team of professionals sitting in office
What we do

KYC, pKYC and Customer Due Diligence

CDD is a key part of AML compliance, and KYC should be the first step in any strong risk-based approach. SmartSearch can perform KYC checks on both domestic and international clients – our resources can confirm identities in over 200 countries using our electronic verification software. You can even access this service on the go with our app, SmartAML. Perpetual Know Your Customer (pKYC) is a more dynamic all-encompassing KYC solution and said to be the future of risk management strategies.

Customer Due Diligence and KYC

KYC (or know your customer) checks, are background checks that should be carried out as part of your risk-based approach. The KYC process involves the verification of the customer’s identity, using documents like photographic ID, proof of date of birth and proof of address. This can be done manually, with physical documentation, but it’s faster and more reliable to do it electronically, with data sourced online.

Customer due diligence, or CDD is a longer process which continues after the customer has been onboarded, and includes checks like sanctions and PEP screenings, to continuously assess the risk-level that a customer poses to a business.

Both KYC and CDD are crucial aspects of AML compliance. Regulated firms must identify and verify anyone they work with, to ensure they don’t unknowingly become involved with a business or individual with a history of financial crime, or sanctions.

fingerprint, digital, identity

Perpetual Know Your Customer

Perpetual Know Your Customer (pKYC) - also known as continual KYC - is the ongoing process by which businesses continuously update customer information as a part of their risk management strategy and is a step on from a standard Know Your Customer (KYC) process.

pKYC not only offers a much more dynamic and secure risk management solution but will automatically evolve as clients’ circumstances change, thereby reducing risk and the level of period work required by regulated firms.

professional woman looking at digital file

KYC & CDD for UK and international clients of any size

KYC Checks for Every Client

Our award-winning AML and digital compliance solution can perform efficient, electronic KYC checks in just 2 seconds for every type of client – from individuals to businesses, including professional services and large corporate enterprises. Regardless of the scale of your customer or client, our KYC verification process is thorough, quick and extremely accurate, delivering the highest match and pass rate on the market of 97%, so you know exactly who you’re going into business with.   

Holistic Onboarding Process

We’re proud to offer an end-to-end onboarding process. Our comprehensive platform is the largest collection of AML tools in one place – with everything you need, right through from initial checks to ongoing monitoring. Plus, our software can be seamlessly integrated with your existing systems for minimal disruption.   

International Coverage

With SmartSearch, you’re not limited to carrying out KYC checks on customers in the UK. Our unique platform uses international databases like the Dow Jones WatchList, which is updated daily, to carry out due diligence checks on individuals and businesses all over the globe, in over 200 different countries.    

AML Expertise at Your Fingertips

We’re AML compliance experts. That means our platform is built to make every aspect of your compliance as convenient as possible, with time-saving features like electronic verification and automated status change alerts. Choose one of our products and you’ll benefit from the ongoing support of a dedicated account manager.   

Transitioning to pKYC

The reason many firms are looking to transition to a pKYC model is, not only is it far more reliable due to the fact it is constantly being updated to provide ongoing compliance, but because it is automated, it requires much less effort on the part of the regulated firm. Instead of doing an initial check, and then having to revisit the client each year to assess if their risk level has changed, pKYC enables the firm to sit back, rest assured that their customer database is always up to date and fully compliant.

We can help you to…

How do I manage the Know Your Customer (KYC) process?

Initial KYC checks will involve identifying and verifying a customer and screening them against PEP, SIP, RCA and Sanction lists. But that is not the end of the process. In order to comply with regulations, you must also continue to monitor your customers for any changes.

What are the CDD and KYC regulations?

Under money laundering regulations, you must perform Customer Due Diligence on all customers to check they are who they say they are. If the risk of money laundering is high, for example, they are a PEP, you must carry out Enhanced Due Diligence in order to assess the potential increased risk that customer may pose to your business.

What’s the difference between KYC and CDD?

CDD (Customer Due Diligence) is the process of a business verifying the identity of its clients and assessing the potential risks to the business relationship. KYC is about demonstrating that you have done your CDD. Both KYC and CDD are integral to the AML process.

What are the standard CDD and KYC requirements?

When undertaking CDD and KYC, you must identify the customer and verify their identity using reliable and independent sources. You must also run PEP and Sanction checks and, if the customer’s name matches, run Enhanced Due Diligence to assess the risk they pose.

What is the difference between pKYC and KYC?

While a traditional KYC programme is very ‘transactional’ i.e. you run the initial check and then, once the verification period is up, run another, a pKYC programme is much more dynamic. Instead of having to specifically run a new check to see if a client’s risk profile has changed, pKYC offers client lifecycle management because it is constantly monitoring for any relevant changes. The continual nature of a pKYC solution means that the business has a full picture of their client, giving them a much more robust and accurate risk-management process.

What is the difference between ongoing monitoring and pKYC?

Although similar to ongoing monitoring, to achieve a pKYC a business must have procedures in place whereby every change to their customer’s status is identified. pKYC will check a huge number of external and internal sources in order to monitor any and every change that could be relevant, for example, changes to the customers’ name, their place of work, their credit file, or their utility provider. For corporates, it would monitor changes to the corporate structure of a business, including changes in ownership and Ultimate Beneficial Owners, as well as any suspicious activity across the entire database.

