Identity Verification
Know Your Customer (KYC) Requirements: What You Should Know
Learn about the key components of a Know Your Customer (KYC) program, and legal requirements for KYC in the US, UK, EU, and Australia.
October 30, 2023
min read

Know Your Customer (KYC) requirements specify how organizations should validate the identity of customers and determine their risk score. Their primary aim is to prevent financial crimes, fraud, and the sale of products to those who are not allowed to consume them. When implementing KYC, organizations are required to implement the three core components of KYC and location-based and industry applicable regulations.

The three core components of KYC compliance include establishing a customer identification program (CIP), performing customer due diligence (CDD), and implementing continuous monitoring. There are also location-based KYC requirements, including the Financial Crimes Enforcement Network (FinCEN), a core anti-money laundering (AML) regulator working in the U.S.

In this article:



Key Components of KYC

The three parts of KYC are as follows. 

Customer Identification Program (CIP)

To meet the requirements of a Customer Identification Program, a financial organization requests that customers provide identifying information. Each financial organization carries out its CIP process according to its risk profile. Thus, asking a customer for different data according to the organization.   

For an individual, this data may include:

  • A passport
  • A driver's license  

For an organization, this data might include:

  • Government-issued business license
  • Partnership agreement
  • Certified articles of incorporation
  • Trust instrument

Information for further verification could include: 

  • Financial references
  • A financial statement
  • Information from a public database or consumer reporting agency

Financial institutions must check that this data is credible and accurate, using non-documentary verification, documentation, or both.

Customer Due Diligence (CDD)

CDD is the process of collecting customer credentials to verify identity and evaluate their risk profile. Here are the two main tiers of CDD:

  • Simplified due diligence (SDD)—implemented for low-risk accounts for terrorism funding or money laundering. For example, low-value bank accounts or standard bank accounts.
  • Enhanced due diligence (EDD)—implemented for customers with a higher risk score. Typically, customers are at significant risk of infiltration, terrorism financing, or money laundering. The EDD process requires collecting further information on the customer and implementing transaction monitoring. By tracking the average amount and frequency of transactions, you can detect irregularities. 

The financial institution is responsible for determining each customer's risk profile and then deciding whether to use SDD or EDD.

Continuous Monitoring

Financial institutions have to continually monitor their clients' transactions for unusual or suspicious activity. This is a risk-driven, dynamic approach to KYC. When unusual or suspicious activities are isolated, the financial organization must complete a Suspicious Activities Report (SAR) to FinCEN and other law enforcement organizations.  

KYC Requirements and Regulations Around the World

Each jurisdiction has specific laws to meet, depending on the various government-issued driver's licenses, identity cards, credit/debit cards, utility bills, and passports it has. Industries including online gaming, gambling sites, and finance have stricter KYC regulations and more significant AML compliance obligations—and they often have their specific, devoted regulatory authorities. Countries make use of government agencies to manage compliance regulations.

The Financial Action Task Force (FATF)

FATF is an international organization that deals with terrorist financing, felony, and money laundering. It includes 36 member states across multiple jurisdictions. FATF has been providing the global standard regarding anti-money laundering compliance. It does this by monitoring customers under CTF and AML guidance. 

FATF has deemed it mandatory for financial organizations to undertake in-depth KYC processes, global sanctions screening, due diligence procedures, and risk assessments before onboarding businesses and customers. 

Related content: Read our guide to KYC AML 

KYC Regulations in the U.S.

The following regulations apply to financial activities in the U.S.:

  • The Financial Crimes Enforcement Network (FinCEN) is the core AML regulator within the U.S. and functions under the jurisdiction of the U.S. Treasury Department. FinCEN is in charge of dealing with terrorism financing, money laundering, and additional financial crimes by surveying individuals, financial organizations, and banks, as well as studying suspicious payments and transactions. In addition, FinCEN works with federal and state law enforcement agencies, providing information to help in the war against financial crime.   
  • The Bank Secrecy Act (BSA)—the United States' core anti-money laundering law, was established in 1970. The design of the BSA is to deal with money laundering and ensure that financial organizations and banks do not become complicit in or facilitate it. The BSA applies a variety of compliance obligations to organizations within U.S. jurisdiction. This includes requirements to put in place a risk-based AML program with suitable screening measures plus customer due diligence (CDD) and conduct various record-keeping and reporting tasks when handling suspicious customers and transactions.
  • USA Patriot Act—passed in 2001 after the September 11 attacks- focuses on financial crimes connected with terrorism. It broadens the reach of the BSA by providing law enforcement bodies with more investigatory and surveillance powers, introducing unique customer due diligence and screening requirements, and establishing stricter penalties for individuals or organizations involved in terrorist financing. In addition, the Act features specific controls and provisions for cross-border transactions to deal with international financial crime and terrorism.

KYC Regulations in the U.K.

Following Brexit, the United Kingdom is adhering to the Sanctions and Money Laundering Act of 2018. According to the law, the U.K. will conform to the United Nations sanctions to achieve national security and international policy objectives. 

All organizations must maintain current money-laundering prevention and counter-terrorism financing (AML/CFT). Finally, the Act of 2018 has put forward that organizations carry out due diligence examinations on every entity to meet the international security standards and retain domestic security.   

KYC Regulations within the E.U.

European law, generally speaking, features directives and regulations that are binding across the E.U. The two key aspects of European legislation relevant to KYC are the GDPR and the fifth AML directive (the GwG). By transposing AML rules into national laws, countries may put stricter requirements. 

The most widely known example is the German use of the fifth AML, which requires a thorough video KYC process that stipulates what a customer has to do to pass verification and identification. While this process is relatively successful in the German market, it affects conversion in different European markets.  

More instances of additional requirements incorporated into national law include:

  • France—a need for a secondary I.D. document
  • Spain—a necessity for enhanced liveness detection
  • Italy—a prerequisite for seven additional risk checks

KYC Regulations within Australia 

The Australian Transactions Reports and Analysis Center (AUSTRAC) also changed the KYC/AML regulation following the pandemic outbreak. In addition, it has offered alternatives to ensure more robust compliance with identity verification protocols. 

AUSTRAC demands that electronic copies of I.D. documents issued by the government and other proof of identity be utilized for verification. If any of these alternatives don't work, video KYC should be completed for identity verification.

Know Your Customer (KYC) Identity Verification with BlueCheck

BlueCheck's industry-leading identity verification infrastructure enables merchants to grow their business faster. As we serve a wide variety of industries, our solutions are custom-tailored to the unique needs of our customers, including PACT Act and eCommerce compliant offerings. 

Schedule a call today with a BlueCheck specialist to learn more about our Age & I.D. Verification solutions.