The complete guide to KYC

October 26, 2021 by Alex Delivet
The complete guide to KYC

KYC is a common topic that we all seem to have heard about but not many of us fully understood it.

It sounds so technical that we thought it’s best left with the experts.

However, the lines are blurring now. It doesn’t matter whether you’re in the financial industry or not; lots of businesses now need to follow KYC procedures.

Taking your KYC process seriously can help you to avoid any unwanted pitfalls later on.

That’s why we have put together a complete guide on KYC so that you don’t need to spend days trying to understand what KYC is and how it affects you and your business.

To lighten things up, we’ll throw in some humor along the way or maybe some of our shameless plug about Collect so that you can have some fun while roasting us.

(No need to be awed, we’re just like that.)

This guide is SUPER long, so we took the liberty to make a PDF version of this so you can read it later on.


Before we deep dive into what’s KYC,

Let’s start with AML, shall we?

Now, you might be wondering why we are discussing AML when all you want to know about is KYC.

We get it. You’re worried that this will be another article filled with all the compliance jargon that you detest.

Fret not; we promise this article will not be your usual guide that lays out the textbook definition of KYC and calls it a day.

So, read till the end; even if you’re an expert on the topic, we might have something more to add to what you already know.

What is AML?

AML stands for Anti-Money Laundering.

You could guess from the acronym itself that AML is a set of laws, regulations and procedures intended to prevent money laundering.

Meanwhile, money laundering can be defined as the process of making money obtained from illegal activities such as drug trafficking appear to have come in from a proper and legitimate source.

The legal definition for money laundering might vary from a country and its regulatory bodies to another.

However, it all stems from two essential elements.

  • Funds or assets that are obtained illegally
  • The source of funds or assets are intentionally hidden

Now that we got the definition right let’s have a look at how money laundering works in the first place.

Spoiler alert: It’s not done like this 👇

Money Laundering
Credits Things in square

How is money laundering done?

Note that there isn’t a specific method to launder money.

Increasingly strict financial regulations and complex financial transactions have pushed criminals to be more “creative” in laundering their dirty money.

You’ll see how “creative” and resourceful they could be in a while.

There might not be a specific way to launder money, but typically it involves the following three key steps.

  1. Placement

    As the name suggests, this is the stage where illegal money makes its initial entry into the financial system.

    It can be done via simple cash deposits or any other types of transactions such as purchasing luxury goods and reselling them for paid checks.

  2. Layering

    Now that the illegal money has entered the financial system, it’s time to hide their source and original owner through many techniques.

    It includes using multiple bank accounts, setting up shell companies and hiring professionals to act as intermediaries.

  3. Integration

    What good is it to launder money if you can’t enjoy it?

    Well, that pretty much sums up the last stage in money laundering-criminals now can withdraw the money from a legitimate account and use it for any purpose they want.

    It can be done in many ways, but many of them will choose to purchase luxury goods such as valuable artworks and luxury cars to stay low-key.


Finally, we’re answering the question you have been dying to ask,


As we have covered earlier, AML is a set of rules and regulations designed to prevent money laundering.

Knowing Your Customer (KYC) is a part of the bigger and more complex AML procedure.

Both should not be confused and mixed, especially if you’re a financial institution or industry legally obliged to comply with AML compliance.

Taking either one lightly can result in hefty fines that can cost you not only financial losses but also reputation loss.

What is KYC?

To be exact, KYC refers to the process of verifying the identity of a customer before or while working together with you and performing the required due diligence to assess the risk they pose in terms of illegal activities or financial crimes.

In layman terms, the KYC process makes sure your customers are who they claim to be.

How important is it to be KYC compliant

  1. It prevents financial losses.

    It can’t be helped that there are a lot of scammers out there.

    They don’t just target individuals but businesses also.

    A proper KYC check can help you to weed them out from the beginning itself.

    Not to mention, with proper KYC compliance being implemented, you can avoid those significant fines that most financial institutions get these days for not conducting adequate KYC.

  2. Protects your business reputation

    Being KYC compliant helps you weed out scammers and money launderers earlier on, but it also prevents the reputational loss that can cost you both new and old customers.

    Furthermore, having a proper KYC process set up in the first place provides a good impression and trust on you for your customer as you’re showing that you’re serious about business and take compliance seriously.

Who should be KYC compliant?

Since the regulations are getting stricter and broader, traditionally non-regulated industries also are required to be KYC compliant.

But there are no exceptions when it comes to the following industry.

  • KYC in Banking

    Banks often make loans, so they need to ensure the borrower is the one they claim to be.