Get the help you need

We can verify the identity of your clients electronically in seconds, and the system will automatically undertake Enhanced Due Diligence if any client is matched with a Sanctions or PEP list. Our daily monitoring services will alert you of any changes ensuring you always remain fully AML compliant.

professional working on laptop
{{ image_alt:shield.svg }}

That’s where we come in

SmartSearch offers a one-stop-shop for all your firm’s AML requirements. The user-friendly system enables staff at any level to successfully run AML checks, and we are constantly updating and improving the platform to ensure it remains the leading AML solution on the market.

See the SmartSearch product

See it in action

Let one of our highly-trained sales team demonstrate the multi-award winning SmartSearch AML product

Get a free demo

Conduct comprehensive KYC checks in 60 seconds: Discover the power of SmartSearch:

As an AML registered company, you’ll understand the complex and time consuming process of Know Your Customer checks. If you’re looking for a streamlined process, faster onboarding, improved customer experience and lower operational costs, we’ve got the solution for you.

Harness the power of our innovative software and breeze through difficult compliance checks in minutes, not weeks.

We offer a multifaceted AML and KYC solution in the form of TripleCheck — a comprehensive electronic service incorporating three thorough approaches to hi-tech verification.

The first of these methods cover identification, verification, and screening, while the second and third methods are the customer checks of facial recognition and digital fraud checks.

  • Minimal input — maximum output: To complete a full AML check on a customer, just enter their name and address into TripleCheck and leave the system to do the heavy lifting for you, as an individual AML check will be conducted in fewer than two seconds. In assessing the customer, the software will check their records against those on over 1,100 databases, including PEP lists and sanctions lists.

  • Advanced document verification: TripleCheck’s second level uses Optical Character Recognition (OCR) and biometric facial recognition technology to rapidly analyse photo identity documents provided by the customer. The system can alert you if it detects any suspicious discrepancies between this document and the ‘real person’.

  • User-friendly interface: Though many cogs are turning beneath the surface when TripleCheck is in full flow, the front-facing part of the system remains delightfully intuitive to use. Staff members at all levels of your business will easily be able to use TripleCheck to perform customer checks as and when necessary, making for a user-friendly solution.

  • Confirm identities in over 200 countries: If your business targets a range of international markets, rest assured that SmartSearch enables you to carry out efficient KYC and AML checks on customers based across various territories around the world rather than just the UK. Our platform uses the Dow Jones Watchlist, which is updated daily.

Once you have completed a customer assessment with TripleCheck, you will have access to an automatically generated AML certificate confirming the findings. This will be useful for your record keeping, as the certificate will also be saved to the central SmartSearch platform.

Customer due diligence procedures are a core element of anti-money laundering regulations

The AML regulations applicable in the UK are derived from a patchwork of domestic and international laws, of which the main ones are outlined below: 

The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017):

This legislation has been amended multiple times since it was originally passed, and specifies various AML requirements for UK businesses to meet.

Financial Services and Markets Act 2000 (FSMA):

This established the Financial Conduct Authority (FCA) as the UK’s main AML regulator, which is responsible for ensuring UK financial services institutions’ AML regulatory compliance.

Proceeds of Crime Act 2002 (POCA):

This law defines money laundering offences which would constitute criminal conduct. POCA also outlines penalties for these offences and obliges companies to report suspicious activity.

Though the FCA remains the UK’s primary AML regulator, several other law enforcement agencies also enforce AML regulations as well as share the FCA’s responsibility of investigating criminal activity in the UK financial sphere. These bodies include:

HM Revenue & Customs (HMRC)
National Crime Agency (NCA)
Serious Fraud Office (SFO)

Additionally, there are some industry-specific regulators — such as the Gambling Commission and Solicitors Regulation Authority, which focuses on AML compliance processes in gambling businesses. 

cyber security concept

How can the KYC process help to prevent money laundering?

The KYC process steps can be separated into two broad categories: one of identifying customers and another of verifying customers. The former would entail you collecting personal data from a customer, while the latter would see you checking this data’s accuracy.

For the verification stage of KYC, a business will usually need the customers:

Date of Birth

Traditionally, a customer would provide paper documents — for example, an energy bill and a water bill — as evidence of the personal details they have provided. The business would verify those details by scrutinising the documents and confirming their authenticity.

By verifying that a customer is who they say they are, a business can make sure the customer is neither a fraudster nor subject to sanctions. The company can therefore decrease its risk of inadvertently and unknowingly becoming an accessory to money laundering.

cyber security, professional doing identity check

However, there are now automated KYC solutions that extract data from documents and compare them against templates. This can help not only streamline the overall KYC process — in terms of both the time and cost expended — but also reduces the impact of human error.

That said, it can pay for you to be selective about exactly which automated KYC — or, as it is otherwise known, eKYC — solution you choose to utilise. There would be the risk of you opting for a KYC provider that does not quite offer all the KYC services you need.

There might theoretically be nothing preventing you from simply sourcing different services from different providers in order to cover all your company’s KYC needs. However, it would doubtless be more efficient for you to obtain all the required services from just one provider.

While some KYC providers might — for example — offer AML screening but omit the use of facial biometrics, SmartSearch’s innovative platform for AML compliance covers all aspects of KYC.

