Every business that deals with money — banks, law firms, accountants, real estate agencies, fintech companies — is required to verify who their customers are before doing business with them. That process is called KYC: Know Your Customer.
This guide gives you a practical KYC checklist for both individuals and businesses, a ready-to-use form template, and advice on collecting KYC documents without turning client onboarding into a months-long ordeal.
What Is a KYC Check?
A KYC check is the process of verifying a customer's identity and assessing their risk profile before establishing a business relationship. It's a legal requirement under Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations in most jurisdictions worldwide.
KYC checks serve three purposes:
- Confirm identity — Verify that the person or business is who they claim to be.
- Assess risk — Determine whether the customer poses a higher risk for money laundering, fraud, or terrorist financing.
- Maintain compliance — Meet regulatory obligations and avoid fines that can reach into the millions.
Who needs KYC? Any regulated business. This includes banks, insurance companies, investment firms, accountants, estate agents, law firms, trust and company service providers, and an increasing number of fintech and crypto platforms. If your industry requires AML compliance, you need a KYC process.
Getting KYC right matters beyond avoiding fines. A smooth, well-organized process builds trust with clients from day one. A slow, confusing one sends them looking elsewhere.
KYC Checklist for Individuals
When onboarding an individual customer, you need to collect enough information and documentation to confirm their identity and address. Here is a working checklist.
Personal information
- Full legal name (including any former names)
- Date of birth
- Nationality
- Residential address
- Contact details (phone number, email address)
- Occupation and employer
- Source of funds (where their money comes from)
- Purpose of the business relationship
Proof of identity (at least one)
- Valid passport
- National identity card
- Driving license (photo card)
The document must be current, government-issued, and include a photograph. Expired documents are not acceptable.
Proof of address (at least one, dated within the last 3 months)
- Utility bill (gas, electricity, water, landline phone)
- Bank statement or building society statement
- Council tax bill
- Mortgage statement
- Government-issued correspondence (tax notice, benefits letter)
Mobile phone bills and credit card statements are generally not accepted as proof of address. The document must show the customer's name and current residential address.
Additional checks
- Politically Exposed Person (PEP) screening — Check whether the individual holds or has held a prominent public function, or is a close family member or associate of such a person. PEPs require Enhanced Due Diligence.
- Sanctions screening — Check the individual against relevant sanctions lists (UN, EU, OFAC, HMT).
- Adverse media screening — Search for any negative news coverage related to financial crime.
KYC Checklist for Businesses
Business-to-business KYC (sometimes called KYB — Know Your Business) is more involved. You need to verify the company itself, its ownership structure, and the individuals who control it.
Company information
- Registered company name
- Trading name (if different)
- Registered address
- Principal place of business
- Company registration number
- VAT/GST number
- Company type and legal status (limited company, partnership, sole trader, etc.)
- Date of incorporation
- Nature of business and industry sector
- Website URL
Ownership and control
- Names and details of all directors and partners
- Details of all beneficial owners (individuals who hold 25% or more of the shares or voting rights)
- Ownership structure chart (for complex structures with multiple layers)
- Share register
- Details of any parent company or group structure
For each beneficial owner and director, you must complete the same individual KYC checks listed above — proof of identity, proof of address, PEP screening, and sanctions screening.
Company documents
- Certificate of incorporation
- Memorandum and articles of association (or equivalent constitutional documents)
- Latest audited accounts or financial statements
- Bank details and bank reference letter
- Proof of registered address
- Board resolution authorizing the business relationship (where applicable)
Additional checks
- Company registry search to confirm active status
- Sanctions screening of the company
- Adverse media check on the company and its principals
- Source of funds and source of wealth verification (for higher-risk relationships)
Know Your Customer Form Template
A KYC form is the document you send to clients to collect their identity information and supporting documents. A well-designed form reduces back-and-forth, minimizes errors, and speeds up onboarding.
Here is a detailed KYC form template you can adapt for your business.
Section 1: Client type
| Field | Input type |
|---|---|
| Are you an individual or a business? | Radio button: Individual / Business |
Use this field to trigger conditional logic — individual clients see a shorter form, while business clients see additional fields for company details, directors, and beneficial owners.
