KYC Checklist: Creating a Compliant Know Your Customer Program

Designing an effective Know Your Customer (KYC) program is a critical component of an effective anti-money laundering (AML) program. KYC requirements are meant to protect your organization from doing business with — or becoming the victim of — financial crimes and other illegal activities like terrorism financing.

Without a well-designed KYC process, your organization is unlikely to be compliant with government regulations. This non-compliance can lead to severe penalties as well as a loss of reputation.

What Is KYC Compliance?

KYC compliance is adherence to a type of money laundering regulation central to your overall AML compliance strategy. All financial institutions and financial service providers are responsible for collecting customer information and verifying the identity of their customers during the onboarding process. However, these efforts do not stop there. KYC verifications need to be a part of an ongoing process.

KYC includes three main parts: customer identification, customer due diligence, and ongoing monitoring. These three program prongs are meant to identify the potential for and prevent financial crimes like drug trafficking, money laundering and terrorist financing.

Compliance with KYC and AML regulations is monitored by government agencies in various jurisdictions around the world, including the Financial Action Task Force (FATF) and Financial Crimes Enforcement Network (FinCEN), so any violations are likely to be detected.

The Role of Customer Due Diligence with KYC Compliance

Customer due diligence is the process that allows banks and financial institutions to fall in line with the regulatory requirements of KYC. A customer due diligence checklist will allow banks and financial institutions to gather additional information on a customer to assess potential risk and streamline the onboarding process.

The customer due diligence process will take a look at various aspects of a customer’s identity, background and financial activities to assist with risk management. By taking a risk-based approach, banks and other financial institutions can ensure that they allocate their resources effectively and focus on high-risk customers, thus reducing the likelihood of criminal activity and protecting their customer relationships.

Know Your Customer Checklist: KYC Documents and Customer Identification

KYC and customer due diligence procedures for new customers start with customer identification. Some common KYC documents include the following:

  • A photo identity card
  • Proof of address — utility bills and other official correspondence can be used
  • Passport
  • Voter’s ID card
  • Driver’s license
  • Official letter from a public authority or public servant
  • Bank passbook with photograph
  • Employee ID card
  • University or Board of Education card

Your organization is also required to follow Know Your Business (KYB) practices. You need to determine that the business you’re dealing with is legitimate and learn about its incorporation details, business identification number, and Ultimate Beneficial Owners (UBO).

Illegitimate businesses frequently hide the true owners or beneficiaries of the business to insulate them from law enforcement. Finding this information is often more difficult than verifying individual identities through photo IDs and other documents, biometric methods (fingerprints, voice recognition, face-based biometrics, etc.), full names, and more.

Know Your Customer Checklist: KYC Procedures

A comprehensive KYC program must include these three parts:

  • Customer identification program (CIP)
  • Customer due diligence (CDD)
  • Ongoing transaction monitoring

1. Customer Identification Program (CIP)

A customer identification program aims to verify the customer’s identity during account opening and determine that their funds are from legitimate sources. Otherwise, financial criminals can easily use your institution to launder the proceeds of their crimes.

The CIP usually takes place during the customer onboarding process for individuals and businesses. It is required by Section 326 of the USA PATRIOT ACT and must include the following:

  • A written document of your program
  • Four pieces of identifying information: customer name, date of birth, address, and official identification numbers
  • Identity verification procedures
  • Recordkeeping
  • Comparison with government lists
  • Customer notice of next steps

Your organization must ensure that all customer information and documents are legitimate. When allowing customers to open and access accounts online, it’s important to employ safeguards such as multi-factor authentication and biometrics to ensure customers are who they claim to be.

You must verify the source of customer funds and closely monitor high-risk ones, such as cash businesses, politically exposed persons and foreign individuals. You also need to determine the ultimate beneficial owners of an organization and understand the nature of their business relationship with the company. This verification is the key to staying KYC and AML compliant.

2. Customer Due Diligence (CDD)

According to FinCEN, the CDD Final Rule requires your financial organization to create and maintain written policies that will facilitate the following:

  1. Identify and verify customer identity.
  2. Identify and verify the beneficial owners of new company clients.
  3. Develop customer risk profiles based on the nature of their business.
  4. Perform ongoing monitoring to identify and report suspicious transactions and perform risk assessment to maintain and update customer information.

This stage requires investigating customers for past criminal and suspicious behavior to determine the level of trust you can have in them. Doing so means determining customer risk. FinCEN does not prescribe the risk levels, so your organization needs to create its own criteria for determining risk profiles.

The following customers are generally considered high risk:

  • Money service businesses
  • Cash-intensive businesses
  • Nonresident aliens
  • Foreign individuals
  • Politically exposed persons (PEP) — These high-profile people are more likely to be exposed to corruption, blackmail and bribery.

You should also use government sanctions lists to screen for criminally compromised individuals.

Customer due diligence is not a one-size-fits-all proposition. Your organization will be using three types of CDD to determine risk based on the type of customer:

  • Simplified due diligence — If the customer is very low risk, you just check the customer’s ID and do not need to perform further verification.
  • Standard due diligence (SDD) — Check the customer’s ID and further verify their identity using a reliable, independent source, such as a government database.
  • Enhanced due diligence (EDD) — High-risk customers need to be identified and verified more thoroughly. You may ask for extra identification from the customer as well as information on the source of their money, the nature of business relationships and the purpose of their transactions. Higher-risk customers also require intensive ongoing monitoring.

Dig Deeper with a Free Resource from Fintrail and Jumio

Ongoing Customer Due Diligence and Remediations

3. Ongoing Monitoring

Financial criminals are savvy and are continually using new methods to escape detection. That is why ongoing monitoring is so essential. A sophisticated money launderer may keep things legal for some time before using their account for nefarious activity.
Your ongoing monitoring should include a standardized system aimed at spotting changes in risk. Of course, your high-risk clients may be operating in a completely legal manner, but AML regulations require that you treat them with a higher level of scrutiny.

Some low-risk clients may be guilty of improper financial activity, but you cannot perform enhanced due diligence on everyone. It’s essential for businesses to create a positive customer experience while also detecting suspicious activity.

KYC Checklist FAQs

What are some potential red flags that may be identified during the KYC Checklist process?

Some potential red flags that may be found during the KYC checklist process include:

  • Incomplete or inconsistent customer information
  • Unusual transaction history
  • Involvement in high-risk industries or activities
  • Unusual source of funds

How does the KYC checklist process vary by industry?

The KYC checklist process can vary from industry to industry. Different industries may have different risk levels associated with the customer’s activity, like finance or healthcare. Additionally, different industries may have more stringent regulatory requirements.

Can customers opt out of the KYC checklist process?

No, a customer may not opt out of the KYC process most of the time. It is required by law for financial institutions to complete and adds an additional level of safety and security to their business activities.

Automate Your KYC Compliance Program With Jumio

For any financial institution, KYC compliance is essential to its success. Staying compliant requires constant vigilance and sophisticated verification processes. Jumio’s KYX Platform is a comprehensive solution that helps your organization with all aspects of AML and KYC compliance, including advanced identity proofing, risk scoring and AML screening.

These integrations help you meet regulatory mandates and minimize your exposure to risk while providing a great customer experience. Contact us to learn how Jumio can help your business accelerate trust and fight financial crime.

jumio kyx platform

Updated: October 27, 2023


Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.