KYC (know your customer)
Turn know your customer (KYC) and anti-money laundering (AML) compliance into your competitive advantage. Automated KYC checks allow you to onboard new customers and detect fraud while reducing costs.
Automate KYC identity verification with AI
Automatically route each customer to the right KYC processes and stop fraud. Our end-to-end verification and orchestration platform is powered by Atlas™ AI to offer fair, fast, and accurate identity verification.
Know your customers at onboarding
KYC is non-negotiable, and onboarding is a critical moment in verifying customer identity and conducting due diligence. The Real Identity Platform makes navigating KYC simple in over 160 countries — whether you need proof of address, politically exposed persons (PEPs) and sanctions screening, adverse media checks, or ongoing monitoring.
Meet global KYC compliance needs
Orchestrate KYC workflows that route each applicant through the right verifications and fraud detection signals to meet KYC and AML regulations and your risk tolerance. Onfido Studio allows you to create tailored verification journeys and find the right balance of convenience and security for each user while complying with geography-specific regulations. Automatically route users to the verifications that match their level of potential risk, so low-risk customers get through faster while high-risk users are automatically moved to higher-assurance verification flows. Onfido Studio lets you build geo-compliant workflows that conform to identity standards and best practices, such as ETSI TS 119 461.
Automate KYC to reduce operational costs
Staying compliant doesn’t have to add to your operational costs. With Onfido, you can reduce the cost of KYC compliance with an AI-powered solution that automates KYC identity verification. We perform the checks for you in seconds, saving you hours of manual review.
What do local KYC requirements look like?
Discover Onfido for KYC identity verification
Onfido Compliance Suite
Onfido’s Compliance Suite is an eIDAS-compliant onboarding solution for regulated industries, such as financial services. ETSI-certified identity verification (comprising Document Verification, Biometric Verification, and Device Intelligence) and QES are brought together in Onfido Studio, creating a flexible, user-friendly, and compliant end-to-end workflow.
Verification Suite
Discover all the identity verification services you need in one place, including award-winning document and biometric verification solutions, trusted data sources, and fraud detection signals.
Data Verification
Validate user data against trusted databases to meet KYC, AML, and sanctions screening requirements. Our library of data sources grants extensive coverage and gives accurate results.
Document Verification
Verify customer IDs in seconds with low-friction and accurate document verification. Onboard customers wherever they are using 2,500+ supported documents worldwide.
Smart Capture SDK
Allow your customers to easily capture high-quality images and upload documents and facial biometrics as part of the identity verification process.
Autofill
Pre-populate sign-up forms to remove user friction, ensure data integrity, and boost conversion. Autofill extracts data from a presented ID and automatically fills sign-up forms, removing the need for customers to manually enter information.
Why choose Onfido?
Our automated KYC identity verification platform helps you verify customers in seconds so you can satisfy global compliance requirements and protect against fraud.
Keep up to date with the latest KYC & AML insights
Compliance certifications
We help hundreds of businesses navigate compliance worldwide. Our solution meets ETSI TS 119 461, ETSI EN 319 401, eIDAS Regulation EU 2014/910, and the UK Government's Digital Identity and Attributes Trust Framework.
Know your customer (KYC) FAQs
While the primary purpose of KYC may vary from one industry to another, the KYC process generally consists of distinct KYC process steps designed to verify customer identity. Identity verification platforms help businesses verify customer identities and assess fraud risks. This is especially important (and a legal requirement) for financial institutions, which are highly regulated.
The KYC process builds trust between businesses and their customers, ultimately benefiting both. By implementing robust identity verification processes at onboarding and developing an understanding of ongoing customer behavior such as transaction patterns, businesses can spot suspicious activities and prevent criminal activity such as money-laundering.
Know your customer checks are conducted when a business wants to establish a business relationship with an individual person. Know your business checks are conducted when they want to establish a business relationship with another company. KYB checks typically involve identifying the ultimate beneficial ownership (UBO) in order to ascertain who might be benefiting from the financial activity of the business. They also often include identifying if a business is subject to PEPs and sanctions checks, or has been linked through adverse media to illicit activity.
