KYC Best practices

KYC Best Practices to Reduce Money Laundering Risks

Table of contents

One of the main challenges financial institutions face is ensuring that all the funds passing through their system are legitimate. According to the United Nations Office on Drugs and Crime (UNODC), the annual amount of money laundering worldwide is estimated to be between 2%-5% of global GDP.

To combat that, banks and companies licensed to hold and transfer funds in major global markets – such as payroll & payments platforms – are performing regular know-your-customer (KYC) reviews: a screening process used to ensure that the organization is not assisting in illegal operations such as money laundering, sanction violations, financial crimes, or any other nefarious activity.

Every payroll delivery, for example, starts with a KYC process. Unfortunately, most KYC processes remain manual, making them prone to errors and quite expensive. Very few organizations have opted to automate large parts of the process, even though automation can significantly improve its efficiency;

According to a McKinsey study, organizations that do automate KYC have been able to reduce case-handling times to 20%-30% of the time it takes their competitors, and optimize their payroll payments process.

Know Your Customer (KYC) is a due diligence process that financial institutions use to verify the identity of their clients and assess their potential risks. The process is designed to prevent financial crimes such as money laundering and fraud.


KYC measures to reduce money laundering risks

Customer identification and verification

Customer Identification and Verification (CIV) is usually the first step in the KYC process and is required by law for all financial institutions. It involves obtaining information about the customer – such as name, address, date of birth, and government-issued identification documents – and confirming that the customer is who they claim to be.

This can be done by verifying the authenticity of their identification documents, or by using biometric verification tools such as facial recognition or fingerprint scanning.

Customer due diligence

Customer Due Diligence (CDD) is the process of assessing the risk associated with customers and their transaction activity. It involves gathering and analyzing information, such as the customer’s source of funds, occupation, transaction history, and the purpose of the account. The level of due diligence required can vary depending on the customer’s risk profile.

Enhanced due diligence

Enhanced due diligence (EDD) is a thorough and rigorous process that is applied to customers with a higher risk profile, such as politically exposed persons, customers from high-risk countries, or those with complex ownership structures. EDD involves gathering in-depth information about the customer, which may include the nature of their business relationships and the expected transaction activity.

In addition, EDD requires a frequent and ongoing review of the customer’s information to ensure that the risk assessment remains accurate and up to date.

Monitoring transactions

An ongoing inspection of customer transactions to identify any unusual or suspicious activity that may require further investigation. Monitoring transactions typically involves three key steps:

  1. Establishing customer transaction patterns: analyzing the customer’s historical transaction data to understand their typical transaction patterns, such as the types of transactions they make, their frequency, and the amounts involved.
  2. Monitoring for unusual or suspicious activity: using a variety of techniques to identify abnormal activity based on factors such as transaction amounts, frequency, location, and the type of transaction. For example, a series of transactions just below the reporting threshold, or transactions to and from high-risk countries or individuals, may be flagged for further investigation.
  3. Investigating and reporting suspicious activity: when unusual or suspicious activity is identified, financial institutions are required to investigate further to determine if it represents a genuine risk or if there is a reasonable explanation for the activity. If the activity is determined to be suspicious, the financial institution must report it to the relevant regulatory authorities and law enforcement agencies.

    This may involve freezing the customer’s account, filing a Suspicious Activity Report (SAR), and cooperating with authorities in any subsequent investigation.

Sanctions screening

The process involves screening individuals and entities against government and international sanctions lists to ensure compliance with national and international sanctions regimes. Sanctions screening typically includes the following steps:

  1. Identification of individuals or entities: financial institutions must first identify the individuals or entities that require screening. This may include potential customers, business partners, vendors, or other parties that are subject to KYC requirements. The identification can be done through customer onboarding processes or periodic reviews of existing customers.
  2. Sanctions list screening: these lists may include individuals, companies, or countries subject to economic or trade sanctions, or other forms of restrictions. Screening tools can include both manual and automated processes, and may use fuzzy matching, aliases, and other techniques to identify potential matches.
  3. Investigation and resolution of potential matches: when potential matches are identified, financial institutions are required to investigate further to determine if the customer is indeed subject to economic or trade sanctions or if there is a reasonable explanation for the match.

    This may involve reviewing additional documentation or information, conducting further due diligence, or contacting the individual or entity in question for additional information.

    If a true match is identified, the financial institution is required to take appropriate action, which may include reporting the match to the relevant regulatory authorities, freezing the account or transaction, or terminating the relationship.

Beneficial ownership

This critical KYC measure is used to identify the natural person who ultimately owns or controls a legal entity, trust, or other structure. The process of beneficial ownership identification usually includes the following steps:

  1. Identification of legal entities: Financial institutions must first identify the legal entities that require beneficial ownership information. This may include companies, trusts, partnerships, or other structures used for business or investment purposes.
  2. Obtaining beneficial ownership information: from details such as the beneficial owner’s name, date of birth, nationality, and address, to in-depth information on the nature and extent of the person’s ownership or control over the legal entity.
  3. Verification of beneficial ownership information: the information collected from the customer must be verified using reliable and independent sources, such as government registers, public databases, or other trusted sources. The verification process may also involve cross-checking information provided by the customer with information obtained from other sources or conducting further due diligence.
  4. Ongoing monitoring: financial institutions are required to continuously monitor beneficial ownership information and update it as necessary. This includes monitoring changes in ownership or control of the legal entity, as well as changes in the information provided by the customer.

