Know Your Customer (KYC): Digital Identity Verification

Published Date: 13 July 2021 | 5 min read

Know Your Customer (KYC)

Verifying the identity of your customers is not just a smart move - it's a required one.

Today's businesses are built on non-face-to-face relationships. There is no guarantee that the person who approaches you is who they say they are. Moreover, you don't know what they might be involved with. Know Your Customer helps you protect your firm, follow the law, and improve customer experience. It's a win-win.


What is Know Your Customer (KYC)?

Know Your Customer (KYC) is the process performed by companies to verify the identity of their clients. The process allows organizations to ensure that a potential customer is trustworthy. This means that they can prove their identity and the legality of their business.

The identification process must comply with the Customer Due Diligence (CDD) measures. KYC involves running background checks based on the client's risk level. If the client has a higher risk profile - for instance, a Politically Exposed Person (PEP) - a more rigorous CDD is required (Enhanced Due Diligence).


What is corporate KYC?

Corporate KYC, also known as KYB (Know Your Business) applies to legal entities instead of individual consumers. B2B companies need to verify the identity of the real person they are doing business with. That is the person who ultimately owns or controls the company, also known as Ultimate Beneficial Owner (UBO).


How does the KYC process work?


1. Data collection & CDD

The process starts with collecting the clients' personal information and official documents. In the case of KYB, information about the business' management personnel is collected to understand the ownership structure and identify beneficial owners.


2. Screening & risk assessment

Individual customers and UBO's IDs are verified against trusted sources such as AML watch lists and EU sanctions lists. A risk rating is applied, taking into account risk factors relating to customers' countries, products, services, or delivery channels.


3. Monitoring & reviewing

The risk assessment must be periodically reviewed and updated. This means regular checks must be performed on the status of existing clients. Any changes in their situation and risk profile must be flagged.


4. Analysis & reporting

The findings are collected in an auditable KYC report and retained for record-keeping obligations. The reports are subject to ongoing tracking to oversee financial transactions and verify cross-border activities.

KYC process


What are the KYC requirements?

The KYC requirements are the rules to be followed in carrying out the identification process. Such rules are established by the Anti Money Laundering (AML) laws and are known as Customer Due Diligence (CDD) measures.


1. Identification and risk assessment

The first requirements concern the determination of the customer's identity and risk profile:

Identification of the customer and the beneficial owner, and verification of their identity

Collection of information on the purpose and intended nature of the business relationship

Ongoing monitoring of the business relationship to ensure that the data held is up-to-date


2. Record-keeping

The identification processes and the risk assessments must be documented, kept up-to-date, and made available to relevant authorities.

Therefore, copies of the identifying documents must be stored for a period of five years after the end of the business relationship with the customer.


3. Reporting

All suspicious transactions must be reported to the Financial Intelligence Units (FIU).

Companies must inform the FIU whenever they suspect that funds are the proceeds of criminal activity. In such cases, organizations must promptly respond to FIU's requests for additional information and provide them with all necessary documents.


Is KYC mandatory for all businesses?

KYC is mandatory for the entities AML laws apply to.

More and more firms are implementing policies for ensuring they are doing business legally with trustworthy entities. Therefore, KYC compliance is rapidly becoming the norm for all industries.

In conclusion, KYC is not mandatory for all companies. Nevertheless, it is highly recommended to protect your business from financial crime.

Entities subject to AML legislation


What are the documents required for KYC?

The most commonly used documents are:


national IDs,

driver's licenses, and

health cards displaying the Social Security Number.

In the case of corporate KYC:

registration number,

company name,

company address,

company status, and

key management personnel information are collected to identify UBOs.


Is KYC a one-time process?

No, KYC is an ongoing activity.

The KYC procedure must be performed before establishing a business relationship or carrying out a transaction. Therefore, it’s an integral part of the client onboarding process. However, KYC requirements don’t fade away when the new client has been onboarded.

Companies have to conduct regular identity checks on their customers to re-verify their risk profile and ensure constant compliance throughout the business relationships.


How often should KYC be updated?

KYC updates and reviews of the business relationship should not only be performed when trigger events occur - such as when a certain transaction threshold is reached. Very few customers report changes to their legal status. This affects the ongoing accuracy of the data held by companies. Therefore, it's highly recommended to update all KYC information at least once a year.


What is eKYC and what are its benefits?

eKYC is the digital version of the KYC process. With eKYC, the entire identity verification process is digital. Naturally, this helps businesses:

Minimize time and costs

Eliminate bureaucracy

Improve user experience

Ensure regulatory compliance

The traditional KYC process poses numerous challenges:

the need for a physical meeting to share KYC documents

the length of the process

the risks of storing and misplacing sensitive documents

Traditional KYC challenges

Sharing personal information via insecure electronic channels poses a huge security risk. eKYC was developed as a significantly more secure alternative and is now used by companies everywhere to:


1. Optimize business operations

An eKYC solution helps you reduce manual tasks, get rid of inefficiencies, and speed up processes.

Automation offers further benefits such as customization, integrations with existing software, and progress status.


2. Improve customer experience

Modern customers require easy and immediate access to the services they need. Delays and long processing time can jeopardize customer relationships. Therefore, digital KYC ensures a better customer experience.


3. Ensure compliance and security

Awareness about where the data is stored and who has access to it is the basis of AML compliance. A digital solution will increase the reliability and quality of your data. Moreover, it will let you export it in an auditable KYC report to document compliance.


What is the best KYC software?

Regulatory changes and rising compliance costs have accelerated the adoption of digital KYC solutions.

The Penneo KYC & AML Compliance solution makes things easier for both parties involved.

You will safely identify your clients through an automated, encrypted software in full compliance with AML measures. Your customers will complete the identity check in a few minutes directly from their computer or smartphone.

KYC/AML compliance


Try the Penneo KYC & AML Compliance solution for free!