What is KYC (Know Your Customer)?

Christian Visti
January 25, 2024
5 min read

KYC (Know Your Customer)

KYC is about knowing your customers and clients so your business can avoid getting involved with organizations that commit crimes, launder money or fund terrorism.

In this article we explain:

  • What is KYC (Know Your Customer)?
  • What type of businesses are subject to Anti-Money Laundering (AML) laws and regulations, as well as KYC?
  • What requirements does international law – including the EU Anti-Money Laundering directive – have regarding KYC?
  • How can your business make sure you know your customers & clients?

With Meo you get a thorough and easy-to-use Know Your Customer platform that – from first contact with your client till the customer relation expires – can verify and document your clients’ identity and perform a KYC-check in real time.

Read more about the platform here or contact us to hear more about how we can help your company with KYC compliance.

What is KYC?

KYC is an abbreviation for “Know Your Customer.”

The term is especially used in finance because banks, accounting firms, lawyers, and private equity funds all have to document their clients’ identity so that governments. Basically, it must be documented where money is coming from and going to.

This is meant to prohibit or stand in the way of money laundering and black money that has been obtained by criminal means. If they are unable to supervise or audit the flow of money, it can undermine confidence and trust in financial organizations and companies whose business is dependent on stocks, investments and the greater financial market.

If you do not fulfill the demands of KYC, it can result in fines, penalties, sanctions, and even prison sentences. The exact amount or extent depends on local laws and regulations. A 2020 Financial Times article found that: “[...] AML fines in the initial six months of 2020 reached a total of $706m, compared with last year’s aggregate of $444m.”

What businesses and organizations are subject to the Anti-Money Laundering (AML) directive and KYC?

Many different types of businesses, including all companies and organizations involved in finance and the financial sector, are subject to anti-money laundering laws and regulations – and therefore KYC.

This applies, but is not limited, to:

  • Banks, financial institutes and merchant banking
  • Credit-, currency- and securities businesses
  • Foundations and stock brokers
  • Lending firms
  • Providers of financial leasing
  • Insurance companies
  • Accountants and accountancy firms
  • Founders of businesses
  • Lawyers and attorneys
  • Realtors
  • Businesses that deal in valuables whose worth exceeds €15.000

What requirements does the law and regulations have in regards to KYC?

The overall directives and regulations regarding knowing your customer are best exemplified in European law by the Anti-Money Laundering (AML) Directive. Among other things, it states that businesses need to perform risk assessments, verify the identity of their clients or customers, and report if they have suspicion of money laundering or other types of fraud.

Risk assessments are structured procedures, wherein you evaluate the risk as objectively as possible and approach each client individually, instead of treating them uniformly.

That means that you are required to have clear guidelines and policies in place regarding the risk of being involuntarily involved in money laundering and financial crimes, as well as supporting your employees with counseling and well-established procedures for when and how you are obliged to report money laundering, if you are not able to refute your suspicions.

In addition, you need to be able to document your vetting and verifications of, among other things, your clients’ identity. It’s futile to perform an audit if you are unable to document your findings afterwards. A typical error often made in this approach is when you manually assess copies of passports and driver’s licenses. Here it is necessary to not only vet the documents to ascert their legitimacy, but also document that you’ve performed the verification.

With a KYC Platform such as Meo you can automate much of the process, while simultaneously documenting that you are complying with GDPR and other data protection laws while handling personal data.

How do you perform an audit or check of your client’s identity?

Your vetting and verification check of your clients’ identity is built upon your risk assessment and the identified risk. Afterwards, you can conduct an audit under strict or relaxed procedure.

Strict procedures for physical persons can, among other things, be a request for a copy of their passport, a physical meeting or further demands regarding the terms of your expected shared business.

If it’s regarding a legal entity, you can request founding documents, articles of association and make more comprehensive requirements for the description of the business scope.

A KYC check requires the retrieval of personal data documenting the client’s identity. As a starting point this includes name and social security number or legal entity identifier (LEI), depending on whether you’re assessing a person or a legal entity. With this method you can verify and check your client’s identity – and thereby comply with KYC standards.

This identifying information needs to be vetted via an independent and credible source. That means the documents need to be verified and compared with other registries or sources that can validate addresses, passports or names.

For both persons and legal entities you need to – if relevant – obtain information about the goal of the business venture and the extent of your relation.

How often do you need to check your client’s identity?

You need to vet your client’s identity at the start of every business venture – and if there are changes in your client’s circumstances, as well as at appropriate times.

With high-risk clients the procedure can be repeated once a year, whereas with Low-Risk Clients a check every five years can suffice.

The extent of the KYC check depends on the risk assessment of the client. In cases where you assess that there is a low risk of money laundering, you can perform a more lax KYC check. You could, for example, choose not to obtain updated documentation, provided that the identification papers (ID), you received originally, still are legally valid.

Remember to check for PEP (Politically Exposed Person)

As a consequence of the latest Anti-Money Laundering Directive from the EU, you are now also required to determine whether the person is a PEP (Politically Exposed Person).

Politically exposed people are individuals whose political position or relation makes them a high risk target for money laundering. That’s because they’re more likely to be exposed to blackmail, bribery or in some other way (voluntary and coerced) be involved in financial crimes.

This can be done by cross-referencing with publicly available information and databases, also known as PEP-lists.

It’s important to be aware that these lists are not sufficient in order to indicate whether a person is considered a PEP – they’re only lists of the people that local governments have reported as explicitly politically exposed.

Spouses, business partners etc. of people on the PEP-lists are also considered PEPs. That makes it especially difficult for businesses to comply with the PEP-requirements without using external data sources that specialize in maintaining updated lists of all persons, that can be defined as PEP.

Meo works together with a number of external data vendors that have specialized in having updated PEP-lists that cover a wide variety of nationalities and sectors

See how Meo can help you win big for your clients.

Let us show you why Meo is the preferred choice for lawyers and law firms wanting to automate their AML processes.