The KYC Verification Process: 3 Steps to Compliance
KYC, or Know Your Customer defines a set of guidelines to accurately verify the identity of customers. The KYC verification process helps to prevent identity theft and fraud.
KYC also falls within the scope of AML (anti-money laundering) regulations, which aim to curb money laundering and financial fraud as well as keep financial institutions from entering into potentially criminal business relationships with terrorists.
KYC compliance is required throughout industries, but it is most relevant for financial institutions and online businesses. One of the key components of KYC is identity verification. With KYC verification, organizations can ensure that the person or entity they are building a business relationship with is actually who they say they are.
What is KYC verification?
The objective of KYC verification is to ensure that a customer is who they claim to be. This aims to protect customers by preventing identity theft and fraud as well as protect financial institutions by preventing money laundering and terrorist funding. Sometimes called the KYC check, KYC verification is the process of identifying and verifying a potential customer’s identity during onboarding.
KYC is a set of guidelines outlined by the United States Financial Crimes Enforcement Network (FinCEN). It is a mandatory requirement for financial institutions and many other businesses. Elements of a KYC procedure typically include the following:
- Customer acceptance policy (CAP)
- Customer identification procedure (CIP)
- Transaction monitoring
- Risk management
Under KYC, the CAP details the regulations required to accept a customer and enter into a business relationship with them. This includes determining their risk threshold, exploring financial interactions, and outlining the eligibility criteria and necessary documents that should be provided by the customer during onboarding.
Know Your Customer verification mostly falls under the CIP component of KYC. To verify a customer, it is minimally required to collect the following information:
- Date of birth
- Identification number
Documents such as a government-issued ID (driver’s license or passport) and public utility bills can be used for KYC verification. Other methods of identity verification can include the use of biometrics and face verification. Additional methods can include comparing the information the customer provides during onboarding with public databases, consumer reporting agencies, and watchlists.
The exact practices of Know Your Customer verification are determined by the risk profile of the organization in line with risk management policies. Verification methods are required to be reasonable, and organizations must make their best effort to ensure that customer identities are properly validated.
Who uses KYC verification?
Any institution that is required to be KYC compliant will need to use KYC verification. This can include both financial and non-financial institutions and online businesses.
Ultimately, KYC verification is used by an organization to verify the identity of their customers. Banks, Fortune 500 financial firms, credit unions, credit card companies, fintech, real estate, and insurance companies all use KYC verification.
Know Your Customer verification is performed both during a customer’s first interaction with an entity — when they are opening an account or requesting services, for instance — and also throughout the business relationship to continually ensure that the customer has control of their account, and no fraud or identity theft has occurred. This is done through continual monitoring and tracking of financial transactions.
If anything appears suspicious, it is flagged and reported as soon as possible to help protect both the customer and the organization.
Benefits of KYC verification
KYC verification can help you to ensure that you are doing business with a legitimate customer that is who they claim to be. This can protect your organization from entering into potentially criminal business relationships with significant negative consequences.
Know Your Customer also performs a robust risk assessment of potential customers and entities before accepting them, which can help to mitigate potential losses or issues with particularly risky entities. KYC can also help you to form a better relationship with your customer by offering insight into financial interactions and the types of services required.
Know Your Customer verification can help to prevent the following:
- Identity theft: KYC verification requires an individual to provide proof of their identity. It mandates that reasonable efforts be made to ensure that the customer is who they say they are. This can make it harder for threat actors to open fraudulent accounts with stolen credentials or forged documents.
With KYC best practices and KYC verification, you can prevent the opening of fake accounts, validate the identities of your customers, and ensure that only the correct entities have access to your services.
- Financial fraud: Since the pandemic began, fraud has increased nearly 50 percent, and it costs organizations around 5 percent of their annual revenue on average. Furthermore, every $1 in fraud costs financial services firms in the United States $4.
Financial fraud is an extreme burden on organizations. KYC verification can help to prevent fraud by keeping bad actors from impersonating real customers using stolen IDs or credentials or making fraudulent accounts to steal money.
- Money laundering: Money laundering is the transferring of money obtained through illegal or criminal means to transform it into legal monetary value. This is often accomplished through dummy accounts that criminals can set up to “launder” money made through the illegal sale of narcotics, smuggling, human trafficking, or other illegal operations.
Using Know Your Customer verification, it is harder for criminals to set up these fake accounts. KYC also tracks accounts and monitors transactions, sending an alert if suspicious activity is suspected.
- Terrorist financing: Terrorists often use multiple accounts and agencies within the United States to fund their operations. After 9/11, attempts have been made to identify and link names and accounts of suspected terrorists.
KYC verification matches the names of people trying to open accounts against a watchlist and can therefore block suspected terrorists from using these financial services. With KYC, government agencies are able to track money that is being generated and transferred and can potentially be funding terrorist operations in order to stop the money from changing hands.
Real-world examples of KYC verification
Know Your Customer verification is initially performed during the first interaction between a customer and an organization. This will involve the organization requesting proof of identity from the customer. This process can look like this:
- The customer will fill out a form with their basic information, including their name, birth date, address, and ID number.
- The customer will then need to upload the required proof of identity documents, such as a government-issued ID, for example. Documentation of proof of address is also needed, which can include a copy of a utility bill.
- Data from the ID document is extracted, and this data is processed and verified, often using machine learning and AI technologies.
- The organization can use data from the information provided by the customer to match their identity in public and private records.
