To comply with federal regulations when onboarding new users, many organizations need systems that can collect and verify user identities. The process might look different depending on the industry and situation, but creating a seamless Know Your Customer (KYC) process is important for remaining compliant, avoiding user dropoff, and protecting your organization from fraud.
What is KYC?
KYC involves collecting and verifying identifying information about a user and assessing how much risk that user poses. It’s sometimes called identity verification, or alternatively, Know Your Business (KYB) when organizations are verifying another organization rather than a person.
KYC and KYB are part of a larger anti-money laundering (AML) framework that financial institutions use to detect and prevent bad actors from laundering money, financing terrorism, evading taxes, and committing other crimes.
By verifying users’ identities, organizations can stop bad actors from using a company’s products or services to commit crimes. If someone gets past these verification checks, the identifying information can also help companies and government agencies track the criminal and their accomplices.
What’s required for KYC during onboarding?
KYC can take place in person, such as when you’re asked to bring a government ID and a document with your current address to a bank branch to open a new account. As consumers increasingly expect to be able to do anything online that they can do in person, electronic KYC has become common across industries, from financial services to hospitality.
The regulations and rules require organizations to have enough information to form a reasonable belief that they know the user’s true identity. And at a minimum, to comply with KYC regulations, organizations have to collect and verify the user’s:
- Name
- Date of birth
- Address
- Identification number, such as a Social Security number
Regulators don’t dictate how organizations have to collect and verify this information. Many businesses use identity verification platforms that offer different types of verifications, such as government ID, document verification, and database verifications. They can then segment new users based on risk signals and strategically run different checks to stay compliant and find a balance between friction, user experience, and cost.
KYC beyond onboarding
Although verifying identities at onboarding is a critical part of KYC, ongoing monitoring can also be important for complying with regulations and protecting your business. That’s why KYC programs are made up of three parts:
- A customer identification program (CIP) that creates procedures for collecting, verifying, and retaining records of the required information from new users.
- Customer due diligence (CDD), which assesses a user’s risk during onboarding and throughout their life cycle.
- Continuous monitoring of user identities and transactions to spot and report suspicious activity.
Ongoing monitoring and link analysis can also help organizations uncover and block fraud rings that have or intend to cause financial and reputational damage.
Common steps for KYC onboarding
The details will depend on the business, user, and type of product or service, but KYC is often a multi-step process:
- Request identifying documents. These may include a picture of a driver’s license, passport, or state identification card. Some KYC solutions also support digital IDs such as mobile driver’s licenses.
- Extract and compare information from the documents: Information is then extracted from the document, such as the user’s name and date of birth, and compared to the information they entered on their application. Information about the document, such as its issue date, expiration date, and an identification number can also be collected.
- Validate the documents and information: The images and documents are analyzed for signs of tampering or forgery. Data from the documents can also be checked against an authoritative database, such as the American Association of Motor Vehicle Administrators (AAMVA) database, to confirm information from a driver’s license or by electronic consent-based Social Security number verification (eCBSV) for Social Security number verifications.
- Assess user risk: Financial institutions may need to evaluate users’ AML risk. The results of the user risk assessment can inform the level of due diligence (simplified, standard, or enhanced) that will be used.
- Run additional checks: Additional verifications and checks can be run as needed, including selfie verification, adverse media reports, and government watchlist screenings.
Who needs to implement KYC for onboarding?
KYC requirements can vary by country and region. In the U.S., anti-money laundering (AML) laws can be traced back to the passage of the Bank Secrecy Act (BSA) in 1970. Later, the USA PATRIOT Act and FINRA Rule 2090 introduced CIP and KYC requirements in 2001 and 2012, respectively.
These regulations apply to a broader set of financial institutions and industries managing large transactions, including:
- Art dealers
- Real estate agencies
- Banks and credit unions
- Casinos and online gambling services
- Credit card issuers
- Cryptocurrency exchanges
- Lenders
Beyond financial institutions, the INFORM Consumers Act went into effect in 2023 and expanded identity verification requirements to online marketplaces in the U.S. In the E.U., DAC7 now requires digital platforms, such as gig and rental marketplaces, to collect and report sellers’ information to tax authorities.
Additionally, e-commerce sites, social media platforms, dating services, e-learning platforms, and digital health providers may want or need to complete KYC checks even if they’re not subject to AML regulations.
How Persona helps KYC onboarding
Persona’s identity platform offers building blocks that you can use to create and customize the KYC process at onboarding. Choose which types of verifications and checks to implement, add fraud prevention, and integrate third-party data to make compliant and strategic decisions.
We also offer solutions for continuous monitoring for both AML compliance and fraud prevention. And Persona can securely store customer data, including their users’ PII, to help stay GDPR and CCPA compliant.
Start for free or get a demo today.