In a world where deepfakes — highly realistic, computer-generated impersonations of real-life people — are increasingly used to commit financial fraud, it’s important for financial institutions to verify the identities of new clients. That’s where Know Your Customer (KYC) comes in.
KYC is a broad regulatory framework that helps businesses verify the identities of new or existing customers. It also allows them to assess the risks these customers pose and better understand the sources of their funds.
A key part of this process involves the submission and verification of KYC documents — various official forms and materials that help prove an individual’s identity. But what qualifies as a KYC document? What are the regulatory requirements around what is and isn’t acceptable? And can businesses verify these documents without overburdening their customers?
In this article, we’ll cover:
What is a KYC document?
Which documents are accepted for identity verification?
KYC document requirements by industry
Common KYC document verification steps
How Fourthline can help with KYC document verification
What is a KYC document?
A KYC document is an official document used to verify a customer's identity as part of the mandatory Know Your Customer (KYC) process. Taken together, these documents help to ensure that the individual is who they claim to be. KYC documents — and the KYC process in general — are essential for regulatory compliance and a vital tool in the fight against financial crime.
KYC documentation requirements vary from region to region. They may also differ depending on the type of financial institution, the type of customer (individual vs. corporate), and the level of risk associated with the customer. With that said, commonly accepted KYC documents include:
Government-issued photo IDs, such as a passport or driver's license
Proof of address, such as a utility bill or bank statement
Tax identification documents (for verifying tax residency or source of funds)
Business clients typically need to provide additional documents that prove the basic facts about their business. These may include:
Company registration certificates
Proof of business address
Identification of directors and beneficial owners
When are KYC documents required?
KYC documents are typically required when a client first opens a bank account, applies for a loan, or signs up for investment services. But KYC is rarely a “one and done” process. Regulations and best practices often require clients to provide updated KYC documents periodically. This process, known as re-KYC, can be triggered by:
Large transactions above a certain regulatory threshold
Suspicious transactions or unusual account behavior
Changes in clients’ information, such as an address or legal name update
Re-KYC might also be triggered by a risk assessment or a request from a regulator. Many jurisdictions specify timelines for routine re-KYC checks, which may be required every year or every few years.
Which documents are accepted for KYC verification?
Different KYC documents may be considered acceptable depending on where the business operates and what type of business it is (e.g. financial vs. non-financial). And some regions, transaction types, or client profiles might require additional verification steps, such as biometric authentication or notarized copies.
Commonly accepted KYC documents for individuals and businesses are listed below.
KYC documents for individuals
Proof of identity. These documents verify a person’s identity and typically include a photo and signature. Examples include:
Passport
Driver’s license
National identity card
Social security card (this is typically considered a secondary or supplementary document if it lacks a photo or address)
Proof of address. These documents confirm the client’s residential address and must be recent (typically within the last three to six months). Examples include:
Utility bill (electricity, water, or gas)
Bank statement
Rental agreement or lease contract
Property tax receipt
Financial and tax documents. Though not always required for lower-risk clients, these help to verify a client’s financial background and tax status. They include:
Tax identification number (TIN) document
Income tax return (ITR)
Social security or pension statements
KYC documents for businesses
Corporate proof of identity. These documents verify a business’s identity and include:
Certificate of incorporation confirming the company’s legal formation
Business registration license
Memorandum and Articles of Association outlining the business’s objectives and scope
Authorized signatory list with identification documents
Proof of business address. This verifies the registered business location and can include:
Utility bills for business premises
Tax filing documents
Bank statements
Commercial lease agreements
Heads up: the requirements for businesses can be more extensive than those for individuals. Some jurisdictions may require further KYC documents for businesses, including source of funds documentation, corporate structure charts, and beneficial ownership information.
KYC document requirements by industry
While the core purpose of KYC remains the same, each industry has its unique regulatory and compliance obligations, and the document requirements can differ significantly.
Here’s a breakdown of the typical KYC document requirements in various key industries:
Banking requirements
Banks must comply with strict anti-money laundering (AML) and counter-terrorism financing (CTF) regulations set out by local financial regulators such as the Financial Action Task Force (FATF). Their KYC processes tend to be rigorous, requiring a combination of a government-issued photo ID and proof of address to verify the identity of their clients.