- Biometrics and/or facial recognition can also be used to further verify the identity of a customer and match it to their ID.
A wide variety of businesses and entities use KYC verification to prove the identity of customers before allowing them access to their services. For example, the following entities require KYC verification:
- Credit unions
- Online loan and investment firms
- Mortgage companies
- Insurance firms
- Health care organizations
- Travel companies
- Online gambling and casinos
- Telecommunication companies
Best practices for KYC verification policies & procedures
With KYC verification, the CIP is often the first stage. Best practices for the CIP process involve performing customer due diligence.
Basic customer due diligence (CDD) is used on most customers as it verifies the identity and assesses the risk of doing business with this particular customer. Higher-risk customers can necessitate the use of enhanced due diligence (EDD), which will examine the customer and their records more closely for a deeper understanding of their risk threshold.
Due diligence will also need to identify and verify data for beneficial owners — those with at least 25 percent equity interest in the company requesting access. For customers with a higher AML risk threshold, this percentage of ownership drops to 10 percent for identities that need to be verified.
EDD is more in-depth and often needs senior management approval. Information collected during the due diligence process will need to be maintained by financial institutions as well.
KYC verification is often supported through a CIAM (customer identity and access management) solution that can be seamless for the consumer and support KYC compliance for the organization. Third-party services and solutions, such as those provided by Okta, can help to successfully verify the identity of customers while maintaining compliance with KYC and using KYC verification.
Types of identity verification
The basic and most common form of identity verification is document-based verification, which will involve the close examination of customer-provided documents to prove identity and address information. This generally means a form of government-issued identification at the very least. Most of the time, more than one document is required to verify identities.
As so much of the world is now online, customers often need to be onboarded digitally, and digital identity verification is imperative. In 2022, for example, an expected 65.3 percent of Americans will use digital banking. This will require additional forms of identity verification beyond physically inspecting documents, for instance. Often called eKYC, documents can commonly be uploaded and verified through advanced technological means, such as using OCR technology, which uses a combination of machine learning and AI technology.
Additional forms of identity verification can include the following:
- Video verification: This can also be used to verify a person’s identity. It uses a live one-on-one video session between a customer and a compliance specialist. This can take the place of an in-person meeting.
- Facial recognition, often with liveness detection: A person may be asked to take a selfie, commonly while holding a piece of identification such as an ID card, and the face is matched through biometric authentication methods. Liveness detection can further minimize identity theft and face spoofing by using technology that can tell if the person on the screen is actually present in real time.
- Biometrics: Additional biometric tools and technologies can be used for identity verification. This can include fingerprint and iris pattern matching.
- Behavioral biometrics: Using a combination of advanced technologies, such as machine learning and AI, behavioral biometrics can help to further verify the identity of a user by recognizing specific use patterns. This can include where a person clicks on a screen, how they hold their phone, or the location they sign in from.
How to verify businesses with KYC verification
The CIP element of KYC also applies to business entities, including trusts, LLPs, and PLCs. It is not just for individual customers.
To verify a business with KYC verification, you will need to ensure that the business actually exists and is not a façade or front for a criminal enterprise. Documents that should be examined include the following:
- Government-issued business license
- Articles of incorporation
- Trust agreements
- Partnership deed
You can look up online business registrations for company records to verify a business electronically during onboarding.
You will also need to verify the identities of the vested owners of the business with KYC verification and not just the business itself. Each of these owners will become customers of the bank or financial institution if the business is accepted as a customer.
Banks are also required to verify the identity of anyone who owns, controls, and profits from a corporation opening a business account. This can mean employees, shareholders, and board members. During KYC verification of a business, a bank will need to obtain copies of photo IDs, passports, and Social Security numbers (SSNs) for all of these members.
KYC verification is a component of KYC (Know Your Customer) that can help organizations to ensure that a customer is who they say they are.
KYC verification uses a customer identification procedure (CIP) to verify the identity of a user during the onboarding process. KYC verification can also be used to help monitor accounts and transactions throughout the business relationship. KYC falls under the AML (anti-money laundering) umbrella, which aims to prevent identity theft and fraud, money laundering, and the financing of terrorist operations.
Organizations are required to perform a reasonable effort to prove the identity of potential customers using KYC verification best practices. Organizations will need to collect a customer’s name, birth date, address, and ID number. They’ll then work to verify all of these through a variety of means.
Customers are asked to provide proof of identity and address, often in the form of a government-issued ID and a utility bill. Much of this can now be done electronically. Organizations can also use means beyond document-based verification methods, including facial recognition and other forms of biometrics, to verify a customer’s identity.
As most organizations have an online and digital presence, the use of KYC and eKYC verification is widespread. Initiated in the financial industries, KYC verification now spans most industries and can help to protect entities from fraud and secure customer identity information.
Financial Crimes Enforcement Network. FinCEN.
What’s the Total Cost of Fraud – and How Can You Reduce It? (September 2021). CPO Magazine.
Fraud Costs and Volumes Remain Significantly Higher than Pre-Pandemic for Financial Services and Lending Firms, According to the New LexisNexis Risk Solutions Report. (January 2022). LexisNexis Risk Solutions.
FinCEN Know Your Customer Requirements. (February 2016). Harvard Law School Forum on Corporate Governance.
3 Ways Your Customer Identity Strategy Fuels Business Growth. (2022). Okta.
Share of Population Using Digital Banking in the United States from 2018 to 2022. (January 2022). Statista.