What Is Know Your Customer (KYC) for Financial Institutions?

By Brian Nibley · August 15, 2023 · 8 minute read

We’re here to help! First and foremost, SoFi Learn strives to be a beneficial resource to you as you navigate your financial journey. Read more We develop content that covers a variety of financial topics. Sometimes, that content may include information about products, features, or services that SoFi does not provide. We aim to break down complicated concepts, loop you in on the latest trends, and keep you up-to-date on the stuff you can use to help get your money right. Read less

What Is Know Your Customer (KYC) for Financial Institutions?

There are banking regulations in place that are known as KYC. The definition of KYC is “know your customer,” and these rules provide guidelines for financial institutions to know more about their customers.

This isn’t just a matter of curiosity but of national security and crime prevention. Banks need to protect themselves from unwittingly participating in illicit activities.

If a criminal uses a bank for illicit purposes, such as money laundering money, the financial institution could be held accountable. It’s the bank’s responsibility to always know who their customers are. That way, they can help avoid being involved in criminal activity.

KYC plays an important role in financial institutions maintaining accurate information about their clients. KYC procedures and anti-money laundering (AML) laws can work together to minimize risk. Read on to learn more about know your customer regulations.

3 Components of KYC

There are three main parts of a KYC compliance framework: customer identification, customer due diligence, and enhanced due diligence. Each phase of the process of this kind of financial regulation gets more intensive according to the estimated risk that the potential client might pose.

Customer Identification Program (CIP)

The first of the three main KYC requirements is to identify a customer. (Incidentally, some people refer to KYC as know your client vs. know your customer.)

Organizations must verify that a potential customer’s ID is valid, real, and doesn’t contain any inconsistencies. The person must also not be on any Office of Foreign Assets Control (OFAC) sanctions lists.

An organization also needs to know if their prospective customer is “politically exposed.” A politically exposed person (PEP), such as a public figure, is thought to be more susceptible to corruption than the average individual, and is therefore considered high-risk, requiring special attention.

As part of their AML/KYC compliance program, all financial institutions are required to keep records of their Customer Identification Program (CIP) as mandated by the Financial Crimes Enforcement Network (FinCEN).

FinCEN works under the guidance of the department of Treasury and is charged with guarding the financial system against illicit activity and money laundering.

The following information will satisfy the minimum KYC requirements for a Customer Identification Program:

•   Customer name (or name of business)

•   Address

•   Date of birth (not required for businesses)

•   Identification number

For individuals, the customer’s residential address must be validated. US Postal Office boxes are not accepted. Individuals with no physical residential address can use an Army Post Office box (APO), Fleet Post Office Box (FPO), or the residential or business street address of their next of kin.

For business banking customers, the address provided for know your customer laws can be the principal place of business, a local office, or another physical location utilized by the business.

The ID number for most individuals will be their social security number or Taxpayer Identification Number (TIN).

For business entities, the number will usually be their Employer Identification number (EIN). Foreign businesses without ID numbers can be verified by alternative government-issued documents.

Recommended: Opening a Bank Account While Living in a Foreign Country

Customer Due Diligence (CDD)

Due diligence includes:

•   Collecting all relevant information on a customer from trusted sources

•   Determining what the customer will be using financial services for

•   Maintaining ongoing surveillance of the situation to further verify that customer activity remains in line with recorded customer information.

The goal of this phase of the know your customer process is to assess the risks a potential customer might pose and assign them to one of three categories — low-, medium-, or high-risk.

Several variables — including the customer’s expected cash transactions, the type of business, source of income, and location — will help determine the customer’s risk level.

Other categories for assessing risk include the customer’s business industry, whether they use a foreign or domestic account, and their past financial history. The customer is also screened against politically exposed persons (PEP) and Office of Foreign Assets Control’s (OFAC) sanctions lists.

Enhanced Due Diligence (EDD)

Enhanced due diligence (EDD) involves increased monitoring of customers deemed to be high-risk. This may include customers from high-risk third countries, those with political exposure, or those that have existing relationships with financial competitors.

Conducting enhanced due diligence on high-risk business entities requires identifying all beneficiaries of those entities when they open an account. Customers that are legal entities are those that have had legal documentation filed with a Secretary of State or other state office, and include:

•   Limited liability companies (LLC)

•   Corporations

•   Business trusts

•   General partnerships

•   Limited partnerships

•   Any other entity created via filing with a state office or formed under the laws of a jurisdiction outside of the US

On May 11, 2018, a new AML/KYC requirement came into effect. This change to KYC laws states that all banking and non-banking firms subject to the Bank Secrecy Act (BSA) must verify the identity of beneficiaries of legal entity customers when they open an account.

Firms must also develop risk profiles and continually monitor these customers. This must be done regardless of what risk category the customer falls into.

Due diligence is an ongoing process and requires financial institutions to constantly update customer profiles and monitor account activity.