The core elements of the Know Your Customer process explained 

The exact KYC process steps you take can depend on what KYC tools you have at your disposal. However, here is a basic breakdown of what we would consider the proper KYC steps to follow, enabling you to comprehensively confirm customer identity while adhering to AML law.

Though this is traditionally the order in which the steps ought to be taken, technological advances have allowed for a less cumbersome alternative. With SmartSearch’s AML platform, you can run the customer’s name, DOB and address through a full AML check in just a few seconds.

  • Identification

    You would start by asking the customer to provide you with their personal data — which, typically, would comprise their name, date of birth (DOB), and address. You should also ask the customer to provide documents that can act as proof of identity.

  • Liveness check

    The objective here is to verify the customer’s ‘liveness’; in other words, the customer is an actual, living person. SmartSearch’s TripleCheck AML solution uses biometric facial recognition and a Selfie Liveness Video (SLV) for this purpose.

  • Verification

    As it would be risky for you to simply take the customer’s documents at face value, you could first determine their authenticity by looking for the customer’s absence in sanctions lists and PEP lists — a step often casually referred to as AML screening.

  • Address verification

    The customer can provide such proof-of-address documents as bank statements and utility bills, enabling you to ascertain higher-risk customers based on their address alone — such as if it is in a jurisdiction struggling to counter money laundering.

  • Risk scoring

    Once you have undertaken the above checks, you will be able to determine the customer’s risk category. For example, if you establish that the individual is a PEP (Politically Exposed Person), Enhanced Due Diligence requirements will come into play. 

KYC checklist: 5 ways to enhance your AML process

You shouldn’t just settle for the bare minimum with your KYC measures — not least because, in doing so, you could too easily risk falling short of compliance with AML regulation. To assist you in optimising your KYC process, here is a checklist of crucial things it should look for.

Basic identifying information

For many customers, this information would include names, addresses, dates of birth, and social security numbers as well as — in the case of corporate customers — company incorporation documents. The information you collect here needs to inform your approach to AML compliance, including risk assessment.

Higher-risk customers

Once you have the above-mentioned identifying information, there will be certain official lists you must compare to assess each customer’s risk profile. The lists will include those of sanctioned people, PEPs, and high-risk jurisdictions.

The nature of the risk the customer poses

This will account for not only the extent of the customer’s risk to your business but also what factors are influencing this risk. For example, a PEP will be more vulnerable to — and so run a higher risk of — corruption and bribery.

Any change in AML risk

As you cannot be certain that this risk will not change at any point during the customer relationship, you should continue to undertake Customer Due Diligence (CDD) as a matter of course.

Accurate insights

Given the administrative challenge of adhering to AML regulatory requirements, you must automate your KYC compliance process. When KYC duties are carried out manually, you can be left with perilously inaccurate customer details. 

As you can probably imagine, it can be time-consuming to meet all of these criteria with KYC if it is conducted through manual means. 

However, automated software such as SmartSearch’s AML solution can time-efficiently accumulate all the information you need for KYC purposes. For a commercial client, SmartSearch can present you with a report covering company structure, persons of significance, and beneficial owners.

Who needs to be following KYC measures?

AML regulations apply to more than 100,000 UK businesses, including:

Building societies
Crypto businesses
Financial services
Accountancy services
Estate agencies
Property Development
Gaming companies
Car dealers

If you are an AML-regulated UK business, you have a legal requirement to use proper due diligence processes in the course of Know Your Customer procedures. This means identifying and verifying the client before screening them against PEP lists and sanctions lists.

If the client’s name matches one of these lists, you must subsequently undertake Enhanced Due Diligence so that you can assess how much risk the client potentially poses.

These are all only initial AML checks — as, after completing them and onboarding the client, you are required to also engage in an AML monitoring process on an ongoing basis. The KYC process is therefore only the first involved in long-term due diligence.

However, it is essential that you meet your Know Your Customer obligations properly. Otherwise, you could risk incurring a fine or even a prison sentence, while your business could become lumbered with reputational damage resulting from negative publicity.

Digital document verification: How can automated KYC software improve the process?

In theory, many AML-regulated businesses could verify the authenticity of customer-provided documents by reviewing them in person. In practice, however, this can be an inefficient and unreliable method of document verification — especially as digital alternatives now exist.

Digital document verification is so-called as it takes place online. It would be an option for members of your organisation to take up even on mobile devices. The process involves checking formal documents like driver’s licences and bank statements for: 

Unusual fonts
Other markers of authenticity

The essential appeal of digital document verification can be summed up: it enables users to both accurately and speedily identify forgeries in documents. This is no small boon for time-strapped businesses that nonetheless need to closely heed their AML compliance obligations.

Digital document verification is technology that does most of the heavy lifting. Hence, whether an agent is experienced or inexperienced with AML screening, they can expect the same reliable results when they use the automated Know Your Customer solution from SmartSearch.

Authenticating a customer’s documents in this way would also be convenient for the customer, as they would not strictly need to present any physical paperwork at the onboarding stage. Instead, they could choose to simply upload digital images of these documents.

Offering such a smooth, efficient onboarding system can pay dividends for your organisation and its reputation. As revealed in the research, 63% of customers take the onboarding process into account when deciding to buy a product or subscribe to a service.

Furthermore, 90% of customers have expressed the view that companies could enhance their user onboarding process. However, in the modern age, customer expectations have made frictionless onboarding more of a necessity than a luxury for many businesses.

