See if your information has been exposed in a data breach with our latest free tool Check Now
Finance glossary

What is KYC? Defined & how it’s used

Bristol James
7 Min

All financial institutions (FIs) must employ rock-solid Know Your Customer (KYC) practices to protect from risky business dealings and ensure compliance with anti-money laundering (AML) laws. “Know Your Customer” standards refer to the due diligence that all financial institutions must conduct to clearly identify the customer, get an idea of their primary activities and intentions, and assess any financial risks associated with the customer.

KYC regulations originated in the 1970s when financial crimes were running rampant and going unpunished. As a leader in the space, the US government began to make laws to prevent money laundering, the first of which was called the Bank Secrecy Act. KYC regulations have been adjusted over time, with notable additions following 9/11 and the 2008 financial crisis.

Why KYC matters

KYC checks are in place to protect businesses, consumers, financial institutions, governments, and global economies. To put it simply: they’re vital to the financial health and well-being of the entire globe. Because KYC standards are designed to prevent money laundering, limit terrorist financing, and restrict other financial crimes, they’re importance cannot be overstated.

By ensuring that financial institutions have proper KYC measures in place, these laws also help mitigate the risk of identity theft and fraud for individuals and businesses. At a high level, KYC laws also help promote transparency and accountability in financial situations, safeguarding everything from individual assets to government financial reserves. The US may have pioneered KYC regulations, but because of their proven effectiveness, many other countries and authorities around the world have implemented similar measures.

KYC requirements & non-negotiables

So, what does the KYC process actually look like? In order to get an accurate understanding of customer identities, financial intentions, and potential risks, financial institutions like banks, money lenders, and investment firms, must remain committed to effective KYC practices. At a minimum, a good KYC process should include the following:

Customer identification program (CIP)

The customer identification program (CIP) is one of the most vital parts of the KYC process. Mandated by the USA PATRIOT ACT, a CIP requires institutions to have robust procedures to gather and update customer information on a regular basis. All banks and financial institutions must have a CIP in place that meets the minimum identity requirements for all customers, including their name, birth date, address, and an identification number such as a Social Security Number or Taxpayer Identification Number.

The initial information gathering occurs when a new customer opens an account at a financial institution, but it doesn’t stop there. Financial institutions must also verify the account holder’s identity using key information such as identifying documents (a driver’s license or passport) or information from credit bureaus and government databases.

A CIP is mandatory for all financial institutions, but the exact specifications of an organization’s CIP may vary based on the risk associated with the institution. Said risk considers a number of key factors:

  • The account types that the FI provides to its customers.
  • The method used for opening new accounts within the FI.
  • The identifying information available to the FI.
  • The FI’s size, location, and customer base demographics.

Customer due diligence

Verifying the identity of a new client is one thing; determining whether or not they are reliable and trustworthy is a completely different task. The Customer Due Diligence (CDD) requirements are part of the KYC processes to protect institutions from money laundering risks, terrorist funding risks, and other fraud-related risks. CDD has multiple levels:

  • Simplified Due Diligence: Used in instances where the financial risk associated with a client is very low. Low-value accounts often rely on SDD checks.
  • Basic Customer Due Diligence: This is the status quo approach used to assess most customers. Verifying identities and defining potential account risks are part of CDD checks.
  • Enhanced Due Diligence: EDD is used in situations where a new client is considered a higher risk.

Regardless of risk levels, a reliable Customer Due Diligence program consists of clarifying the identity and physical location of your clients, assessing their risk and categorizing their account based on risk, defining expected transactions and payment types for all customers, and keeping a record of historical CDD checks for all account owners.

Continuous monitoring

Financial situations can change rapidly, and because of the potential for those changes, due diligence should be conducted on a continuous basis. The customer who opened an account 5 years ago might not be at the same risk level today. Do you know his or her current risk level? Have you assessed it? If KYC documents and checks aren’t kept up to date, they’re no longer an effective tool for preventing money laundering and insulating your organization from risks.

