Know your customer

Know Your Customer, alternatively known as know your client or simply KYC, is the process of a business verifying the identity of its clients and assessing their suitability, along with the potential risks of illegal intentions towards the business relationship. The term is also used to refer to the bank regulations and anti-money laundering regulations which govern these activities. Know your customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed customers, agents, consultants, or distributors are anti-bribery compliant. Banks, insurers, export creditors and other financial institutions are increasingly demanding that customers provide detailed due diligence information.


The objective of KYC guidelines is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities. Related procedures also enable banks to better understand their customers and their financial dealings. This helps them manage their risks in a well judged manner. Today not only the banks but also different online businesses can implement KYC. They usually frame their KYC policies incorporating the following four key elements:

  • Customer Acceptance Policy;
  • Customer Identification Procedures;
  • Monitoring of Transactions; and
  • Risk management.

The stringent regulatory environment establishes KYC as a mandatory and crucial procedure for financial institutions. As it minimises the risk of fraud, by identifying suspicious elements earlier on in the client-business relationship lifecycle. For the purposes of a KYC policy, a customer/user may be defined as:

  • a person or entity that maintains an account and/or has a business relationship with the bank;
  • one on whose behalf the account is maintained (i.e. the beneficial owner);
  • beneficiaries of transactions conducted by professional intermediaries such as stockbrokers, Chartered Accountants, or solicitors, as permitted under the law; or
  • any person or entity connected with a financial transaction which can pose significant reputational or other risks to the bank, for example, a wire transfer or issue of a high-value demand draft as a single transaction

Typical controls

KYC controls typically include the following:

  • Collection and analysis of basic personally identifiable information (PII).
  • (referred to in US regulations and practice as a “Customer Identification Program” or CIP).
  • Screening of identity particulars (PII) against global watch-lists to determine the status of public exposure (politically exposed person or PEP) and adverse media.
  • Determination of the customer’s risk in terms of the tendency to commit money laundering, terrorist finance, or identity theft.
  • Creation and assessment of a ‘Customer Profile’ on the basis of a customer’s transactional behaviour
  • Monitoring of a customer’s transactions against expected behaviour and recorded profile as well as that of the customer’s peers

Laws by country

  • Australia:The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) gives effect to KYC laws.[1] The Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 provides guidance for applying the powers and requirements of the Act.[2] Compliance is governed by the Australian Government agency, Australian Transaction Reports and Analysis Centre, established in 1989, known as AUSTRAC.[3]
  • Canada: The Financial Transactions and Reports Analysis Centre of Canada, also known as FINTRAC, was created in 2000 as Canada’s financial intelligence unit. FINTRAC updated its regulations in June 2016 regarding acceptable methods to determine the identity of individual clients to ensure compliance with AML and KYC regulations. A pending lawsuit is active in Canada challenging the legality of the new legislation[4]
  • India: The Reserve Bank of India introduced KYC guidelines[5]for all banks in 2002. In 2004, RBI directed all banks to ensure that they are fully compliant with the KYC provisions before December 31, 2005.[6]
  • Italy: The country’s Central Bank (Banca d’Italia), which also exercises regulation power for the financial industry, has enacted in 2007 the KYC requirements and rules that financial institutions have to comply with on the Italian territory.[7]
  • South Korea: Act on Reporting and Use of Certain Financial Transaction Information regulates due diligence in the country.[8]
  • Namibia: Financial Intelligence Act, 2012 (Act No. 13 of 2012) published as Government Notice 299 in Gazette 5096 of 14 December 2012.[9]
  • New Zealand: Updated KYC laws were enacted in late 2009 and entered into force in 2010. KYC is mandatory for all registered banks and financial institutions (the latter has an extremely wide meaning).[10]
  • South Africa: The Financial Intelligence Centre Act 38 of 2001 (FICA)
  • United Kingdom: The Money Laundering Regulations 2017 are the underlying rules that govern KYC in the UK. Many UK businesses use the guidance provided by the European Joint Money Laundering Steering Group along with the Financial Conduct Authority’s ‘Financial Crime: A guide for firms’ as an aid to compliance.
  • United States: Pursuant to the USA Patriot Act of 2001, the Secretary of the Treasury was required to finalize regulations before October 26, 2002 making KYC mandatory for all US banks. The related processes are required to conform to a customer identification program (CIP)
  • Luxembourg: KYC is governed in the Anti-Money Laundering (AML) laws and regulations, which became effective in 1993 and were amended for the last time in 2015.
  • Singapore: Various industries in Singapore are subject to AML/CFT requirements, including requirements promulgated by the Monetary Authority of Singapore applicable to financial institutions.
  • Japan: Act on identification of customers by financial institutions 2003 [11]

Enhanced due diligence

Enhanced due diligence (EDD) is a more comprehensive set of procedures for customers with a higher risk profile, either through sources of origin or transactions that exhibit irregular behaviour. The USA PATRIOT Act dictates that institutions “shall establish appropriate, specific, and, where necessary, enhanced, due diligence policies, procedures, and controls that are reasonably designed to detect and report instances of money laundering through those accounts.”[12] US regulations require that EDD measures are applied to account types such as private banking, correspondent account, and offshore banking institutions. Because regulatory definitions are neither globally consistent nor prescriptive, financial institutions are at risk of being held to differing standards dependent upon their jurisdiction and regulatory environment. An article published by Peter Warrack in the July 2006 edition of ACAMS Today (Association of Certified Anti-Money Laundering Specialists) suggests the following:

A rigorous and robust process of investigation over and above (KYC) procedures, that seeks with reasonable assurance to verify and validate the customer’s identity; understand and test the customer’s profile, business and account activity; identify relevant adverse information and risk; assess the potential for money laundering and/or terrorist financing to support actionable decisions to mitigate against financial, regulatory and reputational risk and ensure regulatory compliance.