We would therefore urge you to contact us for a free personalised demo of our acclaimed SmartSearch AML productThis solution uses facial recognition technology to speedily match and approve documentation against official records.

By implementing the sophisticated SmartSearch AML platform for staffers at your company to access as and when needed, you can unlock the following practical benefits: 

Reduction of human error

Not only is the SmartSearch AML system intuitively designed, it comes with product sheets and clear guidelines further indicating how it can be used for performing AML checks quickly. However, this only begins to explain why we can help to prevent errors with your KYC checks.

When the Know Your Customer process is undertaken manually, there are various stages of it where human error can easily be made — to the detriment of your AML compliance record. For example, you could overlook when your Customer Due Diligence efforts should extend to Enhanced Due Diligence.

Fortunately, as many functions of our KYC platform kick in automatically once it is put into motion, you can trust it to flag up issues that could otherwise be prone to eluding attention. This means that, if the system detects the need for Enhanced Due Diligence, EDD will automatically be triggered.

The SmartSearch platform will work quietly in the background to investigate and remove any false positives that come about due to the EDD detection feature — which, as a result, would only prompt you to manually intervene in limited circumstances.

We appreciate that your AML knowledge might not be exhaustive — and that, in this area, you could lack the specialist AML expertise of a KYC services provider like SmartSearch. That’s why our KYC solution has been built to automatically undertake a wide range of AML processes.

For example, while you might know how important it is to check whether a customer is a PEP, there remains no single central database of PEPs. Though there are multiple publicly available PEPs lists, you could make the mistake of overlooking one where the customer is mentioned.

Another issue with manual KYC checks is that they could allow RCAs to slip through the net. The acronym ‘RCA’ means ‘Relatives and Close Associates’, and refers to individuals or businesses that, being related to or closely linked with a PEP, are potentially vulnerable to: 

  • Bribery

  • Blackmail 

  • Corruption 

This is why our automated platform also offers you the ability to time-efficiently screen for RCAs and so factor in the added risk that would be involved in your business forging ties with them.

Time saver

Often, the challenge of achieving AML compliance is not discerning what needs to be done, but instead freeing up enough time to do it. Indeed, when you partner with SmartSearch for your AML needs, we can provide you with in-depth advice on how to meet this particular legal requirement.

When you become a client of SmartSearch, we will assign you a dedicated Account Manager offering you ongoing support utilising our KYC automation software solution. This Account Manager will be able to swiftly answer any questions you have about how to use TripleCheck.

When you need additional support in the course of using TripleCheck, you will also be able to tap into the expertise of our full client services team. You can get in touch with the Yorkshire-based KYC provider SmartSearch by phone, email, or online contact form.

However, TripleCheck has been built from the ground up to be user-friendly for workers across all operational levels of your organisation. Our client support team is intended to very much act as a safety net: you might rarely need it, but you can take comfort from simply knowing that it is there.

Once you have entered an individual’s name, address, and DOB into TripleCheck, the platform will complete an exhaustive series of KYC checks in less than two seconds. At that time, the software can scan multiple global databases, including Equifax, Experian, and Dow Jones. 

SmartSearch’s access to vast troves of data from around the world makes the system likelier than many others to return a pass for clients. Our KYC platform delivers a match-and-pass rate of 97% — and clears up 75% of failed cases automatically.

After going through these checks, TripleCheck will also automatically generate and store a detailed report on the individual whose details you have submitted. That way, you won’t have to manually compile the report yourself — and you will easily be able to find it as and when necessary.

Faster onboarding 

There are bound to be occasions when you might be eager to strike deals with large numbers of clients all at once — in which case, you could feel particularly daunted by the prospect of keeping up your AML compliance duties by having every single one of those clients' AML screened.

However, our automated KYC solution works quickly and effectively when used not only on an occasional, one-off basis but also for onboarding clients in high volumes and rapid succession. SmartSearch’s latency-free TripleCheck platform makes for a time-efficient solution. 

It helps that, when your company initially implements the SmartSearch platform, we will provide you with offline ‘how to’ guides for you and any of your co-workers to consult in order to get to grips with using TripleCheck. We can even give your team access to tailor-made training.

Greater accuracy

Accuracy is paramount with KYC checks — as, otherwise, you could unknowingly enter into a contract with a client who would be disadvantageous for your organisation’s standing or financial health. Fortunately, automated KYC can help you to achieve accurate results. 

As a general rule, the larger the amount of relevant data the customer’s records are checked against, the more reliably you can be informed that the customer is indeed a safe bet. The idea is that it should be possible for the data provided by the customer to be corroborated by other, external sources. 

Here at SmartSearch, we offer the only KYC solution offering full sanction and PEP screening as standard. What this means is that, when you use automated software to assess a customer, their details will be checked against both sanctions lists and PEP lists.

The government can impose financial sanctions to prevent or hamper trading activities of people, companies, or even entire countries. Governments and financial authorities use sanctions lists to specify all the financial sanctions currently applicable to a specific country, state, or continent.

It would — except in specific, limited circumstances — be illegal for your UK business to enter dealings with any individual or business included on a sanctions list. It is therefore important that sanctions lists are used for screening individuals or businesses you are considering working with.

