What Is KYC (Know Your Customer) For Banking?

Online, always-on finance and banking have led to significant security challenges for institutions trying to thwart international terrorism, identity theft, and fraud.

What are KYC regulations? KYC requires sufficient identity assurance and verification standards during customer onboarding to mitigate fraud and money laundering in finance and banking.

What Are Know Your Customer (KYC) Regulations?

Know Your Customer, or KYC, are regulations around identity assurance and verification in the financial sector implemented to protect against money laundering, fraud, and identity theft.

These regulations require that financial institutions have specific controls in place to assure user identity, with increasingly complex requirements based on the type of institution in question, the economic profile of the user, and other factors.

KYC requirements typically extend beyond traditional authentication standards. KYC can include identity assurance in line with government standards, including providing multiple forms of official government ID (driver’s license, passport, etc.) and even in-person identification with company personnel.

KYC laws exist to stop a few critical crimes:

  • Money Laundering: Money laundering, or using financial institutions or businesses to sanitize illegal funds by mixing them with legitimate pools of money, has been a significant issue for banks since banking started. KYC attempts to stop money laundering by linking customers with verified identities and credentials.
  • Identity Theft: With robust KYC in place, banks and other institutions can mitigate identity theft by requiring identity assurance–that is, official documents or even in-person assurance using company personnel or certified security professionals.
  • Fraud and Funding: KYC can also provide security against the fraudulent use of funds for organized crime or terrorists by creating a strict and rigorous chain of identity for all customers.

Many countries have some form of KYC laws. In the United States, the Bank Secrecy Act (BSA) of 1970 established requirements for anti-money laundering practices that included identity assurance requirements. However, the onset of widespread digital banking and international terrorism (funded through money laundering and fraud) led to the Patriot Act and updated AML laws.

What is KYC Compliance?

Financial institutions must perform regular due diligence on their customers to comply with KYC laws, including identity assurance and expanded authentication.

Some of these requirements for due diligence include:

  • Customer Identification Program (CIP): The CIP is a baseline requirement for financial institutions. It stipulates that these institutions collect several official documents or identification from customers to ensure their identity.

There may be more or fewer requirements depending on the risk of fraud (including factors like the volume of money involved and the user’s financial history).

  • Customer Due Diligence (CDD): CDD involves collecting some basic forms of identification to confirm the customer’s identity. These documents will be used to check associated risk and background databases to identify any issues.

Online databases and services are known as “eKYC” and serve as a highly secure and regulated operation executed by international expert firms.

  • Enhanced Due Diligence (EDD): Advanced document collection or identity assurance may be required for customers with more significant risks for fraud or terrorism.

Required documents and practices will differ based on context. On the higher end of the risk scale, customers may need to provide several forms of official, marked government ID along with physical identity assurance.

Know Your Customer From Around the World

While we’ve covered laws in the US, money laundering and fraud are international challenges. As such, many major governments have enacted some form of KYC.

These international laws include:

  • Anti-Money Laundering Act (France): AMLA includes several constituent laws that define an umbrella of KYC requirements, including the Anti-Money Laundering Act, the Anti-Money Laundering Ordinance (details of professional KYC practices), and the FINMA Anti-Money Laundering Ordinance (governing KYC and financial intermediaries).
  • The Money Laundering Act (UK): This law governs KYC laws for financial institutions in the United Kingdom, including basic requirements for due diligence and practices to address financial blackmail and fraud against public figures.
  • Proceeds of Crime and Terrorist Financing Act (Canada): This law lays out standard KYC requirements in tandem with UK laws, addressing the range of regulated industries in Canada. These industries include accounting, gambling and casinos, precious stones dealers, finance, life insurance, real estate, and others.
  • The Fifth Anti-Money Laundering Directive (EU): The latest in a series of conferences held by experts and officials in the European Union modernized KYC in EU territories while adding new laws and requirements for financial organizations dealing in cryptocurrency.

Adhere to KYC Laws and Standards with 1Kosmos BlockID

With the onset of more advanced KYC requirements and subsequent changes to the types of identity verification required by financial institutions, regulated enterprises are looking for ways to ease onboarding in line with KYC and anti-money laundering laws.

1Kosmos BlockID provides a solution that combines advanced identity verification with KYC-compliant technology. Our platform meets KYC requirements, including IAL2-compliant assurance methods that have demonstrated 99% accuracy and operate in line with the National Institute of Standards and Technology (NIST) 800-63-3 standards.

With 1Kosmos, you get the following features to support modern KYC and CIP requirements:

  • SIM Binding: The BlockID application uses SMS verification, identity proofing, and SIM card authentication to create solid, robust, and secure device authentication from any employee’s phone.
  • Identity-Based Authentication: We push biometrics and authentication into a new “who you are” paradigm. BlockID uses biometrics to identify individuals, not devices, through credential triangulation and identity verification.
  • Identity Proofing: BlockID verifies identity anywhere, anytime and on any device with over 99% accuracy.
  • Private and Permissioned Blockchain: 1Kosmos protects personally identifiable information in a private and permissioned blockchain, encrypts digital identities, and is only accessible by the user. The distributed properties ensure no databases to breach or honeypots for hackers to target.
  • Interoperability: BlockID can readily integrate with existing infrastructure through its 50+ out-of-the-box integrations or via API/SDK.

Learn more about 1Kosmos and customer onboarding with KYC.

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More
Meet the Author

Javed Shah

Former Senior Vice President Of Product Management

Javed has spent his entire twenty year career designing and building blockchain and identity management solutions. He has led large customer facing pre-sales teams, led product management for identity management platforms like the ForgeRock Identity Platform and the ForgeRock Identity Cloud. Javed has an MBA from UC Berkeley.