Log in
Sign up
Golden has been acquired by ComplyAdvantage.Read about it here ⟶
Know your customer (KYC)

Know your customer (KYC)

Know Your Customer (KYC) is the process of identifying and verifying customers to assess risk, potential corruption, and suitability for products.

OverviewStructured DataIssuesContributorsActivity
Overview

Know Your Customer (KYC) is a process of identifying and verifying customers, also sometimes referred to as customer due diligence, to help a financial institution understand and verify who a customer or client is and what risks doing business with the individual brings. The process is a standard due diligence process used by various financial institutions and other organizations, such as banks, credit unions, payment companies, insurance agencies, regulated industries (such as gambling facilities), cryptocurrency exchanges, digital wallet providers, asset management firms, real estate agencies, trust formation services, and dealers of high-value goods.

In many regions around the world, KYC has become a standard requirement from industry regulatory bodies. These regulations are part of a larger Anti-Money Laundering (AML) regulation, which seeks to protect financial institutions and customers of those institutions from fraud, liability, and association with money laundering. Due to many of these regulations, not complying with KYC requirements, or engaging in less than adequate KYC processes, extensive fines can result for the organization. KYC compliance and requirements depend on the region in which business is conducted. The KYC process is intended to prevent businesses from engaging with persons associated with terrorism, corruption, or money laundering, while fighting online fraud and financial crime, such as money laundering, corruption, and terrorist financing.

KYC documents

In various regions and regulatory schemes, documents are required by a customer to prove their identity. These are typically government-issued identification documents, such as a driver's license, birth certificate, social security card, or passport. Often, these documents will be supported by additional documents, especially to confirm a customer's address or employment, which can be done with documents such as bills from utility providers or paychecks, among others.

KYC regulated companies

Depending on the region, the companies that fall under this category and the expectations placed on them by those regulations will be different. However, generally, most regulations cover these various institutions in some way.

Companies required to comply with KYC regulation

Company type
Responsibilities

Asset management firms

Asset management firms often handle massive amounts of money for clients, and KYC is required for ensuring new clients looking to open an account or make a substantial investment are thoroughly vetted before those transactions are allowed to take place. It is especially important for these firms to ensure potential customers aren't listed on international watchlists or politically exposed persons (PEP) list.

Banks

For banks, KYC tends to be focused on risk management, where banks know more about their customers and can thereby reduce the risk of fraudulent transactions, reduce the likelihood of their system being used to commit financial crimes, and reduce the potential for non-compliance with regulations. These extend beyond traditional retail banks to include financial technology and "neobanks" that operate primarily or entirely online.

Credit unions

Similar to banks, credit unions that have a digital footprint are required to use KYC solutions capable of bridging the physical/digital divide to ensure clients identities are confirmed, and their account details are secure.

Cryptocurrency exchanges

Cryptocurrency exchanges have been known to be unregulated, but that has changed, and they are required to implement KYC program to reduce the risk for fraud and deter potential money laundering. The anonymous nature of many cryptocurrency platforms, KYC often focuses more on verifying trusted ID addresses, evaluating wathchlists, and ensure customers provide complete documentation regarding the source of funds.

Dealers of high-value goods

Especially with the advent of digital store fronts and worldwide shipping, dealers of high-value goods and customers can buy and sell goods that are often rare or irreplacable without meeting, which attracts attention from legitimate and illegitimate buyers alike, requiring effective KYC processes to ensure regulatory compliance.

Components of a Know Your Customer program

Know your customer (KYC) verification programs do not look the same at every level of a business nor in every industry required to engage in the process. Regulations vary widely by region as well. And in many cases, regulations can be vague to prevent companies from implementing the minimum processes necessary to stay compliant, instead favoring for vague language to suggest companies be as stringent as possible in their processes to avoid fines or potential exposure to fraud or crime. The general approach to KYC, regardless of jurisdiction or industry, involves three main risk-based approaches: customer identification programs (CIP), customer due diligence (CDD), and continuous monitoring.

