19.05.2025AML & KYC Education

Is KYC Mandatory? A Perspective on the Legal Requirements by Country

Gabriele RosatiBy Gabriele Rosati - Sales Manager
Stylized hero image for "Is KYC Mandatory" guide with Fourthline branding design

After more than four years in the commercial team at Fourthline, I've developed deep expertise in Know Your Customer (KYC) requirements across different jurisdictions. But my journey with KYC began much earlier. Prior to joining Fourthline, I worked in banking and finance for seven years. This is when I first learned about how different countries and jurisdictions approach the legal requirements of KYC and compliance.   

When people ask me whether KYC is mandatory, my answer is, generally, yes. It's difficult to think of a situation in which KYC is not a key process of customer onboarding and an important consideration throughout the customer relationship. With that said, KYC is more than just a simple checkmark on your institution's list of legal requirements — especially for financial institutions with an international presence. Regional variations in regulatory requirements (and even local cultural expectations) can significantly impact your business, conversion rates, and customer experience. 

What is KYC and why does it matter? 

At its core, the KYC process exists to give you a deeper knowledge and understanding of your customers. It answers the questions, "Who is this person?", and "Should we give them access to the financial system?". These answers aren't simple, and to arrive at them you need many pieces of data.   

The first essential component is identifying the person — in other words, making sure that Gabriele is really Gabriele. Then, you need to make sure that this person falls within your risk appetite: Is Gabriele a politically exposed person (PEP)? Is he sanctioned? 

It's also worth mentioning that KYC isn't just a one-time checkpoint. It's continuous. Throughout the business relationship, you need to make sure that Gabriele keeps on being Gabriele, i.e., the person who falls within your risk appetite and whose financial activity aligns with anti-money laundering requirements. 

The European KYC framework: Consistency, with key differences 

Many companies assume that KYC requirements differ significantly across Europe. In reality, KYC regulations are broadly consistent due to shared frameworks like the Anti-Money Laundering Directives (AMLDs). These regulations provide a common foundation, ensuring that due diligence processes in countries like Italy and Germany are aligned with EU-wide standards. 

But there are important nuances in how these requirements are implemented, and what qualifies as a “properly” conducted identification process may vary across countries. Some countries require businesses to collect and verify information that simply isn’t required by others. And even two countries that require the same type of information may have different standards for how that information is collected and verified.  

So, while we generally see consistency across countries at a high level, businesses still need to plan around those key differences.  

Insights into country-specific KYC requirements 

The digital onboarding landscape in Europe is evolving due to upcoming changes in the Regulatory Technical Standards (RTS) for Anti-Money Laundering/Counter-Terrorism Financing (AML/CFT). These updates, issued by the European Banking Authority (EBA), are designed to streamline, secure, and standardize ID verification processes across EU member states. The result, hopefully, will be more consistency in onboarding practices. 

Digital-first solutions, such as biometric verification, are already the standard for remote onboarding in many countries, but the creation of a centralized EU database should help to promote more uniform standards across member states. This may lead to a shift away from more burdensome methods such as live video identification (Video-Ident), a common practice in Germany that may become a secondary option based on local conditions and risk assessments. In any case, businesses need to stay informed and adaptable as the European regulatory environment continues to shift. 

As regulations evolve, it can also help to keep in mind historical KYC practices and what we've seen on the ground in individual countries — not because it will always stay the same, but because it can provide some interesting insights on the logic and focus behind each country's approach. Here’s a look at some key country-specific considerations in the context of the shifting landscape: 

Germany and Austria: Video verification standard 

Germany and Austria are known for their relatively stringent KYC requirements. Historically, this has meant a strong reliance on live video identification (Video-Ident) as the dominant means of KYC.  

But times are changing. Though Video-Ident remains entrenched in Germany, there are real signs that it is in decline. For one, the German Ministry of Finance publicly stated that it considers Video-Ident a bridge technology — one that may be replaced sooner rather than later.  

This makes sense. We've seen that meeting all the requirements for Video-Ident — including the manual process of having trained professionals available in real-time to verify each exchange — can be costly for businesses. That’s why at Fourthline we’ve built a scalable alternative solution that verifies users through a digital KYC flow, followed by a Qualified Electronic Signature (QES) and a bank account check.

KYC_in_Germany_-_flow

Proposed EU AML regulations may hasten the German shift away from Video-Ident. A German eID option currently exists, though it has real problems with conversion. These problems may be addressed by the implementation of a new eID standard based on other eIDAS-compliant solutions (e.g., European Digital Identity [EUDI]), or a flow including QES.

France: A risk-based approach to proof of address 

In France, depending on the institution, you need to understand the risk profile and what kind of money laundering risk your business is exposed to in relation to the client. This risk-based approach also extends to residence verification — when someone onboards, they need to declare where they reside.   

The level of verification depends on your internal risk assessment as a business. Based on the level of money laundering risk you face, you’ll need to decide whether simply accepting that declaration is enough, or whether you also need to ask the user to prove what they’ve stated. In higher-risk cases, that means requesting proof of address, usually in the form of a utility bill or other official document.  