Section 2: Personal / contact details
| Field | Input type | Required |
|---|---|---|
| Title | Dropdown (Mr, Mrs, Ms, Dr, Other) | Yes |
| First name | Text | Yes |
| Middle name(s) | Text | No |
| Last name | Text | Yes |
| Former name(s) | Text | No |
| Date of birth | Date picker | Yes |
| Nationality | Dropdown (country list) | Yes |
| Residential address | Address fields (line 1, line 2, city, postcode, country) | Yes |
| Phone number | Phone | Yes |
| Email address | Yes | |
| Occupation | Text | Yes |
| Employer name | Text | No |
Section 3: Company details (business clients only)
| Field | Input type | Required |
|---|---|---|
| Registered company name | Text | Yes |
| Trading name | Text | No |
| Company registration number | Text | Yes |
| VAT/GST number | Text | No |
| Date of incorporation | Date picker | Yes |
| Company type | Dropdown (Ltd, LLP, Partnership, Sole Trader, PLC, Other) | Yes |
| Registered address | Address fields | Yes |
| Nature of business | Text | Yes |
| Website URL | URL | No |
Section 4: Beneficial ownership (business clients only)
| Field | Input type | Required |
|---|---|---|
| Number of beneficial owners (25%+ ownership) | Number | Yes |
| For each owner: Full name | Text | Yes |
| For each owner: Date of birth | Date picker | Yes |
| For each owner: Nationality | Dropdown | Yes |
| For each owner: Residential address | Address fields | Yes |
| For each owner: Percentage of ownership | Number | Yes |
| Is any owner a Politically Exposed Person? | Radio: Yes / No | Yes |
Section 5: Identity documents (file uploads)
| Document | Upload type | Required |
|---|---|---|
| Photo ID (passport, national ID card, or driving license) | File upload (image/PDF) | Yes |
| Proof of address (utility bill, bank statement — dated within 3 months) | File upload (image/PDF) | Yes |
| Certificate of incorporation (business clients) | File upload (PDF) | Conditional |
| Ownership structure chart (business clients) | File upload (PDF/image) | Conditional |
| Latest audited accounts (business clients) | File upload (PDF) | Conditional |
Section 6: Declarations
| Field | Input type | Required |
|---|---|---|
| I confirm the information provided is true and accurate | Checkbox | Yes |
| I consent to identity verification checks | Checkbox | Yes |
| Signature | Digital signature / typed name | Yes |
| Date | Auto-filled | Yes |
Below is an example of what a KYC form looks like when built as an online form rather than a PDF or Word document. This format lets clients fill in their details and upload documents in one step.
A digital form beats a paper or PDF template on every front: clients complete it on any device, files upload directly (no scanning and emailing), and you receive everything in one structured submission instead of scattered attachments across multiple email threads.
The Three Levels of Customer Due Diligence
Not every client requires the same level of scrutiny. AML regulations define three tiers of due diligence, and applying the right level is a core part of KYC compliance.
Simplified Due Diligence (SDD)
SDD applies when the risk of money laundering or terrorist financing is low. This might include a publicly listed company with transparent ownership, a government body, or a long-standing customer with a clean track record.
With SDD, you can reduce the extent of your checks — for example, verifying identity from fewer documents or relying on public registry information. You still need to monitor the relationship, but the initial onboarding is lighter.
When SDD applies:
- Low-risk products or services (small-value, one-off transactions)
- Customers regulated by their own AML authority (e.g., another bank)
- Government or public sector bodies
Customer Due Diligence (CDD)
CDD is the standard level that applies to most business relationships. It is the baseline requirement: verify the customer's identity, understand the nature of the relationship, and conduct ongoing monitoring.
The checklists outlined earlier in this article represent CDD requirements. This is what you should apply to the majority of your clients.
When CDD applies:
- Establishing a new business relationship
- Carrying out occasional transactions above the applicable threshold
- When you suspect money laundering or terrorist financing
- When you have doubts about previously obtained customer identification data
Enhanced Due Diligence (EDD)
EDD is required when a customer presents a higher risk. It means going beyond standard checks to gather additional information and apply closer scrutiny.
When EDD applies:
- The customer is a Politically Exposed Person (PEP) or a close associate of one
- The customer is based in or connected to a high-risk country identified by FATF, the EU, or your local regulator
- Complex or unusually large transactions with no clear economic purpose
- Non-face-to-face business relationships
- Businesses with complex or opaque ownership structures
What EDD involves:
- Obtaining additional identity documents
- Verifying source of funds and source of wealth
- Senior management approval for the business relationship
- More frequent and detailed ongoing monitoring
- Independent verification of ownership structure
Applying the wrong level of due diligence is a compliance failure in itself. If a client should have received EDD but only got standard CDD, your firm is exposed — even if that specific client never commits any wrongdoing.
KYC Best Practices
Having a checklist is a starting point. How you implement KYC in practice determines whether it works smoothly or becomes a bottleneck that delays onboarding and frustrates clients.
Use digital forms instead of paper or PDF
Paper KYC forms are slow to complete, hard to read, and impossible to validate before submission. PDF forms are better but still require clients to download, fill in, save, and email back — with identity documents sent as separate attachments.
Online forms solve all three problems. They are responsive (clients can complete them on a phone or tablet), can include validation rules that prevent incomplete submissions, and let clients upload documents directly within the form.
Build multi-page forms with conditional logic
A KYC form with 30+ fields on a single page is overwhelming. Break it into logical sections — personal details, company details, document uploads, declarations — across multiple pages. Use conditional logic so business clients see the company section while individual clients skip it entirely.
Enable drag-and-drop file uploads
Asking clients to "scan and email" their passport or utility bill is a guaranteed way to slow things down. Let them take a photo on their phone and drag it into the form. Support common formats: JPEG, PNG, and PDF.
Auto-save progress
Clients rarely have every document ready when they start the form. Auto-saving lets them fill in what they can, step away to find a utility bill, and come back to finish without losing progress. Without this, you get abandoned forms and have to start over.
