The Complete Guide to Understanding Know Your Customer (KYC)

The Complete Guide to Understanding Know Your Customer (KYC)

Do you know your customers? You should, especially if you are a Financial Institution (FI).  It is an important practice to protect your FI from fraud and losses due to illicit transactions.

It is essential that FIs know with whom they are conducting business and performing transactions. Due diligence standards are relevant not only for ensuring the integrity of the business operations but also specifically for fighting against money laundering and terrorist financing.

Know Your Customer procedure is a crucial component to evaluate and monitor customer risk. “KYC” refers to the steps taken by financial institutions to:

  1. Discover customer's identity
  2. Understand the activities of the customer (importantly to evaluate the source of fund)
  3. Perform a risk-based approach for monitoring the customer’s activities

A best KYC program consists of the following activities:

Customer Identification Procedure (CIP): is the collection and verification of customer information from documents such as National ID card, Passport, and other Government issued ID proof.

A CIP is the starting point for any KYC process. In the financial institution context, a best practice is for the relationship manager to initiate the CIP process but coordinate and communicate with the due diligence manager.

Customer Due Diligence (CDD): is information obtained from all customers through screening against Sanctions List, Politically Exposed Persons (PEPs), and Adverse Media.
A key objective of CDD is to obtain enough information from new customers at the time of the account opening that’ll allow a bank to gain a sound understanding of the customer’s normal and anticipated activity throughout the relationship. When conducting due diligence, firms normally use a Risk Assessment Matrix (also referred to as a Risk Rating Template) to determine the overall risk rating of the client.

Cenza KYC process map.png

Enhanced Due Diligence (EDD): is additional information obtained for high-risk customers to provide a deeper knowledge of customer activity to alleviate associated risks.
In determining what level of due diligence is essential (CDD vs EDD), a firm should look at 'Red Flags' associated with the following:

  • Customer’s address/location (country of operations, country of registration)
  • Actual or anticipated account activities
  • Account type (e.g., cash, trading, savings, and investing)
  • Type of business in which the customer is engaged in (export, manufacturing, tobacco/alcohol, design, etc.)
  • Type of entity (foreign bank, nonbank financial institution, domestic/foreign corporation, trust, individual, corporation, LLC, partnership, etc.)
  • The source of wealth or source of assets
  • Purpose of the account
  • Involvement of any politically exposed persons (PEP), their immediate family members or close associates

Ongoing Monitoring: It is not sufficient to perform due diligence only during the application and onboarding stage. The ongoing monitoring of customer involves overseeing of transactions based on thresholds stated as part of a customer’s risk score.

Best practices for FIs include transaction monitoring systems and periodic refreshing of due diligence information every 6 months to 12 months (based on risk score of the customer).

Speak to us about how Cenza can help your institution streamline your KYC processing.

About the Authors: 


Deepak Amirtha Raj is a Research & Strategy Analyst in the Risk and Compliance sector. He focusses on Business Strategy Research, Emerging Technologies and Advanced Analytics. He studied business at Saint Joseph’s College and had previously worked with Royal Bank of Scotland as Business Process Analyst.


Andrew Stuart-Mills has been working in the Financial Industry specialising in the IPO and M&A for the past 25 years. He is at the forefront of Business development and client liaison for Cenza’s ongoing projects. He has prior experience with Integreon, Merrill Corporation and RR Donnelley.

Uncovering Beneficial Ownership in KYC

Uncovering Beneficial Ownership in KYC

Managing Privacy Risks in eDiscovery

Managing Privacy Risks in eDiscovery