PEP lists, meanwhile, are lists of PEPs (Politically Exposed Persons). A PEP is referred to as such because they hold a high-profile position — such as in law enforcement or senior government — and are, as a result, more likely to be successfully bribed or succumb to other forms of corruption.

While it is perfectly legal to work with PEPs, doing so would still constitute a greater risk to your organisation. Hence, it would be in your interest for you to know if the client is on a PEP list — as, with this information at hand, you will be able to complete a more accurate risk assessment.

How does digital identity verification work?

Digital identity verification draws upon artificial intelligence and machine learning to assess whether official documents are genuine. While all this might sound highly technical, the procedure is easy, quick, and convenient for both the agent and the customer.

The process can be broken down into the following stages: 

The customer is sent, via text message, a link to a secure collaboration room.
The agent specifies to the customer what documents the latter needs to submit.
The customer photographs these documents before sending this image to the agent.
The algorithm completes several validation checks on the documents.

Here are just a few selected examples of validation checks utilised as part of digital identity verification: 

Face detection
Edge detection
Colourspace analysis
Headshot integrity
Selfie liveness detection
digital, cyber security, padlock

The machine learning aspect of digital identity verification sees it harness large datasets to ensure highly accurate results. Our TripleCheck service uses triple bureau Credit Reference Agency (CRA) data as well as the more than 1,100 databases on the Dow Jones Watchlist. 

The huge number of variables that SmartSearch’s AML screening platform assesses in the course of digital identity verification has enabled us to deliver highly accurate results. Our AML product has been credited with market-leading match-and-pass rates.

We offer you the option of verifying a client’s identity remotely, without any need for you to collect any physical documents from the client. However, rest assured that, when using SmartSearch, you will remain compliant with AML legislation.

Indeed, when you turn to SmartSearch, you can benefit from having just one, easy-to-use platform for AML compliance. Multiple features covering all aspects of Customer Due Diligence and Know Your Customer are baked into this all-in-one electronic compliance solution.

We encourage you to get in touch with our AML specialists. You can phone us on 0113 537 4042 or email so that you can discuss your business needs with us. We can then prepare your organisation with a bespoke subscription to our suite of advanced KYC tools.

KYC and AML: Key differences & how they work together 

In a casual, colloquial context, you might often see the acronyms ‘KYC’ and ‘AML’ used interchangeably. However, though the two terms do overlap in definition, it could doubtless be helpful for you to unravel these examples of potentially confusing terminology.

AML (Anti-Money Laundering): This umbrella term covers measures AML-regulated firms are legally required to take for preventing criminals from illegally concealing the source of funds obtained from illicit activities like corruption, gambling, and human trafficking. 

KYC (Know Your Customer or Know Your Client): This can be seen as an aspect of AML, as KYC refers to a series of checks a company performs to establish that customers or clients seeking to work with the business are genuinely who they claim to be.

Another crucial part of KYC is measuring the risk that customers or clients would pose to the business. Depending on the level of risk, you might have to carry out Enhanced Due Diligence (EDD) before working with the customer or client or rule out striking any deal with them at all.

Hence, while KYC refers to preliminary steps made before a customer is onboarded, AML covers a much broader range of procedures — including ones made over the longer term. At the same time, the business continues to hold a contract with the customer.

AML therefore also includes monitoring the customer on an ongoing basis for any changes that would heighten the risk to the company. The risk would increase if the customer: 

Is hit by sanctions
Becomes a PEP (Politically Exposed Person)
Forms a close relationship with a PEP
Goes bankrupt
Relocates to a high-risk country

When any of these developments arise, the software can automatically put the customer through further EDD checks to assist you in more accurately assessing their changed risk profile.

The Law Society explains that you would also be obligated to apply EDD if the client makes a “transaction [that] is complex or unusually large and has no apparent economic or legal purpose.”

How Perpetual Know Your Customer (pKYC) can reduce the risk for your regulated firm

If AML regulations apply to your business, you need to make sure you not only undertake initial KYC checks on each customer but also, after onboarding this customer, continue monitoring them so that you will be able to pick up on changes to the customer’s risk profile.

To comply with this particular legal requirement, you could — after running the initial KYC checks and forming a risk assessment based on the information unearthed by these checks — repeat this verification process periodically, such as every year or every 18 months.

Under this system, how often you carry out fresh KYC checks on the customer will depend on the risk assessment. However, by switching to pKYC, your business can stay compliant with AML legislation while avoiding the need to periodically re-initiate KYC checks on the same customer.

How does Perpetual Know Your Customer (pKYC) work? 

Perpetual KYC differs from a traditional KYC programme primarily in the sense that customer information is checked — and, as and when necessary, updated — continuously. This means that, if the customer’s status does change, you can be notified especially quickly.

