Chapter 6 Quiz

KYC Fundamentals: Identity Verification at Scale

20 questions.

1. The KYC obligation in financial services derives from:

a) Financial stability concerns — knowing customers prevents bank runs b) Anti-money laundering requirements — institutions cannot detect suspicious activity without knowing who their customers are c) Consumer protection regulation — knowing customers enables product suitability assessment d) Both b and c, with AML as the primary historical driver

2. Which of the following is NOT typically a required element under the US Customer Identification Program (CIP)?

a) Full legal name b) Date of birth c) Social Security number or equivalent identification number d) Credit score

3. Enhanced Due Diligence (EDD) is required for:

a) All new customers regardless of risk level b) Corporate customers with revenues above a specified threshold c) Higher-risk customers including PEPs, customers from high-risk jurisdictions, and those with complex ownership structures d) Customers who have previously had SARs filed about their activity

4. The primary purpose of "liveness detection" in biometric verification is:

a) Confirming the document holder is alive by detecting a heartbeat through the camera b) Confirming that the biometric sample (photo/video) represents a live person rather than a photograph, video replay, or deepfake c) Detecting whether the customer is physically present at a branch location d) Ensuring the customer completes the verification process within the session timeout

5. Electronic Identity Verification (eIDV) works by:

a) Verifying that a physical identity document is genuine using document security features b) Checking the customer's stated identity against multiple independent data sources (credit bureau, electoral roll, etc.) c) Electronically submitting identity documents to a government registry for verification d) Using facial recognition to match the customer against a government photo database

6. A KYC orchestration platform applies "risk-based routing" to onboarding applications, which means:

a) All customers go through the same verification process regardless of risk level b) High-risk customers are rejected automatically and must apply in branch c) Different verification methods and levels of scrutiny are applied depending on the risk signal associated with each application d) The platform routes applications to different compliance analysts based on their workload

7. Which customer segment is MOST likely to have difficulty with eIDV verification?

a) Wealthy, established professionals with long credit histories b) Young adults (18-21) or recent immigrants with limited credit and public data records c) Corporate customers with complex ownership structures d) Politically exposed persons

8. Machine Readable Zone (MRZ) data on a passport consists of:

a) The encrypted fingerprint data embedded in newer biometric passports b) The two-line code at the bottom of a passport's photo page containing name, nationality, document number, and date fields c) The RFID chip data that can be read by specialist passport readers d) The QR code printed on recent passport designs

9. What is the primary compliance risk created by relying on biometric liveness detection alone for identity verification, without document verification?

a) Biometric data is protected personal data under GDPR, creating privacy risk b) Liveness detection cannot confirm that the live face matches the person who owns the claimed identity — only document comparison provides this link c) Biometric verification is not accepted by most financial regulators as a valid KYC method d) Liveness detection requires expensive specialist hardware that most institutions cannot afford

10. KYC "triggering events" are significant because:

a) They trigger automatic SAR filing without human review b) They represent circumstances that may indicate a change in the customer's risk profile, requiring off-cycle KYC review c) They constitute grounds for immediately closing a customer's account d) They trigger a mandatory report to the FCA or FinCEN

11. "Thin-file customers" in the context of eIDV refers to:

a) Customers who provide only minimal information during application b) Customers with very little data in public records and credit bureau databases, making eIDV verification difficult c) Customers whose identity documents are thinner than standard specifications d) Customers applying for products with low credit limits

12. The average 19-day onboarding time at Verdant Bank (pre-automation) primarily resulted from:

a) FCA requirements that all applications be reviewed within a specific timeframe b) The capacity constraint of manual review: a limited team could review only ~25 applications per day, creating a queue c) Verdant's deliberate policy of conducting extensive background checks before approving applications d) The time required for third-party verification services to respond to queries

13. In the KYC orchestration architecture, which factor would most likely trigger routing to the Enhanced Due Diligence pathway?

a) The customer has an unusual first name b) The customer is applying via a mobile app rather than a desktop browser c) The customer is a politically exposed person (PEP) d) The customer's application was submitted at an unusual time of day

14–15. True/False

14. KYC is a one-time verification process that is completed at account opening and does not require updating unless the customer provides new information. (True / False)

15. A deepfake video, if sufficiently realistic, could potentially defeat some biometric liveness detection systems. (True / False)

16–20. Short answer / applied

16. A digital bank is onboarding a 19-year-old first-time account holder who has no credit history, is not on the electoral roll (just moved to the UK from abroad), and is providing a foreign passport as their only identity document. Which combination of verification methods would you recommend, and why?

17. Maya implemented an automated KYC platform that handles 73% of applications without human review. What criteria should determine which applications are routed to human review, rather than approved automatically?

18. A customer's KYC record shows their address as a residential property in London. A transaction monitoring alert notes a series of large incoming wire transfers from a company registered in the British Virgin Islands. Is this a KYC triggering event? What KYC action, if any, would be appropriate?

19. A compliance officer argues that biometric verification is unnecessary if document verification is already in place — "the document proves who they are." What is wrong with this argument?

20. Priya is advising a Caribbean money service business that onboards customers primarily in-person at agent locations, with limited digital infrastructure. The business cannot afford a sophisticated KYC orchestration platform. What is a proportionate, regulator-acceptable KYC approach for this business?