Know your customer (KYC) is the process of verifying the identity and background of an individual customer. It is a set of regulatory guidelines and standards used by insurance and financial companies to ensure that new customers are who they claim to be, and that they are an acceptable customer given the risk profile of their background and of the business examining them.
KYC is often conducted for new customers when they first open an account, but it can also be done at any point if the company notices any suspicious activities or transactions on the account.
KYC can be used to mean all customers, including individuals and businesses, but as used in the industry today, it typically refers specifically to verification of the identity of individuals, i.e. natural persons. Know your business (KYB) verification, alternatively, examines an entire company instead of an individual customer as a person.
KYC processes help ensure a level of transparency and protection for everyone involved in financial transactions, especially financial institutions onboarding new and prospective customers.
For financial institutions, KYC helps reduce their financial and reputational risk by giving them confidence in a person’s identity, background, and risk profile, so they can best avoid doing business with customers that could be fraudulent, drag them into legal issues, or otherwise harm their business.
KYC requirements build reputable relationships that help to comply with legal requirements and companies can feel confident being compliant while also finding cost-effective solutions when they put together a thoughtful compliance program. The company that takes the time and energy to properly vet customers is one that can save themselves financial losses, reputational damage, and even legal penalties.
As with KYB, exact KYC requirements can vary by country and jurisdiction and can vary even more based on a company’s level of risk and unique approach to compliance. In general, common elements may include:
During this stage, companies gather basic information about the applicant, including legal name, address, date of birth, and tax ID. As part of a core KYC process or related checks on the person, companies may also gather information about employment, income, financial history, and credit score. Depending on the institution and the application, they may also do additional screenings to see if the applicant is a politically exposed person (PEP), appears on any government watch lists, or has a criminal history.
Once a company has obtained a customer’s information, they will often conduct due diligence by reviewing the assembled data to confirm that the applicant exists, evaluate their personal and financial history, and do a risk assessment to see what, if any, danger they potentially pose to the business. If any red flags arise during this stage, the applicant may qualify for enhanced due diligence, at which point the company further investigates to either confirm or disprove the apparent risks.
One in-depth background check may not be enough to ensure the identity and security of an applicant nor meet compliance standards. Companies may need to conduct periodic monitoring of a customer and even perform the KYC process again in order to satisfy regulatory requirements or meet their own standards for compliance.