Regulatory Area
KYC
Know Your Customer (KYC) is the process of identifying and verifying an individual before establishing a business relationship or allowing access to certain products and services.
In this briefing
- What it is
- Key things to know
KYC typically involves collecting identity information, verifying it against reliable and independent sources, screening the customer for sanctions and politically exposed person exposure, and assessing the level of financial crime risk presented by the relationship.
KYC is not a one-off identity check. It forms part of the wider customer due diligence lifecycle, which includes understanding the purpose and intended nature of the relationship, establishing expected activity, applying enhanced due diligence where required, and keeping customer information and risk assessments up to date.
Key things to know
Identity verification requirements differ across jurisdictions
Local rules can differ on the information that must be collected, the documents that may be accepted, the use of electronic verification and when biometric or additional checks are required. Global firms need a consistent control framework that can accommodate local requirements.
Verification is only one part of KYC
Confirming that an identity document is genuine does not complete the process. Firms also need to understand whether the customer is the person they claim to be, the purpose of the relationship, expected activity and any factors that may increase risk.
The customer journey should reflect risk
Not every customer requires the same level of review. KYC workflows should distinguish between standard, simplified and enhanced due diligence and trigger additional checks based on the customer, product, jurisdiction, channel and intended activity.
KYC continues after onboarding
Customer information, sanctions status, risk indicators and expected behaviour may change over time. Firms need event-driven and periodic review processes that keep records and risk ratings current throughout the relationship.
Digital and crypto products create additional considerations
Remote onboarding, self-hosted wallets, pseudonymous activity and cross-border access may require additional controls, including fraud prevention measures, wallet ownership checks, device intelligence, blockchain analytics and closer review of source of funds or intended use.
Automation requires governance and exception handling
Identity tools can automate document checks, biometrics, screening and risk scoring, but firms remain responsible for the outcome. Automated processes need clear thresholds, quality controls, manual review routes and evidence explaining why a customer was accepted, rejected or escalated.
For general information only. Not legal, regulatory or compliance advice.
Working With This Regulation?
Cryptliance helps firms understand what applies, what it means for the business and what to do next — across strategy, controls, product and market execution.