Yes, KYC is a legal requirement in many industries. The financial services industry is highly regulated with regulations applicable to starting new customer relationships as well as managing and monitoring customer accounts on an ongoing basis. Only through diligent and consistent KYC processes can these organizations counteract illegal activities like money laundering, corruption, and more.
United Kingdom
In the United Kingdom (UK), anti-money laundering (AML) regulations are outlined in the terrorism act (2000), Proceeds of Crime Act (2002), and money laundering, terrorist financing, and transfer of funds regulations (2017). Additional regulations and guidance are related to biometrics regulation, cryptocurrency, and evolving KYC and AML rules.
European Union
Companies operating in the European Union (EU) must abide by regulations set forth in the Fifth and Sixth Anti-Money Laundering Directives (also known as 5AMLD, 6AMLD). Additional EU regulations concern AI best practices and AML reforms that have been developed to include specific guidance related to various use cases like gambling services and stringent remote identity verification procedures.
United States
As it relates to Know your Customer, the Patriot Act of the United States was designed to “deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and other purposes.”
While Section 326 of the USA Patriot Act doesn’t represent the origin of KYC regulations and compliance across the United States, it certainly signifies an important development. The know your customer rule in the USA Patriot Act requires that financial institutions enact safeguards against money laundering, terrorist financing, identity theft, and other forms of fraud.
Ultimately, whether companies are operating in the UK, EU, US, or elsewhere, KYC requirements effectively serve to:
- Reinforce domestic measures for preventing, detecting, and prosecuting international money laundering and financing of terrorism.
- Subject foreign jurisdictions, foreign financial institutions, and classes of international transactions or types of accounts that are susceptible to criminal abuse to special scrutiny.
- Require all appropriate elements of the financial services industry to report potential money laundering.
- Strengthen measures to prevent the use of financial systems for personal gain by corrupt foreign officials (and facilitate the repatriation of stolen assets to the citizens of countries to whom such assets belong).
You can learn much more about how Onfido empowers organizations to satisfy global compliance requirements in our global compliance manager’s guide or EU compliance manager’s guide.
What are the benefits of knowing your customer?
In addition to compliance, the benefits of knowing your customer also include:
- Fraud and money laundering prevention: Robust KYC processes contribute to strong confidence regarding customer identity, helping to protect against exposure to threats like identity theft, as well as various types of financial crime — all of which can be costly to remedy once it’s occurred.
- Cost savings: Comprehensive, properly implemented KYC/AML processes help organizations avoid fines and other penalties that could have financially severe consequences. When these processes can be automated and digitized, they’re even more cost-efficient.
- Increased customer trust: Many customers are savvy to the various threats the modern world presents, including the risk of identity theft or other forms of fraud. When organizations implement dependable solutions that mitigate those risks, customers will know they can trust working with them.
As mentioned above, one key objective of KYC adherence is detecting and preventing suspicious activity, including money laundering. Anti-money laundering (AML) practices refer to specific procedures that financial institutions leverage to prevent criminal activities, such as any attempts to deposit or transfer funds generated through illicit or illegal activities. When you consider the prevalence of financial fraud, the importance of AML in KYC is difficult to overstate.
Like KYC compliance, international and local anti-money laundering regulations are required for certain business types. Ongoing monitoring and risk management is crucial since people can be sanctioned (or subject to restrictions by authorities) after they have already started a banking relationship. KYC and AML work hand-in-hand to set a framework for organizations to maintain legal compliance, protect customers’ identities and personal data, and prevent fraud.
By adding identity verification at sign-up, companies can ensure customers are who they say they are from the start of their relationship, laying a strong foundation for future due diligence and ongoing monitoring.
There are two primary ways to conduct KYC: a manual (paper-based) process or an online (digital) process — sometimes known as electronic know your customer (eKYC).
As you might expect, KYC started as a physical process but has since shifted to be mostly digital.
Why the shift? It has a lot to do with the many challenges of manual or offline KYC, which include:
- Manual data entry including information checks, error identification and correcting, and following up with clients or customers to collect additional information. These processes, when done manually, are exceptionally time-consuming and prone to human error.
