Know Your Customer: Who Are You Really Doing Business With?

Take a step back and think about this: How well do you really know your customers? If you’re in a business that involves money, such as a bank or insurance agency, it can pay off to do your due diligence when it comes to your customers.

The process of knowing your customer and verifying your client’s identity has become a common practice among many small businesses. To avoid taking on risky or sheisty customers, learn how to know your customer.

What is know your customer?

Know your customer or client (KYC) is a process where a company researches and verifies a customer’s identity before doing business with them. KYC allows you to access the potential risks of a business relationship.

KYC procedures are critical to helping you analyze and monitor risky customers. And, KYC is a legal requirement to comply with anti-money laundering (AML) laws.

Companies of all sizes can reap the benefits of knowing their customers. KYC allows you to find out details about your customers and avoid doing business with untrustworthy or illegal companies.

KYC can help ensure you don’t do business with companies that are involved with:

  • Corruption
  • Bribery
  • Fraud
  • Money laundering
  • Illegal financing or activities (e.g., funding terrorism)

KYC can also help you find out if your customer is reliable when it comes to finances. You can check to see if clients have any tax liens on their business or bankruptcy issues.

KYC laws

The idea of knowing your customers has come a long way. And as technology and risks evolve, so do laws pertaining to knowing your client. Below are a few laws that helped bring the KYC process to life.

Bank Secrecy Act

In 1970, U.S. Congress passed the Bank Secrecy Act. The BSA is an amendment to the Federal Deposit Insurance Act. The BSA requires banks to file five types of reports with the Financial Crimes Enforcement Network and Treasury Department:

  • Currency Transaction Report (CTR) for cash transactions that exceed $10,000 in one business day
  • Suspicious Activity Reports (SAR) for cash transactions where it looks like a customer is not following BSA reporting requirements
  • Foreign Bank Account Report (FBAR) must be filed by any U.S. citizen or resident that owns a foreign bank account with at least $10,000
  • Monetary Instrument Log (MIL) is for banks to keep a record of all cash purchases (e.g., money orders, cashier’s checks, traveler’s checks) valued between $3,000 and $10,000
  • Currency and Monetary Instrument Report (CMIR) is used to report a person or institution that physically transports monetary instruments in excess of $10,000 into or outside of the U.S.

U.S. Patriot Act

The U.S. Patriot Act of 2001 introduced KYC regulations and made KYC mandatory for all banks in the United States. The Patriot Act helped kickstart KYC requirements and develop them into what they are today.

The act also requires financial institutions to comply with stricter KYC rules, including the Customer Identification Program (CIP) and Customer Due Diligence (CDD).


The CIP was developed to help limit money laundering, terrorism funding, corruption, and other illegal activities. The main goal of the CIP is for you to verify your customers are who they say they are.

The CIP requires that any individual conducting a financial transaction have their identity verified. Financial institutions use CIP to identify individuals wishing to conduct transactions with them.

Although CIP helps guide businesses on pinpointing risky clients, it’s up to each business to determine the level of risk. For a successful CIP, complete a risk analysis of your customer.


The Patriot Act requires banks or businesses to file a suspicious activity report if it notices illegal or unusual activity. But without knowing its customers, businesses are not able to meet this requirement. To meet KYC rules, CDD comes into play.

CDD is an important element in managing risks and protecting you and your business. With CDD, you must identify and understand your customers’ activities. Then, you can use the information you find to assess how risky they are to your business.

Customer due diligence can be broken down into a couple of different categories:

  • Simplified Due Diligence (SDD)
  • Enhanced Due Diligence (EDD)

SDD is used in situations where risk is very low and full CDD is not necessary. For example, you might do SDD for a customer who has accounts with lower values.

EDD is when you collect additional CDD information about a customer. Typically, you will do EDD for higher-risk clients to get a deeper understanding of their business activity.

Financial Crimes Enforcement Network

Since 2016, the Financial Crimes Enforcement Network, or FinCEN rule, requires all banks to collect the name, birth date, address, and Social Security number of individuals who own 25% or more of an equity interest in a legal entity. Sole proprietorships or unincorporated associations are not included.

KYC process

Although each company is different, the KYC process is similar for any business that wants to know their customer. Ready to know your client? Follow the steps below.

1. Have customer fill out a KYC form

When you begin discussing business with a potential customer, be straightforward about your KYC policy.

Some businesses opt to have potential clients fill out a KYC form to get to know their customers better. This form usually includes the customer’s:

  • Name
  • Title (e.g., owner)
  • Address
  • Phone number
  • Email address
  • Social Security number
  • Proof of identity (e.g., passport, driver’s license)
  • Signature
  • Date

Businesses might also use an electronic know your customer form to gather KYC documents. You can use an electronic identity verification (e.g., Lexis Nexis) to collect information about your potential customers. The KYC details you gather electronically are typically the same as a paper KYC form.

2. Create a CIP

To start your KYC procedure and remain compliant, develop a Customer Identification Program.

In your CIP, outline how you will verify customers’ identities. Include what information you will ask potential customers for and how you will go about verifying the information provided.

Consider also including how you will notify customers about your KYC policy and identity verification procedure.

3. Look at CDD

While researching CDD, look at both simplified and enhanced due diligence. If your customer seems risky, take extra time to research the company (or individual) to verify they are legitimate.

When additional CDD is required (aka EDD), take a look at things like:

  • Location of the person and business
  • The business’s transactions
  • Pattern of activities

After you complete CDD for a customer, assess how risky they are. Consider creating risk profiles for each customer. That way, you can keep track of customers and look for patterns.

In your KYC policy, outline different levels or factors of riskiness. For example, you might consider a customer high-risk if they have numerous higher outgoing transactions in their account.

4. Continue to monitor customers

Now, you may think your job is done once you assess the customer’s risk and verify their identity. However, KYC is an ongoing process. Just because a customer passed your KYC test does not mean they should be off the hook.

Continue to monitor each of your customers for risky activity. Some factors you should continue keeping an eye on include:

  • Spikes in activities
  • Patterns in unusual behavior
  • Illegal activities

If you find a current or potential customer has suspicious activity, terminate the business relationship as soon as possible. Depending on your business, you or your bank can report the activity.

Banking institutions can file a Suspicious Activity Report (SAR) to report unusual customer activity.

Ready to streamline your accounting process? Patriot’s accounting software lets you easily manage your books, view reports, and more. What are you waiting for? Get started with your self-guided demo today!

This article is updated from its original publication date of July 9, 2019.

This is not intended as legal advice; for more information, please click here.

Stay up to date on the latest accounting tips and training