Industry

Know Your Customer (KYC) requirements & regulations in the UK

Learn about KYC requirements that exist for different industries in the UK.

An icon of a shield representing UK KYC
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • KYC requirements in the UK can vary significantly depending on the industry.
  • Businesses providing customers with financial services, cryptoassets, real estate services, online gaming, and e-commerce are all subject to their own requirements.

In the United Kingdom and around the world, governments require businesses that operate in certain industries to verify the identity of their customers through a process called Know Your Customer (KYC). 

Because KYC requirements can vary per jurisdiction and industry, it’s critical for businesses to understand the specific requirements for each country they operate or serve customers in.

Below, we review some of the basics before taking a deeper look at the KYC requirements that exist for different industries in the UK. 

What is KYC?

Know Your Customer (KYC), refers to the processes of confirming a customer’s identity. Businesses operating in certain regulated industries, such as the financial sector, are required to perform KYC before providing regulated products or services to their customers. 

KYC can be performed on individuals as well as non-individual entities, such as businesses, non-profit organizations, and trusts. 

In the UK, businesses operating in a number of different industries must perform KYC on their customers. This includes banks and other financial institutions, cryptocurrency exchanges, real estate businesses, gambling facilitators, and e-commerce platforms that facilitate the sale of certain regulated products.

Importance of KYC for UK banks and companies

Certain businesses operating in the UK must implement KYC measures for a number of reasons.

Perhaps most obviously, KYC is required in many industries (financial services, crypto, real estate, etc.) to combat money laundering, which is estimated to cost the UK’s economy at least £100 billion pounds every year

But KYC is also an effective means of preventing other types of financial crime, such as tax evasion, identity theft, and the financing of terrorist activities. And in other industries, KYC plays different roles — for example, ensuring that children can’t access age-restricted products or services through e-commerce platforms. 

Even when it isn’t required by law, some businesses choose to implement KYC measures to reduce fraud on their platforms, stay ahead of forthcoming regulations, or simply improve the customer experience. 

Industries required to comply with KYC regulations in the UK

KYC for financial services

UK financial services — including banks, lenders, investment firms, payment processors, insurers, currency exchanges, and fintech companies — must comply with the KYC requirements specified in the country’s AML regulations, which were updated in 2017

When the customer is an individual, financial institutions must:

  • Identify the customer
  • Verify the customer’s identity
  • Assess the purpose and intended nature of the business relationship or occasional transaction

When the customer is a non-individual entity, financial institutions must obtain and verify the entity’s:

  • Legal name
  • Company number or registration number
  • Address of its registered office
  • Beneficial owners

These rules are enforced by the UK Financial Conduct Authority (FCA). While the FCA doesn’t specify how verification must be carried out, it does suggest that institutions embrace the risk-based approach to AML recommended by the Financial Action Task Force (FATF). The agency also provides a five-point framework that institutions are encouraged to incorporate into their identity verification process:

  • Strength: Gather evidence of the claimed identity, such as a government-issued ID or document 
  • Validity: Validate that the collected evidence is genuine and authentic, for example by checking an ID’s cryptographic security features or querying the issuing database
  • Activity: Determine whether or not the claimed identity has existed over time, for example by collecting employment or credit records
  • Identity fraud: Determine if the claimed identity is at a high risk for identity fraud, for example by checking a national fraud database
  • Verification: Verify that the identity actually belongs to the person claiming it, for example, by requesting a selfie and comparing it against the photo in an ID

KYC for cryptocurrency

UK businesses operating in the cryptocurrency space are regulated by the FCA, and are therefore subject to the same KYC regulations as other financial services. Businesses seeking to offer these services must register with the FCA prior to offering services. 