    It is a crucial part of the KYC process, as there are a lot of fraudsters who can open real bank accounts using stolen IDs or documents of a real person.

    Often, these identity theft victims are made to pay or sued to pay up instead; as per the system ,they are the ones who had obtained the loan.

    That’s why banks are strictly mandated to be compliant.

  • KYC in FinTech

    Like banks FinTech is legally and technically bound to be compliant as they handle both finances and sensitive data of people.

    In addition to that, the risks are much higher for them than a traditional “brick and mortar” bank as they don’t meet their customers physically.

    It can’t be helped that they’re fraudsters’ favorite to scam people.

    Why are we sure about this?

    You see, there’s a common fraud in Europe where fake properties would be up for rentals.

    Most of the time, the fraudsters would put up an image of real property on websites for a non-existent property.

    Later, they dupe the victims to wire the upfront fee to their online accounts, which are also opened with a false identity in an online bank.

    The money could be transferred to another account before the scam was identified, depending on the bank’s reactivity.

    This could seriously hurt the reputation of fintech, especially if they’re emerging.

    That is why it is more important than ever for fintech’s to be KYC compliant, as not only fake property scams make use of fintech, but there are also other types of scams that they need to protect their business from.

Keys to successful KYC Compliance Framework

1. Customer Identification Procedure (CIP)

CIP is the initial step that needs to be done to prevent money laundering and any other criminal activities in the KYC process.

This is where banks and businesses that are legally compliant with AML regulations need to collect information such as name, address, date of birth, and identification number of a potential client.

Then, the available information needs to be verified, especially by comparing the potential client against the Sanction Lists.

This is crucial, as you don’t want your business to be used as a means to fund illegal activities or terrorism.

Also, CIP needs to be done in such a way that if your potential client is deemed as PEP (Politically Exposed Person), you are made aware. As PEP’s are more likely to be subjected to corruption.

Now don’t be intimidated by the term PEP.

A politically exposed person (PEP) refers to either politicians or someone who holds an important role in the government.

If you find that a person is politically exposed, apply enhanced due diligence measures on them.

Other than that, make sure you obtain your senior management approval and use the appropriate measures to confirm the source of wealth and funds before onboarding them as the new client.

Remember to conduct continuous monitoring as the person has a high risk of laundering money.

2. Customer Due Diligence (CDD)

Customer Due Diligence is the process that begins right after CIP.

At this stage, a detailed analysis will be done from an AML risk perspective to determine the next steps.

Simply to say, CDD is the most critical part of your KYC compliance. It helps you to manage the risks and protect your businesses from fraudsters.

That sound’s complex?

Let us simplify it for you.

There are three levels of Customer Due Diligence,

  1. Simplified Due Diligence

    This is the lowest level of customer diligence that needs to be conducted.

    Usually, this type of diligence is carried out when your services or your customers have little possibility to be involved in money laundering or terror financing.

  2. Standard Due Diligence

    This level of diligence is reserved for services and customers who pose a medium level risk of being manipulated and involved in illegal money laundering.

    This level of due diligence might not be reserved for a high-ranking officer, but it can be for a government employee who can be involved in bribery.

  3. Enhanced Due Diligence

    This level of due diligence is a must for a person who has the high risk of being involved in money laundering activities.

    Usually, this level of due diligence will be implemented only if certain red flags are found.

    Common red flags that trigger EDD would be a politically exposed person or someone with a high and unusual amount of transactions, especially between high-risk countries.

To put this in context,let’s take the bank as an example.

After Customer Identification Procedures are implemented, the bank has identified their two potential customers as ordinary employees and another one as a high-ranking judge.

In this case, the employee can be classified as low risk as they have the lowest potential to be involved in any illegal activities.

So they only need to undergo Simplified Due Diligence to be onboarded and will be continuously monitored for any triggering event that requires further diligence to be implemented.

However,that’s not the case for the high-ranking judge.

As you can see for yourself, the judge has a high risk of being involved in bribery.

Hence, Enhanced Due Diligence is required to track if the judge is laundering money which would be bribe money in most cases.

3. Ongoing monitoring

Being KYC compliant is not a one-day affair as money laundering techniques are becoming more sophisticated.

In most cases, many managed to pass through the initial KYC procedures and only can be later detected with continuous monitoring.

Ongoing monitoring includes periodic review and verification of customers’ identities and detecting any red flags that indicate the possibility of money laundering.

Continuous monitoring can be done in many ways and is not limited to

  • Detecting suspicious transactions where usually there are unnatural spikes in activities
  • Maintaining up-to-date client identification and businesses nature records
  • Making sure that your clients whom you once considered low risk is not politically exposed person or sanctioned after doing business with you

A good example in practice would be Stripe’s KYC/KYB process.