💡 Quick Tip: Did you know online banking can help you get paid sooner? Feel the magic of payday up to two days earlier when you set up direct deposit with SoFi.

5 Key Steps Involved in Know Your Customer?

There are five main steps of complying with the know your customer rule, which is part of how banks are regulated. These include:

1. Customer Identification Program (CIP)

As mentioned above, the first step is to ensure that a prospective client’s ID is valid, real, and consistent. The address and other details must be checked. The applicant must be screened to be sure they are not on any OFAC sanctions list and their PEP status must be investigated.

2. Customer Due Diligence (CDD)

The next step of due diligence involves researching and vetting the customer’s intentions regarding the financial services they are seeking.

3. Enhanced Due Diligence (EDD)

Further scrutiny may determine that some applicants are considered risky. If the customer is deemed high-risk, additional ongoing screening is required to make sure activity doesn’t cross any lines.

4. Account Opening

If verification is successful and a client is eligible, the customer can open a bank account, with some clients requiring closer monitoring than others.

5. Annual Review

Once an account is opened, the institution will conduct an annual review of their activity. The higher the risk category a customer falls into, the more often their activities will be reviewed.

💡 Quick Tip: Want a new checking account that offers more access to your money? With 55,000+ ATMs in the Allpoint network, you can get cash when and where you choose.

4 Key Elements of a KYC Policy?

KYC compliance involves four key elements. When gathering KYC information, organizations must:

1. Identify Their Customers

In this step, the financial institution will gather information about the customer’s identity.

2. Verify That the Customer’s ID Is True and Valid

The identification documents will be checked against independent sources to make sure identity theft isn’t occurring

3. Understand Their Customer’s Source of Funding and Activities

In this step, a review of the customer’s activities and background can shed light on how likely it is that the client would do reputational damage or could commit crimes that involve money laundering or the financing of terrorism.

4. Monitor the Activities of Their Customers

Monitoring of customer activities is an ongoing process, particularly for high-risk clients. Most firms review clients based on their level of risk.

Low-risk clients might only be reviewed once every two or three years, moderate-risk clients every one to two years, while high-risk clients tend to be reviewed once a year or even once every six months.

Recommended: Guide to Keeping Your Bank Account Safe Online

Why Does KYC Matter?

KYC procedures matter because they are an important screening step. Their implementation can help verify customers and assess and minimize risk.

The KYC process provides guardrails and can help protect against such crimes as money laundering, terrorism funding, and other illegal activities.

Is KYC Successful?

KYC programs are seen as improving a financial institution’s reputation and integrity, though it can add a layer to a prospective client’s application process and banking life.

As the banking landscape evolves quickly with technological advances, banks are finding new ways to track customers and comply with protective KYC and other guidelines. For instance, artificial intelligence (AI) may be able to perform some of these functions.


KYC and AML are both ways that financial institutions comply with regulations designed to inhibit terrorism financing and money laundering.

•   AML is the more general practice of an institution seeking to identify and stop such activity.

•   KYC is one aspect of AML, focusing on customer identification and verification.

AML and KYC Similarities AML and KYC Differences
Designed to inhibit money laundering, including terrorism financing Focuses on customer identification
Both are implemented by financial institutions to comply with government guidelines KYC represents one aspect of larger AML procedures

The Takeaway

KYC, or know your customer, is a regulation that helps financial institutions prevent fraud by their customers. KYC involves constant check-ups and ongoing measures to ensure customer information and account profiles are kept up-to-date.

Wherever you decide to bank, know that teams are likely to be at work, ensuring compliance with KYC regulations.

Interested in opening an online bank account? When you sign up for a SoFi Checking and Savings account with direct deposit, you’ll get a competitive annual percentage yield (APY), pay zero account fees, and enjoy an array of rewards, such as access to the Allpoint Network of 55,000+ fee-free ATMs globally. Qualifying accounts can even access their paycheck up to two days early.

Better banking is here with SoFi, NerdWallet’s 2024 winner for Best Checking Account Overall. Enjoy up to 4.60% APY on SoFi Checking and Savings.


What is a KYC procedure in banking?

KYC procedures in banking are regulations that involve a financial institution verifying potential clients’ identities and backgrounds and monitoring their activity if they become customers. This can be a part of the bank ensuring that it’s not being used in criminal activity such as money laundering.

Do all banks require KYC?

Yes. FinCen, or the US Financial Crimes Enforcement Network, requires financial institutions and their customers to adhere to KYC regulations.

Why is KYC mandatory in banks?

KYC is an important measure as banks work to know their customers and make sure accounts are not being used for illegal purposes. KYC regulations are one way that the government seeks to prevent money laundering and terrorism financing.

Photo credit: iStock/Andrii Yalanskyi

SoFi® Checking and Savings is offered through SoFi Bank, N.A. ©2023 SoFi Bank, N.A. All rights reserved. Member FDIC. Equal Housing Lender.
The SoFi Bank Debit Mastercard® is issued by SoFi Bank, N.A., pursuant to license by Mastercard International Incorporated and can be used everywhere Mastercard is accepted. Mastercard is a registered trademark, and the circles design is a trademark of Mastercard International Incorporated.

