What is KYC?

KYC means “Know Your Customer.” It describes the process of verifying the identity of (new) customers. The KYC process is performed to prevent illegal activities such as money laundering or fraud, in return protecting both company and client.

Download our KYC ebook for more insights
The extensive use of new technologies and the internet makes it necessary to define standards such as KYC that help fight online fraud e.g. money laundering.

Why does KYC matter?

The extensive use of new technologies and the internet makes it necessary to define standards that help fight online fraud and financial crime e.g.

The KYC procedure enables companies to identify and verify the identity of a customer and to ensure that the customer is actually who they say they are. As part of Due Diligence, the aim of the KYC check is to prevent business relationships from being established with persons who are associated with terrorism, corruption, or money laundering, among other things.

KYC regulations and legal foundations

The central legal basis for the Know Your Customer principle and the KYC checks and verifications in Europe and UK as well as USA are mainly the following:

  • the 3rd EU Money Laundering Directive (Article 8)
  • the 4th EU Money Laundering Directive
  • the 5th EU Money Laundering Directive in combination with eIDAS
  • the 6th EU Money Laundering Directive
  • the UK Bribery Act
  • the UK Modern Slavery Act
  • The Customer Identification Program (CIP) as part of the USA Patriot Act

Complementing EU directives, the regulations by the Financial Action Task Force (FATF) provide a legal framework for Know Your Customer activities in European markets and the UK.

KYC regulations are relevant to almost all institutions that deal with money.

Who needs KYC?

When a business onboards a new client, or when a current client acquires a regulated product, standard KYC procedures generally apply. KYC regulations are relevant to almost all institutions that deal with money (i.e., pretty much any business), including especially banks and financial services providers:

  • Banks
  • Credit unions
  • Asset management firms and broker-dealers
  • Financial technology apps (fintech apps), depending on the activities they engage in
  • Private lenders and lending platforms

Criminal activity in this sector can affect not just the financial institution involved but also other customers, and wider markets or economies.  

However, a KYC check is not only required for companies in the financial sector, but rather for organizations in all industries. Even for Politically Exposed Persons (PEPs) who have relationships with politicians or government agencies, Customer Due Diligence (CDD) must be conducted as part of the KYC process due to the increased risk of corruption and bribery.

What are the KYC requirements?

The basic requirements for the KYC process are specified by law and regulations. The exact KYC requirements (e.g., KYC documents) vary depending on the industry, with financial services providers and banks generally having to implement the most strict KYC processes.

How does the KYC process work?

As the KYC process has been digitized, the KYC verification is carried out through different methods or technologies (e.g., NFC, AI), security features (e.g., hologram), and various security checks (e.g., biometrics, liveness). It can comprise of the following stages or processes:

Document Verification – The government-issued ID document of the individual is verified for forgery or any other issue.

Face Verification / Liveness Check – To identify any spoof attacks on time, face verification checks are performed to ensure the live presence of the customer.

Address Verification – Proof of Address (POA) is obtained that verifies the address on government-issued identity documents against POA.

The advantages of a robust KYC process

In an increasingly global economy, financial institutions are more vulnerable to illicit criminal activities. Know Your Customer (KYC) standards are designed to protect financial institutions against fraud, corruption, money laundering, and terrorist financing.

Rapid availability.
After a successful KYC check, customers usually receive immediate access to products and services. Any delays or difficulties in concluding a purchase or contract between companies and users can be significantly reduced through digital KYC onboarding processes, thus improving customer experience.

Anywhere, anytime.
Users can go through KYC verification at any time and from anywhere through automated remote solutions. As a rule, digital KYC identification solutions impress with high user-friendliness.

Companies and service providers benefit from higher conversion rates and optimized customer acquisition costs, especially with AI-driven and automated KYC solutions.

Compliant with regulations.
KYC processes are usually modular and can therefore be supplemented with various security checks and add-ons (e.g., QES, 1-cent bank transfer) for additional security and regulatory compliance.

Reputable and trustworthy.
Not only will complying with KYC regulations reduce the chance of penalties, it will also avoid any reputational damage. Customers will trust in a financial institution that takes KYC seriously and in turn establishes credibility.

All the important FAQ
about KYC

What are the requirements for KYC?

Requirements vary in different jurisdictions. However, account owners generally must provide a government-issued ID as proof of identity. Some institutions require two forms of ID, such as a driver’s license, birth certificate, social security card, or passport. In addition to confirming identity, the address must be validated. This can be done with proof of ID or with an accompanying document verifying the address on record.