Seriously, opening an account in Stripe requires nearly no documents.

The catch here is you won’t be able to process any payments; all you can do would be experimenting and playing with their APIs in “sandbox mode”.

Basically, you’re just testing out the features in a simulated environment.

Once you’re ready to start collecting payment with Stripe, you’ll need to activate your account.

At this point, the requirements should still be pretty low.

However, when the amount of payment starts being significant, you can expect to submit more documents.

How to choose the right KYC process for your business?

The right KYC process can differ from business to business depending on the needs and the types of services offered.

Don’t let that dampen your effort to implement your KYC process.

Here’s our pro tip for choosing the right KYC process:

  1. Make sure you make it easy for your clients to be verified

    In this case, a selfie-based ID verification tool would suffice.

    All your clients need to do is make sure that the selfie frame covers their face, and their face in their ID card should be an updated version.

  2. Avoid being tricked by fraudsters with the right tools for verification As we all know, identity theft is prevalent right now.

    To better protect your business and the victims, use video-based id verification as part of your KYC process.

    It will take your compliance to the next level; video-based id verification helps you avoid schemers and criminals who have managed to use AI and other technology to bypass selfie-based ID verification.

    Video-based ID verification provides an extra level of security with liveliness and the movement of your face, alongside the ability to detect deep fakes used to create fake videos.

But the downside of these solutions are,

  1. They are expensive

    Let’s face it, a KYC solution made from scratch sounds good on paper, but it’s costly to implement.

    You need to hire developers and a team of other professionals that provides ongoing support and maintenance for the KYC tool.

    This isn’t good for your cash flow, especially if you’re a business that’s just starting.

  2. They take a longer time to be implemented

    Integrating an e verification tool into your workflow and KYC process cannot be done immediately.

    It’ll take at least months to see some progress.

    So, the longer it takes to be implemented, the longer your clients have to wait.

    It increases your churn rate as nobody would want to take their time to get verified to buy something or get a service they want.

How Collect can help you with KYC

Collect helps businesses onboard their customers with a secure and easy-to-use client portal.

But the solution is also used by lots of Fintech and startups to run their KYC processes.

Without our solution, you could either:

  • collect the document manually by asking them to email you all the documents or post them to you. But is it feasible if you have more than 100 clients that need to be verified? Moreover, is email secured enough to contain the sensitive data you are collecting?

  • build your own system. But in a period when developers are rare to find, you should probably allocate your resource differently.

  • buy an automated solution. As seen previously, they are fantastic, but… it will take you weeks or months to implement, and you will probably burn a 5 to 6 digits budget before you can even start using it.

Here’s where Collect can help you.

Collect helps you to collect all the documents in a single place and secured environment no matter how many accounts you have to verify.

Here at Collect, we take security and compliance very seriously; that is why our client portal that onboards users and collects forms uses bank-grade security standards and is, of course, GDPR compliant.

Not only that, to help you become more compliant, each of your past and present requests to your clients are tracked with a complete and detailed audit trail.

Collect also makes it easy for your customers as the upload process is relatively simple, and users are guided through each step in a breeze according to your customization.

You also don’t have to worry about going back and forth endlessly to get all the right documents, as you can clearly specify your requirements for each of the documents you have requested.

Even if your clients have uploaded the wrong documents or forget to upload them, you can simply alert them via emails or SMS.

This way, you can accelerate the “Time to value” for your customer and reduce your churn rate resulting from a nasty and complex onboarding process.

Save (a lot of) time without a single line of code involved

We have seen many customers complaining that their KYC process was too long; and took ages to be onboarded.

Most of the time, this is due to the lack of automation in the workflow, not to manual checks.

With Collec, you can automate your KYC verification process and save a lot of time:

  • Connect Collect to other tools via Zapier or a native integration to send requests automatically
  • Reminders by email and text will be done automatically and stopped automatically once the KYC is filled
  • The possible back-and-forths are facilitated by advanced features integrated into the product
  • Exports help you store the documents and data easily

And if you want to go one step further, we also have an API 🤓

Collect is affordable too

Having Collect as part of your KYC process means that you don’t have to worry about spending a ton of money on setup fees or being overcharged.

You can upgrade your plan whenever you’re ready to scale.

Wow, enterprise-grade security and GDPR compliant client portal only from $79 per month!

Now that’s a steal!



Want to try Collect to do your KYC? 👉 Start your 7-day free trial, no credit card required.



Alex Delivet
Founder @ Collect
SHARE