Aug 23, 2024
5 min read

KYC Verification: Full Guide to Know Your Customer Compliance 

Let’s break down Know Your Customer compliance, the verification process, and regulations around the world in one article.

Whether you’re new to customer verification or well-familiar with KYC, this page contains many useful resources to expand your onboarding knowledge.

What is KYC?

Know Your Customer (KYC) is the process of identifying and verifying customers. Identification means gathering a customer’s personal data; verification means checking that this data is accurate.

To identify a customer, businesses usually need the following data:

  • Name
  • Date of birth
  • Address

To verify this data, businesses can follow a document-based verification approach. This involves checking the customer’s identity documents and proof of address (usually a utility bill), confirming that they are authentic and valid.

However, more recently, a number of countries have also adopted non-document verification as a compliant KYC method. The solution provides functionality that extracts and verifies comprehensive customer data from government databases, rather than physical documents.

Suggested read: KYC and AML—Key Differences and Best Practices (2024)

3 components of KYC compliance

KYC consists of multiple steps that are essential for any company to stay compliant. Let’s dive into them.

  1. Customer identification and verification

The first step of the KYC process is gathering information and verifying customer data. During this step, relevant documents are collected and their information is compared against information provided by the customer. 

Client identification in the US

In the US, financial institutions are required to conduct a Customer Identification Programs (CIP), which is part of the BSA/AML compliance program. This is a US regulation requiring financial institutions to verify their customers during onboarding and transactions. CIPs went into effect as part of the USA PATRIOT Act in 2003 to confront money laundering and terrorism financing.

You can learn more about CIPs at our complete guide on the topic here.

  1. Customer Due Diligence

CDD, or Customer Due Diligence, aims to pinpoint the customer’s risk profile.. To do this additional information is gathered about the customer’s about their financial history, business activities, and purpose of transactions.

You can learn more about CDD by checking out these articles:

  1. Ongoing monitoring

Ongoing AML monitoring is used to assess a customer’s risk level on a continuous basis (not just at the onboarding stage).For instance, it may involve checking updates to sanction lists and watchlists across the globe to ensure that existing clients haven’t landed on them.

How does the KYC process work?

The purpose of the KYC procedure is to verify that a customer is who they say they are. Here’s an example of proper KYC steps, in order:

  1. Identification—requesting that the customer provides their personal data (name, date of birth, address).
  2. Liveness check—verifying that the customer is a real and living person. This can be done through facial biometrics authentication.
  3. Verification—checking that the customer is who they say they are. This includes determining that the customer’s documents are authentic and current. This step may include AML screening to check whether the customer is absent in adverse media, sanctions lists, PEP lists, etc.
  4. Address verification—verifying that the customer actually resides in their selected country by checking utility bills, bank statements, or other proof of address documents. This includes checking whether the customer comes from high-risk countries (Iran and North Korea) or countries under increased monitoring.
  5. Risk scoring—determining the risk category of the customer based on the results of the above checks. Depending on the calculated risk level, businesses can adjust their approach to the customer’s verification. Accordingly, a higher risk score will necessitate additional checks.

However, KYC checks don’t end after the onboarding stage. Under AML regulations, businesses are obliged to continue monitoring customers and transactions. This includes checking that documents haven’t expired and detecting suspicious transactions.

KYC requirements for industries

Since KYC falls within AML requirements, any AML-obligated business must perform KYC procedures. Typically, these are financial institutions, crypto businesses, and gambling platforms. 

However, KYC can be also useful for businesses that aren’t subject to AML regulations, such as marketplaces and car sharing platforms. It can help filter out suspicious individuals as well as risky suppliers and platforms.

Click on the links to learn more about KYC compliance by industry.

KYC regulations around the globe

While many jurisdictions have similar requirements for identifying and verifying customers, the exact list of mandatory KYC checks may differ. In Germany, for instance, businesses must conduct video interviews with customers in certain cases, in addition to document-based verification. Meanwhile, in the UK and many other jurisdictions, there’s no such requirement.

Learn about AML requirements and building KYC processes in the following jurisdictions:

KYB

Know Your Business (KYB) is a procedure aimed at establishing the structure, ownership (including the Ultimate Beneficial Owner or UBO), economic profile, or group structure (if applicable) of a business. The procedure aims to establish the purpose of a business relationship and the activities of the business counterparty in question. 

KYB enables companies to determine the authenticity of the entities they are dealing with to ensure they are not being used to conceal the identities of owners for illegitimate purposes.

KYB checks consist of the following steps:

  1. Collecting information that identifies the company, including:
  • Name, registered number, registered office and principal place of business
  •  Board of directors or members of the equivalent management body
  • Senior management
  • The law to which it is subject
  • Description of the company’s activities and business model by obtaining a business plan or the articles and memorandum of association for example
  • Any license from a regulatory body authorizing the entity to conduct certain activities
  • Group structure if part of a group
  • Legal and beneficial owners.
  1. Collecting company documents, including:
  • Articles of association or other governing documents 
  • Proof of legal existence (certificate of incorporation)
  • Documents disclosing beneficial ownership structure (articles & memorandum of association)
  • Proof of registered and physical address, etc.
  • Audited financial statements if necessary, i.e. if enhanced due diligence is needed
  1. Verifying the identities of beneficiaries

You can learn more about KYB, its importance to businesses, and how it differs from KYC by reading our guide here.

How to choose a KYC software

The best advice is to choose a solution that covers all the KYC needs of the business in one place, rather than using a combination of different solutions. 

Here’s the key criteria for choosing a KYC provider:

  • Compliance. The solution must be compliant with the regulatory requirements of the business’s jurisdiction(s). So, if the business is registered in Austria, its KYC provider must be able to conduct video interviews in accordance with Austrian regulations.
  • Fraud prevention. Providers should offer strong anti-fraud protection that detects forgeries, spoofing, and other malicious activity.
  • Flexibility. Businesses should be able to create customizable verification flows for different products and customers.
  • Coverage. This means support for document types from different countries.
  • Language support. The solution should have different languages for its interface, as well as OCR (Optical Character Recognition) technology that can recognize non-Latin characters, such as Chinese, Japanese, or Cyrillic scripts.
  • Speed. The solution should have short processing times and high verification speed, so users won’t need to wait long before being verified.

A good set of KYC checks should include:

  • Document verification 
  • Liveness 
  • Proof of address
  • Video identification 
  • Anti-money laundering checks (AML) 
  • Customizable verification flows 
  • Document pre-checks
  • Face authentication

It should be noted that KYC is often not enough to stop the spread of fraud. According to our internal research, 70% of fraud takes place after the initial verification. Therefore, when choosing a provider, companies shouldn’t just focus on KYC; they should keep the entire customer lifecycle in mind as well. 

FAQ

  • What is full KYC verification?

    Know Your Customer (KYC) is the process of identifying and verifying customers. Identification means gathering a customer’s personal data; verification means checking that this data is accurate. It’s on the businesses to ensure that submitted documents aren’t fake and that customers are who they say they are.

  • What are KYC Documents?

    Typically, a company should obtain the following information for KYC, which can be derived from a government-issued ID, passport, or other legitimate document: name, date of birth, address

  • What is Electronic KYC Verification (eKYC)

    Electronic KYC solutions, or eKYC, can process documents by extracting their data, checking security features, and comparing them against templates. Algorithms draw together the results of these checks and indicate whether the identity document is authentic.

  • How long should it take to verify a customer?

    Normally, it takes around 50 seconds. However, this can vary depending on the verification steps and country.

AMLFinancial InstitutionsFraud PreventionIdentity VerificationKYCRisk Management