A stylized picture of a magnifying glass looking at ID documents for KYC purposes.

Keep Your Compliance: The Fintech’s Guide to KYC

Knowing Your Customer – It’s the key success factor for any business. 

But not only sales managers and marketing agents need a good idea about who sits on the other side of the online shopping cart or B2B contact form.

KYC, meaning Know Your Customer, is as much a regulatory requirement for fintech companies and financial institutions. After all, laws oblige them to verify the identities of their clients. The goal: Prevent fraud and constrain the service access of users, who don’t fulfill certain standards of credibility.

But Know Your Customer policies are not just boundaries. They also act as competitive factors. KYC yields insightful data on one’s own services and customers.

It thus helps establish a reputation as a secure and trustworthy company as well. And trust is likely the most valuable asset for any financial business today — at least KYC-approved banking data is in high demand elsewhere.

So it’s time for a deeper look into the meaning and definition of KYC, it’s chances and its challenges. Shall we?

KYC for Fintech and Finance: The Essence

Know Your Customer is a multi-faceted subject. Putting it straight, it’s a series of data-driven processes. By executing these processes, companies ensure that their clients:

  • …are who they claim to be
  • …register as customers of the product or platform in the first place
  • …fulfill the requirements to use certain financial services
  • …do not misuse the product or platform to commit a crime

There is, of course, more to Know Your Customer than only four bullet points: Risk management, customer due diligence, transaction analysis… all these aspects play into KYC for fintechs and financial institutions.

All in all, those KYC measures form a line of defence against financial crimes: Tax evasion and terrorist financing just being two of the more notorious. Companies or even governments that don’t enforce the requirements of KYC law have to prepare for a judicial sequel.

Here vs. The World: KYC Regulations

KYC law is to an increasingly complex ruleset. Banks and monetary service providers have to adhere to international anti-money laundering regulations as well as to local standards.

For example, the European Banking Authority has published a series of Anti Money Laundering Directives (the latest being the 5th one). They form the basis for the EU’s legislation and overrule national practices. In the US, it’s the Patriot Act of 2001, which tightened the KFC first recorded in the Bank Secrecy Act.

Like stated above, KYC stands for Know Your Customer or Know Your Client. It’s an international security standard for authentication of identities. Consequently, companies with financial responsibilities (like banks, credit institutions and insurance providers) must meet these standards. Whenever a financial business is accepting a new customer, they have to execute a profound identity check.

Depending on the nature of the client (single person, corporation, etc.) and the business model of the financial service provider itself, KYC procedures may be very detailed. In reaction to the Panama Papers for example, the 4th EU Directive demands increased transparency regarding beneficial ownership in business relations. This actually takes KYC for fintechs to the next level, making it important to Know Your Customer’s Customer (KYCC) as well. However, clients engaging in small transactions can expect looser KYC requirements.

Looking at the whole picture, it’s clear that KYC is only one part of financial fraud prevention for fintech companies… a picture that’s painted in technical terms.

A Short Dictionary of Compliance — From AML to PSD2

For fintech challengers, KYC is a challenging field to navigate – due to the many technical terms, complete with plenty of abbreviations. These are the terms of the trade.


Anti-money laundering or AML is the regulatory field of which KYC is part. Its purpose is to stop the generation of financial income through illegal means. In this role, AML has been a factor in international banking law since about 1989. It was then when the Financial Action Task Force was founded. The FATF established international regulations for fighting money laundering and related crimes.

AML legislation saw a series of big overhauls in the past. Two of the more recent were increased attention on terrorist financing after 9/11 and expanding regulations after the 2008 financial crisis. With the rise of digital banking and payment, new problem areas began to manifest. In their G20 report from July 2018, the FATF identifies a new pressing issue: AML standards for cryptocurrency and crypto asset transactions.


KYC can be broken down into three successive levels of thoroughness : CIP, CDD and EDD. They are followed by continuous monitoring of the customer’s transaction behavior, especially in case of a high-security status.

Customer Identification Programs or CIP is the baseline of these KYC levels. It refers to measures taken by a financial company or an external agency to identify a new customer.

To do so, basic data is enquired, like name, address and so on. These information are then counterchecked, using databases with ID and criminal records. Additional information may be required. Individual customers may have to state their profession and reveal the purpose of their business, as well as their flow of finance. Body corporates have to be even more specific and provide information about:

  • … the type of the organization they belong to and its business model.
  • … the industrial sector or market they belong to, including industry code.
  • … the property, size and structure of their organization.
  • … the financial ratio.


CDD is short for Customer Due Diligence. The name says it all: Financial companies must be diligent when it comes to accepting customers — and they are held accountable for customers who use said company’s system for criminal activity.

