Know Your Customer or Know Your Client (KYC) refers to the due diligence that banks and other financial institutions must perform on customers before doing business with them. 

This process is usually required by governments to prevent instances of customer fraud. It also forms part of a bank’s anti-money laundering (AML) measures, which are taken continuously to prevent money laundering and other financial crimes.

These days though, KYC is vital for any business that operates online. This blog will discuss the steps that should be undertaken to ensure KYC, as well as the challenges that come with implementing such procedures.

Step 1: Customer Identification

The first step your business should undertake to know your customer is figuring out who they are

For customers who are individuals, this involves identifying the client and verifying their identity using reliable, independent source documents, data or information. These documents may include passports, driving licenses or other national identification.

For companies, you should identify their name, legal form, existence, and owners, and verify their identities.

You need to ensure that your potential client is not on any sanction lists, like OFAC or Interpol Lists, who pose a higher risk of fraud. 

Similarly, you want to know if this possible client is a Politically Exposed Person (PEP). These are individuals with prominent positions in a government body or international organisation. PEPs are targets for corruption and bribery attempts, which you need to be aware of before engaging in business with them. 

If there are any discrepancies that come up while verifying a customer’s verification you need to have risk-based systems and controls in place. Further information should be collected on the client if these discrepancies are discovered.

All of these identification procedures should be completed before any services are provided to the potential client.

know your customer

Step 2: Customer Due Diligence

This step involves collecting information about the client from trusted sources. You must determine the purpose, intended nature and key beneficiaries of the relationship.

Customer risk profiles should also be set up based on information such as the client’s identity, location and type of business. Customers should then be ranked by their risk level, with higher-risk customers requiring further due diligence. This will be discussed in the next step. 

Ongoing monitoring of the relationship should be undertaken to ensure that all activities are consistent with the collected information. This is also necessary to keep track of the higher risk customers, suspicious transactions, and changing customer profiles, among other factors.

Step 3: Enhanced Due Diligence

If the client is deemed to be high risk, enhanced due diligence may be required

Enhanced Due Diligence (EDD) involves doing extra checks on a customer’s identification, doing additional verification and collecting additional information. Information may include the source of the customer’s wealth and fund as well as past and future transactions. This can be found by requiring the potential client to provide inheritance, employment, investment, and bank documents as part of KYC. 

Clients who should be subject to EDD include those who are PEPs, have existing relationships with competitors, or anyone from a High Risk Third Country. Overall, EDD is more relevant to businesses within the financial sector. 

Challenges of Know Your Customer

While Know Your Customer is an effective method of fighting against client fraud, there are a number of challenges associated with it that must also be considered. These include:

  • High cost of performing checks on all potential clients
  • Excessive checks create friction during the customer journey
  • Checks aren’t always enough to prevent fraud
know your customer

High Cost of Performing Checks

There is a clear financial burden of Know Your Customer on operations and technology. Additionally, there exist indirect costs of KYC, such as the impact on productivity, customer acquisition and business growth.

To improve efficiency, businesses should build the collection and analysis as part of their existing processes. Key to this will be implementing some level of automation to handle high volumes of checks that employees will simply not have the time for.

For example, a computer can more easily and reliably cross reference a person’s identification documents compared to a worker manually checking all the documents for inconsistencies.

Polonious is a flexible workflow tool which integrates with a number of OSINT and verification sources including CarFax, Social Discovery, and TruePic. Polonious can build verification, Due Diligence, and Enhanced Due Diligence workflows with one click calls to data sources to enable easy research and verification. Additionally, where reports are required to regulators, Polonious allows for one-click report generation and even integration with reporting portals for one-click report submission.

Friction During the Customer Journey

Although Know Your Customer may be important to your company, potential clients will often view it as an obstacle to doing business. Companies must find the right balance between reducing friction during the customer journey and implementing effective protocols for screening these clients.

To do this, your business should let potential clients input as little information as possible. Your fraud detection tools can then do the rest of the work behind the scenes to finish off the KYC. A variety of technologies are available to achieve this, such as:

  • Device Fingerprinting which collects information based on both the hardware and software they used to connect to your site
  • Data Enrichment which takes a single email address or phone number and gleans deep insights into the quality of the user
  • Social Media Lookup used to confirm the online presence of the user

Checks Aren’t Always Enough

While Know Your Customer definitely has its role to play in fraud prevention, it is not the only weapon your company should have in the arsenal.

Staff training is one of the first steps your company should consider. A company with untrained staff will lead to a dysfunctional workplace culture, fraud activities going unnoticed, and fraudsters feeling more confident that they will not be identified and reported. Staff should therefore be appropriately trained in accounts payable and store function to identify and report any suspicious behaviour.

Another step that should be undertaken is establishing guidelines between your company and the people you do business with. Having strong guidelines in place will ensure that all parties are aware of their responsibilities and the penalties for deviating from these responsibilities, acting as a deterrent for fraudulent behaviour.

Audits should also be conducted regularly to reduce instances of client fraud. This measure will detect any suspicious transactions that can be further investigated in the future.


While knowing your customer procedures may often be viewed as an administrative burden to meet regulatory requirements, there are a number of benefits beyond ticking a legal checklist. A KYC program can filter out junk users, acquire valuable user data, and help flag fraudsters automatically. Although more prevalent in the financial services industry, KYC still has its place within any business that has an online presence.