- High costs including salary wages as well as the potential for hefty regulatory fines.
- A poor customer/client experience, driven by time-consuming processes that had to be completed in person.
- Keeping up with industry regulations, which are constantly evolving and being updated in the face of sophisticated new threats around identity theft and financial fraud.
- Security threats, including data breaches that can substantially erode client trust and result in hefty financial penalties for banks and other businesses.
The four most important elements of a well-rounded and effective KYC/eKYC framework are:
- Client/customer acceptance policies
- Customer identification processes
- Customer due diligence and enhanced due diligence
- Ongoing monitoring/risk management
1. Client/customer acceptance policies
Financial institutions and other organizations should outline client acceptance policies that determine the types of customer or client profiles that present different levels of risk.
For example, an individual looking to open a modest, basic checking or savings account may not pose too great a risk to the institution, so KYC requirements are likely to be less intensive than those for wealthy clients (or those with complex needs).
A bank wouldn’t necessarily need to apply extremely rigorous or lengthy review processes for these accounts — and doing so might drive clients away in frustration. KYC automation — which we’ll cover a little later — expedites these processes without sacrificing accuracy. By contrast, though, if another client has a particularly high net worth or their source of their funds is unclear, the financial institution would be wise to take a deeper look at the client’s financial picture in order to understand the potential risks and how they may be mitigated.
2. Customer identification programs
Who are your customers? True to its name, customer identification involves a series of steps designed to ensure that all customers or clients who do business with a financial institution are who they say they are (and that their business is legitimate).
In the United States, financial institutions are required to uphold a Customer Identification Program (CIP), a mandate enforced by the Financial Crimes Enforcement Network (FinCEN), a bureau of the United States Department of the Treasury.
FinCEN’s CIP rule sets minimum requirements for onboarding new clients or customers. While these will vary somewhat depending on factors like the organization’s size and geographic location, it should always include identifying and verifying persons opening an account, organized and timely recordkeeping, and comparison with government lists to spot any discrepancies.
3. Customer due diligence
Customer due diligence (CDD) refers to a series of checks that work to verify customers’ identities and understand their unique risk profiles. It becomes the basis for any additional enhanced due diligence (EDD) that is necessary based on the customer’s risk profile.
What are the 4 customer due diligence requirements?
The FinCEN Customer Due Diligence Rule requires financial institutions to establish and maintain policies around four specific activities:
- Identifying and verifying customer identities.
- Identifying and verifying the identity of companies’ ownership.
- Understanding the nature and purpose of customer or client relationships in order to develop customer risk profiles.
- Conducting ongoing monitoring to identify and report suspicious activities or transactions, and maintaining and updating customer information as it relates to risks and risk levels.
4. Ongoing monitoring and risk management
In the context of KYC, ongoing monitoring helps ensure that a company’s understanding of its customer or user base remains consistent and accurate over time. Ongoing monitoring is designed to detect any reasons why a banking institution might be prohibited from doing business with certain customers — due to newly-applied sanctions, for example.
It also helps to protect company assets, provide a positive customer experience, and remain in regulatory compliance. To put it in simple terms, ongoing monitoring involves regularly revisiting steps one through three, as described above. This way, companies can assess whether their client/customer acceptance policies, CIPs, or due diligence procedures need to be adjusted or updated.
When paired with ongoing monitoring, KYC/AML risk management helps ensure compliance with local governments and regulators.
Industries that benefit most from well-designed and consistently implemented KYC/eKYC procedures include:
Financial services
Due to factors like complex government and industry regulations, increasing reliance on online banking, and the growing threat of financial crime across the globe, financial institutions require rigorous KYC processes.
Why is KYC important for banks?
KYC enables banks and other financial institutions to verify customers’ identities and evaluate any relevant risk factors. The primary importance of KYC in banking is that it maintains compliance with government regulations. It helps to ensure that their services are not misused or otherwise compromised, and helps organizations to counteract identity theft, money laundering, and financial fraud.