To be compliant with anti money laundering legislation, a detailed analysis of the new client’s identity follows the initial CIP. The focus here lies on risk assessment and projecting the customer’s transaction habits. If this results in a high-risk evaluation, KYC is taken to the EDD level.


EDD, written-out as Enhanced Due Diligence, is only necessary if the customer’s business is potentially risky. This is the case with Politically Exposed Persons (PEP) for example. To responsibly deal with high-risk customers, additional data is collected on the customer’s identity and business activities, to counteract potential infractions. In the end, an assessment of how likely the customer is to commit money laundering, identity theft or terrorist fundraising.


PSD2 is the abbreviation for Payment Service Directive 2. It’s a regulatory directive, put into force by the European Commission in 2015. Mainly affecting banks and payment services, PSD2 marked an important step in open banking, as it loosened the banks’ exclusive access to a customer’s account data. In the EU, customers can now assign their banks to share their account data with third-party providers of financial services.

At the same time, third-party companies have to register as Payment Initiation or Account Information Service Providers (PISPs and AISPs). This means that – having enjoyed much leeway in regards to KYC formerly – fintech companies are now largely held to the same standards as banks. The same is true for internet giants edging into the market with their own payment applications.

All these single aspects of Know Your Customer contribute to the regulatory challenge financial companies are facing daily. It’s certainly nothing to take lightly: Financial institutions are held accountable for misuse of their service in defiance of anti-money laundering rules. And what’s required from banks is also required from their digital counterparts.

KYC Procedures in the Digital Age

It’s not a surprise, that banks and their fintech counterparts go great lengths to assure compliance with KYC standards. As a result, more funds are put into new KYC technologies constantly, as a study of the CEB TowerGroup found out: As of now, Know Your Customer solutions class among the most valuable banking technologies. More than 62 percent of executives are certain, KYC investments will rise even more in the future.

However, when put in the context of today’s digital, border-free and contactless payments, AML and KYC cannot deny their beginnings. Many Know Your Customer procedures still derive from a time, when financial services were stationary: The client had to be physically present in a banking branch to access them. Identity verification was a simple matter of seeing the client and collating the paper documents and ID he brought with official records. The client databases had to be updated manually.

As part of KYC, users may supply bank account data, social security number, residency status, but also hard physical proofs of identity like a valid passport and utility bills (water or electricity bills). Should the customer deliberately hand over false information, the reviewing company will have the case investigated and may take legal action. Modern technologies help alleviate the human factor. AML procedures today are more about lines of code on a server than types of seals on paper documents.

Yet, in many cases, banks and fintech businesses don’t settle for the state-of-the-art in regulatory tech. A KYC Market Report by CEB states that the systems by which banks identify their customers are often outdated. With general anti-money laundering technology, the situation is even worse: Considering the installation date, AML software is generally the most outdated software in banking IT infrastructures.

That creates problems, now that the lion’s share of financial services wanders off into the digital sphere. Companies are invited to rethink KYC in the light of the modern software solutions and technologies like…

  • Blockchain: Sharing of KYC related data without intermediaries
  • Artificial intelligence: Approvement of documents via self-learning algorithms
  • Biometrics: Identification through biometrical features
  • Social Biometrics: CDD and EDD by evaluation of social media activity
  • Streaming:Voice and face identification via video chat

Regulatory technology (or RegTech) like this has the potential to make KYC processes a lot faster and more accurate or transparent.

The Challenges of KYC Compliance

The anonymity of online financial activity can prove advantageous for economic crime. Legislation and KYC technology providers are in an ongoing race with cybercriminals and money launderers. But the struggle to remain one step ahead of fraud is just one dimension of compliance: KYC is one set of rules, the rules of finance and fintech business the other. From these rule sets spring sets of challenges, as they can be very much at odds.


Compliance can be a costly affair, not only for fintech startups. A global report by Thomson Reuters numbers the annual KYC compliance costs for 2016 to around $60 million. Some financial firms are even spending more than $500 million. One of the biggest cost factors in Know Your Customer frameworks are personnel expenses: The number of employees working on regulatory issues has increased during past years.

And so have the costs. What’s bearable for large banking institutions, can seriously impair the budget of a fintech startup or SME, especially if they are new on the market or still in the fundraising phase.

On the plus side, most small financial companies don’t offer a wide array of services. This means that fewer AML rulings still apply to them. Under specific circumstances, startups and SMEs can even fall back on requesting “no-action letters” from regulation authorities. They permit said companies to develop their products and run their services as long as they don’t violate any regulations. This can significantly reduce compliance costs.

On the contrary, even early-stage fintech companies are well-advised to give regulatory compliance a high priority in their business development plan. The same applies to large banking institutions, where the view that AML and KYC compliance is a bothersome cost factor can still be found.

