Chapter 6 Exercises

KYC Fundamentals: Identity Verification at Scale

Exercise 6.1: KYC Component Classification

Difficulty: Introductory

For each of the following KYC activities, identify whether it is primarily a CIP, CDD, or EDD requirement, and briefly explain why.

a) Collecting the customer's full legal name and date of birth at account opening b) Asking a corporate customer to explain the purpose of their account and expected transaction patterns c) Requesting source-of-wealth documentation from a customer identified as a PEP d) Conducting a daily re-screen of the customer database against updated sanctions lists e) Verifying the registered address of a new corporate customer against Companies House records f) Conducting an annual review of all high-risk customer files to ensure information is current g) Asking a customer why they are receiving large cash deposits from multiple international sources

Exercise 6.2: Verification Method Selection

Difficulty: Introductory-Intermediate

For each customer scenario, identify the most appropriate verification method(s) and explain your reasoning. Consider: eIDV alone, document verification, biometrics + document, or a combination.

a) A 45-year-old UK citizen applying for a savings account, with an established credit history and a UK driving license b) A 20-year-old international student who arrived in the UK six months ago, has no UK credit history, and holds a non-EU passport c) A small UK limited company applying for a business current account; the sole director is a UK national d) A high-net-worth individual applying for a private banking relationship; their stated source of wealth is a real estate portfolio in multiple countries e) A politically exposed person — a former government minister from a high-risk jurisdiction — seeking to invest £2 million in a UK investment platform

Exercise 6.3: Process Design — KYC Orchestration

Difficulty: Intermediate

Design a KYC orchestration workflow for a UK digital bank with the following customer segments: - Retail (individuals): standard and high-net-worth - Business (SME, micro-business) - No corporate or institutional customers

Your workflow should specify: a) What risk signals trigger each verification path (low, medium, high) b) What verification steps are required at each path c) What information is collected in each case d) What would trigger a manual review override regardless of the automated decision

Present your workflow as a decision tree (text notation is acceptable).

Exercise 6.4: Ongoing Monitoring Design

Difficulty: Intermediate

Maya is designing the ongoing monitoring process for Verdant Bank's customer base, which will consist of approximately 500,000 customers within 18 months. The customer base breaks down as: - 90% standard retail (low-medium risk) - 8% high-net-worth (medium risk) - 2% high risk (PEPs, business accounts, customers from enhanced-scrutiny jurisdictions)

a) Specify the review cycle for each risk segment b) Identify at least five triggering events that should prompt off-cycle review c) At the projected customer numbers, how many reviews per month will the ongoing monitoring program require if cycles are implemented as specified? d) Which of these reviews can be automated, and which require human judgment? What are the criteria for this distinction?

Coding Exercise 6.5: Build a Simple KYC Decision Engine

Difficulty: Coding — Beginner

Using the code structure from Section 6.6 as a guide, write a Python function kyc_routing_decision(customer_data: dict) -> dict that:

  1. Takes a dictionary of customer attributes including: - age (integer) - nationality (ISO country code string) - is_pep (boolean) - jurisdiction_risk ('low', 'medium', 'high') - product_type ('retail_account', 'business_account', 'investment') - has_uk_credit_history (boolean)

  2. Returns a dictionary with: - verification_path ('standard_eidv', 'document_plus_eidv', 'full_edd') - required_documents (list of required document types) - review_required (boolean — whether human review is needed) - rationale (string explaining the decision)

Test your function with at least five different customer profiles, including edge cases.

Applied Exercise 6.6: The Abandonment Rate Problem

Difficulty: Applied

Verdant's data shows that 18% of applicants who have not received approval within 14 days abandon their application. After implementing KYC automation, the median onboarding time is 4 days.

a) If the abandonment rate remains 18% at 14 days but the median time is now 4 days, what happens to the absolute number of applicants abandoned per month (assuming 600 applications per month)? b) If the automation eliminates most of the queue (reducing the time-to-decision distribution significantly), what would be a reasonable estimate for the new abandonment rate? (Discuss factors that would influence this.) c) If each acquired customer generates average net revenue of £150 per year, and the automation reduces abandonment from 18% to 5%, what is the annual revenue impact for a bank processing 600 new applications per month? d) What competitive and compliance factors should influence how much friction is acceptable in the KYC process?

Research Exercise 6.7: The Deepfake Challenge in KYC

Difficulty: Research-required

Research the current state of deepfake detection technology in identity verification. Your research should address:

a) What types of deepfake attacks have been demonstrated against biometric verification systems? b) What technical approaches do verification vendors use to detect deepfakes? c) What regulatory guidance (FCA, EBA, FATF, or equivalent) currently exists on biometric verification standards? d) Based on your research, what additional controls should a financial institution maintain alongside biometric verification to manage the deepfake risk?

Write a 400-word summary of your findings with at least two sources cited.