persona-logo
Industry
Published June 17, 2025
Last updated June 17, 2025

Top 6 KYC challenges (and how to overcome them)

Learn about 6 key KYC and AML challenges for financial services companies, plus steps you can take to prioritize and overcome them.
Kerwell Liao
Kerwell Liao
14 min
Top KYC challenges and how to overcome them
Key takeaways
Financial services companies are required to implement an effective KYC program to prevent money laundering and fraud, but challenges often stand in the way.
Accurately assessing risk, complying with global regulations, and balancing conversion with risk are all common hurdles when creating a KYC process.
To ensure compliance, minimize risk, and convert customers, you need a flexible KYC program with automated ID verifications and configurable workflows.

A strong Know Your Customer (KYC) program is foundational to building trust and maintaining compliance in today’s complex financial landscape. At its core, KYC is a due diligence process companies use to verify the identities of prospective and current customers — and assess how much risk they pose.

Most companies conduct some form of KYC to comply with regulatory requirements and reduce fraud, but for financial services companies, KYC is particularly important. A well-designed KYC program not only supports compliance but also provides a powerful framework for understanding and managing customer risk throughout the entire relationship life cycle.

Unfortunately, while KYC is both beneficial and essential for businesses in the financial industry, it also poses a number of challenges. Below, we explore the most common KYC challenges organizations face and share strategies to help overcome them.

A refresher on the KYC process

Before jumping into the challenges and solutions, let’s start with a quick overview of what KYC is and how the process typically works. 

KYC consists of three main parts:

1. Customer identification program 

A customer identification program (CIP) is when you verify a customer’s identity to ensure they are who they say they are. Financial companies are required to collect and verify the customer’s name, address, date of birth, and a government-issued identification number (like an SSN). 

This can be achieved using a variety of different methods, but often includes checking a government-issued ID against issuing or authoritative databases. It may also include other forms of verification, such as selfie verification, to safeguard against fake or stolen IDs and other threats.

2. Customer due diligence

Customer due diligence (CDD) is where you evaluate and document how much risk a customer poses for things like money laundering, the financing of terrorism, fraud, and other financial crimes. 

Your goal is to determine whether you should be doing business with a person or entity. CDD often relies on various reports and screenings, including watchlist screenings, sanctions list screenings, politically-exposed persons (PEPs) screenings, adverse media reports, and more. 

3. Ongoing monitoring

Continuously monitoring transactions and behaviors helps identify unusual money transfers, suspicious login attempts, or sudden changes in spending patterns that may signal potential money laundering or fraud. 

Furthermore, updating customer risk profiles with new information, transaction history, and external data (e.g., sanctions lists, PEP databases, and adverse media) ensures your KYC program adapts to evolving risks and remains effective.

Organizations that work with businesses must also perform Know Your Business (KYB). In addition to the steps above, KYB also involves identifying and verifying all of a business’s ultimate beneficial owners (UBOs).

Keep learning: Know Your Customer (KYC) vs. Customer Due Diligence (CDD): What's the difference?

What are the top KYC challenges for banks and other financial service businesses? 

Implementing or updating your business’s KYC program involves a lot of moving parts, which opens the door for confusion and challenges. Below are some of the most important KYC challenges that financial institutions commonly face:

KYC challenge #1: Accurately assessing risk

The goal of KYC is to gauge the level of risk posed by a customer. Unfortunately, accurately gauging that risk can be tricky; when financial institutions get it wrong, it can have significant repercussions, including regulatory enforcement actions, reputational damage, and in rare cases, severe penalties like multimillion-dollar fines or legal consequences.

While many factors can complicate AML risk assessment, one of the most common is over-reliance on too little data. After all, if you’re only gathering a handful of data points and pieces of evidence from your customers, it’s difficult to paint a complete picture of their risk level. 

Solution: Collect more data

If your KYC process is limited because you’re currently collecting too few risk signals from your customers, the solution is pretty straightforward: collect more data so you have more information on which to base your risk assessment. 

Concerned that this might increase friction? That’s understandable — and we cover that in greater detail below. In the meantime, another way to strike that balance is by collecting passive and behavioral risk signals.

  • Passive signals include IP address, device and browser fingerprints, geolocation, VPN usage, camera emulators, and other developer tools. 

  • Behavioral signals include hesitation, mouse movement, keystrokes, and more. 

Both passive and behavioral signals can be collected in the background to help you gain richer insights without introducing friction.

Another option? Using the information that your customer has already provided during the onboarding flow to perform additional checks and screenings for a fuller picture of their risk. Some AML screenings to consider incorporating into your flow include:

KYC challenge #2: Complying with global privacy regulations

If you operate across multiple jurisdictions, you’ll likely face different KYC challenges in each jurisdiction you serve, as each region has its own set of regulations and compliance standards. Depending on where your company is located and which jurisdictions you serve, you could have a handful of regulations to consider — or dozens. 

