KYC (know your customer)
Turn know your customer (KYC) and anti-money laundering (AML) compliance into your competitive advantage. Automated KYC checks allow you to onboard new customers and detect fraud while reducing costs.
Automate KYC verification with AI
Automatically route each customer to the right KYC processes and stop fraud. Our end-to-end verification and orchestration platform is powered by Atlas™ AI to offer fair, fast, and accurate identity verification.
Know your customers at onboarding
KYC is non-negotiable, and onboarding is a critical moment in verifying customer identity and conducting due diligence. The Real Identity Platform makes navigating KYC simple in over 160 countries — whether you need proof of address, politically exposed persons (PEPs) and sanctions screening, adverse media checks, or ongoing monitoring.
Meet global KYC compliance needs
Orchestrate KYC workflows that route each applicant through the right verifications and fraud detection signals to meet KYC and AML regulations and your risk tolerance. Onfido Studio allows you to create tailored verification journeys and find the right balance of convenience and security for each user while complying with geography specific regulations. Automatically route users to the verifications that match their level of potential risk, so low-risk customers get through faster while high-risk users are automatically moved to higher-assurance verification flows.
What do local KYC requirements look like?
Discover Onfido for identity verification
Validate user data against trusted databases to meet KYC, AML, and sanctions screening requirements. Our library of data sources grants extensive coverage and gives accurate results.
Verify customer IDs in seconds with low-friction and accurate document verification. Onboard customers wherever they are using 2,500+ supported documents worldwide.
Smart Capture SDK
Allow your customers to easily capture high-quality images and upload documents and facial biometrics as part of the identity verification process.
Pre-populate sign-up forms to remove user friction, ensure data integrity, and boost conversion. Autofill extracts data from a presented ID and automatically fills sign-up forms, removing the need for customers to manually enter information.
Learn how Revolut receives results 38 seconds faster since switching to Onfido.Read Revolut case study
Learn how Chipper Cash achieved a 95% automation rate when verifying customers.Read Chipper Cash case study
Learn how KOHO reduced their verification time by 98% with the Real Identity Platform.Read KOHO case study
Why choose Onfido?
Our automated KYC platform helps you verify customers in seconds so you can satisfy global compliance requirements and protect against fraud.
We help hundreds of businesses navigate compliance worldwide. Our solution meets ETSI TS 119 461, ETSI EN 319 401, and eIDAS Regulation EU 2014/910 and is 'high confidence' on the UK Government's Digital Identity and Attributes Trust Framework.
Know your customer (KYC) FAQs
While the primary purpose of KYC may vary from one industry to another, the KYC process generally consists of distinct steps designed to verify customer identity. Identity verification platforms help businesses verify customer identities and assess fraud risks. This is especially important (and a legal requirement) for financial institutions, which are highly regulated.
The KYC process builds trust between businesses and their customers, ultimately benefiting both. By implementing robust identity verification processes at onboarding and developing an understanding of ongoing customer behavior such as transaction patterns, businesses can spot suspicious activities and prevent criminal activity such as money-laundering.
Know your customer checks are conducted when a business wants to establish a business relationship with an individual person. Know your business checks are conducted when they want to establish a business relationship with another company. KYB checks typically involve identifying the ultimate beneficial ownership (UBO) in order to ascertain who might be benefiting from the financial activity of the business. They also often include identifying if a business is subject to PEPs and sanctions checks, or has been linked through adverse media to illicit activity.
Yes, KYC is a legal requirement in many industries. The financial services industry is highly regulated with regulations applicable to starting new customer relationships as well as managing and monitoring customer accounts on an ongoing basis. Only through diligent and consistent KYC processes can these organizations counteract illegal activities like money laundering, corruption, and more.
In the United Kingdom (UK), AML regulations are outlined in the terrorism act (2000), Proceeds of Crime Act (2002), and money laundering, terrorist financing, and transfer of funds regulations (2017). Additional regulations and guidance are related to biometrics regulation, cryptocurrency, and evolving AML rules.
Companies operating in the European Union (EU) must abide by regulations set forth in the Fifth and Sixth Anti-Money Laundering Directives (also known as 5AMLD, 6AMLD). Additional EU regulations concern AI best practices and AML reforms that have been developed to include specific guidance related to various use cases like gambling services and stringent remote identity verification procedures.
As it relates to know your customer regulation, the Patriot Act of the United States was designed to “deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and other purposes.” While Section 326 of the USA Patriot Act doesn’t represent the origin of KYC regulations and compliance across the United States, it certainly signifies an important development. The know your customer rule in the USA Patriot Act requires that financial institutions enact safeguards against money laundering, terrorist financing, identity theft and other forms of fraud.
Ultimately, whether companies are operating in the UK, EU, US, or elsewhere, KYC requirements effectively serve to:
- Strengthen domestic measures for preventing, detecting, and prosecuting international money laundering and financing of terrorism.
- Subject foreign jurisdictions, foreign financial institutions, and classes of international transactions or types of accounts that are susceptible to criminal abuse to special scrutiny.
- Require all appropriate elements of the financial services industry to report potential money laundering.
- Strengthen measures to prevent the use of financial systems for personal gain by corrupt foreign officials (and facilitate repatriation of stolen assets to the citizens of countries to whom such assets belong).
