If you’ve ever opened a bank account in Mumbai, Dubai, London, Toronto, or New York — or signed up for a crypto exchange, a digital wallet, or a stock trading app anywhere in the world — you’ve been through KYC. It’s the reason the bank asked for your ID card, a liveness selfie, and proof of your address before letting you transfer a single dollar, dirham, pound, or rupee.

KYC stands for Know Your Customer. In simple words, it is the process financial institutions use to confirm who you really are before doing business with you.

This guide breaks down exactly what KYC is, why it exists, how the process actually works in practice, and what every compliance professional — from a new analyst in Gurugram to a KYC manager at Barclays London or a senior reviewer at Emirates NBD Dubai — needs to understand before moving on to advanced topics like CDD, EDD, or sanctions screening.

Quick Answer: KYC in One Sentence

KYC is the mandatory process by which banks and other regulated businesses verify a customer’s identity, assess their risk profile, and monitor their activity over time to prevent fraud, money laundering, and terrorist financing.

If that sentence feels dense, don’t worry — the rest of this guide unpacks every word.

Why Does KYC Exist?

KYC didn’t exist in any serious form before the 1970s. It became a global standard after a series of financial scandals showed regulators that criminals were using banks to clean dirty money at an industrial scale.

Three major turning points shaped modern KYC:

1. 1970 — Bank Secrecy Act (USA). The first law requiring banks to report suspicious activity.
2. 1989 — Financial Action Task Force (FATF) formed. 39 countries agreed to fight money laundering together, creating the first global KYC standards.
3. 2001 — Post 9/11 reforms. The USA PATRIOT Act made customer identification mandatory and expanded KYC into counter-terrorist financing (CFT).

Today, KYC is enforced by regulators in nearly every major financial jurisdiction: FinCEN & OFAC (USA), FCA (UK), FINTRAC (Canada), MAS (Singapore), HKMA (Hong Kong), DFSA (Dubai DIFC), ADGM FSRA (Abu Dhabi), SAMA (Saudi Arabia), RBI & SEBI (India), FINMA (Switzerland), and dozens more.

Non-compliance carries penalties that regularly run into hundreds of millions of dollars. In 2012, HSBC paid $1.9 billion for KYC failures. Danske Bank’s Estonia branch laundered $200 billion through weak KYC between 2007 and 2015. Standard Chartered was fined $1.1 billion by US and UK regulators in 2019 for sanctions and AML control failures.

The short answer to “why does KYC exist?” is this: because financial crime at scale can only happen when banks don’t know who their customers are.

What Does a KYC Process Actually Look Like?

A typical KYC check has four stages. Every global investment bank — Goldman Sachs, JPMorgan Chase, Morgan Stanley, Bank of America, Citi, Barclays — runs variations of this exact framework across their onboarding desks in New York, London, Mumbai, Hong Kong, and GIFT City.

Stage 1: Customer Identification Program (CIP)

This is the “who are you?” stage. The bank collects information that proves your identity.

What’s typically collected:

• Full legal name
• Date of birth
• Residential address
• Government-issued ID number (passport, national ID, SSN, Emirates ID, Aadhaar, PAN)
• Photograph / live selfie
• Tax Identification Number (TIN) for corporate and cross-border customers

How it’s verified:

• Document authenticity checks (hologram, MRZ strip, security features)
• Biometric liveness detection (making sure you’re a real person, not a photo)
• Database cross-checks against government identity registers

A real-world example: when you open an account with a global retail broker like Charles Schwab or Interactive Brokers, you submit a government ID plus a liveness selfie. Tier-1 investment banks such as Goldman Sachs, Morgan Stanley, and Barclays apply the same controls — at much greater depth — when onboarding corporate banking clients worldwide.

Stage 2: Customer Due Diligence (CDD)

Once the bank knows who you are, they need to understand what kind of customer you are. This is Customer Due Diligence, often shortened to CDD.

CDD answers questions like:

• What is your occupation?
• What is your expected source of funds?
• How much money will flow through this account each month?
• Are you connected to any higher-risk activities or jurisdictions?

A salaried software engineer with a standard current account is low-risk. A crypto trader running a custodial wallet service is medium-risk. A retired senior political figure opening a private banking relationship in Dubai or Zurich is high-risk. CDD is how banks sort customers into those buckets.

We cover CDD in detail in our dedicated Customer Due Diligence Guide.

Stage 3: Enhanced Due Diligence (EDD)

If a customer triggers risk indicators during CDD — for example, they are a politically exposed person (PEP), they come from a FATF grey-list jurisdiction, or they’re moving unusually large sums — the bank escalates to Enhanced Due Diligence.

