What is Know Your Customer (KYC)?

Know Your Customer (KYC) is the process of gathering suitable identifying information about customers in order to build their risk profiles.

What is Know Your Customer (KYC)?

Know Your Customer (KYC) is the process of gathering suitable identifying information about customers in order to build their risk profiles.

Anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations rely on financial services providers being able to identify their customers (and the nature of their business) so that they can understand the criminal risk that they present. The process of gathering suitable identifying information about customers in order to build their risk profiles is known as Know Your Customer (KYC) and is a foundation of AML/CFT compliance in jurisdictions around the world.

Given its importance in the fight against financial crime, service providers should understand KYC, and how to implement it effectively as part of their AML/CFT compliance solution.

Why is KYC important?

Under Financial Action Task Force (FATF) guidelines, firms must take a risk-based approach to AML/CFT, assessing the level of risk that individual customers present and then deploying a proportionate AML response. In order to perform effective risk assessments, however, firms must first establish and verify who they are doing business with, and what that business entails, by performing Know Your Customer checks. 

KYC is particularly important in the financial sector because many illegal activities are predicated on criminals concealing their identities in order to avoid the scrutiny of authorities. In an increasingly complex financial landscape, where an increasing number of services are accessed online, criminals can engage with service providers with an unprecedented degree of anonymity and conceal the source of their wealth more easily. In this context, the KYC process must reflect the sophistication of criminal methodologies and enable companies to comply with their regulatory obligations without imposing too great an administrative burden.

Implementation of effective KYC, and the obligations that it entails, is a requirement of financial regulations in jurisdictions around the world – including the United States’ Bank Secrecy Act and Patriot Act, the United Kingdom’s Money Laundering Regulations, and the European Union’s Anti-Money Laundering Directives.

What does KYC involve?

Broadly, the KYC process requires financial service companies to establish and verify the identity of their customers and understand the nature of their business. Practically, this involves the following measures: 

Customer due diligence

The due diligence process is a cornerstone of KYC and requires companies to obtain and verify a range of fundamental information. This includes:

  • Customer names
  • Addresses
  • Dates of birth
  • Employment status
  • Sources of wealth
  • Beneficial ownership of companies

Companies must perform due diligence checks at onboarding and verify the information by having customers submit copies of official records – such as birth certificates, driving licenses, passports, and business incorporation documents.

Digital identification

The KYC process may be complicated for online financial service providers since criminals often find it easier to submit false or fraudulent identifying information over the internet. In this context, companies should seek to deploy more rigorous due diligence measures and integrate digital identification procedures, including biometric checks such as photographs, voice prints, or fingerprint scans, as means to positively identify customers.

Ongoing monitoring

KYC should not be considered a one-off box-checking activity to be performed during onboarding, but an ongoing process throughout a business relationship. As customers’ risk profiles change, companies must be informed of the new level of risk they present as quickly as possible.

With that in mind, KYC should involve an ongoing customer monitoring solution in order to detect activities that do not match established risk profiles. These activities include:

  • Unusual frequencies or volumes of transaction.
  • Transactions with high risk countries.
  • Transactions with persons on international sanctions lists.

Ongoing KYC measures should include not only transaction monitoring but checks for customers’ involvement in adverse media stories which may indicate involvement in criminal activity. Similarly, companies should check for changes in customers’ political status since elected officials, known as politically exposed persons (PEP), along with their relatives and associates, present an elevated money laundering risk and terrorism financing risk.

Find out how CUBE helps you manage KYC regulations.


Related resources

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

What is Executive Order 14028 and who must comply with the US regulation? And will it affect the cyb...

What is the US’ Community Reinvestment Act?

What is the US’ Community Reinvestment Act?

Are you aware of the latest updates to the Community Reinvestment Act in the US? Learn more about fi...

What regulations are there for the payment services industry?

What regulations are there for the payment services industry?

Discover the regulations shaping payment services, from PSD2 to AMLD6. Stay compliant with CUBE's in...

What is the CISO (Chief Information Security Officer) responsible for?

What is the CISO (Chief Information Security Officer) responsible for?

CISO's face a number of challenges with regulations constantly changing. Learn more about some of th...

View More