How much does KYC cost?

Financial institutions have reported spending $60 million annually, based on research conducted by Consult Hyperion in 2017. Some are even spending up to $500 million each year on KYC, according to a 2016 Thomson Reuters survey

What triggers KYC?

Triggers for KYC can include:

Unusual transaction activity 
New information or changes to the client
Change in the client’s occupation
Change in the nature of a client’s business
Adding new parties to an account

What are KYC documents?

The two basic mandatory KYC documents are proof of identity with a photograph and a proof of address. These are required to establish one’s identity at the time of opening an account, such as a savings account, fixed deposit, mutual fund, and insurance.

What’s the difference between AML and KYC?

Confusion often arises regarding the difference between KYC and AML. They do refer to some of the same requirements, but essentially KYC is a subset of all AML requirements. AML refers to all regulatory processes in place to control money laundering, fraud and financial crime. KYC is the risk-based approach to customer identification and verification that forms part of AML requirements.  

Another way to explain the difference between AML (Anti-Money Laundering) and KYC (Know Your Customer) is that AML refers to the framework of legislation and regulation that financial institutions must follow to prevent money laundering. KYC is more specific and relates to verifying a customer’s identity, which is a key part of the overall AML framework. However, AML and KYC are often used interchangeably.

Are IDnow’s KYC solutions compliant with my regulation?

IDnow offers the right solution for many markets and use cases. In addition to the BaFin from Germany and the FMA from Austria, IDnow also provides compliant solutions for all other EU markets.

What is identity verification KYC?

The process of KYC Identity Verification is performed by businesses or conducted via commissioned third-party service providers. The goal is to verify the identity of customers to gauge their legitimacy and credibility while adhering to the regulatory requirements in the given country.

Why is KYC important?

Especially financial institutions such as traditional banks, fintech, neo-banks, but also cryptocurrency platforms are required by law to conduct KYC processes before doing business with new clients. KYC processes help to clarify the legitimacy of a customer’s identity and spot potential risk factors (e.g. Politically Exposed Persons), fraudulent incidences (e.g. money laundering, identity theft), and other financial crimes (e.g. terrorism financing).

Furthermore, Money Laundering remains a widespread problem globally. According to the United Nations, it accounts for 2% to 5% of global GDP (around US$800 billion to US$2 trillion). Just in the UK, the National Crime Agency reports over £100 billion of laundered money affecting the economy annually. Thus, through KYC processes, banks are restricting the possibilities for criminal and terrorist groups to operate.

What kind of KYC procedures exist?

The different Know Your Customer (KYC) identity verification procedures are usually divided into the following areas:

Customer Identification Program (CIP): The customer is who they say they are

Customer Due Diligence (CDD): Assess the customer’s level of risk, including reviewing the beneficial owners of a company

Continuous monitoring: Check client transaction patterns and report suspicious activity on an ongoing basis

What is KYC in banking?

The KYC process in banking usually involves collecting customer information such as name, address, date of birth, and government-issued ID number. KYC helps banks to comply with Anti-Money Laundering regulations and prevent fraud.

The aim of KYC is to protect both the bank and the wider financial markets from illegal activity. This includes involvement in fraud, money laundering, corruption or bribery.

What are the three components of KYC?  

KYC regulations were first introduced in the 1990s by the Financial Action Task Force (FATF), and they have evolved in scope since then. You will sometimes hear references to the three components (or pillars) of KYC. This refers to three elements required for a full KYC program. The technical implementation of KYC processes is left to the financial institutions, but these components provide a KYC framework.

The first component is a Customer Identification Program (CIP). This requires any customer to have their identity verified – both individuals and corporations. CIP should establish that the customer is who they claim to be. For corporations, this involves beneficial owners. 
The second component is Customer Due Diligence (CDD). This involves the collection of further customer data to establish a risk profile. Higher-risk customers require enhanced checks. 
The third component is continuous monitoring. KYC and AML are not just about one-off checks on a customer. Customer activity and status need to be regularly checked throughout the relationship. The extent and frequency of ongoing monitoring will depend on customers’ risk profiles, but it could include monitoring transactions, sanction lists, and media coverage. 

Who regulates KYC? 

FATF provides regularly updated guidance for both KYC and AML, but it is up to individual countries’ governments to implement them into law for banks to comply with. A government regulator then oversees this. 