As pKYC is fully automated, you can leave it to run on your behalf while you busy yourself with non-KYC-related work responsibilities. Furthermore, pKYC can tap into all the following data sources: 

Utility companies
Phone companies
Email providers
The electoral roll
The Post Office
Your own existing customer data

As a pKYC system will seamlessly factor in massive amounts of data from sources like these, any changes with potential implications for the customer’s risk to your business will be immediately identified, recorded, and risk-assessed.

smart search services, anti-money laundering, facial recognition, fraud prevention

How you can prepare your organisation for pKYC 

The continual nature of pKYC requires it to be electronic. If you are still carrying out KYC processes manually, you can future-proof them by transitioning to electronic verification (EV). You should keep in mind the following facts about how manual and electronic KYC checks differ:

SmartSearch-assisted EV takes just two seconds
Conversely, a manual KYC check takes at least a day
82% of manual KYC checks last at least two days, while 22% expend over a week
EV uses numerous databases and sophisticated biometric technology to ensure reliability

94% of companies using manual checks lack confidence in detecting fake documentation

Basically, the more electronic and automated your KYC procedures are, the more easily they can help you to address weaknesses in your organisation’s AML compliance. Perpetual KYC also further strengthens the cost-effective pricing structure of SmartSearch’s AML service offering.

smart search services, monitored clients, high-risk clients, outstanding alerts

What does Customer Due Diligence mean for financial companies?

It is crucial not to underestimate the importance of KYC to banking and other financial firms. For these companies, one especially important component of KYC is what has been referred to as Customer Due Diligence (CDD).

When an individual or business approaches your company intending to become a customer of it, you should background-check and screen the customer so that you can properly risk-assess them before onboarding them.

If you are at the helm of a financial company, you should be careful not to rush this vetting process, as it is intended to help organisations like yours prevent an array of financial crimes. These include:

Money laundering
Terrorism financing
Human trafficking
Drug trafficking
Identity theft

Customer Due Diligence should not be treated as just a preliminary step. On the contrary, undertaking effective CDD would entail you amassing a range of information from the customer while they continue to have a professional relationship with your business.

Typically, CDD comprises the following stages: 

Gathering customer information: 

This can include the customer’s full name, photo ID, phone number, email address, and postal address. With all these details at hand, you can authenticate the customer’s claimed identity.

Collecting corporate details:

If you are dealing with a commercial customer, it can be helpful for you to learn about the customer’s firm as well as the nature of its ownership and business model — including how and where the institution makes its money.

Putting together a risk profile/assessment: 

Taking into account such factors as the customer’s identity and location, you can assign the customer to a specific risk category. The idea is that, the higher the risk category, the shorter the odds of money laundering arising.

Long-term monitoring: 

The package of CDD measures you prepare should include some reserved for after the customer is onboarded. We offer a white paper on one exhaustive form of monitoring: Perpetual Know Your Customer (pKYC), also called continual KYC.

As exact CDD needs can differ from business to business, you can benefit from arranging a bespoke subscription to our AML screening service. In this way, you can pick and choose aspects of it which would be the most useful to your organisation. 


Understanding a risk-based approach to due diligence

The Financial Action Task Force (FATF) considers a risk-based approach to Customer Due Diligence (CDD) essential for companies to use in implementing official FATF standards.

These standards have been set by a leading global regulator and watchdog aimed at helping organisations to prevent money laundering and financial terrorism.

The FATF has explained the practical benefits of a risk-based approach to CDD — including that it “allows countries, within the framework of the FATF requirements, to adopt a more flexible set of measures in order to target their resources more effectively”. 

Here are several steps financial firms can take to optimise their AML measures: 

Segment customers precisely by risk:

While it is vital that these companies act to mitigate AML risks, they also need to allocate financial resources shrewdly. Sorting customers into risk categories can help these firms to rein in their expenditure on low-risk customers

Utilise self-service solutions: 

Doing so can ease companies’ efforts to establish a risk-sensitive AML framework without unduly burdening low-risk customers. For example, firms can send additional KYC requests strictly to high-risk customers.

Tailor AML efforts on a customer-by-customer basis: 

This is a reliable strategy for ensuring that AML compliance can be reported more accurately — and in a way, that better reflects how AML efforts are faring on a holistic level.

Harness third-party data: 

As customer numbers — as well as adoption rates for digital payments and online banking — have grown, it has been increasingly important for AML strategies to be underpinned by technology utilising third-party data.

It is good practice to give each customer their own risk rating. A customer’s risk is usually graded on a simple scale of ‘high’, ‘medium’, and ‘low’, and should factor in what products or services the customer purchases and the customer’s relationship with other individuals or businesses.

bitcoin, cryptocurrency

The process of due diligence and the various types

Regulation 27 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017) indicates that you must undertake CDD (Customer Due Diligence) when:

Entering a business relationship with an individual or another business
Completing an occasional transaction amounting to at least €15,000
You doubt that documents or information you have previously obtained in the course of CDD are accurate or adequate 
You suspect that a client or customer of your business has been engaged in money laundering or terrorist financing 

If you do need to pursue CDD, the method applicable in your particular instance will be influenced by numerous variables — including whether it will be an individual or a company you aim to verify. 

The CDD process for an individual can involve:

Collecting their full name and residential address 
Confirming the individual’s identity by referencing photo ID, such as a passport 
Using recent utility bills or bank account statements to verify the residential address 
electronic verification concept, fingerprint, cyber security, identity

Meanwhile, if a corporate body looks to forge a professional connection with your organisation, you will need to obtain the following details as part of your CDD efforts: 

The corporate body’s name 

Registration details about the corporate body, such as its company name

The address of the corporate body’s registered office

If different to the above, the corporate body’s principal place of business 

The Law Society has further CDD advice for you to follow in the event that the prospective client is a corporate body.

