In the previous article, “Why KYC Is No Longer Enough“, we argued that traditional KYC, however well-executed, is structurally limited to a single moment in time. It answered the question “Who is this customer?” at onboarding, but it cannot answer the question that matters most in today’s environment: “Can we still trust this customer, right now?”
The move from KYC to TYC (Trust Your Customer) is the answer to that gap. But what does it actually change? And why does it matter in practice? This article sets both approaches side by side to make the distinction concrete.
KYC Strengths and Limitations: What It Can and Cannot Do
To be clear: KYC is not broken. It serves a critical function. It establishes a verified identity at the point of entry. It screens against sanctions and PEP lists. It creates a documented record of who a customer claimed to be, and whether that claim held up at onboarding.
Think of KYC as a photograph. It captures a moment with precision. It is verifiable, reproducible, and legally meaningful.
But a photograph cannot tell you what happened after the shutter clicked. It cannot show you that the person in the image has since handed their phone to someone else. It cannot reveal the risks that emerged between the moment of capture and today.
That is the structural limitation KYC shares with any point-in-time control: it is accurate about the past, but blind to the present. For financial institutions and digital businesses operating in an environment where fraud is increasingly dynamic and personalised, that blind spot is no longer acceptable.
How Trust Your Customer (TYC) Redefines Identity Verification
Trust Your Customer reframes identity not as a fixed attribute to be verified once, but as a dynamic relationship to be maintained continuously.
Where KYC treats the onboarding check as the conclusion of the identity process, TYC treats it as the beginning. The customer has been verified. Now the work of sustaining trust begins.
This means that identity assurance is no longer tied to a single event. It is recalibrated in response to signals, behaviours, and risk indicators that emerge across the full customer lifecycle: from onboarding, through every subsequent interaction, to offboarding.
The shift is not simply technological. It is a fundamental change in how trust is conceptualised, managed, and demonstrated to regulators. TYC does not replace the compliance foundation that KYC provides. It extends it into a living, adaptive layer of assurance that reflects the actual risk environment organisations operate in today.
KYC Questions vs TYC Questions: The Core Distinction
The clearest way to understand the difference is to look at the questions each approach is designed to answer.
KYC asks: “Is this person who they claim to be right now, at the point of onboarding?”
TYC asks: “Do we still have enough evidence to trust this action, at this moment, on this channel, with this level of risk?”
That second question is richer, more contextual, and far better suited to the realities of modern digital interactions. It accounts for the fact that the same customer may present very different risk profiles depending on what they are doing, where they are doing it, and what signals surround that action.
This also has direct implications for how organisations structure their compliance and fraud teams. Under a KYC model, identity is largely the domain of the onboarding function. Under TYC, it becomes a shared responsibility across the full customer journey, requiring alignment between compliance, fraud prevention, product, and operations.
KYC vs TYC in Practice: Real-World Examples
The distinction between KYC and TYC becomes most visible at specific moments in the customer journey, moments where a static model leaves organisations exposed, and a dynamic model provides genuine protection.
Device change: A customer logs in from an unrecognised device in an unfamiliar location. Under a KYC model, this triggers no additional scrutiny as the account was verified at onboarding. Under TYC, this signal is detected, contextualised, and may trigger a targeted step-up verification.
Unusual transaction: A transfer significantly larger than the customer’s historical pattern is initiated. KYC has no mechanism to flag this in real time. TYC treats it as a risk signal and routes it accordingly.
Beneficiary update: A new payee is added, a common vector in authorised push payment (APP) fraud. TYC identifies this as a high-risk moment and applies appropriate assurance measures. KYC, by design, does not.
Account recovery: A customer requests a password reset and account access via a new channel. Under KYC, this is an administrative event. Under TYC, it is a potential identity risk moment requiring re-verification.
In each of these cases, the difference is not about applying more friction universally. It is about applying the right level of assurance at the right moment, in a way that is proportionate, explainable, and defensible to regulators.
Continuous Identity Verification: The Architecture of TYC
Moving from KYC to TYC is not a replacement. It is an evolution. KYC remains the essential foundation. TYC extends that foundation into a continuous, adaptive layer of identity assurance that reflects the actual risk environment organisations operate in.
The result is a model that is better for compliance, better for fraud prevention, and critically better for customers. When trust is maintained intelligently, the vast majority of customers experience seamless continuity. Friction is reserved for the moments when it genuinely matters. That balance is what separates a well-designed TYC approach from a blunt, one-size-fits-all verification process.
Organisations that make this shift are not simply improving their fraud controls. They are building a more resilient, more trustworthy relationship with their customers, and a more defensible posture with their regulators.
In our next article, “What Is Trust Your Customer (TYC)?“, we go deeper: breaking down exactly how TYC is structured, what its pillars are, and what it looks like in practice.
By
Mallaury Marie
Campaign Manager at IDnow
Connect with Mallaury on LinkedIn