In addition to compliance, the benefits of knowing your customer also include:
- Fraud and money laundering prevention: Robust KYC processes contribute to strong confidence regarding customer identity, helping to protect against exposure to threats like identity theft, as well as various types of financial crime — all of which can be costly to remedy once it’s occurred.
- Cost savings: Comprehensive, properly-implemented KYC/AML processes help organizations avoid fines and other penalties that could have financially severe consequences. When these processes can be automated and digitized, they’re even more cost-efficient.
- Increased customer trust: Many customers are savvy to the various threats the modern world presents, including the risk of identity theft or other forms of fraud. When organizations implement dependable solutions that mitigate those risks, customers will know they can trust working with them.
As mentioned above, one key objective of KYC adherence is detecting and preventing suspicious activity, including money laundering. Anti-money laundering (AML) practices refer to specific procedures that financial institutions leverage to prevent criminal activities, such as any attempts to deposit or transfer funds generated through illicit or illegal activities. When you consider the prevalence of financial fraud, the importance of AML in KYC is difficult to overstate.
Like KYC compliance, international and local anti-money laundering regulations are required for certain business types. Ongoing monitoring and risk management is crucial, since people can be sanctioned (or subject to restrictions by authorities) after they have already started a banking relationship. KYC and AML work hand-in-hand to set a framework for organizations to maintain legal compliance, protect customers’ identities and personal data, and prevent fraud. By adding identity verification at sign-up, companies can ensure customers are who they say they are from the start of their relationship, laying a strong foundation for future due diligence and ongoing monitoring.
There are two primary ways to conduct KYC: a manual (paper-based) process or an online (digital) process — sometimes known as electronic know your customer (eKYC).
As you might expect, KYC started as a physical process but has since shifted to be mostly digital. Why the shift? It has a lot to do with the many challenges of manual or offline KYC, which include:
- Manual data entry including information checks, error identification and correcting, and following up with clients or customers to collect additional information. These processes, when done manually, are exceptionally time-consuming and prone to human error.
- High costs including salary wages as well as the potential for hefty regulatory fines.
- A poor customer/client experience, driven by time-consuming processes that had to be completed in person.
- Keeping up with industry regulations, which are constantly evolving and being updated in the face of sophisticated new threats around identity theft and financial fraud.
- Security threats, including data breaches that can substantially erode client trust and result in hefty financial penalties for banks and other businesses.
The four most important elements of a well-rounded and effective KYC/eKYC framework are:
- Client/customer acceptance policies
- Customer identification processes
- Customer due diligence and enhanced due diligence
- Ongoing monitoring/risk management
1. Client/customer acceptance policies
Financial institutions and other organizations should outline client acceptance policies that determine the types of customer or client profiles that present different levels of risk.
For example, an individual looking to open a modest, basic checking or savings account may not pose too great a risk to the institution, so KYC requirements are likely to be less intensive than those for wealthy clients (or those with complex needs). A bank wouldn’t necessarily need to apply extremely rigorous or lengthy review processes for these accounts — and doing so might drive clients away in frustration. KYC automation — which we’ll cover a little later — expedites these processes without sacrificing accuracy. By contrast, though, if another client has a particularly high net worth or their source of their funds is unclear, the financial institution would be wise to take a deeper look at the client’s financial picture in order to understand the potential risks and how they may be mitigated.
2. Customer identification programs
Who are your customers? True to its name, customer identification involves a series of steps designed to ensure that all customers or clients who do business with a financial institution are who they say they are (and that their business is legitimate).
In the United States, financial institutions are required to uphold a Customer Identification Program (CIP), a mandate enforced by the Financial Crimes Enforcement Network (FinCEN), a bureau of the United States Department of the Treasury.
FinCEN’s CIP rule sets minimum requirements for onboarding new clients or customers. While these will vary somewhat depending on factors like the organization’s size and geographic location, it should always include identifying and verifying persons opening an account, organized and timely recordkeeping, and comparison with government lists to spot any discrepancies.
3. Customer due diligence
Customer due diligence (CDD) refers to a series of checks that work to verify customers’ identities and understand their unique risk profiles. It becomes the basis for any additional enhanced due diligence (EDD) that is necessary based on the customer’s risk profile.
4. Ongoing monitoring and risk management
In the context of KYC, ongoing monitoring helps ensure that a company’s understanding of its customer or user base remains consistent and accurate over time. Ongoing monitoring is designed to detect any reasons why a banking institution might be prohibited from doing business with certain customers — due to newly-applied sanctions, for example.
It also helps to protect company assets, provide a positive customer experience, and remain in regulatory compliance. To put it in simple terms, ongoing monitoring involves regularly revisiting steps one through three, as described above. This way, companies can assess whether their client/customer acceptance policies, CIPs, or due diligence procedures need to be adjusted or updated.
When paired with ongoing monitoring, KYC/AML risk management helps ensure compliance with local governments and regulators.
Yes, many KYC/AML processes can — and should — be automated. When done right, automation streamlines and speeds up onboarding and helps ensure ongoing monitoring and compliance.
Onfido’s Real Identity Platform (powered by Atlas™ AI) provides flexible, end-to-end identity verification — including document and biometric verifications, trusted data validation, fraud detection and more.