KYC

The process of verifying the identity of individual clients before and during a business relationship. KYC requires collecting and verifying government-issued ID, proof of address, and screening against PEP and sanctions lists. Mandated by AML directives across the EU, US (BSA/FinCEN), and UK (MLR 2017). KYC applies to natural persons; the equivalent for companies is KYB.

KYC is composed of three tiers based on risk: Standard Due Diligence (SDD) for low-risk customers, Customer Due Diligence (CDD) for normal-risk, and Enhanced Due Diligence (EDD) for high-risk customers such as PEPs, high-net-worth individuals, or customers from high-risk jurisdictions. The risk-based approach allows regulated entities to allocate compliance resources proportionately.

In practice, KYC onboarding involves collecting a government-issued photo ID (passport, national ID card, driver's license), proof of address (utility bill, bank statement, no older than 3 months), and often a selfie or live video check for remote onboarding. Digital KYC platforms (Jumio, Onfido, Sumsub) automate document verification using OCR and biometric matching, reducing friction while improving accuracy.

KYC obligations extend beyond onboarding — regulated entities must conduct periodic reviews (typically annually for high-risk, every 3-5 years for low-risk) and re-KYC when there are material changes to the customer relationship. Failure to maintain up-to-date KYC records is a common regulatory finding. For banks, KYC data also feeds into transaction monitoring and suspicious activity reporting (SAR) workflows.

Related Terms