Cumulatively known as cryptoasset businesses, KYC rules apply to any business that provides the following products or services:

  • Cryptocurrency exchange
  • Peer-to-peer cryptocurrency transfers
  • Initial coin offerings (ICOs) or initial exchange offerings 
  • Cryptocurrency wallet providers

Briefly, KYC requirements for cryptocurrency businesses in the UK include:

  • Implementing a risk-based approach to AML and KYC
  • Performing customer due diligence on all customers
  • Performing enhanced due diligence on higher-risk customers
  • Monitoring customer transactions in an ongoing manner

KYC for real estate

In the UK, estate agents, letting agents, and other businesses dealing with the buying, selling, or financing of real estate must comply with the AML and KYC regulations enforced by Her Majesty's Revenue and Customs (HMRC). This includes verifying the buyer’s/seller’s:

  • Identity
  • Proof of residential address
  • Source of funds
  • Source of wealth
  • Proof of ownership (seller only)

When the buyer or seller is an entity and not an individual, estate agents must confirm that the entity does, in fact, exist. They must also identify and verify the entity’s beneficial owners. 

An enhanced due diligence process must be in place for high-risk clients, such as politically-exposed persons, or for transactions originating in countries deemed to be a high risk for money laundering and terrorist activity.

Importantly, these checks must be performed on both buyers and sellers. For residential property deals, KYC should take place upon signing of the memorandum of sale. For commercial property deals, it should take place upon signing of the heads of agreement. 

KYC for gaming

In the UK, any business that facilitates gambling — including online gaming (igaming) operators, bookmaking services, and remote casinos — is regulated by the UK Gambling Commission (UKGC).

Under new rules implemented in 2019, online gaming operators are prohibited from accepting bets from any individual before their age has been verified to be at least 18 years old. This is in contrast to prior rules, which allowed up to 72 hours for age verification. These new rules were put in place following a 2018 report that found an estimated three percent of children aged 11-16 had engaged in online gambling.

Additionally, in an effort to combat money laundering, the Commission requires that for any user who deposits or withdraws €2,000 or more, online gaming operators must verify the user’s:

  • Name
  • Address 
  • Date of birth

Verification may include the collection of a government-issued ID, selfies, and other supporting documentation, such as household bills or bank statements. The Commission does not specify which documents must be collected, leaving that choice to the individual business.

These requirements also apply to any user who has joined a self-exclusion list designed to help them stop gambling and those deemed to carry a greater risk of money laundering even if they don’t breach the €2,000 threshold, such as politically-exposed persons.

KYC for e-commerce

E-commerce companies operating in the United Kingdom must comply with multiple KYC regulations. 

In March 2022, the Strong Customer Authentication (SCA) rule went into effect for e-commerce transactions. This rule, implemented and enforced by the FCA, was designed to reduce theft resulting from stolen debit or credit card information. It requires banks to collect two pieces of identification prior to checkout to authenticate that the individual making the purchase is in fact the account holder. This identification can be in the form of:

  • Knowledge, such as a PIN, password, or answer to a security question
  • Possession, such as through a one-time passcode sent to a mobile device or email address
  • Inherence, such as a fingerprint or selfie

E-commerce retailers should work with their payment processors to ensure that the required technology and workflows are added to their checkout process.

Additionally, any e-commerce business that sells age-restricted products or services must verify the age of their customers. Failure to do so may result in a maximum fine of up to £20,000, and license forfeiture. Age verification can take place:

  • During online checkout, for example by collecting and verifying the customer’s ID
  • At point-of-delivery, by requesting proof of age prior to handing over the purchase
  • In-store, by requiring in-store pickup which includes age verification

KYC for social media companies

As of August 2023, social media companies operating in the UK are not required to implement KYC or identity verification measures. 

That said, a proposed bill — the Social Media Platforms (Identity Verification) Bill — would require social media companies to offer an IDV process to all users, as well as a means of limiting or blocking non-verified users, amongst other measures

The bill was sponsored by MP Siobhan Baillie in 2022 and is currently in its second reading in the House of Commons. 