SoFi members with direct deposit activity can earn 4.60% annual percentage yield (APY) on savings balances (including Vaults) and 0.50% APY on checking balances. Direct Deposit means a deposit to an account holder’s SoFi Checking or Savings account, including payroll, pension, or government payments (e.g., Social Security), made by the account holder’s employer, payroll or benefits provider or government agency (“Direct Deposit”) via the Automated Clearing House (“ACH”) Network during a 30-day Evaluation Period (as defined below). Deposits that are not from an employer or government agency, including but not limited to check deposits, peer-to-peer transfers (e.g., transfers from PayPal, Venmo, etc.), merchant transactions (e.g., transactions from PayPal, Stripe, Square, etc.), and bank ACH funds transfers and wire transfers from external accounts, do not constitute Direct Deposit activity. There is no minimum Direct Deposit amount required to qualify for the stated interest rate.

SoFi members with Qualifying Deposits can earn 4.60% APY on savings balances (including Vaults) and 0.50% APY on checking balances. Qualifying Deposits means one or more deposits that, in the aggregate, are equal to or greater than $5,000 to an account holder’s SoFi Checking and Savings account (“Qualifying Deposits”) during a 30-day Evaluation Period (as defined below). Qualifying Deposits only include those deposits from the following eligible sources: (i) ACH transfers, (ii) inbound wire transfers, (iii) peer-to-peer transfers (i.e., external transfers from PayPal, Venmo, etc. and internal peer-to-peer transfers from a SoFi account belonging to another account holder), (iv) check deposits, (v) instant funding to your SoFi Bank Debit Card, (vi) push payments to your SoFi Bank Debit Card, and (vii) cash deposits. Qualifying Deposits do not include: (i) transfers between an account holder’s Checking account, Savings account, and/or Vaults; (ii) interest payments; (iii) bonuses issued by SoFi Bank or its affiliates; or (iv) credits, reversals, and refunds from SoFi Bank, N.A. (“SoFi Bank”) or from a merchant.

SoFi Bank shall, in its sole discretion, assess each account holder’s Direct Deposit activity and Qualifying Deposits throughout each 30-Day Evaluation Period to determine the applicability of rates and may request additional documentation for verification of eligibility. The 30-Day Evaluation Period refers to the “Start Date” and “End Date” set forth on the APY Details page of your account, which comprises a period of 30 calendar days (the “30-Day Evaluation Period”). You can access the APY Details page at any time by logging into your SoFi account on the SoFi mobile app or SoFi website and selecting either (i) Banking > Savings > Current APY or (ii) Banking > Checking > Current APY. Upon receiving a Direct Deposit or $5,000 in Qualifying Deposits to your account, you will begin earning 4.60% APY on savings balances (including Vaults) and 0.50% on checking balances on or before the following calendar day. You will continue to earn these APYs for (i) the remainder of the current 30-Day Evaluation Period and through the end of the subsequent 30-Day Evaluation Period and (ii) any following 30-day Evaluation Periods during which SoFi Bank determines you to have Direct Deposit activity or $5,000 in Qualifying Deposits without interruption.

SoFi Bank reserves the right to grant a grace period to account holders following a change in Direct Deposit activity or Qualifying Deposits activity before adjusting rates. If SoFi Bank grants you a grace period, the dates for such grace period will be reflected on the APY Details page of your account. If SoFi Bank determines that you did not have Direct Deposit activity or $5,000 in Qualifying Deposits during the current 30-day Evaluation Period and, if applicable, the grace period, then you will begin earning the rates earned by account holders without either Direct Deposit or Qualifying Deposits until you have Direct Deposit activity or $5,000 in Qualifying Deposits in a subsequent 30-Day Evaluation Period. For the avoidance of doubt, an account holder with both Direct Deposit activity and Qualifying Deposits will earn the rates earned by account holders with Direct Deposit.

Members without either Direct Deposit activity or Qualifying Deposits, as determined by SoFi Bank, during a 30-Day Evaluation Period and, if applicable, the grace period, will earn 1.20% APY on savings balances (including Vaults) and 0.50% APY on checking balances.

Interest rates are variable and subject to change at any time. These rates are current as of 10/24/2023. There is no minimum balance requirement. Additional information can be found at https://www.sofi.com/legal/banking-rate-sheet.

Financial Tips & Strategies: The tips provided on this website are of a general nature and do not take into account your specific objectives, financial situation, and needs. You should always consider their appropriateness given your own circumstances.


All your finances.
All in one app.

SoFi QR code, Download now, scan this with your phone’s camera

All your finances.
All in one app.

App Store rating

SoFi iOS App, Download on the App Store
SoFi Android App, Get it on Google Play

TLS 1.2 Encrypted
Equal Housing Lender