Know Your Customer
Know Your Customer (KYC) is the regulatory obligation requiring financial institutions to verify the identity of their clients, understand the nature of customers' financial activities, and assess the risk of illegal activity before and during a banking relationship.
KYC is a foundational element of AML compliance and is mandated under FinCEN's Customer Identification Program (CIP) rules, which were significantly strengthened by the USA PATRIOT Act of 2001 and the Customer Due Diligence (CDD) Final Rule finalized in 2018. The CDD Rule extended KYC obligations to include the identification and verification of beneficial owners — the natural persons who own 25% or more of a legal entity customer or who control the entity.
KYC programs typically operate at three tiers of scrutiny based on assessed risk. Standard due diligence applies to ordinary retail customers — collecting name, address, date of birth, and government ID number at account opening and screening against OFAC sanctions lists and law enforcement watchlists. Enhanced due diligence (EDD) is required for higher-risk customers, including politically exposed persons (PEPs), non-resident aliens, correspondent bank accounts, and businesses in high-risk industries such as money services, cannabis, and cryptocurrency. Simplified due diligence may apply for very low-risk products.
The ongoing KYC obligation — sometimes called Customer Due Diligence — requires banks to monitor customer activity over time for transactions inconsistent with the customer's stated business and risk profile. When monitoring flags anomalies, compliance staff must investigate and, if warranted, file a Suspicious Activity Report (SAR) with FinCEN. Banks cannot alert customers when a SAR is filed — this anti-tipping-off requirement is a specific statutory prohibition.
KYC failures — allowing customers to open accounts without proper verification or failing to identify high-risk clients — have resulted in major regulatory sanctions. The Corporate Transparency Act of 2021, implemented through FinCEN's Beneficial Ownership Information reporting rule, extended related obligations beyond banks to the companies themselves, requiring most U.S. companies to report their beneficial owners directly to FinCEN.
For compliance officers and risk managers at financial institutions, KYC is the cornerstone of the client onboarding process and a continuous operational responsibility throughout the customer relationship.