KYC, or know your customer, is a process that allows organizations in highly-regulated industries such as financial services to know about their customers, their customers’ financial activities, and assess any risks they may pose. Through KYC verification, meaning the verification of customer identity and ongoing monitoring of customers, institutions can protect themselves from risks such as fraud and identity theft. Most importantly, KYC is a critical component of upholding global anti-money laundering (AML) efforts as well as combating the financing of terrorism (CFT).
To that end, institutions working in many different sectors must follow KYC regulations required by their geographic region. This guide explores the four primary KYC process steps, including what each step entails and how Onfido can streamline your remote customer identity verification.
What are the steps of KYC?
There are four primary steps involved in the end to end KYC process: customer acceptance policies, customer identification, customer due diligence, and ongoing monitoring.
1. Customer acceptance policies
What is the first step in the KYC process? To begin, banks and other financial institutions must define what their customer acceptance policies are. This creates clear-cut definitions for the remainder of the KYC process, and it allows institutions to better protect themselves from risk — one of the primary reasons why KYC is important. Additionally, these policies can help ensure that institutions are meeting any regulatory requirements.
Typically, an institution’s acceptance policies will include at least two key pieces of information. First, they must determine what their customer acceptance criteria is. Additionally, they must understand what level(s) of risk are presented by various types of customers. For example, a customer opening a basic checking or savings account may present minimal risk, but a high net worth individual or a corporate account may present a higher degree of risk. Different levels of due diligence may be needed for each of these levels of risk.
2. Customer identification
In this next step, financial institutions complete a set of steps that ensure that their customers or prospective customers are who they say they are. In general, this includes: identifying and verifying the individual(s) opening an account, performing any required recordkeeping, and comparing the data with applicable government lists to look for any inconsistencies.
Of course, customer identification requirements do vary, depending upon the country an institution is located in. For example, financial institutions in the United States are required to uphold a Customer Identification Program (CIP), as laid out by the Financial Crimes Enforcement Network (FinCEN). Or, for institutions operating in the more than 200 jurisdictions who have committed to the recommendations laid out by the Financial Action Task Force (FATF), there are identity verification procedures in place as well.
3. Customer due diligence
The third of the KYC process steps in banks and other financial institutions, customer due diligence is performed to verify a customer’s identity and understand their individual risk profile. When performing customer due diligence, organizations will likely perform the following:
- Collecting KYC documents such as name, address, and a photograph of an official identity document
- Reviewing the customer’s financial activities and the markets in which they operate
- Verifying the organizations your customer does business with
For higher-risk customers, enhanced due diligence may be necessary to better mitigate any potential risks. This may include performing extra steps such as:
- Collecting additional information from the customer
- Performing additional KYC and anti-money laundering verifications
- Determining what needs to be done to protect against the identified risk factors
4. Ongoing monitoring
The KYC requirements for banks and other financial institutions doesn’t end after initial onboarding, however. In the final step of the process, institutions must develop and implement a system to monitor customers and their transactions.
Depending upon the customer and their risk level, institutions may also be obligated to monitor:
- Individuals on sanction lists
- Politically exposed persons (PEPs)
- Inconsistent spikes in activity
- Unusual out of area or cross-border transactions
- Adverse media mentions
Automate KYC verification with Onfido
At Onfido, our mission is to be the world’s best KYC solutions providing end-to-end identity verification. Our Real Identify Platform allows you to access award-winning document and biometric verification, trusted data sources, and fraud detection signals. Our Verification Suite is all orchestrated from Onfido Studio, our drag-and-drop workflow builder — so you can tailor workflows using different checks and logic to meet market and user requirements.
Explore our case studies to read about how Onfido can help you drive growth, navigate compliance, fight fraud, and reduce costs. If you'd like to learn more, schedule time to talk with our experts to learn how Onfido can empower your end-to-end KYC processes.
Our compliance manager’s guide walks through the regulatory landscape in the EU, UK, and US — and discusses best practices for setting up customer identification workflows and assessing technology.