Over 190 countries follow FATF guidance, with KYC and AML regulations enforced by national financial regulators. KYC is enacted into law in the US through the Patriot Act 2001 and controlled through the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). 

In Europe, KYC and AML are governed by the AMLD regulations (first issued and 1991 and most recently updated in 2021 with 6AMLD) and the eIDAS Regulations. The UK has similar regulation to Europe, enacted via the Proceeds of Crime Act 2002 and the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019).

What is SDD and EDD? 

Customer Due Diligence (CDD) has separate tiers reflecting the level of checks that should be carried out  – Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD). SDD is used for customers and accounts at low risk of money-laundering involvement and involves simpler identity checks.

EDD is used when a customer is determined to pose a higher risk of money laundering or terrorist financing activity. Extra checks must be carried out to more fully understand activity, including transaction monitoring and checking of sanctions lists.  

Where is KYC for financial institutions used?

Account opening
Identification of ultimate beneficial owners
Loan or credit application
KYC refresh dependent upon risk level
Ongoing sanction and PEP alerting

What does IDnow have to offer your KYC process?

IDnow is a global leader in the identity verification industry and has been involved with KYC processes since 2014. It has launched AutoIdent as an advanced, comprehensive platform for identity verification. This offers automated verification, supported by biometrics and artificial intelligence, as well as manual video-based verification.

Further solutions have been added to offer increased functionality – all within the single platform. eSign supports Qualified Electronic Signatures for signing contracts and applications. eID is an AML-compliant solution for reading NFC equipped cards. So far, this covers German-issued identity cards, but as it supports the global ICAO 9303 standard, this can be expanded. 

What do the Know Your Customer Rule 2090 and FINRA Rule 2111 mean?

The Know Your Customer Rule 2090 and FINRA Rule 2111 are both regulations put in place by the Financial Industry Regulatory Authority (FINRA). The Know Your Customer Rule 2090 requires firms to take reasonable steps to gather information about their customers’ investment profile, including their risk tolerance and investment objectives. FINRA Rule 2111, on the other hand, deals with the suitability of investments for customers and requires firms to have a reasonable basis for recommending any securities products. Together, these rules help to protect investors by ensuring that they are only being recommended products that are suitable for their individual needs.

How can I get KYC?

In order to get KYC, you will generally need to reach out to the company or institution in question directly. Many banks, for example, have online KYC forms or a KYC process that you can complete online with minimal effort. Additionally, there may be KYC requirements involved in opening certain types of accounts or receiving certain types of services. Overall, getting KYC is a relatively straightforward process that can help to ensure your safety and security when interacting with any type of financial institution.

Who can certify KYC documents?

In order to certify KYC documents, the person must be authorized to do so by local regulations. Typically, this responsibility rests with financial institutions and government agencies, though in some cases, a knowledgeable third party like IDnow may also be able to provide certification services. Regardless of who is tasked with certifying KYC documents, it is essential that they have the necessary skills and experience to assess the authenticity of those documents accurately. This involves reviewing the individual’s identity information and checking for any signs of forgery or tampering. Only once the document has been certified can businesses feel confident in their ability to comply with KYC requirements and fulfill legal obligations when conducting transactions involving individuals or entities from other countries.

What is KYC verification?

KYC verification refers to the legal requirement to verify the identify of your customers. This is a mandatory step when opening accounts in many industries, such as financial services. KYC verification is also conducted periodically.

IDnow & KYC

How IDnow helps with KYC processes

Effective Know Your Customer processes are the backbone of any successful compliance and risk management program, and the demands of meeting KYC obligations are intensifying.


KYC in banking

Learn more about KYC in our ebook how IDnow can help benefit the financial sector with its KYC solutions.
Download now

Our Products


Digital verification via video-chat, backed by AI-technology. Our AML-compliant solution meets high security requirements.


Automated, AI-powered identity verification for users all over the world – anytime, anywhere. And AML-compliant.


Our automated instant identity verification is based on Artificial Intelligence and Machine Learning. It’s simple, secure, and available anywhere, at any time.

IDCheck.io PVID

Identity verification is in the process of being certified by the ANSSI and complies with the Anti-Money Laundering Directives (AML-CFT) and meets high security requirements.


NFC-based solution for the electronic German identification card. Our identity verification solution with easy data scanning via smartphone. AML-compliant.