Employee training

The purpose of this measure is to promote a culture of compliance and ensure that staff members are equipped with the knowledge and skills needed to identify and mitigate the risks associated with money laundering.

An effective training program will identify the specific training needs of their staff members, based on their roles, level of experience, and the specific risks associated with their job function; develop training materials tailored to these needs;

Make sure all staff members receive the necessary training regularly; and assess the effectiveness of the program by testing the employees’ knowledge and understanding of KYC requirements and processes.

Documenting and record-keeping

In this part of the KYC process, the financial institution collects and documents information about the customer and keeps records of this information for future reference.

The documents required may vary depending on the account type or the jurisdiction where the institution operates, but typical documents include government-issued identification documents, such as a passport or driver’s license, proof of address, such as a utility bill or bank statement, and tax identification numbers.

Once the documents have been collected and verified, the institution creates a record of the customer’s information, which is then stored securely in a database.

Reviewing and updating the process

By regularly reviewing and updating the KYC process, institutions can ensure that their procedures are relevant and effective in mitigating risk. Regular reviews help identify potential issues with the process – such as gaps in the documentation required or inconsistencies in the process – that may hinder the identification of potential money laundering. Based on the results of the review, the financial institution should update the KYC process accordingly.

As new and relevant technologies emerge, the KYC process should also be updated to include them. For example, artificial intelligence (AI) and machine learning (ML) can be used to analyze customer data and identify suspicious activities.

KYC best practices: 5 key factors

Improving KYC processes can benefit businesses in several ways. It starts with better risk management, i.e., the ability to make more informed decisions about whether or not to engage in a business relationship.

Another benefit is an enhanced customer experience; a well-designed KYC process can improve the overall customer experience by reducing the time and effort required for verification.

But the most important benefit of an upgraded KYC process is improving the bottom line. According to several McKinsey studies, data-quality problems account for up to 26% of KYC operational costs. Most of these problems are a result of manual practices. By automating KYC processes, businesses can save resources and staff time, reducing their costs significantly.

To reap all these benefits, businesses must employ KYC best practices. The following factors are essential in every effective KYC process:

  1. Customer risk management. To achieve a more accurate, comprehensive, and almost immediate understanding of customer risk, prioritize customer risk assessments when developing KYC policies and designing processes.
  2. Optimize the customer experience digitally. Transform the customer experience by creating a self-service client portal that customizes the process to their needs. Ensure the portal’s success by hiring a customer-service team with global and local expertise in KYC to provide support.
  3. Use KYC risk analytics. Establish a structured approach to data management that uses automated and adaptable data feeds from both internal and external sources. Utilize this data to carry out advanced KYC risk analytics that will allow you to gain a competitive edge.
  4. Adopt automated processes and workflows. By automating KYC processes and workflows, businesses can increase their capacity and dedicate more time to high-value activities like customer risk assessment.
  5. Establish a KYC center of excellence. The CoE should focus on performance management throughout the KYC process, for example, by highlighting customer-experience metrics as part of the analysts’ evaluation.

Streamline KYC processes and optimize global payroll payments

Ensuring that your global workforce is paid accurately, on time, and with local compliance requires the right technology.

Papaya Global has built the first fully automated global payroll and payments platform, which streamlines KYC processes, supports all categories of employment, and allows businesses to process global payroll and make payments to employees, authorities, and benefits vendors through a single dashboard.

Schedule a demo today to hear more about it.


What are the 3 components of KYC?

The three key components of KYC are customer identification (obtaining and recording the customer’s personal information), customer due diligence (verifying the accuracy of the customer’s information and assessing the customer’s risk level), and ongoing monitoring (continuously reviewing customer information and assessing changes in the customer’s risk profile over time). 

What is a risk management process in KYC?

Risk management is an important part of the KYC process, as it helps companies identify and mitigate potential risks associated with their customers. After obtaining and verifying their customer’s personal information, businesses assess the level of risk associated with doing business with them and implement measures to mitigate any potential risks. 

How can I improve my KYC process?

The best way to improve your KYC process is by automating the data collection required for it. That will improve risk management, enhance the customer experience, and allow you to save resources and staff time, reducing costs significantly. 

What is KYC in compliance?

KYC is an important part of compliance in the financial industry and is required by regulations in many countries to prevent money laundering, terrorist financing, and other financial crimes. The purpose of KYC in compliance is to ensure that companies have accurate and up-to-date information about their customers so that they can assess the risk of doing business with them and prevent any illegal activities. 

Is KYC a regulatory requirement?

Yes, KYC is a regulatory requirement in many countries and is typically mandated by the financial regulatory bodies of each country. Financial institutions such as banks, investment firms, payroll and payments companies, and other entities involved in financial transactions are generally required to implement KYC measures to comply with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.