EDD is deeper. Banks will ask for:

• Detailed source of funds documentation (payslips, business accounts, property sale contracts, share sale proceeds)
• Source of wealth (how the customer built their net worth over their lifetime)
• Senior management approval before the relationship is opened
• More frequent account reviews going forward — typically annual or semi-annual

EDD is not a punishment. It’s risk-proportionate. The bank is saying: “This relationship has higher potential for abuse, so we need more visibility before we’re comfortable.”

Stage 4: Ongoing Monitoring

KYC is not a one-time event. Once you’re onboarded, the bank watches your account continuously for behavior that doesn’t match your declared profile. This is called transaction monitoring.

Example: a junior employee declared a $5,000 monthly salary at onboarding. Six months later, $400,000 lands in their account from a shell company in a tax haven. That triggers an alert, which a compliance analyst investigates, and — if warranted — files as a Suspicious Activity Report (SAR) in the US or Suspicious Transaction Report (STR) in most other jurisdictions.

KYC in Practice: Three Real-World Scenarios

Scenario 1 — India: Corporate Onboarding at a Global Investment Bank GCC

Priya is a KYC analyst at Barclays’ Global Capability Centre (GCC) in Mumbai, supporting the bank’s corporate and investment banking business globally. She picks up a new onboarding file: a mid-sized manufacturing group in Southeast Asia wants to open a treasury relationship.

• CIP: Priya verifies the company’s certificate of incorporation, MOA/AOA, UBO declarations, and tax IDs across all jurisdictions of operation.
• CDD: she reviews the group’s nature of business, expected transaction volumes, counterparty countries, and any cross-border exposure.
• Risk rating: Medium — the jurisdiction is clean but some counterparties are in FATF grey-list countries.
• Decision: approve with annual periodic review cycle.

This is a typical day for thousands of KYC analysts in India’s GCCs — Goldman Sachs, JPMorgan Chase, Morgan Stanley, Bank of America, Citi, Barclays, BNY, and State Street all run major India centres supporting their global client onboarding from Mumbai, Bengaluru, Gurugram, Hyderabad, Chennai, and GIFT City. KPO specialists like eClerx, Genpact, WNS, Infosys BPM, and Accenture Operations hire thousands more to support the same banks on outsourced workflows.

Scenario 2 — UK: Private Banking Review at a Tier-1 Investment Bank

Michael is a senior KYC reviewer at a tier-1 investment bank’s London private banking desk. A high-net-worth client from a politically sensitive jurisdiction has requested a relationship increase to £20 million in discretionary assets.

• CIP + CDD: passport and Certificate of Residence already on file from initial onboarding.
• EDD trigger: the client’s uncle has recently become a senior government official, making the client a PEP by association under UK MLR 2017.
• Enhanced review: Michael commissions a detailed source of wealth report covering the client’s business history, property holdings, and a recent £8 million business sale. Adverse media screening is deepened.
• Senior approval: referred to Head of Compliance before the relationship uplift is authorised.
• Ongoing monitoring: upgraded to quarterly review cycle.

This is where KYC stops being a checkbox and becomes real compliance work — the kind of scenario that employers at Goldman Sachs, JPMorgan Chase, Morgan Stanley, Barclays, Bank of America, and Citi test senior candidates on in interviews.

Scenario 3 — UAE: EDD for a PEP at Dubai DIFC

Ahmed is a KYC manager at a major bank’s DIFC branch in Dubai. A former finance minister from a Sub-Saharan African country has applied to open a $10 million private banking relationship.

• CIP: diplomatic passport, Emirates ID (UAE residency visa), UAE phone number.
• CDD + EDD: comprehensive source of wealth covering 25 years of public and private sector earnings, family wealth, property portfolio across three continents, business interests, and board memberships.
• PEP classification: Foreign PEP — highest tier under DFSA AML rules.
• Adverse media: clean, but local language searches continue weekly.
• Senior approval: required from Head of Compliance and the MLRO before the relationship is opened.
• Ongoing monitoring: enhanced, with quarterly refresh and lower transaction-alert thresholds.

The UAE — across Dubai DIFC, Abu Dhabi ADGM, and the wider Middle East GCC region (Saudi Arabia, Qatar, Bahrain, Kuwait) — is one of the fastest-growing KYC job markets globally. Salaries are tax-free and typically 30-50% higher than equivalent UK or India roles for the same seniority.

KYC vs AML vs CFT — The Quick Distinction

Beginners often confuse these three terms. Here’s the clean separation:

Term	What it means	When it applies
KYC (Know Your Customer)	Identity verification + risk rating + monitoring	Every customer relationship
AML (Anti-Money Laundering)	The broader framework to detect & prevent laundering	Includes KYC, plus transaction monitoring, SARs/STRs, training
CFT (Countering the Financing of Terrorism)	Preventing legal or illegal money reaching terrorists	Includes sanctions screening, PEP review, geographic risk

Think of it this way: KYC is the foundation. AML is the house built on it. CFT is the security system inside.

Who Is Legally Required to Perform KYC?

