KYC – Know Your Customer (Customer Due Diligence and Identity Verification)
Know Your Customer (KYC) refers to regulatory obligations to identify, verify and continuously monitor customers in the financial and regulated sector.
Summary
Know Your Customer (KYC) refers to the bundle of regulatory obligations requiring financial institutions and other obligated entities to know, verify and continuously monitor the identity of their customers. KYC is an essential component of AML/CFT compliance and is closely linked to Customer Due Diligence (CDD).
- Identification and verification: Establishing the identity of natural and legal persons through official documents and reliable sources.
- Beneficial owners: Identifying the natural persons behind the customer.
- Risk classification: Categorising the customer by ML/TF risk level (low, medium, high) with corresponding tiered due diligence.
- Ongoing monitoring: Continuous review of transactions and periodic KYC updates.
- Enhanced Due Diligence (EDD): Heightened measures for high-risk customers, politically exposed persons (PEPs) and high-risk countries.
History
The origins of KYC lie in US banking laws of the 1970s — in particular the Bank Secrecy Act (BSA) of 1970, which required financial institutions to maintain records and file currency transaction reports for transactions exceeding $10,000. Suspicious activity reporting (SARs) was not introduced until 1992. The term "Know Your Customer" was coined in the 1990s by US federal supervisory authorities (OCC, FED, FDIC) and established as a formal regulatory concept.
Internationally, KYC was disseminated through the FATF Recommendations from 1990 onward. EU Anti-Money Laundering Directives adopted and further developed KYC requirements. With the rise of digitisation and the FinTech sector, new KYC variants emerged: eKYC (electronic), video identification procedures and AI-assisted document verification. Regulatory initiatives such as eIDAS (EU) and the Digital Identity Wallet are increasingly promoting digital KYC processes. Since July 2025, the EU Anti-Money Laundering Authority (AMLA) has been operational in Frankfurt, developing binding technical standards for KYC/CDD and set to directly supervise around 40 major financial service providers from 2028. In March 2025, FinCEN also removed the Beneficial Ownership Information (BOI) reporting requirement for US companies under the Corporate Transparency Act — only foreign companies registered in the US remain subject to this obligation. From January 2028, private fund advisers will also be brought under the scope of the BSA through a new FinCEN rule and must implement comprehensive AML and KYC programmes.
Scope
KYC obligations apply globally to all obligated entities under the respective national AML/CFT legislation. This primarily includes: banks and credit institutions, securities firms, insurance companies, payment service providers, crypto-asset service providers and non-financial sectors (DNFBP: lawyers, notaries, accountants, real estate agents). KYC applies both at customer onboarding and on an ongoing basis throughout the business relationship.
Key Requirements
- Customer Identification Programme (CIP): Establishing the customer's name, date of birth, address and identification number.
- Verification: Checking data against official documents, reliable databases or digital procedures (eKYC).
- Beneficial owner identification: Identification and verification of beneficial owners (generally above 25% shareholding/control).
- Purpose and nature of business relationship: Understanding the intended usage profile and economic background.
- Sanctions list screening: Cross-referencing against national and international sanctions lists (OFAC, EU, UN).
- PEP screening: Identification of politically exposed persons and application of EDD.
- Ongoing transaction monitoring and periodic KYC reviews.
Related Frameworks
Corrections & Errata
2 corrections:
- OCC KYC Guidelines: Date 1997 is wrong, correct is 1998
- EU Digital Finance Strategy: Date 2020-09-23 is wrong, correct is 2020-09-24
4 updates:
- Missing development: FinCEN AML/KYC obligation for private fund advisers (effective 2028)
- last_amended should be updated (developments more recent than June 2024)
- Missing development: AMLA (EU Anti-Money Laundering Authority) operational since July 2025
- Missing development: FinCEN BOI reporting requirement for US companies removed (March 2025)
1 clarification.
1 note.