Who regulates KYC?

KYC compliance is complex and multi-layered, and because of that, the governance around KYC laws is also multi-layered. Of course, banks and financial institutions themselves are the first line of defense against money laundering and related financial crimes, but it doesn’t stop there. In the US, the Financial Crimes Enforcement Network (FinCEN) is the main financial regulatory body.

On an international level, the Financial Action Task Force (FATF) sets global standards for KYC processes and anti-money laundering laws. Countries that are members of the FATF are expected to incorporate the agency’s guidance into their laws and regulations.

Corporate Settings: KYC vs. KYB

The KYC process centers around individual financial accounts, but for financial institutions that do business with corporations or businesses, a similar set of checks is required. Usually called “Know Your Business” (KYB) checks, the risk assessment for organizations encompasses similar steps as KYC checks, with a few more items to consider. At this scale, FIs must also consider transaction volumes, transaction amounts, and other risk factors.

In order to truly “Know Your Business” before partnering with them, gather business information such as the company name, address, financial status, and leadership team members. Next, take a look at how the company is owned and identify Ultimate Beneficial Owners (UBOs). Finally, perform individual KYC/AML checks on individuals who are considered UBOs.

Electronic KYC

KYC compliance can end up taking a lot of time and resources from financial institutions, but KYC checks are unavoidable. Not only are they legally mandated, but they’re in place to protect the FIs themselves, making them a strategic investment in the long run. One thing that banks and other FIs can do to reduce the costs associated with the KYC process is to implement digital tools when possible.

Electronic customer verification and other key digital platforms can help prevent financial risks. For example, Eftsure is a secure payment platform that protects businesses from fraudulent payments, money laundering, and more with secure customer verification, transaction monitoring, and automated due diligence.  Built-in risk assessment features and compliance reporting can make the KYC process more straightforward for financial institutions of all kinds.

KYC in the Digital & Crypto Space

Cryptocurrency markets have long been considered “decentralized” exchanges with fewer regulations. However, that decentralization opens crypto exchanges up to more risks. Money launderers and terrorists can take advantage of cryptocurrencies to launder money and get away with other financial crimes.

However, crypto exchanges aren’t as “Wild, Wild West” as some people make them out to be. As money services businesses, crypto exchanges must still abide by anti-money laundering laws. AML laws require customer verification programs and ongoing reporting minimums.

KYC Lists

There are many KYC documents that help financial institutions verify the identity of new customers and assess the risks associated with their accounts, but KYC lists and reporting agencies play a big role in non-document-based verification. Some of the lists that can be used to cross-reference account owner reliability are:

  • The US Department of State Sanctions List
  • Specially Designated Nationals and Blocked Persons Lists
  • Financial Action Task Force Lists
  • Transparency Index Lists
  • State Sponsors of Terrorism List

It takes a unified effort to stop international criminals in their tracks. As the sophistication of these checks has grown, it has gotten harder and harder for financial crime perpetrators to slide below the radar. Of course, criminals will continue advancing their tactics, but with a collective, international effort to get in front of these risks, the world will be a safer place for all of us.


  • KYC, or Know Your Customer, is a set of practices implemented by financial institutions to identify customers, understand their activities and intentions, and assess associated financial risks to comply with anti-money laundering laws.
  • KYC compliance is crucial for protecting businesses, consumers, financial institutions, governments, and global economies from money laundering, terrorist financing, and other financial crimes.
  • To adhere to KYC requirements, financial institutions must establish robust Customer Identification Programs, conduct Customer Due Diligence, continuously monitor accounts, and comply with governance set by bodies like FinCEN and the FATF.
  • KYC compliance is a costly (yet crucial) investment for financial institutions. To heighten the speed of these checks while reducing the costs associated with them, digital tools like Eftsure can be a great addition to the KYC process.

Background Refs:








Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.