Use-Cases of KYC

  • Client on-boarding.
  • User Registration.
  • Processing of high-profile transactions.
  • Re-verification of existing users.
  • Ensure regulatory compliance.
  • Replacement of outdated authentication mechanisms.


Rigorous and robust

Generally this means consistent, thorough and accurate. The process must be documented and available for inspection by regulators. The process must be SMART (Specific, Measurable, Achievable, Relevant and Time-bound ),[13] scalable and proportionate to the risk and resources.

Over and above KYC procedures

EDD files rely upon initial client screening. EDD processes should use a tiered approach dependent upon the risk. Crucial to the integrity of any EDD process is the reliability of information and information sources, the type and quality of information sources used, properly trained analysts who know where to look for information, how to look and how to corroborate, interpret and decide the results. Commercial intelligence companies aggregate this information and compile it daily into a comprehensive database. Many of these commercial intelligence companies are serviced by in-country providers with researchers on the ground who can obtain information that is not otherwise easily accessible.

Reasonable assurance

What is reasonable depends upon factors including jurisdiction, risk, resources, and state of the art technology. For sanction matches it depends upon information provided by regulators. In all cases the suggested standard is to the civil standard of proof i.e. on the balance of probability.

Relevant adverse information

Information obtained from any source, including the Internet, free and subscription databases and the media, which is directly or indirectly indicative of involvement in money laundering, terrorist financing or predicate offences. Examples include fraud and other dishonesty, drug trafficking, smuggling or other proscribed offences, references to money laundering, or conducting business, residing in or frequenting countries deemed by the Financial Action Task Force and/or (institution) as being countries under sanction or countries with which (institution) does not do business; to official sanctions or watch lists; and to investigations, convictions or disciplinary findings by authorized regulatory bodies.


KYCC or Know Your Customer’s Customer is a process that identifies a customer’s customer activities and nature. This includes the identification of those people, assessing their associated risk levels and associated activities the customer’s customer (business) is involved in.[14]

KYCC is a derivative of the standard KYC process, that was necessitated from the growing risk of fraud originating from fraudulent individual or companies, that might otherwise be hiding in second-tier business relationships. i.e (a customer’s customer).[14]


Controversies over this legislation/regulation/policy include:

  • Know your customer places an incredible costly burden on businesses operating in the financial industry, especially smaller financial companies where compliance costs are disproportionately heavy.[15]
  • Customers may feel the information requested to be extremely intrusive and burdensome.[16]
  • Innocent, law abiding individuals such as digital nomads are very likely disproportionately disadvantaged as living a nomadic life makes it increasingly difficult or even impossible to hold any formal banking relationship anyplace in the world due to lack of proof of address, bills, and/or debt documentation required by KYC.[17]
  • Retired people who travel within their own country without having a permanent fixed address may also be disproportionately disadvantaged for the same reason.
  • Jurisdictions across the Americas, EMEA, and Asia Pacific indicated that all of these jurisdictions permit a form of reliance on customer information provided by third parties. In many instances this data is incorrect, potential bank customers may be unaware of the error and there is no grievance procedure to correct or sanction the bad data provider.
  • Some citizens in other countries (Canada) are fighting back against USA over-reach into their sovereign banking system and have challenged new USA law in their courts.[18]
  • The intelligence division at the Treasury Department has repeatedly and systematically violated domestic surveillance laws by snooping on the private financial records of US citizens and companies, according to government sources.[19]


  1. ^“Search”.
  2. ^
  3. ^“Search”.
  4. ^“Lawsuit filed challenging FINTRAC”.
  5. ^“‘Know Your Customer’ (KYC) Guidelines – Anti-Money Laundering Standards”. Archived from the original on 2012-08-01.
  6. ^“Why KYC is mandatory now”. Retrieved 25 Oct 2010.
  7. ^“Banca d’Italia”.
  8. ^ Missing or empty |title= (help)
  9. ^“Financial Intelligence Act 2012” (PDF).
  10. ^“AML CFT 2009”.
  11. ^“Law information by The house of representative Japan (In Japanese)”.
  12. ^“Archived copy”. Archived from the original on 2011-11-23. Retrieved 2011-11-30.
  13. ^Learn How to Make Your Goals SMARTweb page, retrieved November 5, 2006
  14. ^ Jump up to:abPYMNTS (2018-01-03). “”. Retrieved 2019-04-24. External link in |title= (help)
  15. ^“Patriot Act a Beastly Burden for Small B/Ds”. November 2003.
  16. ^“Know Your Customer (KYC) Will be a Great Thing when It Works”.
  17. ^(PDF) Missing or empty |title= (help)
  18. ^“Alliance for the Defence of Canadian Soverignty”.
  19. ^“Treasury accused of illegally spying on Americans”.

Ofer Abarbanel online library

Ofer Abarbanel online library

Ofer Abarbanel online library