What is KYC?

Requirements vary in different jurisdictions. However, account owners generally must provide a government-issued ID as proof of identity. Some institutions require two forms of ID, such as a driver’s license, birth certificate, social security card, or passport. In addition to confirming identity, the address must be validated. This can be done with proof of ID or with an accompanying document verifying the address on record.

Financial institutions have reported spending $60 million annually, based on research conducted by Consult Hyperion in 2017. Some are even spending up to $500 million each year on KYC, according to a 2016 Thomson Reuters survey. 

Triggers for KYC can include:

Unusual transaction activity 
New information or changes to the client
Change in the client’s occupation
Change in the nature of a client’s business
Adding new parties to an account

The two basic mandatory KYC documents are proof of identity with a photograph and a proof of address. These are required to establish one’s identity at the time of opening an account, such as a savings account, fixed deposit, mutual fund, and insurance.

Confusion often arises regarding the difference between KYC and AML. They do refer to some of the same requirements, but essentially KYC is a subset of all AML requirements. AML refers to all regulatory processes in place to control money laundering, fraud and financial crime. KYC is the risk-based approach to customer identification and verification that forms part of AML requirements.  

Another way to explain the difference between AML (Anti-Money Laundering) and KYC (Know Your Customer) is that AML refers to the framework of legislation and regulation that financial institutions must follow to prevent money laundering. KYC is more specific and relates to verifying a customer’s identity, which is a key part of the overall AML framework. However, AML and KYC are often used interchangeably.

IDnow offers the right solution for many markets and use cases. In addition to the BaFin from Germany and the FMA from Austria, IDnow also provides compliant solutions for all other EU markets.

The process of KYC Identity Verification is performed by businesses or conducted via commissioned third-party service providers. The goal is to verify the identity of customers to gauge their legitimacy and credibility while adhering to the regulatory requirements in the given country.

Especially financial institutions such as traditional banks, fintech, neo-banks, but also cryptocurrency platforms are required by law to conduct KYC processes before doing business with new clients. KYC processes help to clarify the legitimacy of a customer’s identity and spot potential risk factors (e.g. Politically Exposed Persons), fraudulent incidences (e.g. money laundering, identity theft), and other financial crimes (e.g. terrorism financing).

Furthermore, Money Laundering remains a widespread problem globally. According to the United Nations, it accounts for 2% to 5% of global GDP (around US$800 billion to US$2 trillion). Just in the UK, the National Crime Agency reports over £100 billion of laundered money affecting the economy annually. Thus, through KYC processes, banks are restricting the possibilities for criminal and terrorist groups to operate.

The different Know Your Customer (KYC) identity verification procedures are usually divided into the following areas:

Customer Identification Program (CIP): The customer is who they say they are

Customer Due Diligence (CDD): Assess the customer’s level of risk, including reviewing the beneficial owners of a company

Continuous monitoring: Check client transaction patterns and report suspicious activity on an ongoing basis

KYC stands for “Know your Customer“. KYC is a process that banks and financial institutions use to verify the identity of customers. It takes place whilst onboarding a new customer and also has an ongoing element throughout the customer relationship. KYC is about knowing and verifying a customer’s identity and financial activities, and establishing the risk they pose. 

The KYC process in banking usually involves collecting customer information such as name, address, date of birth, and government-issued ID number. KYC helps banks to comply with Anti-Money Laundering regulations and prevent fraud.

The aim of KYC is to protect both the bank and the wider financial markets from illegal activity. This includes involvement in fraud, money laundering, corruption or bribery. 

KYC regulations were first introduced in the 1990s by the Financial Action Task Force (FATF), and they have evolved in scope since then. You will sometimes hear references to the three components (or pillars) of KYC. This refers to three elements required for a full KYC program. The technical implementation of KYC processes is left to the financial institutions, but these components provide a KYC framework.

The first component is a Customer Identification Program (CIP). This requires any customer to have their identity verified – both individuals and corporations. CIP should establish that the customer is who they claim to be. For corporations, this involves beneficial owners. 
 
The second component is Customer Due Diligence (CDD). This involves the collection of further customer data to establish a risk profile. Higher-risk customers require enhanced checks. 
 
The third component is continuous monitoring. KYC and AML are not just about one-off checks on a customer. Customer activity and status need to be regularly checked throughout the relationship. The extent and frequency of ongoing monitoring will depend on customers’ risk profiles, but it could include monitoring transactions, sanction lists, and media coverage. 

FATF provides regularly updated guidance for both KYC and AML, but it is up to individual countries’ governments to implement them into law for banks to comply with. A government regulator then oversees this. 

Over 190 countries follow FATF guidance, with KYC and AML regulations enforced by national financial regulators. KYC is enacted into law in the US through the Patriot Act 2001 and controlled through the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). 

In Europe, KYC and AML are governed by the AMLD regulations (first issued and 1991 and most recently updated in 2021 with 6AMLD) and the eIDAS Regulations. The UK has similar regulation to Europe, enacted via the Proceeds of Crime Act 2002 and the Electronic Identification and Trust Services for Electronic Transactions Regulations (2019).

Customer Due Diligence (CDD) has separate tiers reflecting the level of checks that should be carried out  – Simplified Due Diligence (SDD) and Enhanced Due Diligence (EDD). SDD is used for customers and accounts at low risk of money-laundering involvement and involves simpler identity checks.

EDD is used when a customer is determined to pose a higher risk of money laundering or terrorist financing activity. Extra checks must be carried out to more fully understand activity, including transaction monitoring and checking of sanctions lists.  

Account opening
Identification of ultimate beneficial owners
Loan or credit application
KYC refresh dependent upon risk level
Ongoing sanction and PEP alerting

IDnow is a global leader in the identity verification industry and has been involved with KYC processes since 2014. It has launched AutoIdent as an advanced, comprehensive platform for identity verification. This offers automated verification, supported by biometrics and artificial intelligence, as well as manual video-based verification.

Further solutions have been added to offer increased functionality – all within the single platform. eSign supports Qualified Electronic Signatures for signing contracts and applications. eID is an AML-compliant solution for reading NFC equipped cards. So far, this covers German-issued identity cards, but as it supports the global ICAO 9303 standard, this can be expanded. 

The Know Your Customer Rule 2090 and FINRA Rule 2111 are both regulations put in place by the Financial Industry Regulatory Authority (FINRA). The Know Your Customer Rule 2090 requires firms to take reasonable steps to gather information about their customers’ investment profile, including their risk tolerance and investment objectives. FINRA Rule 2111, on the other hand, deals with the suitability of investments for customers and requires firms to have a reasonable basis for recommending any securities products. Together, these rules help to protect investors by ensuring that they are only being recommended products that are suitable for their individual needs.

In order to get KYC, you will generally need to reach out to the company or institution in question directly. Many banks, for example, have online KYC forms or a KYC process that you can complete online with minimal effort. Additionally, there may be KYC requirements involved in opening certain types of accounts or receiving certain types of services. Overall, getting KYC is a relatively straightforward process that can help to ensure your safety and security when interacting with any type of financial institution.

In order to certify KYC documents, the person must be authorized to do so by local regulations. Typically, this responsibility rests with financial institutions and government agencies, though in some cases, a knowledgeable third party like IDnow may also be able to provide certification services. Regardless of who is tasked with certifying KYC documents, it is essential that they have the necessary skills and experience to assess the authenticity of those documents accurately. This involves reviewing the individual’s identity information and checking for any signs of forgery or tampering. Only once the document has been certified can businesses feel confident in their ability to comply with KYC requirements and fulfill legal obligations when conducting transactions involving individuals or entities from other countries.