In the United Kingdom, Know Your Customer is a practice often used by financial institutions and banks and is governed by the Money Laundering Regulations 2017.

It is also useful for SME’s. At any rate, you ought to. you could face possible fines, sanctions, and reputational damage, if you do business with a money launderer or terrorist. More importantly, KYC and KYS is a fundamental practice to protect your organization from fraud and losses resulting from illegal funds and transactions.

Know your customer (KYC) and supplier (KYS) is typically used to verify customer’s and supplier’s identities, assess their suitability and determine all potential risks, especially in areas of money laundering, fraud and terrorist financing. Customer and supplier contracts, agreements and equipment leases are integral to a company’s commitments.

While this may all appear to be extreme, it’s a process that is of great benefit to your business, regardless of its size. Trade of any sort is a common factor in the business cycle, so it is crucial for your business to know who you’re dealing with.

The process is as follows:

Customer/Supplier Identification Review (CIP)/ (SIP)

The minimum requirements to open an individual financial account are clearly delimited in the CIP:

Company Name

Principal contact


Company Identification number

Tax Identification number VAT, PAYE, UTR

While gathering this information during account opening is adequate, the institution must verify the identity of the account holder “within a reasonable time.” Procedures for identity verification include documents, non-documentary methods (these may include comparing the information provided by the customer with consumer reporting agencies, public databases, among other due diligence measures), or a combination of both.

These procedures are at the core of CIP/SIP; as with other Anti-Money Laundering (AML) compliance requirements, these policies shouldn’t be followed willy-nilly. They need to be clarified and codified to provide continued guidance to staff, executives, and for the benefit of regulators.

Due Diligence Review

There are three levels of due diligence:

Simplified Due Diligence (“SDD”) are situations where the risk for money laundering or terrorist funding is low and a full CDD is not necessary. For example, low value accounts or accounts.

Basic Due Diligence (“BDD”) is information obtained for all customers/suppliers to verify the identity of a customer/supplier and asses the risks associated with that customer.

Enhanced Due Diligence (“EDD”) is additional information collected for higher-risk customers/suppliers to provide a deeper understanding of customer/supplier activity to mitigate associated risks. In the end, while some EDD factors are specifically enshrined in a country’s legislations, it’s up to a company to determine their risk and take measures to ensure that their customers/suppliers are not bad actors.

Some practical steps to include in your customer/supplier due diligence program include:

  • Ascertain the identity and location of the potential customer/supplier  and gain a good understanding of their business activities. This can be as simple as locating documentation that verifies the name and address of your customer/supplier.
  • When authenticating or verifying a potential customer/supplier, classify their risk category and define what type of customer/supplier they are, before storing this information and any additional documentation digitally.
  • Beyond basic CDD, it’s important that you carry out the correct processes to ascertain whether EDD is necessary. This can be an ongoing process, as existing customers/suppliers have the potential to transition into higher risk categories over time; in that context, conducting periodic due diligence assessments on existing customers/suppliers can be beneficial. Factors one must consider determining whether EDD is required, include, but are not limited to, the following:
    • Location of the person
    • Occupation of the person
    • Type of transactions
    • Expected pattern of activity in terms of transaction types, dollar value and frequency
    • Expected method of payment
  • Keeping records of all the CDD and EDD performed on each customer/supplier, or potential customer/supplier, is necessary in case of a regulatory audit.

Ongoing monitoring review

It’s not enough to just check your customer/supplier once, you need to have a program to monitor your customer/supplier on an ongoing basis. The ongoing monitoring function includes oversight of financial transactions and accounts based on thresholds developed as part of a customer’s risk profile.

Depending on the customer/supplier and your risk mitigation strategy, some other factors to monitor may include:

  • Spikes in activities
  • Out of area or unusual cross-border activities
  • Inclusion of people on sanction lists
  • Adverse media mentions

There may be a requirement to file a Suspicious Activity Report (SAR) if the account activity is deemed unusual.

Periodical reviews of the account and the associated risk are also considered best practice

Is the account record up-to-date?

  • Do the type and amount of transactions match the stated purpose of the account?
  • Is the risk-level appropriate for the type and amount of transactions?

In general, the level of transaction monitoring relies on a risk-based assessment.