KYC (Know Your Customer) laws were introduced in 2001 by President Geroge W. Bush as part of the Patriot Act. The Patriot Act was meant to help law enforcement agencies detect, prevent, and prosecute terrorism.
KYC laws were already technically on the books in 2001, but they were officially enacted after the attacks of 9/11. They existed as part of the Bank Secrecy Act of 1970 that monitors how banks combat fraud. KYC laws help banks adhere to existing laws by helping them avoid acts of financial fraud, money laundering, and other suspicious activities that may fall under the umbrella of terrorism (foreign or domestic).
Title III of the Patriot Act strengthened these laws by requiring financial institutions to specifically comply with two components of KYC: the Customer Identification Program (CIP) and Customer Due Diligence (CDD).
CIP requires that the customer provides proper identification. A driver’s license or passport is usually sufficient for individuals. Companies can identify themselves with a government-issued business license, articles of incorporation, a financial statement, a partnership agreement, or other legal documents.
CDD is the action of predicting a customer’s risk. To do this, banks try to predict financial behavior in order to determine when something is suspicious. This is the reason you have to call your bank if you plan to use your card in another country. If it’s unusual behavior, CDD programs will detect it and (hopefully) block it. Through CDD practices, banks can assign each customer a risk rating to determine which customers are too risky to work with.