Know Your Customer (KYC) program

Description

A KYC program is the customer-onboarding workflow that establishes who a customer actually is, calibrated to the risk that customer presents to the regulated activity in question. The architecture has settled across regimes: identity collection (legal name, date of birth, address, government identifier), document verification (a government-issued ID checked for authenticity through the document-verification vendor of choice), liveness or selfie-match to bind the document to the human presenting it, sanctions and PEP screening at onboarding and on a recurring cadence thereafter, and a customer-risk rating that determines whether enhanced due diligence applies (more documentation, more frequent review, sometimes a senior-management approval gate). The regulatory anchors vary: in the US, the Bank Secrecy Act and FinCEN's customer-due-diligence rule; in the EU, the AML Directive series (currently AMLD6) and the AML Regulation due to apply from 2027; in the UK, the Money Laundering Regulations 2017. What the regulators evaluate after the fact is rarely the technology of the verification step, which has become commoditized; it is the risk model that decided which customers got which level of scrutiny, and whether that model was calibrated to the actual customer base rather than to the marketing pitch about who the customer base would be.

Applicability

Applies when: sector is fintech.

How predicates are evaluated

Required by (4 regulations)

• US MTL

  BSA Customer Identification Program (31 CFR §1022.220) + 2018 CDD Rule beneficial-ownership identification (31 CFR §1010.230); risk-based EDD for higher-risk customers; NY DFS Part 200 + CA DFAL augment for virtual-currency.

  Bank Secrecy Act, 31 U.S.C. §§5311-5336; 31 CFR Chapter X; per-state Money Transmitter Acts

• EU EMD2

  EU customer due diligence under 2024 AML Regulation Articles 16-18; beneficial-ownership identification with central register access; ongoing monitoring; PEP screening.

  Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009

• EU MiCA

  MiCA + EU AML framework CDD on CASP onboarding; Travel Rule originator/beneficiary information for crypto-asset transfers (Regulation 2023/1113).

  Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023

• UK FCA Payments

  MLRs 2017 Regulations 27-28 customer due diligence; risk-based EDD for higher-risk customers; JMLSG Guidance practitioner-grade reference; FCA Connect onboarding evidence.

  Payment Services Regulations 2017 (SI 2017/752); Electronic Money Regulations 2011 (SI 2011/99); FCA Handbook

Fulfilled by (5)

• sumsub · full · low effort · $$
• persona · full · low effort · $$
• jumio · full · medium effort · $$$
• onfido · full · medium effort · $$$
• veriff · full · low effort · $$

ClearLaunch does not accept payment from vendors. Methodology.

Evidence formats

• KYC verification logs
• document-authenticity checks
• EDD memos for high-risk customers