Know Your Customer: What Is The KYC Procedure And Why Is It Mandatory?


KYC is short from phrase “know your customer/client”. This is a mandatory procedure for verifying the client's personal data, usually carried out by a financial institution. During this verification, the provision of documents confirming the client’s identity is required.

Typically, clients need to provide information for the bank kyc procedure when registering an account with the bank, as well as in case of changes in personal data. For example, if you officially change your personal information several months after registering your account, you will need to provide new information to complete KYC.

How does standard KYC work?

The main stages of the procedure are data collection and verification. This also includes due diligence and ongoing user monitoring.


We highlight three main stages:

Customer identification program

This is the first and main stage of the KYC procedure. It consists of collecting and verifying information about clients.

Due diligence

Sometimes, after passing verification, the company may decide to additionally check the client’s background. This allows you to assess risks. If the client has previously been involved in financial fraud or has been under investigation, this information will become known during the background check process.

Constant monitoring

Constant monitoring ensures the relevance of verified data and allows the system to carefully analyze suspicious transactions. Depending on the results of the investigation, the exchange may temporarily suspend the account and report the problem to regulatory and law enforcement authorities

What is the difference between KYC and AML?

KYC requirements are only part of a comprehensive anti-money laundering (AML) program. AML includes a variety of regulatory processes to combat financial crime. AML also includes software filtering, record keeping, and criminalization. KYC is nothing more than an AML process that includes personal data verification and enhanced due diligence.

KYC, AML and other processes developed by regulators make it more difficult for organized crime and terrorists to engage in illegal activities by making it difficult to turn ill-gotten proceeds into legitimate proceeds.

However, some members of the crypto community have a different point of view on this benefit and are ambivalent about KYC verification. Their argument is that KYC and AML contradict the concept of decentralization.

What regulations must banks comply with?

In accordance with the recommendations of the Basel Committee on Banking Supervision and FATF 40, the internal policy of any bank should provide for and describe the following components of the KYC procedure:

  • Client identification;

  • Monitoring customer transactions;

  • Procedures for internal reporting of suspicious or unusual transactions;

  • Training employees on KYC standards;

  • Maintaining and storing KYC documentation.


Opening accounts, placing deposits, or conducting financial transactions cannot be carried out if clients or their counterparties to transactions, as well as banks participating in the transactions, do not satisfy the bank's qualification criteria (Customer Due Diligence – CDD) in terms of KYC, corresponding to the requirements contained in the above documents.

Standard KYC requirements for private clients include:

  • Identification of identity using documents and verification of registration address.

  • Confirmation of the source of income (receipt of funds into the account).

  • Mandatory control of transactions in an amount exceeding the established threshold, transactions for the acquisition of securities for cash, transactions for the exchange of banknotes, transactions with precious metals and stones, rental and leasing transactions of property, as well as repeated identical transactions and transfers abroad to the account of an anonymous owner (or translations from such anonymous people).

Standard requirements for clients – legal entities are as follows:

  • Providing constituent documents;

  • Providing information for (passport data, migration cards for foreign citizens, orders for appointment to positions and decisions of the General Assembly, the Board of Directors on appointment) identification of all senior managers and shareholders owning more than 10% of the company's shares;

  • Regular review of financial statements (first electronically, then certified copy on paper) and tax returns.

  • Questionnaires and answers to questions about the nature and characteristics of the business (volumes, key clients, sales markets, etc.)

It is worth noting that banks are only required to request from the company detailed information about the sources of money coming into the account (for example, a copy of an office rental contract or a commercial agreement with the buyer), but the client has the right to refuse to provide the bank with data that constitutes a trade secret.

Activities included in KYC procedures can be easily improved by using tools such as the AML analytical system or AML restriction lists. By using professional technological solutions such as iAML, you can:

  • Act following current law;

  • Increase the safety of the company and its customers;

  • Save time spent on customer monitoring;

  • Reduce reputational risk and the risk of human error;

  • Reduce the risk of penalties being imposed by the Financial Supervision Authority.

What categories are businesses divided into?

According to its analytical data, the Central Bank divided the business into three groups – low, medium, and high-risk levels. They have corresponding color designations: “green”, “yellow” and “red”. Because of this, the system was nicknamed “traffic light”. According to the regulator’s estimates, about 99% of companies now belong to the “green” group, 0.7% to the “yellow” group, and 0.3% to the “red” group.


In the “green” category are clients who conduct real activities and do not participate in dubious transactions. With a client classified as a “green” group, the bank cannot unilaterally terminate the current account agreement.

Banks will not be able to refuse to open an account and conduct a transaction for such companies and individual entrepreneurs if the counterparty is the same low-risk client.

A business that has been assigned a “yellow” color has previously been seen to conduct suspicious transactions along with normal ones. Banks will take note of such companies and refuse to carry out a transaction if they suspect that it is being carried out for the laundering of proceeds from crime or the financing of terrorism.

“Red” companies will be able to carry out a limited number of operations, for example, paying taxes and fees, paying salaries to employees, and some others specified in the law.

Why do financial institutions ask you to give them personal information?

Each client expects his financial institution to provide him with the necessary and high-quality services and ensure the safety of his funds. It is for these purposes that financial institutions around the world are guided in their activities by the “Know Your Customer” principle.

Following this principle, financial institutions periodically ask their clients questions about their financial activities and ask them to regularly update their personal data in the system.

This process is not associated with any suspicion of criminal activity and affects all clients without exception. Collecting information helps prevent financial fraud and identity theft, thereby ensuring the safety of your funds and your interests.

When did KYC become popular?

Just a few years ago, it was not at all obvious that banks could ask corporate clients about various issues. The current requirements for the KYC process were influenced not only by threats related to cybercrime or the increased popularity of tax havens but also by terrorist events.

It can be said that a breakthrough moment in the area of counteracting money laundering and terrorism financing was September 11, 2001, when the attack on the WTC in New York took place.

It turned out that the terrorists operated in the Western financial system, had active accounts and could carry out various types of transactions in an uncontrolled manner. The United States was the first to introduce legislation making it more difficult for suspected terrorists to use the financial system.

Other countries have followed the example of the US, requiring financial institutions to get to know their customers in order to limit the financing of terrorism, tax avoidance, cooperation with countries subject to sanctions, or the introduction of funds from illegal sources into circulation.

secure pay

We must use the KYC procedure, and even more: we want to use it because it creates a safe business and economic environment for each entity participating in trade. To put it simply, if banks reliably verify all customers, each company can be sure that its contractor with an account in a given bank has also been verified.

In other words: economic transactions become more secure. Ultimately, KYC brings tangible benefits to all market participants.

Are all companies covered by the KYC procedure?

The procedure applies to every entity – even sole proprietors. In their case, verification is certainly easier, e.g. because the information is most often available in official registers and the ownership structures are not complicated.

Thanks to advanced verification mechanisms, in the vast majority of cases it is unnoticeable to the customer. However, opening an account here is also preceded by an assessment.

Stay updated

The bank must have up-to-date information about its customers. Therefore, they check clients' identity, ask about the source and amount of income, and position at work, and in some cases, they also ask to submit a declaration of assets.

They do this following the KYC – Know Your Customer procedure to prevent any abuses that may be dangerous to the finances of all customers. At the same time, when they collect and store this information, they maintain the highest standards of security and confidentiality.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}