Everything you wanted to google about KYC in one article.
Whether you’re new to customer verification or experienced in customer onboarding, this page contains many useful resources to expand your KYC knowledge.
During the KYC process, businesses gather information about the customer to ensure that it’s valid throughout the business relationship
What does KYC mean?
Know Your Customer (KYC) is the process of identifying and verifying customers. Identification means gathering a customer’s personal data; verification means checking that this data is accurate.
To identify a customer, businesses usually need at least the following data:
- date of birth;
To verify this data, businesses can follow a document-based verification approach. This involves checking the customer’s identity and proof of address (usually a utility bill) documents and confirming that they are authentic and valid.
Under Anti-Money Laundering (AML) obligations, businesses must also ensure that customers are trusted individuals—i.e., not fraudsters or under sanctions. This can be done by сhecking global sanctions lists, watchlists, blocklists, or adverse media. Check out other articles from our blog that go into these processes in detail:
What’s the difference between KYC and AML?
KYC is actually just one of the many procedures that make up Anti-Money Laundering (AML) compliance, which covers all the measures used by financial institutions and governments to combat financial crimes. So, AML encompasses a variety of policies, controls and procedures, including AML training, detection of suspicious activity, reporting, and more.
Why is the KYC process important?
The Know Your Customer process helps detect fraud and prevent financial crimes like money laundering.
Stolen personal data can be used to register on platforms—from payment apps to dating sites—and perform illicit transactions or scam honest users. These risks obligate businesses to conduct customer verification in the form of KYC.
Failing to fulfill KYC obligations can lead to regulatory sanctions and reputational losses for AML-obligated companies. For instance, banking giant HSBC was fined £64m ($72.4m) in 2021 for weaknesses in its financial crime safeguards.
Check out how Sumsub KYC works
Who needs KYC?
Since KYC falls within AML requirements, any AML-obligated business must perform KYC procedures. Typically, these are financial institutions, crypto businesses, and gambling platforms that offer their services on a constant and unlimited basis.
However, KYC can be also useful for businesses that aren’t subject to AML regulations, such as marketplaces and carsharing platforms. It can help filter out suspicious individuals as well as risky suppliers and platforms.
Click on the links to learn more about KYC compliance by industry.
KYC requirements around the globe
While many jurisdictions have similar requirements for identifying and verifying customers, the exact list of mandatory KYC checks may differ. In Germany, for instance, businesses must conduct video interviews with customers in addition to document-based verification. Meanwhile in the UK and many other jurisdictions, there’s no such requirement.
Learn about AML requirements and building KYC processes in the following jurisdictions:
Customer Due Diligence and KYC
Customer Due Diligence (CDD) is a set of checks performed by companies when establishing a relationship with a customer or when an existing customer carries out an occasional transaction. This is part of the AML procedures prescribed by local regulations.
CDD and KYC often get confused. “Customer Due Diligence” is a specific legal term that applies to all regulations, while the meaning of “Know Your Customer” can slightly differ from jurisdiction to jurisdiction. In other words, CDD involves a specific list of procedures set by law, while the list of required KYC checks may vary.
The purpose of the KYC procedure is to verify that a customer is who they say they are. Here’s an example of proper KYC steps, in order:
- Identification—requesting that the customer provides their personal data (name, date of birth, address).
- Liveness check—verifying that the customer is a real and living person. This can be done through facial biometrics authentication.
- Verification—checking that the customer is who they say they are. This includes determining that the customer’s documents are authentic and current. This step may include AML screening to check whether the customer is absent in adverse media, sanctions lists, PEP lists, etc.
- Address verification—verifying that the customer actually resides in their selected country by checking utility bills, bank statements, or other proof of address documents. This includes checking whether the customer comes from high-risk countries (Iran and North Korea) or countries under increased monitoring.
- Risk scoring—determining the risk category of the customer based on the results of the above checks. Depending on the calculated risk level, businesses adjust their approach to the customer’s verification. Accordingly, a higher risk score will necessitate additional checks.
However, KYC checks don’t end after the onboarding stage. Under AML regulations, businesses are obliged to continue monitoring a customer’s profile and transactions. This includes checking that documents haven’t expired and detecting suspicious transactions.
Automated KYC solutions, or eKYC, can process documents by extracting their data, checking security features, and comparing them against templates. Algorithms draw together the results of these checks and indicate whether the identity document is authentic.
There are many benefits to switching from manual checks to an automated KYC solution. Automating the process means leaving less room for human error, reducing manual labor, and bringing down associated costs by up to 43%.
How to choose a KYC provider
Different providers offer different KYC services. Some perform AML screening and customer verification while others offer facial biometrics and corporate verification.
The best advice is to choose one solution that covers all the KYC needs of the business, rather than using a combination of different solutions. Here’s how one of our clients puts it:
“The KYC provider we used previously didn’t offer all of the features that we needed, so we had to use a combination of different solutions. Managing everything on multiple platforms wasn’t comfortable, and it was keeping us from launching new products. Therefore, we decided to switch to a single solution that handles all of our requirements and makes the entire KYC and AML compliance process more effective.”—says Andrei Ialama, COO at Paybis.
Here’s the key criteria for choosing a KYC provider:
Compliance. The solution must be compliant with the regulatory requirements of the business’s jurisdiction(s). So, if the business is registered in Austria, its KYC provider must be able to conduct video interviews in accordance with Austrian regulations.
Fraud prevention. Providers should offer strong anti-fraud protection that detects forgeries, spoofing, and other malicious activity.
Flexibility. Businesses should be able to create customizable verification flows for different products and customers.
Coverage. This means support for document types from different countries.
Language support. The solution should have different languages for its interface, as well as OCR (Optical Character Recognition) technology that can recognize non-Latin characters, such as Chinese, Japanese, or Cyrillic scripts.
Speed. The solution should have short processing times and high verification speed, so users won’t need to wait long before being verified.