KYC compliance steps

KYC (or 'know your customer') refers to a process that protects institutions and their clients from money laundering, terrorist financing, and other fraudulent activities. KYC compliance is critical for financial institutions but also has applications in several other industries. Becoming and remaining KYC compliant requires specific steps, principles, and components — all of which form an institution’s KYC program.

At Onfido, we specialize in making the KYC process smoother and more efficient for everyone involved. Through our Real Identity Platform, we make it easy for institutions to identify customers and assess risk. But what does that look like in practice? Keep reading to learn about the KYC process, and the steps it takes to ensure organizations remain KYC compliant.

What is the purpose of the KYC process?

The KYC process helps institutions verify their customers’ identities, assess risk, and detect fraud. Both KYC and AML (anti-money laundering) guidelines exist for this purpose, and both are enforced through a series of laws and regulations depending on each country. The United Kingdom, for example, requires financial institutions to observe laws like Terrorism Act 2000 or the Proceeds of Crime Act 2002.

But how exactly does KYC achieve these goals? Generally, KYC uses three key components to protect organizations and their clients:

  1. A customer identification program (CIP) to verify identity and assess initial risk
  2. Customer due diligence (CDD) to cross-reference identity with fraudulent activity
  3. Continuous or ongoing monitoring to ensure a customer’s risk level has not changed

Why do I need KYC verification?

For financial institutions or any organization that deals with sensitive information, KYC is often a legal requirement. But even if it weren’t a legal requirement, KYC regulations are necessary because they give organizations a clear set of guidelines to follow when safeguarding sensitive information. 

Do banks use KYC?

Absolutely — in fact, they’re required to. KYC compliance is legally required for banks, as well as most other financial services businesses. But why is KYC so important for banks that it’s mandatory? Simply put, banks are at high risk of being targeted by money launderers, hackers, or any other criminals intent on stealing private information. Both KYC and AML regulations exist to prevent financial crime, money laundering, and terrorist financing.

What are the 4 steps of KYC for new customers?

The steps for each institution vary, but generally, there are four steps to the KYC onboarding process:

  1. Customer Verification. Confirming a new customer’s identity is the first step in assessing their risk. To do this, institutions may ask for documentation, such as an ID or proof of address. They may perform a biometric verification with photographs or videos submitted by the customer.
  2. Customer Due Diligence (CDD). Once identity verification is complete, institutions take appropriate CDD measures depending on the initial risk level of the customer. This could include screenings, database analysis, or any number of checks for fraudulent activity. Higher-risk customers will require enhanced due diligence, but with this, it’s important to note that “high-risk” does not always mean the customer is committing illegal activity. Certain clients, such as politicians, are deemed high risk because of what could happen if they become compromised.
  3. Risk Scoring. Assessing the risk of each client helps the institution determine the best next steps. Depending on how the client scores, the institution can then decide whether or not to continue onboarding, perform more CDD measures, or stop the process entirely if they’re too high-risk.
  4. Ongoing Monitoring. Even after the customer passes initial risk assessments, they still have to be watched for any unusual changes. Red flag monitoring, activity tracking, and several other measures help financial institutions keep track of their customers.

How do I choose a KYC provider?

Achieving KYC is not just about finding a provider, but also developing internal regulatory practices. The best KYC compliance solutions require both internal and external programming. Internally, an organization needs their own KYC compliance program that trains, updates, and monitors staff to ensure they follow KYC regulations. Externally, partnering with a solution provider like Onfido eases many of the steps required to achieve compliance, such as:

If you have any questions about KYC or how to achieve compliance for your organization, talk to us at Onfido. We are experts in KYC and AML regulations worldwide, and our software is well-suited to help prevent fraud in your organization — no matter where it occurs. Our Guide to Digital Identity Verification includes best practices for setting up identity verification workflows, and lists the top requirements to look for in a verification partner.

Interested in learning more?

Take an interactive tour of our Real Identity Platform, or contact us directly for more information.

Get in touch