In the United States, Know Your Customer (KYC) guidelines and regulations in financial services require professionals to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer. The procedures fit within the broader scope of anti-money laundering (AML) and counter terrorism financing (CTF) regulations.

KYC processes are also employed by companies of all sizes for the purpose of ensuring their proposed customers, agents, consultants, or distributors are anti-bribery compliant and are actually who they claim to be. Banks, insurers, export creditors, and other financial institutions are increasingly required to make sure that customers provide detailed due-diligence information. Initially, these regulations were imposed only on the financial institutions, but now the non-financial industry, fintech, virtual assets dealers, and even non-profit organizations are included in regulations.

Know Your Customer Requirements


The Financial Industry Regulatory Authority (FINRA) Rule 2090 states that financial institutions must use reasonable diligence to identify and retain the identity of every customer and every person acting on behalf of those customers.[1] In enforcing this rule these organizations are expected to collect all information essential to knowing their customers. Information deemed necessary for enforcing Know Your Customer Requirements include the Customer Identification Program (CIP), Customer Due Diligence (CDD), and Enhanced Due Diligence (EDD).[2]

Customer Identification Program


Section 326 of the USA Patriot Act requires banks and other financial institutions to have a Customer Identification Program (CIP). Financial institutions must collect four pieces of identifying information about its customers including:

  • Name
  • Date of Birth
  • Address
  • Identification Number

Customer Due Diligence


The Bank Secrecy Act, the common name for the Currency and Foreign Transaction Reporting Act of 1970 and its amendments and other statutes[3] established the Customer Due Diligence (CDD) rule as part of their efforts to improve financial transparency and deter money laundering. The CDD Rule enhances CDD requirements for "U.S. banks, mutual funds, brokers or dealers in securities, futures commission merchants, and introducing brokers in commodities.[4]" The CDD rule requires that financial institutions identify and verify the identity of customers associated with open accounts. The CDD Rule has four core requirements:[4]

  1. Identify and verify the identity of customers
  2. Identify and verify the identity of the beneficial owners of companies opening accounts
  3. understand the nature and purpose of customer relationships to develop customer risk profiles
  4. conduct ongoing monitoring to identify and report suspicious transactions, and on a risk basis, to maintain and update customer information

Beneficial owner information is required for any individual who owns 25 percent or more of a legal entity and an individual who controls the legal entity.[4]

Enhanced Due Diligence


Enhanced Due Diligence[5] is required when initial identity checks have been completed and high-risk factors have been identified for an individual or a business. When these requirements have been met "enhanced" or additional due diligence above and beyond CDD is conducted which identifies the following information:[5]

  • Source of wealth and funds check
  • Additional identity research
  • Risk identification and assessment

Know Your Customer's Customer (KYCC)


KYCC or Know Your Customer's Customer is a process that identifies a customer's customer activities and nature. This includes the identification of the customer's customers and assessing the risk levels associated with their activities.[6]

KYCC is a derivative of the standard KYC process that arose because of the growing risk of fraud obscured by second-tier business relationships (e.g. a customer's supplier).[6]

Know Your Business (KYB)


Know Your Business or simply KYB is an extension of KYC laws implemented to reduce money laundering. KYB is a set of practices to verify a business. It includes verification of registration credentials, location, the UBOs (Ultimate Beneficial Owners) of that business, etc. Also, the business is screened against blacklists and grey lists to check if it was involved in any sort of criminal activity such as money laundering, terrorist financing, corruption, etc. KYB is significant in identifying fake business entities and shell companies. It is crucial for efficient KYC and AML compliance.

According to the European Union's 5th AML directive,[7] KYB is required for the following AML-regulated entities:

Electronic know your customer (eKYC)


Electronic know your customer (eKYC) involves the use of internet or digital means of identity verification.[8] This may involve checking information provided is valid by using systems to validate ID and proof of address documents or by checking information against government databases such as the official passport database of a country.[9]

Laws by country

  • Australia: The Australian Transaction Reports and Analysis Centre (AUSTRAC), established in 1989, monitors financial transactions in Australia,[10][11] and sets client identification requirements.
  • Canada: The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), established in 2000, is Canada's financial intelligence unit. It updated its regulations in June 2016 regarding acceptable methods to determine the identity of individual clients to ensure compliance with AML and KYC regulations. A pending lawsuit is active in Canada challenging the constitutionality of the new legislation.[12]
  • India: The Reserve Bank of India introduced KYC guidelines[13] for banks in 2002.
  • Italy: The Banca d'Italia exercises regulation power for the financial industry, in 2007 set KYC requirements for financial institutions that operate on Italian territory.[14]
  • Japan: Act on identification of customers by financial institutions 2003[15]
  • Mexico: The "Federal Law for Prevention and Identification of Operations with Resources from Illicit Origin", promulgated in 2012 with president Felipe Calderon's administration and came into force in 2013 with the president Enrique Peña Nieto administration.[16]
  • Namibia: Financial Intelligence Act, 2012 (Act No. 13 of 2012) published as Government Notice 299 in Gazette 5096 of 14 December 2012.[17]
  • New Zealand: Updated KYC laws were enacted in late 2009 and entered into force in 2010. KYC is mandatory for all registered banks and financial institutions (the latter has an extremely wide meaning).[18]
  • South Korea: Act on Reporting and Use of Certain Financial Transaction Information regulates due diligence in the country.[19]
  • United Kingdom: The Money Laundering Regulations 2017[20] are the underlying rules that govern KYC in the UK. Many UK businesses use the guidance provided by the European Joint Money Laundering Steering Group along with the Financial Conduct Authority's 'Financial Crime: A guide for firms' as an aid to compliance.[21]



