KYC Requirements Guide For AML Compliance in Financial Institutions

A key component of all Anti-Money Laundering (AML) efforts is Know Your Customer (KYC). Financial services organizations and any business that deals with the collection and disbursement of money help limit money laundering when they follow KYC procedures and verify the identity of customers.

The main goal of KYC is to start this verification process from the very beginning and maintain it throughout the relationship. The effort begins when a company onboards new clients and then progresses to ongoing monitoring of financial transactions to identify any suspicious activity.

KYC regulations protect both the customer and the financial industry from being victimized by financial crimes and other types of fraud.

What Are KYC and AML?

AML refers to the steps financial service companies take to prevent financial crimes — especially money laundering — from occurring on their watch. These steps are not optional since the 1970 Bank Secrecy Act, and more recent legislation dictates that these companies work to prevent clients from “washing” their illegal earnings through a legitimate business or individual account. These laws are meant to stop drug cartels, terrorist cells and other criminal organizations from hiding their ill-gotten gains.

KYC is perhaps the most important part of AML, since it requires financial services companies to verify customer identity and monitor their risk to prevent financial crime. These efforts begin at the customer onboarding stage when these businesses demand documentation of identity, verifying that these new customers are authentic and legitimate.

AML and KYC are both meant to prevent financial institutions from unwittingly facilitating criminal activity like terrorist financing, drug and human trafficking, and fraud.

What Are Typical KYC Processes?

Although each company may customize its KYC process, there are three required components:

  1. Customer Identification Program
  2. Customer Due Diligence
  3. Ongoing Monitoring

Customer Identification Program (CIP)

The CIP is the first step in KYC and begins when a customer signs up for an account. It’s also known as the onboarding process. At this stage, the financial company is collecting customer information and KYC documents so it can complete verification and authentication.

The verification process includes the following:

  • Collecting customer name, date of birth and address.
  • Collecting identity documents like passports, driver’s licenses, voter identity cards and even selfies for biometric verification.
  • Verifying this information against public databases and other consumer reporting agencies.

KYC Documents Needed for CIP

The following documents are used for CIP:

For individuals:

  • Driver’s license
  • Passport
  • Other government-issued IDs with photo

For businesses:

  • Business license
  • Business incorporation documents

In general, you can use the following for proof of address:

  • Utility bill
  • Voter’s ID card
  • Insurance card
  • Mortgage or lease agreement

You may also be asked to provide a biometric ID, such as a selfie, retina scan, fingerprints or voice recognition.

Customer Due Diligence (CDD)

Customer due diligence is another pillar of KYC and AML. CDD is a risk management strategy tailored to individual clients depending on their financial risk level. Customer risk is determined by several factors, including a potential customer’s appearance on a sanctions list, something that is especially pertinent at the moment due to global sanctions on Russia.

Other risk considerations include determining whether the customer is a politically exposed person (PEP), is on a watchlist, operates from high-risk locations or uses high-risk products.

A company’s risk assessment of the client will then place them in one of three levels of customer due diligence, which determines the KYC checks that will be performed:

  1. Simplified due diligence is a lesser level of scrutiny for companies with a low or almost non-existent risk profile for money laundering.
  2. Basic due diligence requires an ID of the customer based on a reliable and independent source as well as an analysis of the nature of the business.
  3. Enhanced due diligence (EDD) is aimed at high-risk individuals and requires information on the source of funds, the nature of the business relationship and transaction purpose.

Ongoing Monitoring

To fulfill KYC, financial services companies must practice ongoing monitoring, particularly for customers with a high-risk profile. After the initial customer ID and due diligence processes are complete, they must perform ongoing AML screening and create a plan that monitors financial transactions to ensure that transaction patterns look normal.

If any customer’s transactions exhibit spikes, cross-country transactions or other unusual activity, they will require additional checks to prove that the activity was property authorized by the true user of the account and is not fraudulent or money laundering activity.

If the financial institution notices such activity, it must file a suspicious activity report (SAR). For example, U.S. companies must use the BSA E-Filing System within 30 or 60 calendar days (depending on the circumstances) of the initial awareness of the suspicious activity.

KYB: KYC for Business

Know Your Business (KYB) is an extension of KYC aimed at business suppliers or partners. Just as companies need to vet individuals before allowing them to open a bank account or invest through their platform, companies also need to vet the other businesses they work with.

KYB processes involve:

  • Collecting documents like articles of incorporation, business licenses, partnership agreements and financial statements.
  • Identifying and verifying ultimate beneficial owners (UBO) before establishing a business relationship. A beneficial owner may not be the owner or company leader but is a person who ultimately benefits from the business transactions.
  • Determining the nature of the business including what it sells, what service it provides and who it partners with.
  • Identifying high-risk businesses.

Who Needs KYC?

Almost all financial services organizations need to implement a KYC compliance program to protect themselves from negative consequences. For instance, the following financial organizations need KYC:

  • Banks
  • Investment firms
  • Insurance brokers
  • Wealth management firms
  • Casinos
  • Credit unions
  • Fintechs
  • Private lenders

KYC compliance is not optional in the financial sector, and failure to follow the regulations can cause irreparable harm to the company.

How Much Does KYC Cost?

KYC efforts are not cheap. According to recent reports, the global cost of KYC was estimated at $1.4 billion, a 26% increase from the previous year, as governments and individual organizations spent more to limit financial crime.

In addition to the financial costs, companies adhering to KYC must strive to offer their customers a frictionless experience. This can be difficult when clients are asked to provide ID documents, which can be a time-consuming process online.

Certain solutions can help organizations maintain a high standard of user experience, but not all solutions are created equal. Customers who are delivered a bad customer experience may decide to move on, so it’s important to choose your solution carefully.

Why Is it Important to Meet KYC Regulatory Requirements?

Although KYC regulatory requirements can be expensive and adversely affect consumer experience, failure to follow them can be much more costly. Organizations have amassed millions of dollars in fines in recent years for non-compliance.

And the damage doesn’t end with fines. Companies that do not comply risk losing money to fraudulent customers as well as damaging their reputations.

To stay compliant, companies must integrate KYC/AML regulations into programs that include identity verification, customer due diligence and ongoing monitoring in order to sufficiently prevent money laundering and comply with AML regulations. Otherwise, they may find themselves in trouble with organizations such as the Financial Action Task Force (FATF) and the Financial Crimes Enforcement Network (FinCEN).

Build KYC Requirements Into Your Workflows with Jumio

KYC works to protect companies and customers from the ill effects of financial crime, including fraud and money laundering. Complying with the regulations may seem unwieldy, but it doesn’t have to be. You can implement software that will build KYC requirements into your workflows.

Jumio offers user-friendly biometrics software, automated identity verification and ongoing AML screening capabilities that will keep your company in compliance without requiring nearly as much time and effort. Jumio provides a better customer experience while protecting your company from financial losses, a diminished reputation and hefty government fines.

For more information, contact us today to find out more about our KYC services.

Updated March 30, 2023


Get the latest updates from the Identity and Beyond blog, delivered to your inbox.

    Yes, I would like to receive periodic updates from the Jumio blog as well as marketing communications regarding Jumio products, services, and events. I can unsubscribe at any time.

    Jumio values your privacy. To learn more, visit our Privacy Statement.