Modern KYC rules evolved out of the Patriot Act. A primary goal of the Patriot Act is to limit money laundering, which terrorist organizations use to fund their activities. Money laundering is also frequently performed by criminal enterprises that use the financial system to clean, distribute, or move money around efficiently. The theory goes that if you know who your customer is, then you can prevent a known criminal from using your product.

Keeping criminals out may seem simple, but building KYC processes that separate the good cardholders from the bad ones is a huge challenge. 

When I first entered the fintech space in 2006 as a Product Manager at Green Dot (at the time, a Series A company), one of the first projects I got involved in was aimed at improving our KYC product. In my last full-time role as President of Apto Payments, I spent a large share of two years overseeing investments in KYC enhancements. It doesn’t feel like much has changed in the intervening 17 years. Yes, the technology to perform the checks has improved (RESTful APIs are nice!), but approval rates are stubbornly stuck in the 85-95% range, and thousands of inaccurate results occur daily. While many folks in the industry have general familiarity with KYC, it also still appears that far fewer have a deep understanding of its nuances. 

KYC is a legal and regulatory imperative for all card programs, but to this day, it remains a complex puzzle for many in the industry. As an industry, we can learn from how KYC has worked historically and move to a more comprehensive process that better sorts the valid identities from the invalid ones.

KYC Checks: Past and Present

Banks have traditionally fulfilled Know Your Customer requirements by inspecting physical documents in person. If you needed to open a consumer checking account, you would visit your local bank branch, present a government ID, and, if the address on your ID didn’t match your actual address, provide an additional document like a utility bill.

This process wasn’t flawless, but it worked pretty well. In 2004, I moved to California from New Mexico. I had previously banked with a local two-branch institution and needed to open a new account. The staff at Washington Mutual couldn’t find a match for my New Mexico license (nor did they have records for many other New Mexicans, for that matter) in their big book of state identification cards and denied me the account. I was who I said I was. 

This scenario is what we call a false negative. The bank denied a customer an account because they couldn’t identify them. In doing so, they also likely ruined future business opportunities with that customer due to the hassle and poor experience (I never did open a Washington Mutual account).

Today, we primarily use centralized databases to perform KYC checks.