However, the bigger question for you could be whether, for a given client, you should opt for Simplified Due Diligence or instead Enhanced Due Diligence. The answer will ultimately depend on the level of the money laundering risk the client appears to present to your business.

cyber fraud

Simplified Due Diligence

In certain circumstances, financial regulators will allow businesses like yours to settle for a relatively basic form of customer due diligence known as simplified due diligence (SDD). 

Though SDD does not omit any essential CDD steps, it enables customer verification to be completed in an appreciably easier and more time-efficient manner.

However, to safeguard your organisation’s AML compliance, you should save SDD for checking customers where the money laundering risk can initially be discerned as low. You could therefore seriously consider applying SDD if the customer is: 

A large, publicly owned enterprise 
A company with securities listed on a regulated market
A company based in a third country with effective AML systems
An individual who makes money through reliable, trustworthy means
An individual living in a geographical area of lower risk
two professional women discussing at table

However, this is not an exhaustive list of the criteria that could reduce the customer’s AML risk sufficiently for you to justify using SDD in their particular case. 

Regulation 37(3) of the MLR 2017 lists further factors for you to heed when determining whether SDD measures would suffice. However, even if at least one of these factors is indeed present, this does not necessarily indicate that the risk is low.

This is where the importance of your pre-CDD risk assessment comes into play. The results of your initial KYC checks should help you to reliably judge when SDD measures can be enacted while keeping your organisation compliant with AML legislation.

It bears emphasis that Simplified Due Diligence may not be suitable for particular industries or products. Hence, you should tread carefully during your initial KYC checks so that you can accurately ascertain whether the situation would actually call for Enhanced Due Diligence (EDD).

virtual banking concept

Enhanced Due Diligence

As you put certain customers through preliminary KYC checks, you could pick up on a few warning signs possibly evidencing a high risk of money laundering or terrorism financing. 

In situations like these, you could seriously consider implementing Enhanced Due Diligence (EDD). This is very much as the term implies, as EDD adds extra steps to the Customer Due Diligence process to ease your efforts in precisely ascertaining the extent and nature of the risk in this case.

Here, too, the MLR 2017 specifies what you should watch out for. According to the MLR 2017’s regulation 33(1), you must proceed to EDD if the transaction or business relationship will involve: 

A person established in a third county where a high risk of money laundering or terrorism financing applies 
A PEP (Politically Exposed Person) or known close associate of one
A complex and unusually large transaction 
A transaction with no apparent economic or legal purpose 
Any other situation where the risk of money laundering or terrorism financing would be higher 
professionals looking at digital file

However, there can be much complexity in reaching the decision of whether a customer should be classed as ‘higher-risk’ in a way that would warrant EDD. You are advised to judge each situation on its own terms, and consider whether the customer is, for example:

A company with nominee shareholders or shares in bearer form
A cash-intensive business
A company that is excessively complex in corporate structure given the nature of the business
A transaction potentially favouring anonymity 
From a country funding or supporting terrorism 
cyber security concept, padlock

Of course, scrutinising customers manually can be a time-draining process, which helps to explain why you can benefit from automating it when and where possible. When you perform AML checks with SmartSearch’s platform, the following will be included as standard:

  • PEP checks and sanction screenings

In many instances, it would be illegal for your business to onboard a customer who is subject to financial sanctions. It can also be problematic — if not illegal — to accept a PEP (Politically Exposed Person) as a customer, as they could be a target for people attempting bribery or corruption.

Hence, it is crucial that your AML checks include looking up whether the customer appears on sanctions lists and PEPs lists. Unfortunately, though, there is no official source listing all sanctions and PEPs in a single place — meaning that manually checking for sanctions or PEPs can be arduous.

This unfortunate situation can leave you feeling caught between a rock and a hard place. However, this is also why we have integrated PEP checking and sanction screening functions into our comprehensive AML compliance platform.

When you run any AML check on this platform, it will refer to the Dow Jones Watchlist — itself comprising over 1,100 databases — to see if the customer is matched to any PEPs or sanctioned individuals included on the Watchlist.

If there is a match, the SmartSearch system will automatically trigger Enhanced Due Diligence on it — as well as screen the customer again every night and let you know if there is any change to the customer’s status as a PEP or sanctioned person.

The Importance of Ongoing Due Diligence for fraud prevention 

Regulation 28(11) of the MLR 2017 explains that Customer Due Diligence measures required under the legislation must include ongoing monitoring of a business relationship.

This includes scrutinising transactions initiated by the client as part of the relationship. Where necessary, you should know not only the source of funds but also that these transactions are consistent with the information you have about the customer and their risk profile.

We offer an electronic AML monitoring tool where you can leave the SmartSearch system to automatically track the customer’s transactions with your business. This technology can detect signs of suspicious activity and alert you of potentially fraudulent behaviour on the client’s part.

In the course of AML transaction monitoring, our platform can continually watch: 

Reference agencies
Fraud lists
Bank card activity
Mobile phone activity

As a result of leaving SmartSearch’s electronic AML monitoring platform running, you can reduce your company’s fraud risk by guarding against identity theft, which arises when someone steals another person’s personal details with the intention of using them to commit identity fraud.

However, as you would still be prompted to take manual action in the event that the platform indeed flags up certain customer behaviour as suspicious, the onus would be on you to establish a thorough understanding of the customer’s usual and reasonable activity.