Some banks may request additional documents, such as utility bills, tax returns, or bank statements. In high-risk situations, they may also require an additional verification step, such as an in-person interview or third-party verification, to mitigate the risk of illegal activity.
Cryptocurrency requirements
Though it is fast becoming more mainstream, crypto is still considered the “Wild West” of finance. The recent introduction of regulations such as MiCA (Markets in Crypto Assets), which introduces KYC requirements for crypto-asset service provides (CASPs), means that crypto is moving towards greater institutionalization, especially in the EU.
Like banks, most crypto exchanges now require customers to submit some kind of government-issued photo ID, proof of address, and sometimes a live selfie or video verification to confirm their identity. On top of that, some exchanges also request additional financial documentation, such as bank statements or proof of source of funds, especially for large transactions.
Investment firm and mortgage broker requirements
Wherever there’s the potential for money laundering, some kind of KYC process will almost certainly be necessary. For example:
Investment firms generally require a government-issued ID, proof of address, and sometimes financial documents — such as tax returns or bank statements — to assess a client’s financial suitability.
Mortgage brokers usually require proof of income, address verification, and identification to assess a borrower’s ability to repay a loan.
Common KYC document verification steps
KYC document verification involves several steps to confirm the authenticity and accuracy of the information provided by a client.
One effective approach is to use a combination of manual and automated checks to validate the submitted documents. This ensures thorough checks without disrupting the client experience more than necessary.
Below are some of the most common KYC document verification steps:
Document authenticity check: Here, the financial institution confirms the submitted KYC documents are legitimate and haven’t been altered by verifying security features such as holograms, watermarks, and barcodes. Nowadays, this can be automated by document scanning, i.e., extracting data from uploaded KYC documents.
Information validation: The information within the documents is cross-checked with external sources to confirm its accuracy. For example, a bank might validate the address on a utility bill against the client’s information in public databases, or match tax identification numbers with national or international registries. AML screening lists (e.g., sanctions, PEPs) may also be part of deeper checks.
Facial recognition and biometric verification: In addition to the methods above, digital verification is increasingly used to streamline the onboarding process. This includes facial recognition, where the client uploads a selfie or video for comparison against their ID photo. “Liveness detection” tests, in which a client may be asked to turn their head or blink their eyes, are increasingly used to combat spoofing attacks, like printed photos or deepfakes.
Onboard clients confidently with Fourthline
New fraud techniques and technologies are emerging all the time. In response, regulations are constantly being updated. This means it can be hard to stay on top of KYC documentation requirements. At the same time, you want to keep customer friction to an absolute minimum, requesting and reviewing the necessary documentation without damaging your conversions.
Fourthline was built to help banks balance watertight compliance with a seamless customer experience. Our comprehensive KYC and AML solutions include advanced KYC identity verification, which covers over 3,500 document types and delivers decisions within 60 seconds.
To find out more about our KYC onboarding solution, get in touch.
Frequently asked questions about KYC documents
What is the difference between primary and secondary KYC documents?
Primary KYC documents are official government-issued identification documents that contain critical information such as name, photo, and date of birth. They include passports, national identity cards, and driver's licenses.
Secondary KYC documents support the primary documents by providing additional verification, such as proof of address or financial status. These include utility bills, bank statements, tax documents, and rental agreements.
How long is a KYC document valid for?
The validity of a KYC document may vary depending on the type of document and the region in question. But some general principles usually apply:
Government-issued ID (such as a passport, national ID, or driver’s license) are valid until their expiration date.
Proof of address documents (like utility bills, bank statements, or tax documents) typically need to be less than three months old.
In the case of re-KYC, documents generally must be verified every one or two years. They may need to be reverified sooner if a client’s circumstances or regulations change.
Can I use digital copies of KYC documents?
Yes, many financial institutions now accept digital copies or scanned versions of KYC documents, especially if submitted through secure online platforms. However, they typically must be high-quality, full color, and taken from the original document (i.e., no not a copy of a copy). Clients must ensure that text, images, and security features are all clearly visible.
In some cases, such as high-risk transactions or clients located in high-risk regions, a certified physical copy of the documents may be necessary.