As you consider different verification solutions, it helps to find one that both complies with local requirements but is also easy to scale. France is a good example of this, as French regulators have spelled out six requirements to comply with local anti-money laundering regulations. A business must implement two of these six requirements to be considered compliant — but some are more scalable than others. Fourthline offers a solution based on requirements two and six — ID verification and QES. Because this solution is eIDAS-compliant, it has proven to be a popular option for businesses that operate in France as well as elsewhere in the EU. 

The Netherlands: A relatively business-friendly approach 

The Netherlands supports digital onboarding using Identity Document Machine Verification (IDMV) and biometric checks like facial recognition. These methods are widely accepted across sectors and make the country relatively business-friendly for remote KYC. Still, financial institutions must comply with the Dutch AML law (Wwft), which may require additional checks depending on the risk level. 

Italy and Spain: User-friendly frameworks 

In Italy and Spain, onboarding is generally seen as relatively user-friendly, with a focus on digital-first verification methods. These often include automated checks for identity documents and biometric verification, allowing users to complete the process remotely without the need for synchronous video calls with a live agent. Both countries have embraced digital onboarding within a risk-based framework, offering a smoother experience for customers, especially those with a low-risk profile. 

Primary vs. secondary identification documents 

Each country has its own rules about which documents are considered acceptable identification. As you might imagine, these rules are especially strict for banks and other financial services institutions. Implementing the wrong document acceptance policy can lead to regulatory issues down the road.   

Here are some important distinctions between what's considered a primary ID document and a secondary ID document:   

  • A primary document is a core identification document, such as a passport or ID card, that you can use for travel or general identification purposes. These documents are universally accepted as proof of identity.  

  • A secondary document, on the other hand, might include a driver's license. In some countries, a driver's license can serve as identification for specific purposes, but it may not be universally accepted for all ID verification needs. 

Each country has its own rules regarding which documents are considered acceptable for identification, particularly when it comes to financial services. Businesses need to understand these regulations to avoid the risk of compliance issues or regulatory penalties later on.  

Implementing the wrong document acceptance policy can lead to complications with both local regulators and customers, as it can impact the validity and credibility of the verification process. 

The evolution of fraud and fraud-prevention technologies 

In my years working with fintechs and financial institutions, I've seen the constant arms race between fraud attempts and prevention technologies. I've also seen that fraud and fraud prevention tend to evolve at the same rate, though where one gets ahead of the other depends a lot on the resources put into both.   

To fight against more sophisticated fraud, you need to have more sophisticated solutions. There's a lot of people now who can be subject to very sophisticated types of fraud — the kinds of fraud that can't always be fully covered by existing fraud-prevention technologies.   

For example, people in certain age groups, such as the elderly and even children, are often more vulnerable to sophisticated scams. That's why financial institutions implementing KYC solutions must figure out a way to balance both security and accessibility for all demographics. 

What the future holds: A move toward digitization 

Looking ahead to 2026 and beyond, we're clearly entering a more digital-first era. That means moving away from traditional physical ID checks.   

The European Union specifically is moving toward standardized digital identification through the eIDAS 2.0 framework, which includes the rollout of the European Digital Identity (EUDI) Wallet. This initiative aims to streamline KYC processes and create more cohesion in the approach taken across member states.   

The EUDI Wallet will likely reduce onboarding friction while helping to maintain strong security and trust, and it's something all financial institutions should begin preparing for as soon as possible.  

Balancing compliance and conversion 

As fintech security professionals, we're always navigating the balance between regulatory compliance and user experience. In that context, the wide variation in KYC requirements across jurisdictions presents both challenges and opportunities.   

Companies that understand these nuances can implement smart, jurisdiction-specific onboarding flows that satisfy local requirements while minimizing unnecessary friction. The goal should always be to meet or exceed regulatory standards while providing the smoothest possible experience for legitimate customers.  

Businesses operating across multiple jurisdictions should adopt a country-by-country approach to KYC implementation, working with compliance experts who understand both the letter and the spirit of local regulations. While this may sound burdensome, it doesn’t necessarily mean creating complex internal processes and structures to handle different requirements. Fourthline’s solutions can help your business quickly enter new markets and/or comply with shifting requirements in your current markets, ultimately resulting in fewer costs and headaches. 

Remember: while KYC is mandatory, how you implement it can make all the difference to your customers' experience and your business outcomes.

To learn more about Fourthline's KYC solutions, get in touch with me today.

Gabriele is a seasoned professional with extensive experience in sales and account management, currently serving as Sales Manager at Fourthline. He holds a Master of Business Administration from Rotterdam School of Management and a Bachelor's degree in Economics and Management from Università Cattolica del Sacro Cuore and Università degli Studi di Ferrara.

This article is for informational purposes only and does not constitute legal advice. Because regulations change frequently, always consult with legal and compliance professionals regarding your (or your business’s) specific circumstances.