Criticisms of this policy include:

  • Know your customer places a costly burden on businesses operating in the financial industry, especially smaller financial companies, where compliance costs are disproportionately heavy.[22]
  • Customers may feel the information requested to be intrusive and burdensome, and may choose not to enter the business relationship as a result.[23] Relatedly, there may be privacy concerns with how the information is used.[24]
  • Innocent, law-abiding individuals such as digital nomads are very likely disproportionately disadvantaged as living a nomadic life makes it increasingly difficult or even impossible to hold any formal banking relationship anywhere in the world due to lack of proof of address, bills, and/or debt documentation required by KYC.[25]
  • Some citizens in other countries (Canada) are fighting back against the USA over-reach into their sovereign banking system and have challenged new USA law in their courts.[26][27]

See also



  1. ^ "2090. Know Your Customer |". Retrieved 2024-02-03.
  2. ^ "Know Your Client (KYC): What It Means, Compliance Requirements". Investopedia. Retrieved 2024-02-03.
  3. ^ "The Bank Secrecy Act". Retrieved February 3, 2024.
  4. ^ a b c "Information on Complying with the Customer Due Diligence (CDD) Final Rule". February 3, 2024. Retrieved February 3, 2024.
  5. ^ a b "What is Enhanced Due Diligence (EDD)?". Dow Jones Professional. Retrieved 2024-02-03.
  6. ^ a b PYMNTS (2018-01-03). "Businesses Can't Just KYC, They Must Also KYCC". Retrieved 2019-04-24.
  7. ^ "Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (Text with EEA relevance)". Jun 5, 2015. Retrieved Oct 21, 2022.
  8. ^ HIRAOKA, DAIKI; HOTTA, AKAFUMI. "Japan's Toppan beefs up ID security with Taiwan developer purchase". Retrieved 31 December 2020.
  9. ^ "Stolen and Lost Travel Documents database". Retrieved 2023-09-15.
  10. ^ "Search results".
  11. ^ "Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No. 1)".
  12. ^ "Canadian citizens' challenge to FATCA enforcement will be further appealed | STEP".
  13. ^ "'Know Your Customer (KYC) Guidelines - Anti-Money Laundering Standards". Archived from the original on 2012-08-01.
  14. ^ d'Italia, Banca. "Banca d'Italia - Provvedimento recante disposizioni attuative in materia di adeguata verifica della clientela".
  15. ^ "金融機関等による顧客等の本人確認等に関する法律".
  16. ^ "LEY FEDERAL PARA LA PREVENCIÓN E IDENTIFICACIÓN DE OPERACIONES CON RECURSOS DE PROCEDENCIA ILÍCITA" (PDF). (in Spanish). Archived from the original (PDF) on March 21, 2021. Retrieved Oct 21, 2022.
  17. ^ "Financial Intelligence Act 2012" (PDF). Retrieved Oct 21, 2022.
  18. ^ "Anti-Money Laundering and Countering Financing of Terrorism Act 2009 No 35 (as at 11 May 2021), Public Act Contents – New Zealand Legislation".
  19. ^
  20. ^ "Money Laundering Regulations 2017". 15 March 2017. Retrieved Oct 21, 2022.
  21. ^ Gill, M. (2004-07-01). "Preventing Money Laundering or Obstructing Business?: Financial Companies' Perspectives on 'Know Your Customer' Procedures". British Journal of Criminology. 44 (4): 582–594. doi:10.1093/bjc/azh019. ISSN 0007-0955.
  22. ^ "Patriot Act a Beastly Burden for Small B/Ds". November 2003.
  23. ^ Callahan, John. "Council Post: Know Your Customer (KYC) Will Be A Great Thing When It Works". Forbes.
  24. ^ Pasley, Robert S. (2002). "Privacy Rights v. Anti-Money Laundering Enforcement". North Carolina Banking Institute. 6 (1): 147.
  25. ^ Proposed Rules Federal Register December 7, 1998
  26. ^ "ADCS | Alliance for the Defence of Canadian Sovereignty".
  27. ^ "US Intelligence Unit Accused Of "Domestic Spying" On Americans' Finances". BuzzFeed News. 6 October 2017.