Heads Up: The Fed continues to raise rates — up 3% this year — making credit card debt even costlier.
Pay it off today with a low fixed-rate personal loan. View your rate —>

What Is Know Your Customer (KYC) for Financial Institutions?

By Brian Nibley · December 21, 2021 · 6 minute read

We’re here to help! First and foremost, SoFi Learn strives to be a beneficial resource to you as you navigate your financial journey. Read more We develop content that covers a variety of financial topics. Sometimes, that content may include information about products, features, or services that SoFi does not provide. We aim to break down complicated concepts, loop you in on the latest trends, and keep you up-to-date on the stuff you can use to help get your money right. Read less

What Is Know Your Customer (KYC) for Financial Institutions?

The meaning of the phrase KYC is “know your customer”. KYC regulations provide a framework for financial institutions to know who their customers are.

Financial institutions need to protect themselves from unknowingly participating in illegal activities. If a criminal is discovered to be using a bank for illicit purposes, such as laundering money, then the bank in question could be held accountable. It’s their responsibility to be aware at all times of who they are serving, so they can prevent themselves from being used for criminal activity.

KYC involves making sure banks and other companies in the financial service sector maintain accurate information about their customers. KYC requirements create a universal standard that financial organizations must comply with to know who their customers are. KYC laws and anti-money laundering (AML) laws often go hand-in-hand.

What Are the Three Components of KYC?

There are three main parts of a KYC compliance framework: customer identification, customer due diligence, and enhanced due diligence. Each phase of the process gets more intensive according to the estimated risk that the potential client might pose.

Customer Identification Program (CIP)

The first of the three main KYC requirements is to identify a customer. Organizations must verify that a potential customer’s ID is valid, real, and doesn’t contain any inconsistencies. The person must also not be on any Office of Foreign Assets Control (OFAC) sanctions lists.

An organization also needs to know if their prospective customer is “politically exposed.” A politically exposed person (PEP), such as a public figure, is thought to be more susceptible to corruption than the average individual, and is therefore considered high-risk, requiring special attention.

As part of their AML/KYC compliance program, all financial institutions are required to keep records of their Customer Identification Program (CIP) as mandated by the Financial Crimes Enforcement Network (FinCEN).
FinCEN works under the guidance of the department of Treasury and is charged with guarding the financial system against illicit activity and money laundering.

The following information will satisfy the minimum KYC requirements for a Customer Identification Program:

•  Customer name (or name of business)

•  Address

•  Date of birth (not required for businesses)

•  Identification number

For individuals, the customer’s residential address must be validated. US Postal Office boxes are not accepted. Individuals with no physical residential address can use an Army Post Office box (APO), Fleet Post Office Box (FPO), or the residential or business street address of their next of kin.

For business customers, the address provided for know your customer requirements can be the principal place of business, a local office, or another physical location utilized by the business.

The ID number for most individuals will be their social security number or Taxpayer Identification Number (TIN). For business entities, the number will usually be their Employer Identification number (EIN). Foreign businesses without ID numbers can be verified by alternative government-issued documents.

Customer Due Diligence (CDD)

Due diligence includes collecting all relevant information on a customer from trusted sources, determining what the customer will be using financial services for, and maintaining ongoing surveillance of the situation to further verify that customer activity remains in line with recorded customer information.

The goal of this phase of the know your customer process is to assess the risks a potential customer might pose and assign them to one of three categories — low, medium, or high risk.

Several variables — including the customer’s expected cash transactions, the type of business, source of income, and location — will help determine the customer’s risk level.

Other categories for assessing risk include the customer’s business industry, whether they use a foreign or domestic account, and their past financial history. The customer is also screened against politically exposed persons (PEP) and Office of Foreign Assets Control’s (OFAC) sanctions lists.

Enhanced Due Diligence (EDD)

Enhanced due diligence (EDD) involves increased monitoring of customers deemed to be high-risk. This may include customers from high-risk third countries, those with political exposure, or those that have existing relationships with financial competitors.

Conducting enhanced due diligence on high-risk business entities requires identifying all beneficiaries of those entities when they open an account. Customers that are legal entities are those that have had legal documentation filed with a Secretary of State or other state office, and include:

•  Limited liability companies (LLC)

•  Corporations

•  Business trusts

•  General partnerships

•  Limited partnerships

•  Any other entity created via filing with a state office or formed under the laws of a jurisdiction outside of the US

On May 11, 2018, a new AML/KYC requirement came into effect. This change to KYC laws states that all banking and non-banking firms subject to the Bank Secrecy Act (BSA) must verify the identity of beneficiaries of legal entity customers when they open an account.

Firms must also develop risk profiles and continually monitor these customers. This must be done regardless of what risk category the customer falls into.

Due diligence is an ongoing process and requires financial institutions to constantly update customer profiles and monitor account activity.

What Are the Steps Involved in KYC?

There are five main steps of complying with the know your customer rule. These include:

•  Customer Identification Program (CIP)

•  Customer due diligence (CDD)

•  Enhanced due diligence (EDD)

•  Account opening

•  Annual review

Opening an account and conducting an annual review occur after it has been determined that a customer is eligible for financial services.

The higher risk category a customer falls into, the more often their activities will be reviewed.

What Are the Four Key Elements of a KYC Policy?

KYC compliance involves four key elements. When gathering KYC information, organizations must:

•  Identify their customers

•  Verify that the customer’s ID is true and valid

•  Understand their customer’s source of funding and activities

•  Monitor the activities of their customers

Monitoring of customer activities is an ongoing process, particularly for high-risk clients. Most firms review clients based on their level of risk.

