What is KYC – Know Your Customer

April 12, 2022


Policymakers around the world want to ensure that capital obtained from illicit activities does not enter legitimate financial flows.

Know Your Customer (KYC) requirements compel financial institutions to do their part and introduce rigorous customer screening mechanisms.

The impact of these policies is passed down throughout the financial services system and has a far-reaching effect on merchants and their business activities.

Learn everything about KYC and what it means for your business.

Banker getting to know their customer.

KYC Meaning

KYC is an abbreviation for Know Your Customer. KYC guidelines are part of a broader international effort to combat tax evasion, money laundering, identity theft, and other criminal activities.

In a business-to-business (B2B) environment, financial organizations must perform due diligence and verify the identity of their customers before entering into a business relationship.

Implementing KYC guidelines enables financial institutions to prevent criminals from using their services and concealing the origin of their earnings.

KYC requirements in financial services.

They are also required to calculate and determine risk levels associated with each client and monitor transactions on their accounts accordingly.

Who Needs KYC?

Financial institutions and other businesses that deal with customer transactions are required to implement KYC standards and policies. Among others, this includes organizations such as:

  • Retail and investment banks.
  • Payment service providers.
  • Credit unions.
  • Insurance companies.
  • Mortgage providers.
  • Consulting and wealth management companies.
  • Businesses that provide automated financial services (FinTech).
  • Gaming platforms (gambling, online betting, etc.).
  • Private financing and lending companies.

Initially, KYC requirements were focused on financial services but are increasingly being extended to other industries susceptible to financial fraud, like virtual asset service providers, non-profit organizations, precious metals traders, and art dealerships.

What Does KYC Verification Mean for Merchants?

Merchants are the subject of KYC checks when opening a bank account or a merchant account with a payment service provider (PSP). Banks and PSPs must verify the merchant’s identity during the onboarding process.

KYC flows also require merchants to provide valid documentation to verify the legal status of their company. The acceptable forms of identification usually include:

  • An ID or passport belonging to the business owner, controllers, principles, joint holders, mandate holders, or legal representatives. In certain jurisdictions, proof of address is also required.
  • A business license or articles of incorporation.
  • Tax returns.
  • Other documents that prove a business is registered with a government agency.

Merchants must also explain their business model and expected transactional volume.

The onboarding process can be time-consuming and require the merchant to provide supporting documentation or amend their business model and practices.

Established PSPs and banks have clear-cut verification procedures and use automated tools to save time and reduce costs.

KYC Requirements

KYC is an integral part of local and international anti-money laundering (AML) laws. Unlike PCI DSS, there is no single global standard, and KYC requirements may differ depending on the country or region.

Payment processing transactions and KYC.

Banks and other financial institutions are typically required to develop internal KYC policies to:

  • Establish and verify the customer’s identity.
  • Assess the customer’s business model and confirm that it is acceptable and legitimate.
  • Determine the risks associated with the client’s business model.

KYC requirements help businesses in the financial services industry minimize the risk of fraud and money laundering.

Three Components of KYC

KYC policy enforcement typically consists of three distinct components.

Customer Acceptance Policy

Organizations need to formulate and enforce an acceptable use policy that prevents certain businesses from using their services.

The policy should outline which business models are not acceptable and what business activities violate the policy.

Clearly stating the consequences of a policy violation enables organizations to enforce KYC rules and potentially cancel a customer’s account if a violation has occurred.

Acceptable use policy as a KYC requirement.

The policy also needs to list the documents customers are expected to provide, allowing organizations to establish their identity unequivocally.

Customer Identification Program

KYC standards require companies to develop robust procedures for verifying the customer’s identity. The procedures must ensure that it is impossible to open an account anonymously or by using a third-party proxy.

The document screening process needs to detect falsified documentation and identify all beneficial owners, controllers, and principles of a business entity.

Organizations typically implement automated verification tools, search international databases, and train employees to recognize falsified documentation.

Customer Due Diligence

Banks, PSPs, and other financial institutions are required to conduct risk assessments for each customer. Customers should be segmented and receive a risk rating based on the information collected during the onboarding process.

The risk levels are typically determined by the business model, expected transactional volume, the country where the business is registered, or the legal status of the business owner, controllers, and principles.

Classifying companies based on their risk levels helps organizations understand the customer’s financial dealings.

The risk level determines how closely customer accounts need to be monitored and how regularly merchant records are required to be kept up to date.

Cost of KYC Compliance

In a digital environment, the customer screening and due diligence process need to be automated and data-driven. To achieve KYC compliance, organizations invest in:

  • Access to specialized risk intelligence databases and services created specifically for OFAC (also known as Sanction and Politically Exposed Person checks) and other checks. The cost of these services depends on the volume of checks, data coverage, and included data sets.
  • Hiring and training staff to oversee the onboarding process and subsequent risk assessments.
  • Software solutions for identifying false documentation and automating the verification process.

A KYC flow needs to be efficient. A lengthy onboarding process directly affects the client’s ability to conduct business and generate revenue. Delays due to administrative issues are one of the leading causes of a negative customer experience.


AML (Anti-Money Laundering) refers to a broad set of laws and regulations for combating money laundering, human trafficking, terrorism, and other criminal activities.

Anti-money laundering and KYC elements.

AML laws differ from country to country but typically require banks and other financial institutions to:

  • Meet all KYC requirements.
  • Implement and document internal AML policies and procedures.
  • Organize frequent employee training courses.
  • Employ an AML compliance officer, also known as a Money Laundering Reporting Officer.
  • Undergo periodic external AML compliance reviews.

KYC processes focus on verifying a customer’s identity. Know Your Customer is a requirement of AML laws that requires banks and financial institutions to develop robust procedures for:

  • Identifying and verifying the customer’s identity during the onboarding processes.
  • Assessing the customer’s risk level.

Organizations may need to develop KYC policies that comply with different AML standards depending on region or jurisdiction.

Monitoring Transactions

Once a customer opens an account, the transactions on that account need to be continuously monitored.

The intensity and level of scrutiny depend on the risk level associated with the customer’s account. High risk payment processing requires constant and thorough monitoring.

Monitoring customer transactions as part of the KYC process.

If an organization determines that a business is high-risk, it must monitor customer transactions closely to detect suspicious activity.

When such activities are detected, the financial institution must act and report that activity to relevant law enforcement agencies.


Every participant in the payment process needs to do their utmost to prevent money from criminal activities from entering the payment system.

Merchants who sell products to the general public undergo KYC checks when opening a payment processing account. Choosing a payment processor with a streamlined KYC flow is essential for getting an online store up and running quickly.

About the author
Vladimir Kaplarevic
Vladimir is a resident Tech Writer at CCBill. He has more than 8 years of experience in implementing e-commerce and online payment solutions with various global IT services providers. His engaging writing style provides practical advice and aims to spark curiosity for innovative technologies.
Talk to a Merchant Support Specialist