Industry

Online KYC during user onboarding

Many businesses need to have a KYC process for onboarding new users. Learn what's required, common steps, and more.

An icon showing a person thinking about regulation
Last updated:
5/31/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • Financial institutions and other regulated organizations are required to have Know Your Customer (KYC) programs to verify the identity of their users. 
  • Businesses can choose how to implement aspects of their KYC programs, but these checks often need to start during onboarding.
  • KYC during online onboarding may involve collecting and validating images of identifying documents, assessing the risk a user poses, and verifying their identity with internal and third-party sources.

To comply with federal regulations when onboarding new users, many organizations need systems that can collect and verify user identities. The process might look different depending on the industry and situation, but creating a seamless Know Your Customer (KYC) process is important for remaining compliant, avoiding user dropoff, and protecting your organization from fraud. 

What is KYC?

KYC involves collecting and verifying identifying information about a user and assessing how much risk that user poses. It’s sometimes called identity verification, or alternatively, Know Your Business (KYB) when organizations are verifying another organization rather than a person.  

KYC and KYB are part of a larger anti-money laundering (AML) framework that financial institutions use to detect and prevent bad actors from laundering money, financing terrorism, evading taxes, and committing other crimes. 

By verifying users’ identities, organizations can stop bad actors from using a company’s products or services to commit crimes. If someone gets past these verification checks, the identifying information can also help companies and government agencies track the criminal and their accomplices.

What’s required for KYC during onboarding?

KYC can take place in person, such as when you’re asked to bring a government ID and a document with your current address to a bank branch to open a new account. As consumers increasingly expect to be able to do anything online that they can do in person, electronic KYC has become common across industries, from financial services to hospitality. 

The regulations and rules require organizations to have enough information to form a reasonable belief that they know the user’s true identity. And at a minimum, to comply with KYC regulations, organizations have to collect and verify the user’s: 

  • Name
  • Date of birth
  • Address
  • Identification number, such as a Social Security number 

Regulators don’t dictate how organizations have to collect and verify this information. Many businesses use identity verification platforms that offer different types of verifications, such as government ID, document verification, and database verifications. They can then segment new users based on risk signals and strategically run different checks to stay compliant and find a balance between friction, user experience, and cost. 

Webinar
Get our tips for balancing risk and conversion

KYC beyond onboarding

Although verifying identities at onboarding is a critical part of KYC, ongoing monitoring can also be important for complying with regulations and protecting your business. That’s why KYC programs are made up of three parts:

Ongoing monitoring and link analysis can also help organizations uncover and block fraud rings that have or intend to cause financial and reputational damage. 

Common steps for KYC onboarding

The details will depend on the business, user, and type of product or service, but KYC is often a multi-step process: 

  1. Request identifying documents. These may include a picture of a driver’s license, passport, or state identification card. Some KYC solutions also support digital IDs such as mobile driver’s licenses
  2. Extract and compare information from the documents: Information is then extracted from the document, such as the user’s name and date of birth, and compared to the information they entered on their application. Information about the document, such as its issue date, expiration date, and an identification number can also be collected. 
  3. Validate the documents and information: The images and documents are analyzed for signs of tampering or forgery. Data from the documents can also be checked against an authoritative database, such as the American Association of Motor Vehicle Administrators (AAMVA) database, to confirm information from a driver’s license or by electronic consent-based Social Security number verification (eCBSV) for Social Security number verifications
  4. Assess user risk: Financial institutions may need to evaluate users’ AML risk. The results of the user risk assessment can inform the level of due diligence (simplified, standard, or enhanced) that will be used. 
  5. Run additional checks: Additional verifications and checks can be run as needed, including selfie verification, adverse media reports, and government watchlist screenings. 

Who needs to implement KYC for onboarding?

KYC requirements can vary by country and region. In the U.S., anti-money laundering (AML) laws can be traced back to the passage of the Bank Secrecy Act (BSA) in 1970. Later, the USA PATRIOT Act and FINRA Rule 2090 introduced CIP and KYC requirements in 2001 and 2012, respectively. 

These regulations apply to a broader set of financial institutions and industries managing large transactions, including:

Beyond financial institutions, the INFORM Consumers Act went into effect in 2023 and expanded identity verification requirements to online marketplaces in the U.S. In the E.U., DAC7 now requires digital platforms, such as gig and rental marketplaces, to collect and report sellers’ information to tax authorities. 

Additionally, e-commerce sites, social media platforms, dating services, e-learning platforms, and digital health providers may want or need to complete KYC checks even if they’re not subject to AML regulations. 

How Persona helps KYC onboarding  

Persona’s identity platform offers building blocks that you can use to create and customize the KYC process at onboarding. Choose which types of verifications and checks to implement, add fraud prevention, and integrate third-party data to make compliant and strategic decisions. 

We also offer solutions for continuous monitoring for both AML compliance and fraud prevention. And Persona can securely store customer data, including their users’ PII, to help stay GDPR and CCPA compliant. 

Start for free or get a demo today.

Published on:
1/25/2024

Frequently asked questions

No items found.

Continue reading

Continue reading

How to create a great digital onboarding experience
Industry

How to create a great digital onboarding experience

Learn how a user-friendly digital onboarding experience can become your competitive advantage.

Build onboarding flows that convert with Dynamic Flow
Announcement

Build onboarding flows that convert with Dynamic Flow

Customers like LedgerX and Coursera drive conversion at every screen with Dynamic Flow.

How to evaluate your KYC compliance
Industry

How to evaluate your KYC compliance

Learn what types of businesses are subject to KYC regulations, what it means to be KYC compliant, how to evaluate your compliance, and more.

Ready to get started?

Get in touch or start exploring Persona today.