Get started

The Ultimate Guide to KYC, AML and CDD Requirements for UK FinTechs

KYC AML and CDD for UK FinTechs


The United Kingdom is ranked sixth in the world for GDP and has a booming financial services sector, both of which are supported by the country’s strong economic fundamentals and record in promoting corporate responsibility.

The UK’s Financial Conduct Authority (FCA), which oversees financial services companies and financial markets, is renowned for its innovative mindset. Take into account that the UK has the second-highest rate of FinTech adoption globally. The notion of RegTech itself, as well as the concepts of regulatory sandbox and open banking, were developed in the UK as a consequence of cooperation and interaction between the FCA and FinTech firms. The UK is open to new innovations and it has a strong regulatory framework, which makes it an ideal location for FinTechs to thrive.

KYC and CDD Processes

keywords: customer due diligence process

KYC and customer due diligence processes are a mandatory requirement for all regulated businesses, who are required to have a robust process in place to identify and verify customers before they can offer them any regulated products or services.

The FCA has also laid out guidelines on how financial institutions should implement KYC and CDD processes, which include appropriate checks on customers’ identity, age and residency status; appropriate checks on customers’ source of wealth; appropriate checks on customers’ business activities; verifying that customers are not politically exposed persons (PEPs); and verifying that customers do not pose an unacceptable risk to the firm or market integrity.

The FCA favours a risk-based strategy in general, emphasising results over specific AML laws and regulations.

According to the 2017 revisions to the AML laws, there are three prerequisites for carrying out adequate Customer Due Diligence (CDD):

(a) Describe the client

(b) confirm the identification of the customer

(c) evaluate the goal and intended nature of the commercial relationship or occasional transaction and, where necessary, acquire information on it.

The UK Government provides a Good Practice Guide: Identity Proofing and Verification of an Individual, notwithstanding the fact that the statute itself lacks specificity. The Guide clearly highlights the possibility of doing a digital identity check on a person.

How to Perform KYC and AML in the UK

keywords: best method to do kyc uk, customer due diligence methods uk

The person(s) who ultimately owns or controls the customer and/or the person(s) on whose behalf the transaction is being undertaken will be needed to provide a valid form of identification and proof of current residential address. The individuals who have the ultimate influence over the customer’s business will also be included.

For persons who will trade with Homes England and/or offer Homes England instructions regarding the use or transfer of monies or assets, proof of identity and address will also be required based on the risk. This could include the Directors (or equivalents) of the customer, authorised signatories, etc. A risk-based strategy may call for more background information on the person’s (or persons’) history.

For complex company structures, a business structure chart must be given – especially when offshore companies are involved.

Politically Exposed Persons (PEPs)/Sanctions Checks – Additional information pertaining to the country of birth, country of residence, etc., for key controllers/beneficiaries may be necessary to enable expanded due diligence to be done.

We will need information on how the entity and/or key controllers/beneficiaries obtained their wealth, as well as explanations of the origins of the funds for this transaction. Source of assets and source of financing.

Two kinds of identification for all primary controllers are required. They are also known as beneficial owners, who own a 25% or more interest in any corporate structure firm or who are authorised to sign on the company’s behalf.

Proof of Identity

There are lots of non-digital methods to conduct identity checks such as:

  • Over the phone
  • By post
  • By email
  • Face to face

The guidance from FCA lists five components of identity verification:

  • Obtaining proof of the claimed identification (your “strength”).
  • Verifying the legitimacy or veracity of the evidence
  • The activity of verifying the stated identification has existed over time
  • Determining whether there is a significant danger of identity fraud with the stated identity
  • Verification is the process of confirming that the identity belongs to the individual claiming it.

In addition to the methods above, it is also possible and in many cases to conduct identity verification via digital means. Using the latest AI-powered verification solutions it is possible to verify the identity of a government-issued identity document. This is analogous to being handed an identity document in person and verifying by yourself if the image on the document matches the person in front. Ensuring that the document does not look or feel fraudulent and/or is not expired.

IdentityCheck is such a solution, in terms of being able to verify the following UK identity documents:

  • British Passport
  • UK Driver’s Licence
  • UK Residence Card

Here is the high-level process for a person undergoing verification:

  • They receive an email containing their unique verification link
  • Upon visiting the link, they receive a QR code which they can scan with their smartphone
  • Following on-screen prompts, they will then take a picture of their identity document (front and back) and a selfie
  • Done!

Additionally, the same process can be extended to over 10,000+ document types in over 100+ countries around the world.

Pricing for such plans is simple and affordable and you can start in minutes. Sign up here, free, no credit card required.

Proof of Address

  • The second form of ID must have your full UK photo and show your permanent address – for example, a driving license.
  • Credit card or bank statement from a UK or international bank (dated within the last three months and not printed from the internet)
  • Mortgage disclosure in the UK (dated within the last 12 months and not printed from the internet)
  • A letter from a UK utility company OR a council tax bill for the current year less than 3 months old, except for water bills which must relate to the current charging period (less than 3 months old).
  • Or, a schedule for UK Direct Debit (less than 12 months old). This should confirm the validity of the search for your name and address.


In both regulated and unregulated industries, the term KYC can indicate several things in different settings in the UK context. We have made an effort to offer a nuanced perspective on how KYC processes might be embraced and how they differ from one another in this article. The Know Your Business (KYB), Politically Exposed Person (PEP) and Sanctions monitoring, Anti Money Laundering checks, and other topics will be covered in detail in the upcoming sections.

More Posts


Stay connected to StackGo

Related Posts