In the US, for example, the Bank Secrecy Act requires financial institutions to identify individuals and maintain transaction records. Additional laws like the USA PATRIOT Act and Anti-Money Laundering Act of 2020 have expanded its scope. In the EU, a series of Anti-Money Laundering Directives (AMLDs) apply, while the UK has its own KYC regulations.

The good news is that most countries base their AML and KYC laws on the Financial Action Task Force’s 40 recommendations, which creates some consistency. 

Though many of these regulations’ identity verification criteria overlap, creating nuances in global IDV, they have slightly different applications and frequencies for compliance. That, plus the fact that regulations change often and new ones pop up all the time, can make it hard to ensure you’re 100% covered. 

Solution: A flexible KYC solution

Global KYC can’t be solved with a one-size-fits-all approach. It takes a KYC solution that is both flexible and customizable — one that will allow you to build the exact KYC program you need in each of the jurisdictions you operate in.

When evaluating KYC solution providers, look for one with:

  • Multiple verification methods to choose from based on local compliance needs

  • Global database coverage for broad access to authoritative sources

  • Regulatory expertise to help you navigate changing requirements with confidence

One of the benefits of implementing a flexible platform is the fact that you aren’t locked into a strategy just because it’s the first one you chose to pursue. You can make changes as often as is necessary. With that in mind, it’s important to routinely revisit and evaluate your strategy to get a sense of what’s working, what’s not, and where it may be beneficial to make changes.

KYC challenge #3: Balancing conversion and risk

Another KYC challenge for banks and other financial institutions? Staying compliant and protecting your platform against fraud without frustrating users in the process. 

In order to evaluate a customer’s risk level, you need to collect information and evidence during the onboarding process. The more you collect, the more confident you can be in your risk assessment — but the more friction you introduce in the process. Too much friction can cause legitimate users to drop off, harming your conversion rates.

Keep learning: 3 tips for managing risk without sacrificing user experience.

Solution: Risk-based segmentation

One way you can control friction during KYC is to leverage risk-based segmentation that tailors the verification flow to each user in real time depending on how much risk is detected at any given moment. 

In other words, as you collect data from customers during onboarding, you can analyse their risk profile in real time to segment them based on risk. Low-risk individuals can then move through a lightweight flow with minimal friction, while high-risk individuals can be asked for additional verification. This approach helps you:

  • Speed up onboarding for low-risk individuals or reject bad actors early

  • Flag high-risk individuals or regions

  • Dynamically add verification steps for moderate-risk segments

  • Monitor activity for elevated-risk profiles

Read our strategic guide to balancing risk and conversion.

KYC challenge #4: Preventing fraudulent account creation at scale

Bad actors will sometimes engage in account creation fraud, opening multiple accounts with a single financial institution in order to facilitate money laundering via smurfing or to take advantage of promotions like bonuses through referral fraud

Compounding the issue, AI has made it easier than ever for fraudsters to not only create these accounts, but to generate the assets (IDs, selfies, etc.) needed to skirt KYC processes. 

Solution: Link analysis

Link analysis is a data science technique that makes it possible to understand how different accounts on your service or platform are related to one another, making it a potentially powerful tool for uncovering fraud rings and the fraudulent accounts that they rely on.

Consider this: If you’re a fraudster, it can be difficult to find or make assets capable of getting through a bank’s KYC and fraud detection systems. When you’re successful, you’re likely to try and reuse as many of those assets as possible to open additional accounts — after all, if it works, why fix it?

With link analysis, you can quickly spot links between risky accounts that share suspicious connections. A few risk signals flagged through link analysis might include similar physical addresses, contact information, IP addresses, device and browser fingerprints, or other signals. 

These accounts can then be flagged for more comprehensive evaluation to determine if the connections are natural or fraudulent, minimizing KYC onboarding challenges 

Want to surface connected risky accounts fast with link analysis? Check out how Persona’s Graph helps you block fraudsters and analyze ID verification data alongside a robust library of risk signals to quickly search for patterns or anomalies within clusters of accounts.

KYC challenge #5: Minimizing errors and false positives

When an error in your KYC process results in a legitimate customer being denied services, that’s a serious concern. Not only does it mean that your business missed out on a potential customer, harming revenue and growth, but it also means that a person lost access to the financial system — which can erode trust in your brand, especially among vulnerable populations who rely on fair access to essential services.

False positives, when a legitimate customer is flagged as being potentially fraudulent or high-risk due to similarities to another customer, are similarly damaging. 

Solution: Fine-tuning name match requirements

Match requirements are the internal logic that you set to determine whether or not a piece of information (like someone’s name) triggers a positive match when performing identity verification or running a report. These requirements can be strict (i.e., they require an exact match to trigger a positive result) or fuzzy (i.e., they account for misspellings, transpositions, and other edits). 