Send automated reminders
The biggest bottleneck in KYC is chasing clients who started the form but never finished, or who never started at all. Automated reminders sent at set intervals (3 days, 7 days, 14 days) cut the time it takes to collect completed forms.
Store documents securely
KYC documents contain sensitive personal data — passports, bank statements, home addresses. Store them in an encrypted, access-controlled environment. If you are using cloud storage, ensure it meets your regulatory requirements for data handling and retention.
Keep records for the required period
Most jurisdictions require you to retain KYC records for at least five years after the business relationship ends. Set up a retention policy and ensure documents are accessible for audit or regulatory review.
Review and update periodically
KYC is not a one-time task. Customer circumstances change — they move, change jobs, become a PEP, or restructure their business. Conduct periodic reviews (annually for standard risk, more frequently for higher-risk clients) and re-collect documents as needed.
How to Collect KYC Documents from Clients
The weakest link in most KYC processes is not the checklist itself — it is the collection. Firms know exactly what they need, but getting clients to provide it on time, in the right format, and without repeated follow-ups is where things fall apart.
Common problems with email-based KYC collection:
- Scattered submissions — Documents arrive across multiple emails, sometimes weeks apart. Tracking what's been received and what's missing requires spreadsheets and manual checking.
- Wrong formats — Clients send blurry photos, password-protected PDFs, or Word documents instead of scanned originals.
- No reminders — Your team sends follow-up emails manually, hoping clients eventually respond. Some do. Many don't.
- Security concerns — Passports and bank statements sent as email attachments sit in inboxes without encryption or access controls.
A better approach is to use a dedicated file collection tool that combines the KYC form and document uploads into a single, shareable link.
File Request Pro lets you build branded KYC forms that collect client information and identity documents in one submission. Here is how it works:
- Custom upload pages — Build a multi-page form with your company's branding, specifying exactly which documents you need and in what format. Clients see a clear, guided experience instead of a vague email request.
- No client login — Clients click the link and start uploading. They do not need to create an account, download an app, or remember a password.
- Automatic file organization — Uploaded documents are sent directly to your cloud storage (Google Drive, OneDrive, SharePoint, or Dropbox) and organized into folders by client name, date, or any custom structure you define.
- Automated reminders — Set up reminder emails that go out automatically to clients who have not submitted their documents. No more manual follow-ups.
- Conditional logic — Show different form fields and document requests depending on whether the client is an individual or a business, or based on their risk profile.
Automated reminders handle the follow-up for you. Instead of manually tracking who has responded, the system sends polite nudges until the client completes their submission.
All documents are routed to your cloud storage automatically, organized into client folders so nothing gets lost in email threads.
You onboard clients faster, collect fewer incomplete submissions, spend less time chasing, and present a more professional experience from the first interaction.
KYC FAQ
What does KYC stand for?
KYC stands for Know Your Customer (sometimes Know Your Client). It is the process of verifying a customer's identity and assessing their risk level before entering into a business relationship.
Who is required to perform KYC checks?
Any business regulated under AML (Anti-Money Laundering) laws. This typically includes banks, financial institutions, insurance companies, investment firms, accountants, law firms, estate agents, and companies dealing in high-value goods. The specific requirements vary by jurisdiction.
What documents are needed for KYC?
For individuals: a government-issued photo ID (passport, driving license, or national ID card) and proof of address (utility bill or bank statement dated within the last three months). For businesses: certificate of incorporation, proof of registered address, details of directors and beneficial owners, and audited financial statements.
How long does KYC verification take?
It depends on your process. With paper forms and manual document collection via email, KYC can take weeks. With digital forms that collect information and documents in one step, most clients can complete their submission in under 15 minutes. The internal review and verification then takes additional time depending on the level of due diligence required.
What is the difference between KYC and AML?
AML (Anti-Money Laundering) is the overall regulatory framework designed to prevent money laundering and terrorist financing. KYC is one component of AML compliance — specifically, the part that deals with identifying and verifying customers. AML also includes transaction monitoring, suspicious activity reporting, and staff training.
What is a Politically Exposed Person (PEP)?
A PEP is someone who holds or has held a prominent public function — heads of state, senior politicians, senior government officials, judicial or military officials, and senior executives of state-owned corporations. Close family members and known close associates of PEPs are also treated as PEPs. They require Enhanced Due Diligence because their position makes them potentially more susceptible to corruption.
How often should KYC be updated?
There is no single rule — it depends on the client's risk profile. Standard-risk clients should be reviewed at least annually. High-risk clients should be reviewed more frequently, typically every 6 to 12 months. You should also trigger a review whenever there is a significant change in the client's circumstances, such as a change of address, ownership, or business activity.
Can KYC forms be completed online?
Yes. Online KYC forms are increasingly the standard approach. They allow clients to enter their details and upload identity documents from any device, without needing to print, scan, or post anything. Digital forms also reduce errors through input validation and make it easier to track which clients have completed their submissions.
What happens if a business does not perform KYC?
Failing to conduct adequate KYC can result in regulatory fines, criminal prosecution of responsible individuals, loss of operating licenses, and reputational damage. Penalties vary by jurisdiction, but fines in the hundreds of thousands or even millions are common for serious non-compliance.