Anti-money laundering (AML) requirements are closely related to KYC, and financial services are legally required to conduct AML checks on potential applicants, both at onboarding and throughout their relationship. These practices prevent money laundering, criminal enterprise, and corruption. As launderers continue to innovate new ways to hide their crimes — through microstructuring, for example — AML requirements will continue to evolve.
What is the role of KYC in crypto exchanges?
In the United States, federal regulations categorize cryptocurrency exchanges as money service businesses (MSBs), KYC practices are mandatory for most of these exchanges. Like other developing KYC applications, regulators are always monitoring the landscape, identifying new vulnerabilities and threats, and providing revised guidance to protect crypto exchanges and their users.
Healthcare providers
The healthcare industry requires the maintenance and sharing of personal information, much of which is governed by HIPAA (in the United States) and other regulations. Specific regulations apply by region — in Europe, for example, these safeguards align with GDPR regulations. In fact, according to Reuters, a patient’s private medical information is worth at least 10 times more than their credit card number (on the black market). As far as KYC’s role in healthcare, there is a need for proper and secure patient verification — without it, large batches of personal data become vulnerable to criminal, for-profit enterprises and misuse.
Insurance companies
What is the importance of KYC in insurance? It’s largely a matter of assessing potential risks before signing new customers up for insurance policies (similar to onboarding new customers in financial services). Insurance companies are heavily interested in the types of risk posed by certain customer profiles, so establishing — and, ideally, automating — KYC and AML processes is a best practice worth applying. These companies rely on extensive CDD/EDD, sanctions list screening, and ongoing client monitoring to protect themselves and their customers against fraud.
Online marketplaces & communities
When someone considers joining a digital marketplace or community, they need to not only be able to trust that the hosting entity is reputable and trustworthy, but that their fellow users can similarly be trusted. Think about eBay, for example. When a user creates an account, they need to be able to trust that the website has enforceable protections in place to safeguard their identity and personal information. They also need to be able to trust that the user community as a whole is similarly protected against fraudulent user accounts and unauthorized transactions.
Online gaming platforms & services
Online gaming is a popular target for identity thieves and scam artists. Similar to other online environments, identity verification and trust are vital. Onfido helps companies in the online gaming industry to achieve KYC and age verification requirements, provide efficient onboarding and a superior user experience, and protect their revenue against potential fraud by identifying and removing fake or duplicate accounts.
Retail & eCommerce
Today, online retailers have to balance the need for an efficient customer experience with the ability to ensure that account holders are who they say they are. This is especially important for age-restricted purchases. With Onfido, document verification is truly frictionless. The user can take a photo of their ID, and artificial intelligence provides quick detection of genuine vs. fraudulent documents.
Yes, many KYC/AML processes can — and should — be automated. When done right, automation streamlines and speeds up onboarding and helps ensure ongoing monitoring and compliance.
While KYC started as a largely manual process, it has since shifted to a mostly digitized endeavor. Why the shift? It has a lot to do with the many challenges of manual or offline KYC, which include:
- Manual data entry, including information checks, error identification and correcting, and following up with clients or customers to collect additional information. These processes, when done manually, are exceptionally time-consuming and can be error-prone.
- High costs, including salary wages, third-party identity verification, and technology development or licensing costs, as well as the potential for hefty regulatory fines.
- A poor customer/client experience, driven by time-consuming and costly processes attached to activities like onboarding and account setup.
- Keeping up with industry regulations, which are constantly evolving and being updated in the face of sophisticated new threats around identity theft and financial fraud.
- Inconsistent, inefficient processes that could benefit from streamlining or automation to reduce errors and provide a consistent experience.
- Security threats, including data breaches, can substantially erode client trust and result in hefty financial penalties for banks and other businesses.
Onfido’s Real Identity Platform (powered by Atlas™ AI) provides flexible, end-to-end identity verification — including document and biometric verifications, trusted data validation, fraud detection, and more.
KYC regulations depend on industry and geography and are always changing — learn about the latest in our EU KYC requirements guide and global compliance manager’s guide to KYC.