Strict match requirements will typically result in fewer false positives, but also leave your business open to the risk that you may have missed a pertinent match that included an error or other edit, leading to KYC failure. Fuzzier match requirements may result in more false positives, but also offer greater assurance that you will find all possible matches related to your customers. 

How strictly you set your match requirements is an organizational choice — there is no right or wrong answer. Only you can decide how much risk your business is willing to accept. But fine-tuning your match requirements can be an effective means of minimizing how often you are triggering false positives.  

KYC challenge #6: Reducing manual work 

If you are currently performing KYC through a manual review process, then you already know just how challenging it can be, especially at scale.

Inspecting and analyzing a customer’s ID for authenticity; cross-referencing information against authoritative databases; scanning sanctions lists and media databases for mentions of your customer’s name — it can all be time-consuming and expensive to perform by hand. It can also be prone to error, increasing the likelihood that you may miss a vital piece of information to your risk analysis.

Solution: Smart automation

Many of the most labor-intensive KYC processes can now be either partially or fully automated, allowing for faster customer onboarding at scale and with fewer errors. In addition to boosting efficiency, this frees up your team to perform higher-value tasks, leading to cost savings and an overall more productive organization.

Of course, there may be instances where you still want or require a human touch — such as when it comes to manually reviewing edge cases. The good news is that automation doesn’t need to be all or nothing. A best-in-class KYC solution will empower you to implement the level of automation that is right for your organization while maintaining manual processes where it is still valuable for you to do so.

Keep learning: Automated KYC verification: a guide for compliance managers (and others)

More tips for overcoming common KYC issues

In addition to the solutions presented above for specific KYC issues you may be facing, there are other steps you can take to address these challenges more broadly. Some ideas to consider include:

Appointing a dedicated compliance officer or team

Appointing a compliance officer: someone to evaluate current processes, determine where you can improve, draft new policies, and ensure the new strategy complies with all current AML regulations — is one of the most important pillars of AML compliance

While this officer will indirectly influence your KYC strategy, it can also be beneficial to appoint a compliance officer (or team) to focus on any and all issues related to KYC. Having this more focused individual can make it easier to make adjustments to your strategy over time, and may provide a more responsive liaison between your compliance and other departments. 

Leveraging a risk-based approach 

Not every customer who onboards with your institution poses the same risk of money laundering or fraud. With this in mind, subjecting each customer to the same checks and level of scrutiny unnecessarily increases the friction they encounter when creating an account — while simultaneously creating more work for your team.

Implementing a risk-based approach, on the other hand, makes it possible to tailor your onboarding checks to the amount of risk posed by each specific customer. At scale, this can translate into hours of saved manpower each day.

Regularly auditing your processes 

Just because you establish a state-of-the-art KYC process today doesn’t mean it will always stay cutting edge. Regulations are constantly evolving and changing, potentially making your processes obsolete or out of date. Likewise, technological advancements mean that new techniques may be available — to both you as well as fraudsters. Your KYC processes need to be updated on a regular basis to protect against these risks. 

For these reasons, it’s important to routinely audit your processes. In addition to identifying weaknesses and areas for improvement, consider how fraudsters may put emerging technologies to use so that you can stay ahead of them. 

Solving KYC and AML challenges with Persona

Persona’s flexible suite of identity tools was specifically designed to help financial institutions address KYC and AML challenges. Whether you’re building your very first KYC program or looking to overhaul an existing program, Persona empowers you to:

  • Mix and match different verification methods, reports, data sources, and risk signals to facilitate accurate risk assessments

  • Build the exact onboarding flow that makes sense for your business, your customers, and the jurisdictions you operate in

  • Build and deploy progressive risk-based segmentation to control friction and ensure conversions aren’t unnecessarily impacted by compliance requirements

  • And more

Ready to learn more about how Persona can help your company overcome KYC challenges? Contact us to book a free demo or see why other financial services companies, like Brex, love Persona.

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Kerwell Liao
Kerwell Liao
Kerwell is a product marketing manager focused on Persona’s identity verification solutions. He enjoys watching basketball and exploring the world with his German Shepherd.
Continue reading
  • What is Know Your Customer (KYC) — and why does it matter?
    16 mins

    What is Know Your Customer (KYC) — and why does it matter?

    KYC and AML are regulations that require businesses to verify their customers’ identities. Here’s what you need to know.

  • Understanding KYC Compliance: A Comprehensive Guide
    6 mins

    Understanding KYC Compliance: A Comprehensive Guide

    Learn what types of businesses are subject to KYC regulations, what it means to be KYC compliant, how to evaluate...

  • KYB vs. KYC: What's the difference?
    8 mins

    KYB vs. KYC: What's the difference?

    Understand the differences between KYB and KYC and the crucial role due diligence plays in combating financial crimes and ensuring...