Other petitions related to IDV for social media companies have been submitted in the past, including one which would require social media companies to collect a verified ID from anyone seeking to open an account (or the parent/guardian of users younger than 18).

Free ebook
Get Persona's guide to global identity verification

Become KYC compliant in the UK with Persona

If your business operates in the UK or provides services to UK citizens, it’s crucial that you understand which KYC obligations apply to your industry. It’s also crucial to select a KYC and AML toolkit flexible enough to adapt to these varied requirements.

Here at Persona, we know that a cookie-cutter approach to KYC doesn’t work. That’s why we’ve designed our identity infrastructure with flexibility in mind so that our partners are empowered to build the verification workflow that makes the most sense to their unique situations.

With our Verifications solution, you can quickly and easily collect and analyze government IDs, other documents, and selfies — either for initial verification or for periodic reverification. Reports allows you to build out a fuller picture of your users via watchlist checks, sanctions checks, PEP scans, and other database queries. Use Cases to build out a configurable hub to act as the central dashboard for all things manual review. Do this knowing that your customers’ PII is safe and secure.

Interested in learning more? Learn how Lime leveraged Persona’s suite of identity tools to comply with KYC regulations in each jurisdiction it operates in — including the UK. Start for free or get a demo today.

Frequently asked questions

Who must comply with UK KYC regulations?

In the United Kingdom, KYC regulations apply to the following types of businesses:

  • Banks
  • Investment firms
  • Broker/dealers
  • Fintech companies
  • Payment processors
  • Lenders
  • Credit card companies
  • Insurers
  • Gaming facilitators
  • Currency exchanges
  • Cryptocurrency exchanges
  • Peer-to-peer payment or crypto processors
  • Digital wallet providers
  • Cryptocurrency wallet providers
  • Real estate firms

It’s important to note that the above list is not exhaustive. Any business that falls under the purview of a regulator (such as the FCA, HMRC, or UKGC) may be subject to KYC requirements in force through that regulator.

What documents do banks require for KYC in the UK?

Most UK banks require the following documents as a part of their KYC processes:

  • Proof of identity: Driver’s license, passport, EU identity card, or other government-issued photo ID
  • Proof of address: Utility bill, phone bill, mortgage statement, rent bill, or council tax bill
  • Proof of income: Recent bank statement, pay stub, tax return, P60 tax statement, or letter from employer

Additional documents may be required for non-individual banking customers, such as businesses, trusts, and nonprofits.

Continue reading

Continue reading

How digital health apps can overcome four barriers to converting users
How digital health apps can overcome four barriers to converting users
Industry

How digital health apps can overcome four barriers to converting users

New patients might abandon onboarding if they’re confused, frustrated, or overwhelmed. Here are four ways digital health apps can improve conversion.

How to create scalable and compliant international KYB processes
How to create scalable and compliant international KYB processes
Industry

How to create scalable and compliant international KYB processes

Industry experts discuss international KYB and debunk common myths while sharing how to build a scalable global KYB process.

Trust and safety survey insights: Fighting identity fraud in the age of GenAI
Trust and safety survey insights: Fighting identity fraud in the age of GenAI
Industry

Trust and safety survey insights: Fighting identity fraud in the age of GenAI

Persona’s trust and safety survey reveals that although many fraud fighters feel effective, few have the tools to proactively mitigate identity fraud at the scale generative AI has introduced.

Global KYC: A KYC breakdown by countries
Industry

Global KYC: A KYC breakdown by countries

Learn how KYC regulations differ by country.

How to evaluate your KYC compliance
Industry

How to evaluate your KYC compliance

Learn what types of businesses are subject to KYC regulations, what it means to be KYC compliant, how to evaluate your compliance, and more.

What is eKYC?
Industry

What is eKYC?

Take a look at the different signals that eKYC can take advantage of and review the benefits that eKYC offers both businesses and their customers.

Ready to get started?

Get in touch or start exploring Persona today.