What is Know Your Customer (KYC)?

Angela Marrujo Fornaca

Content Writer

Know your customer (KYC) is a set of guidelines financial institutions must follow to collect and verify the identity of their customers in order to protect against financial crime and fraud. The process consists of Customer Identification Programs/Procedures, Customer Due Diligence, and ongoing customer monitoring. KYC can be conducted either in-person or online.


In 1970, the US government found itself increasingly concerned about the proliferation of organized crime, drug trafficking, and money laundering in the country. In an effort to stop this crime, Congress passed the Bank Secrecy Act (BSA), which would become one of the country’s most critical tools in both domestic and global AML efforts. By requiring financial institutions to assist government agencies in detecting and preventing money laundering, it effectively established the AML standards we use today.

Those standards were expanded with the passage of the USA PATRIOT Act, which introduced Know Your Customer (KYC) regulations, including Customer Identification Program/Procedure (CIP) and Customer Due Diligence (CDD) and made them mandatory for all banks in the US under the BSA.

So what exactly is KYC, and how do CIP and CDD fit into the KYC process?

Breaking Down KYC: CIP, CDD, and Ongoing Monitoring

KYC is a set of guidelines financial institutions must follow in order to establish the real, true identities of their customers. The KYC process typically consists of three steps: Customer Identification Program/Procedure, Customer Due Diligence, and ongoing monitoring. Let’s take a closer look at each step below.

Step 1: Customer Identification Program/Procedure (CIP)

This six-step KYC process establishes and verifies the customer’s identity. Financial Institutions have the freedom to customize their CIPs, but any program must accomplish the following:

  • Clearly document your CIP: the CIP and steps individuals take to become customers must be thoroughly outlined.
  • Collect four pieces of identifying information: Name, DOB, Address, and SSN or government-issued identification numbers.
  • Establish identity verification procedures: FinCEN doesn’t specify which types FIs need to use, but there are many different options, including biometric, documentary, database, and more.
  • Comply with record-keeping requirements: FIs must keep a record of all customer information while they remain a customer and for five years after the closure of their account.
  • Check against government lists: Screen for individuals on terrorist watch lists, for politically exposed people, or subjects of adverse media.
  • Give customers proper notice: Create a procedure to give customers fair notice that they will need to provide information to verify their identity.

Step 2: Customer Due Diligence (CDD)

This phase of the KYC process focuses on understanding the amount of risk a customer poses, and conducting investigations into a customer’s identity commensurate with their level of risk. There are three different types of CDD:

  • Standard due diligence: Required for customers who present little to no risk upon initial assessment. Only requires collecting Personally Identifiable Information (PII).
  • Simplified due diligence: For low-risk customers; involves verifying customer identity and scanning for presence on watchlists.
  • Enhanced due diligence (EDD): For the highest-risk customers; triggers include being a politically exposed person and residing in a country with non-existent or minimal AML or anti-terrorism laws.

Step 3: Ongoing Monitoring

Truly knowing your customer means doing more than just a one-time deep dive into their background. Customer situations change, so it’s important to do regular monitoring of every customer, regardless of whatever level of risk they posed when they first opened an account. It’s extremely important to monitor for red flags and suspicious transactions, and file SARs when appropriate, both to remain compliant and to intervene and stop any potential financial crime.

How to Conduct KYC: In-Person or Digitally

As with Customer Identification Procedures, financial institutions have flexibility for how to collect the information required for their KYC program so long as it meets all of the legal requirements to ensure a customer’s identity is accurately established. 

Here are the three main ways KYC information is collected:

  • In-person: The good old fashioned way of meeting customers! Information is solicited during a face-to-face meeting in which customers bring physical copies of their identifying documents. Those documents are then verified manually before activating their account.
  • By mail: Some institutions will allow their customers to mail in their documents, which are then verified by the financial institution or a third-party. The customer is then asked to complete the KYC process either online or over the phone.
  • Digitally: Sometimes called eKYC. Everything from document submission to identity verification is done online, usually with the aid of digital KYC platforms. These platforms utilize a number of different identity verification methods, including database verification, selfie submissions, and much more.

Wrap Up

KYC isn’t important just because it’s a legal requirement. It’s the first step financial institutions take in familiarizing themselves with their customers and securing their business against potentially being used to facilitate financial crime. Financial institutions are doing their part in the global fight against money laundering, trafficking, and fraud when they establish a thorough, repeatable KYC process and continuously monitor for activity that could be signs of financial crime.

Stay Connected

Subscribe to receive new content from Hummingbird