KYC obligations apply far beyond banks. In most major jurisdictions, the following businesses must perform KYC:

• Banks and credit unions
• Investment banks and broker-dealers
• Custody banks and securities services firms (BNY, State Street, Fidelity International, Broadridge)
• Insurance companies
• Payment service providers and e-money issuers
• Crypto exchanges and virtual asset service providers (VASPs)
• Fintech firms offering accounts or transfers (Revolut and others operating under PSD2/MLR)
• Real estate agents handling high-value transactions
• Precious metals and gemstone dealers (above specified thresholds)
• Lawyers and accountants for specified transactions
• Casinos and high-value gaming operators
• Trust and company service providers (TCSPs)

In the US, KYC obligations sit under the Bank Secrecy Act and USA PATRIOT Act, enforced by FinCEN and OFAC. In the UK, it’s the Money Laundering Regulations 2017 enforced by the FCA. In Canada, the PCMLTFA enforced by FINTRAC. In the EU, the 6th Anti-Money Laundering Directive (6AMLD). In the UAE, the DFSA AML Module in DIFC and the ADGM AML Rulebook in Abu Dhabi. In India, the Prevention of Money Laundering Act (PMLA) 2002 and RBI Master Direction on KYC.

Common KYC Red Flags to Know

Even as a beginner, you should recognise the typical red flags that trigger deeper review:

• Reluctance to provide information. A customer avoiding questions about their source of funds is a classic warning.
• Inconsistent documentation. Name spelled differently across documents, or an address that doesn’t match any public record.
• Unexplained wealth. A recently-graduated customer depositing $500,000 in the first month.
• High-risk geography. Customers or transactions linked to FATF grey-list or blacklist countries.
• Shell structures. Corporate customers with no employees, no office, and owners hidden behind layers of holding companies.
• PEP connections. Politically exposed persons and their close family or business associates.
• Third-party funding. Someone else consistently funding the customer’s account without clear reason.

These red flags don’t automatically mean financial crime — but they require investigation.

Why KYC Is a High-Demand Global Career

If you’re reading this to understand KYC for a job — whether you’re applying for your first analyst role or moving up to manager — here’s the honest truth:

KYC is the single most-hired skill in compliance globally. Banks, fintechs, insurance companies, crypto exchanges, and KPO providers collectively employ hundreds of thousands of KYC professionals worldwide, with hiring concentrated in a handful of major hubs.

KYC Analyst Salary Benchmarks — Entry Level (0-3 years)

Region / Market	Annual Salary Range	Key Employers
🇮🇳 India (GCCs, KPO)	₹6–9 LPA (~$7K–11K)	Barclays, BofA, Citi, BNY, State Street, eClerx, Genpact
🇦🇪 UAE (Dubai, Abu Dhabi)	AED 10K–18K/mo tax-free (~$33K–59K)	Emirates NBD, HSBC DIFC, Standard Chartered
🇬🇧 UK (London, Edinburgh)	£35K–55K	Barclays, HSBC, JPMorgan, Morgan Stanley, Goldman Sachs
🇺🇸 USA (NY, Charlotte, Boston)	$55K–85K	JPMorgan Chase, BofA, Citi, State Street, BNY
🇨🇦 Canada (Toronto)	CAD 55K–80K	TD, RBC, Scotiabank, BMO, CIBC

KYC Senior Analyst / Manager Salary Benchmarks (5+ years)

Region / Market	Annual Salary Range
🇮🇳 India	₹15–40 LPA
🇦🇪 UAE	AED 25K–50K/mo tax-free ($82K–165K)
🇬🇧 UK	£70K–130K
🇺🇸 USA	$100K–180K
🇨🇦 Canada	CAD 95K–150K

Fintech employers like Revolut offer competitive base pay plus equity, targeting financial crime analysts with 2-5 years of experience. Global custody firms — BNY, State Street, Fidelity International, Broadridge — offer stable, long-career KYC and fund-services roles particularly strong in the UK, USA, and India.

But KYC interviews are competitive everywhere. Employers test real scenario handling — the kind you saw in the three examples above — not definitions. That’s where AGZIT helps you prepare.

TL;DR — Key Takeaways

• KYC = Know Your Customer. The mandatory process of verifying identity, assessing risk, and monitoring activity.
• Four stages: identification → due diligence → enhanced due diligence (when needed) → ongoing monitoring.
• Legally required for banks, investment banks, fintechs, custody firms, crypto exchanges, insurers, real estate agents, and more.
• Why it exists: to prevent money laundering, terrorist financing, fraud, sanctions evasion, and financial crime at scale.
• Career impact: KYC is the most-hired skill in compliance globally. Entry-level roles start at $7K in India GCCs, $33K+ tax-free in UAE, and $55K–85K in the US / UK. Senior roles cross $150K worldwide.

Published on AGZIT · Reviewed by KYC subject-matter experts · Last updated April 2026