Low-risk clients might only be reviewed once every two or three years, moderate-risk clients every one to two years, while high-risk clients tend to be reviewed once a year or even once every six months.

The Takeaway

KYC, or know your customer, is a regulation that helps financial institutions prevent fraud by their customers. KYC involves constant check-ups and ongoing measures to ensure customer information and account profiles are kept up-to-date.

With the need for KYC compliance growing, and regulations becoming more onerous, an increasing amount of this work is done by automated systems utilizing artificial intelligence. A number of fintech companies have sprung up in recent years to fill this market need.

KYC and AML laws have taken on special importance in the cryptocurrency sector, which has been largely unregulated for most of its existence. More and more companies in the space have begun complying with these types of regulations.

The more investors know, the better equipped they are to make informed financial decisions for themselves. With the SoFi Invest® brokerage, you can build your portfolio by trading your choice of stocks, exchange-traded funds (ETFs), cryptocurrency, and Initial Public Offerings (IPOs), all with minimal fees.

Find out how to get started with SoFi Invest.

Photo credit: iStock/Andrii Yalanskyi

SoFi Invest®
The information provided is not meant to provide investment or financial advice. Also, past performance is no guarantee of future results.
Investment decisions should be based on an individual’s specific financial needs, goals, and risk profile. SoFi can’t guarantee future financial performance. Advisory services offered through SoFi Wealth, LLC. SoFi Securities, LLC, member FINRA / SIPC . SoFi Invest refers to the three investment and trading platforms operated by Social Finance, Inc. and its affiliates (described below). Individual customer accounts may be subject to the terms applicable to one or more of the platforms below.
1) Automated Investing—The Automated Investing platform is owned by SoFi Wealth LLC, an SEC registered investment advisor (“Sofi Wealth“). Brokerage services are provided to SoFi Wealth LLC by SoFi Securities LLC, an affiliated SEC registered broker dealer and member FINRA/SIPC, (“Sofi Securities).
2) Active Investing—The Active Investing platform is owned by SoFi Securities LLC. Clearing and custody of all securities are provided by APEX Clearing Corporation.
3) Cryptocurrency is offered by SoFi Digital Assets, LLC, a FinCEN registered Money Service Business.
For additional disclosures related to the SoFi Invest platforms described above, including state licensure of Sofi Digital Assets, LLC, please visit www.sofi.com/legal. Neither the Investment Advisor Representatives of SoFi Wealth, nor the Registered Representatives of SoFi Securities are compensated for the sale of any product or service sold through any SoFi Invest platform. Information related to lending products contained herein should not be construed as an offer or prequalification for any loan product offered by SoFi Bank, N.A.
Financial Tips & Strategies: The tips provided on this website are of a general nature and do not take into account your specific objectives, financial situation, and needs. You should always consider their appropriateness given your own circumstances.
Crypto: Bitcoin and other cryptocurrencies aren’t endorsed or guaranteed by any government, are volatile, and involve a high degree of risk. Consumer protection and securities laws don’t regulate cryptocurrencies to the same degree as traditional brokerage and investment products. Research and knowledge are essential prerequisites before engaging with any cryptocurrency. US regulators, including FINRA , the SEC , and the CFPB , have issued public advisories concerning digital asset risk. Cryptocurrency purchases should not be made with funds drawn from financial products including student loans, personal loans, mortgage refinancing, savings, retirement funds or traditional investments. Limitations apply to trading certain crypto assets and may not be available to residents of all states.
Investing in an Initial Public Offering (IPO) involves substantial risk, including the risk of loss. Further, there are a variety of risk factors to consider when investing in an IPO, including but not limited to, unproven management, significant debt, and lack of operating history. For a comprehensive discussion of these risks please refer to SoFi Securities’ IPO Risk Disclosure Statement. IPOs offered through SoFi Securities are not a recommendation and investors should carefully read the offering prospectus to determine whether an offering is consistent with their investment objectives, risk tolerance, and financial situation.

New offerings generally have high demand and there are a limited number of shares available for distribution to participants. Many customers may not be allocated shares and share allocations may be significantly smaller than the shares requested in the customer’s initial offer (Indication of Interest). For SoFi’s allocation procedures please refer to IPO Allocation Procedures.

Exchange Traded Funds (ETFs): Investors should carefully consider the information contained in the prospectus, which contains the Fund’s investment objectives, risks, charges, expenses, and other relevant information. You may obtain a prospectus from the Fund company’s website or by email customer service at [email protected] Please read the prospectus carefully prior to investing. Shares of ETFs must be bought and sold at market price, which can vary significantly from the Fund’s net asset value (NAV). Investment returns are subject to market volatility and shares may be worth more or less their original value when redeemed. The diversification of an ETF will not protect against loss. An ETF may not achieve its stated investment objective. Rebalancing and other activities within the fund may be subject to tax consequences.
Third-Party Brand Mentions: No brands, products, or companies mentioned are affiliated with SoFi, nor do they endorse or sponsor this article. Third-party trademarks referenced herein are property of their respective owners.


All your finances.
All in one app.

SoFi QR code, Download now, scan this with your phone’s camera

All your finances.
All in one app.

App Store rating

SoFi iOS App, Download on the App Store
SoFi Android App, Get it on Google Play

TLS 1.2 Encrypted
Equal Housing Lender