How to do a KYC check

Know your customer — or KYC — regulations enable organizations to remain compliant with anti-money laundering regulations, and protect themselves from identity theft and digital fraud. While KYC is often closely associated with banking and other financial services, it also applies to a wide range of other regulated industries, such as transport, gaming, retail, and healthcare

But what do KYC checks accomplish, and how are they conducted? Keep reading for answers to these questions and more as we explore why KYC is important and where to start.

What is KYC verification?

KYC verification refers to the process of verifying new applicants’ identities to ensure they are legitimate and eligible customers. It’s a simple concept, but one that’s vitally important. Enacting sophisticated and comprehensive KYC processes helps organizations to protect themselves from fraudulent activity and from fines for regulatory non-compliance. Inefficient or incomplete KYC processes can also compromise users’ personal information, increase the likelihood of identity theft or data breaches, and erode customers’ trust.

What are the KYC requirements in my industry or region?

KYC requirements vary by industry as well as region. For more information about the specific KYC requirements for your specific use cases, our compliance manager’s guide to identity verification serves as an excellent resource for getting started. It outlines the regulatory landscape in the EU, UK, and US — plus outlines best practices for building verification processes.

What does a KYC check include?

While the finer details of a KYC check will vary based on factors such as industry, applicant risk profiles, and regulatory requirements, a typical document and biometric-based check would consist of three actions:

  1. First, a new user or customer will submit an identity document via their smartphone. They may also be required to submit one or more documents to verify their residential address or even income, as well.
  2. Second, they take a selfie or short video which can then be matched back against the photo ID.
  3. Then, the organization will process their documents, verify their authenticity, and either approve the user’s account or determine the need for further verification.

What are the three most important components of the KYC process?

The KYC process typically consists of three main components or stages:

  • Customer identification: Prospective customers must first submit one or more forms of identity verification, which may include anything from a government-issued ID card to biometric verification methods. The organization performing the check will compare any submitted documents to applicable government lists to ensure there aren’t any identifiable inconsistencies.
  • Customer due diligence: For the next KYC phase, the organization must perform their own due diligence steps to further confirm a user’s identity and legitimacy. This may include requesting additional KYC documentation, reviewing users’ business and/or financial activities, and so on. When needed, enhanced due diligence procedures may be required before approving the new user or customer.
  • Ongoing monitoring: The KYC process doesn’t end just because the new account has been approved. Certain industries (such as financial services) are required to periodically reverify their customers, or conduct ongoing due diligence. This means monitoring accounts and transactions for unusual or unexpected behavior, and performing additional KYC measures as needed. 

How often does KYC need to be updated?

An organization’s need to update KYC verification for certain users or customers largely depends on the results of risk assessment measures related to due diligence processes. Here are some general guidelines for periodic reviews and re-verification: 

  • For high-risk customers, periodic reviews and re-verification should be performed on an annual basis.
  • For medium-risk customers, KYC re-verification should occur at least once every 2 years.
  • For low-risk customers, KYC re-verification every 3-5 years is often sufficient.

How to do KYC verification: 2 approaches

There are two main approaches an organization can take in order to achieve KYC compliance:

The manual approach: possible, but challenging

While KYC processes can be enacted through fully manual processes, this approach comes with several significant disadvantages. Manual KYC processes are time-consuming and error-prone, especially at scale. The fact that KYC regulations are constantly changing adds another layer of complexity and inefficiency to manual processes.

Automated KYC: an easier, streamlined alternative

An automated KYC solution solves the challenges that come with manual processes, offering a streamlined alternative that is both time- and cost-efficient, thorough, and accurate. 

How do I choose a KYC provider?

When evaluating KYC software vendors, modern organizations should look for a solution that empowers organizations with:

Onfido’s Real Identity Platform checks all of these boxes — and more. In addition to the benefits of automated KYC we’ve already mentioned in this article, our solution was built to provide a wide range of functionality, including the ability to:

Want to learn more about KYC and Onfido’s Real Identity Platform?

Take an interactive tour of Onfido’s platform today or get in touch to speak with an expert or book a meeting.

Take a tour