But with modern RegTech solutions promising to reduce compliance costs, another view takes hold, too: Efficient KYC procedures and unbroken compliance are competitive advantages. In preventing criminal acts, they benefit consumer trust and as such growth and revenue.

Customer and Business Relations

In many cases, registration screens and KYC data queries form the initial contact customers make with a given payment or banking service. Thus, providing frictionless identity verification is of the utmost importance for fintech companies and banks.

It’s an aspect of customer relations ripe for improvement. According to Thomson Reuters, 89 percent of clients report bad KYC experiences. At least 13 percent even changed to another service provider as a result. At the same time, only 30 percent were proactive in providing material, when their company’s or their personal KYC status changed. Fast and comfortable Know Your Customer solutions, like identity check via video chat (see above), promise more satisfied customers.

Customer relations have a second dimension as well: Trust. On the input side on AML and KYC, a company must trust that the data passed on by customers is both truthful and relevant, until it can be examined. In turn, the companies have to be responsible with the customer data they pass on. Data protection is its very own regulatory field — in Europe, it just got a big and controversial update with GDPR.

Of course, KYC is in itself a type of security: It prohibits misuse of account data for illegal activities, which protects users, especially if the financial service allows P2P interactions. Additionally, compliance with KYC and AML rules makes the company more trustworthy in the eyes of potential business partners or investors. It will require additional effort to meet these expectations in the coming years.

Maintenance, Compatibility and International Regulations

Up-to-date technology can vastly improve Know Your Customer processes and compliance. Setting it up demands expertise in rules, routines and filter criteria. Maintaining the system is an even harder task, however. AML and KYC regulations are subject to change and the software and workflows must adhere to this.

It’s getting all the more complicated with legacy systems: Mergers and split-ups can affect the workings of a KYC software framework — functions of it might become redundant, while new ones have to be integrated.

Compatibility issues cross way beyond the coded borders of the regulatory software system itself. APIs and external software depend on the KYC system’s input — let alone technology partners and freshly joined companies, who want their individual systems to communicate with each other.

When a company has to maintain divergent international KYC standards, the matter becomes even more complicated. It’s one thing to handle one set of local Know Your Customer regulations. But “contactless payment” and “borderless finance” are written all over the banking and fintech industry now. International anti-money laundering rules exist alongside national guidelines. Aside from the costs, this also puts pressure on the software infrastructure of companies acting on a global scale.

Fit for Compliance, Out-of-the-Box

The ever-changing and border-crossing nature of KYC and AML can pose a hurdle for ewallet, payment and virtual account management applications. If you base them on CoreWallet, you are ahead of the game.
CoreWallet permits you to adapt business processes to global and local AML, KYC and CFT requirements. It comes with functionalities like document verification and automated generation of account statements and reports. Limits and fees per KYC level are highly configurable.
And should you already have a KYC or a fraud and risk solution at hand: CoreWallet allows for rapid integration of third party solutions. And that’s just the tip of the iceberg:

Your high-performance emoney management solution can do a lot more!

Excursus: Cryptocurrency and KYC

In the decentralized and highly anonymous field of blockchain and cryptocurrencies, regulation comes with its own set of challenges. Cryptotrading already involves vast amounts of money. So applying AML and KYC policies is a reasonable thing to do — contrary to a significant number of crypto investors, who want crypto transactions to stay as decentralized and anonymous as possible.

What’s often overlooked is, that there are advantages in crypto regulation aside from preventing fraud. Greater transparency and security leads to more acceptance of cryptocurrencies as financial assets. As a result, the crypto will be able to branch out into entirely new markets. In 2017, the European Parliament and the European Central Bank stipulated on KYC and AML for the crypto sphere with a ruling.

For KYC it already works. The ruling targets crypto exchanges, which have tightened their process of verifying accounts. Before the ruling took effect, unverified users used to conduct transactions up to a certain limit. Now, they have to undergo a KYC screening before they can use a crypto exchange platform at all.


In our current time of digital disruption, KYC and AML are in a constant state of change. The online market for financial services and products is growing and so are the risks for customers engaging with them. The international banking and fintech scene changes almost daily and this will keep regulators occupied. Innovative technologies and flexible software give businesses an edge, allowing them to stay compliant and to adapt to new forms of cybercrime.

But within this period of change, one thing remains firm:

There will always be customers. And knowing what they are up to, that will always be a key factor for corporate success.

Success is also a matter of the right software: trimplement is the fintech enabler. We provide scalable and secure emoney and virtual account management solutions for your business — all with built-in KYC functionalities. 

Leave a Reply

Your email address will not be published. Required fields are marked *