You would consequently be able to more easily identify transactions that ought to be classed as unusual. However you do define situations or thresholds for this purpose, so you should make sure your methods for Ongoing Due Diligence are transparent as well as regularly reviewed.

hacking, money laundering

What are the consequences of inadequate due diligence?

Failing to perform proper due diligence checks can have significant adverse implications for your business. If HM Revenue & Customs (HMRC) finds that you have violated the MLR 2017, you could potentially be hit with a financial penalty.

In a particularly serious case, you could even be faced with criminal prosecution. Naturally, any punishment levelled by HMRC against your business as a result of it failing to carry out reasonable due diligence can bring about the negative publicity that inflicts reputational damage to your business.

This damage, in turn, could deter many individuals and companies from working with your business. The consequences of inadequate due diligence can therefore snowball over time, and result in losses far greater than those initially incurred from actions taken by HMRC.

Essential steps for efficient KYC onboarding process and AML compliance

Though the impact of money laundering is difficult to measure, the United Nations Office on Drugs and Crime (UNODC) estimates that each year, 2% to 5% of worldwide GDP is laundered. Here are several steps your business must take to meet AML compliance requirements: 

Collect and assess data for customer verification:

This must be done before you enter into any corporate relationship with a new customer — and include collecting at least the data necessary for evidencing the customer’s name, address, and visual identity.

Reference third-party data from reliable sources:

The idea here is to tap into information from a trustworthy independent provider so that you can reliably verify customers. One example of such a provider is SmartSearch, which has ties with multiple data companies.

Use Enhanced Due Diligence (EDD) as appropriate: 

You can ascertain suitable times to implement EDD if you pursue a thorough Customer Due Diligence (CDD) process. Our automated KYC platform can be used to smoothly conduct regular CDD and EDD checks.

Remediate KYC data:

This is another process that SmartSearch can help you to ease. You can establish specific ‘rules’ for running KYC remediation projects, while our automated platform would allow you to time-effectively deliver KYC remediation campaigns in bulk.

Leave a secure audit trail:

When you have at close hand a secure audit trail of all changes and modifications that have been made to the customer record, you can demonstrate to regulators that your business is meeting all the latest AML regulations.

We at SmartSearch offer the only AML platform built to verify individuals and corporate clients based anywhere in the UK — and we throw in full sanction and PEP screening along with ongoing monitoring to make for an extensive overall package.

We can provide your business with a bespoke subscription to our automated AML platform if you get in touch with us to discuss your particular business needs. You can reach us by phone on 0113 537 4042 or email via

Frequently Asked Questions

  • What are the benefits of KYC?

    Including KYC in your AML compliance process is hugely beneficial. By verifying your customer’s identity, you reduce the chance of doing business with anyone who is known to be involved in financial crime. You’ll be protecting your business from fraud, and helping to combat money laundering and terrorism financing on a wider level. The KYC process can also help you to better understand your customer’s financial background, and serve them better as a result.

  • What is meant by KYC in banking?

    In banking and financial services, KYC stands for Know Your Customer, and refers to the process during which financial organisations obtain information which enables them to verify the identity of their customers. This information may consist of data like names, addresses, photographic IDs and details of nationalities, depending on whether you’re verifying the identity of an individual or a business. 

  • What are KYC requirements?

    While these could vary slightly according to the financial institution in question, most banks will require the following for KYC checks: a photographical ID, proof of date of birth and proof of address using a document like a credit card bill or similar. 

  • What are the different types of KYC?

    There are two main categories of KYC checks: electronic and paper-based. While paper KYC checks rely on customers physically bringing in their identification documents, electronic KYC checks don’t require the presence of the customer at all.  

  • How is KYC done?

    KYC can be carried out in two different ways. With paper KYC checks, you’ll need to verify your customer’s identity using physical documentation provided by them, and carry out sanctions checks and PEP screening manually, using the information gleaned from these documents. Electronic verification is both faster and more accurate than manual; checks are carried out in seconds using regularly updated international databases, like the Dow Jones WatchList. 

  • Is KYC mandatory?

    In the UK, KYC is compulsory for all registered financial institutions and banks. These checks are mandatory because they help you as a business to comply with AML regulations enforced by the FATF, as well as the recommendations of the FCA.  

  • Who needs KYC?

    Every registered bank and financial institution should have a process in place for performing KYC checks and customer due diligence, and not a single customer or client should be exempt from this screening process. 

  • How can firms transition to pKYC?

    In addition to technology and data sources needed for the identification, verification and screening required for standard KYC, businesses that want to transition to pKYC will need to aggregate and enrich their data using other free and paid-for public sources, as well as any internal data they own.

    Overlaying their own data is a key part of pKYC as it can offer a much more valuable level of information that is unique to the business and its risk level. By utilising the information they hold on their clients, regulated firms will be able to recognise connections and potential issues that would otherwise be impossible to identify. 

  • Making a business case for pkYC

    Not only is it more cost effective for businesses to manage their risk perpetually rather than transactionally, as it uses fewer resources and requires less intervention, but by gathering and managing up-to-date information, firms can also create better and more meaningful long-term relationships with their clients. A personal update on a client - new name, new address, different job - can create business opportunities for professionals as life events often lead to the need for products, services, and advice. Furthermore, a system that is able to detect out-of-date clients means businesses are able to focus their attention on existing relationships to maximise profitability.