How to Build an Effective KYC Program

Angela Marrujo Fornaca

Content Writer

It’s crucial that businesses have a strong KYC program in place to mitigate the risks of their institution being used to facilitate financial crime. An effective KYC program should consist of three parts: verifying customer identification, implementing customer due diligence procedures, and establishing ongoing monitoring procedures. Conducting regular training for staff and adopting the right technology will help ensure the long-term success of your program.


How well do you know your customers? Thanks to the strict regulations that banks and financial institutions must comply with by law, it’s likely you know them pretty well. Know Your Customer (KYC) programs are essential for businesses to verify the identities of their customers to help mitigate the risks of fraud, money laundering, terrorist financing, trafficking, and other financial crimes.

But not all KYC programs are built alike, and compliance professionals want to ensure their program is as comprehensive as possible to prevent criminal activity from slipping past them. So how do you build an effective KYC program that not only keeps your institution compliant, but also helps detect and prevent possible financial crime?

Developing a KYC Strategy

Before jumping into the specific elements of the KYC process, it’s important for financial institutions to identify exactly how they want to approach KYC. Does your institution have the resources to conduct KYC with every transaction, or does it make more sense for you to tailor your KYC process mainly to satisfy legal requirements? As banking has gone increasingly digital, is it more feasible to utilize digital verification tools and data collection or to require in-person KYC methods? What exactly are the risks your business is exposed to, and what customer information do you need to capture to mitigate those risks?

The answers are not the same for every financial institution, and it will be crucial for yours to establish a solid KYC strategy before moving onto building out the process.

The Three Elements of a Powerful KYC Process

Once you have your strategy nailed down, it’s time to move onto building out your KYC program. Here are the three elements yours should have to be most effective and successful.

Verifying customer identification

This is where you start to learn who your customers are and whether their identities are genuine. Customer Identification Procedure (CIP) is the process by which you do this in the US, and it involves collecting at least four pieces of information about your customers, including:

  • Full name
  • Address
  • Date of birth
  • Social security number (or individual tax IDs or employer IDs for non-US citizens)

Once their information has been verified against government databases, it’s time to assess their level of risk.

Implementing Customer Due Diligence (CDD) procedures

CIP and CDD go together like bread and butter: the former establishes identity while the latter determines that person’s level of risk to the financial institution. (They’re also both legal requirements.)

You must determine which level of CDD — Standard, Simplified, or Enhanced — is appropriate for each customer, which is evaluated by looking for red flags associated with:

  • Their location
  • Purpose of the account
  • Account type
  • The source of their wealth
  • Involvement of a Politically Exposed Person (PEP), their family, or close associates
  • Type of entity (foreign bank, LLC, corporation, etc.)
  • Account activities

Identifying the correct level of risk is extremely important for engaging in the proper level of CDD, but this isn’t a one-and-done deal — it’s also important to continue regular monitoring over time.

Establishing ongoing monitoring procedures

Customer situations change, so you should be sure you’re conducting ongoing monitoring to look out for any new details that may be cause for concern. Are you seeing transactions involving countries or entities they’ve never done business with before? Is there a sudden uptick in the number of transactions coming from their account? Do those transactions involve anyone on a watch list? Keep your eyes open for new activity that may justify a risk reevaluation.

Wrap Up

A compliance professional’s work is never done: the CDD process is not a one-time event, but an ongoing one. It’s important to regularly monitor for suspicious activity – unusual transactions, patterns that may indicate money laundering, etc. – which can crop up at any time. Low-risk customers should have a CDD check done once a year; medium to high-risk customers should have CDD done every six months.

CDD is a critical component of the KYC process and is essential for remaining compliant and mitigating risk. It’s crucial to stay on top of CDD not just because it’s required, but because it helps contribute to the fight against financial crime.

Stay Connected

Subscribe to receive new content from Hummingbird