Customer Identification Program (CIP)

A Customer Identification Program (CIP) is, as the name suggests, a program for verifying the identity of a customer. How this is achieved varies. At a minimum, most organizations collect and verify a few pieces of identifying information, generally including the individual's name, date of birth, address, and identification number. However, this can include an additional layer of verification, such as using a selfie photo to compare to government-issued ID, running personally identifiable information (PII) through authoritative databases, and assessing other signals, such as IP addresses. This should be enough information for an organization to deem an individual or situation to be of greater or lesser risk. And it allows for leeway in the KYC program based on the industry's use cases, risk tolerances, or customer type, among others. Some other factors to consider for KYC include the following:

  • How KYC is performed—generally split between remote or in-person. Remote, also known as eKYC, is often faster and more convenient, especially as larger portions of populations have electronic identities. Further, what information is collected to verify identities can vary. For example, an organization can choose to select driver's licenses, passports, SSN cards, or utility bills; but they can also opt to add biometric data (such as a selfie) with other additional signals to ensure verification.
  • When KYC is performed—or how often an organization wishes or is required to run sanctions and adverse media lists against actions that merit KYC; with common actions, including creating an account, withdrawing money, or changing account details, among others.
Customer Due Diligence (CDD)

Similar to CIP, Customer Due Diligence involves assessing customer risk, and in some regions, is strictly enforced for financial institutions to follow. Often, it involves four requirements: identify and verify customer identities, identify and verify identities of beneficial owners (anyone who has 25 percent or more) of companies opening an account, understand customer relationships to develop risk profiles, and continuously monitor customers and transactions. Depending on the risk level presented by a customer or situation, organizations can use a different level of CDD, with there being three common levels:

  • Simplified due diligence—this is often performed in situations that are considered to be at low risk for fraud, money laundering, or terrorism financing.
  • Basic due diligence—this is often considered the baseline for customers or situations that involve collecting and verifying basic information to decrease risk.
  • Enhanced due diligence—this is used to collect additional information for higher-risk individuals and situations, such as high-net-worth individuals or politically exposed persons (PEP).

Having different levels of due diligence can be helpful for organizations, as it means risky customers do not have to automatically be turned away, and low-risk customers do not have to go through a tedious and time-consuming process (which can turn those customers away). Instead, a progressive risk segmentation system can be used to modify the user's experience based on the signals received during the verification process.

Continuous monitoring

As the name implies, continuous monitoring is the ongoing monitoring of individuals and transactions over time and reporting anything suspicious to the appropriate reporting authority of the given jurisdiction. Some actions that can trigger alarms for institutions include unexplainable activity spikes, activity in areas known for money laundering and other financial crimes, and new inclusions on PEP, sanctions, and adverse media lists.

Corporate Know Your Customer

Also known as Know Your Business (KYB), corporate KYC is the process of identifying the business a financial institution intends to work with and the people behind the business. The process involved in corporate KYC is similar to the standard KYC process and includes the following:

  • Verifying the business—where a financial institution collects and verifies corporate information such as the business name, address, registration number, and other relevant business registration documents.
  • Identifying UBOs—where ultimate beneficial owners (UBOs), defined as any individual who controls a business or has a 25 percent or greater ownership stake, are identified as potential risk factors.
  • Performing KYC on the business's UBOs —the final step, where a financial institution performs in-depth KYC checks on anyone previously found to be a UBO.
Anti-Money Laundering and Know Your Customer

Anti-Money Laundering (AML) regulations offer a framework used by governments, international regulatory bodies, and businesses to prevent both money laundering by criminal organizations and the funding of terrorist organizations. AML programs tend to be built upon five pillars:

  • A designated compliance officer
  • An internal AML policy
  • Employees trained in said policy
  • Tests and audits on the program or policy
  • The implementation of risk-based procedures for conducting ongoing customer due diligence

To comply with AML regulations, businesses are required to run watchlists and sanction reports continuously on individuals to ensure they are not associated with lists or groups they are not supposed to serve. Also, individuals already onboarded with a financial institution can be monitored to determine that they are not added to such a list and enable the institution to take action if they are.

KYC and AML are closely related, as KYC is often considered to be a part of an overall AML strategy but falls under the AML umbrella of actions. Further, KYC is often grouped, for this reason, with AML strategies, especially as KYC allows an institution to be continuously monitoring and verifying individuals, which can help filter out individuals linked with money laundering and financing terrorism. Further, AML and KYC strategies can help a financial institution stay compliant with local regulations and improve its business reputation with regulators and with its customers. These strategies also help these institutions keep those same customers safe from fraud and other financial crimes.

Timeline

No Timeline data yet.

Companies in this industry

Further Resources

Title
Author
Link
Type
Date
No Further Resources data yet.

References

Find more entities like Know your customer (KYC)

Use the Golden Query Tool to find similar entities by any field in the Knowledge Graph, including industry, location, and more.
Open Query Tool
Access by API
Golden Query Tool
Golden logo