By using this site, you agree to our Privacy Policy and our Terms of Use.

Know Your Client and Anti-Money Laundering Obligations of Financial Institutions and Their Clients

A man sitting at a desk facing 5 large computer monitors with lots of data visible

Regulatory bodies, such as financial supervisory authorities, set guidelines and enforce compliance with these requirements to maintain the integrity of the financial system. Accordingly, financial institutions are required by federal and international law to conduct "know your client" (KYC) and “anti-money laundering” (AML) monitoring. Such financial institutions include banks, investment firms, insurance companies, money services businesses, private and commercial lenders and other entities involved in financial transactions.

Know Your Client (KYC) and Anti-Money Laundering (AML) Monitoring Goals

KYC and AML regulations aim to prevent money laundering, terrorist financing, and other illicit activities by ensuring that financial institutions have a comprehensive understanding of their clients' identities, ownership, transfer payments, business activities, and sources and uses of funds.

The following provides general classification types of financial institutions that must conduct ongoing KYC and AML monitoring, which includes random and trigger-based information requirements for additional information:

Banks: This includes retail banks, commercial banks, and investment banks. Banks have a significant role in the financial system and handle various types of transactions, making them vulnerable to money laundering and terrorist financing risks.

Investment Firms: Securities brokers, asset management companies, and other investment firms are subject to KYC and AML requirements. These firms handle transactions related to securities trading, investment advisory services, and fund management, which can be susceptible to illicit activities.

Insurance Companies: Insurance providers, including life insurance and general insurance companies, are also obligated to conduct KYC and AML monitoring. Insurance policies can be misused for money laundering purposes, and insurance companies need to verify the identities of policyholders and assess the legitimacy of transactions.

Money Services Businesses (MSBs): MSBs encompass a range of entities such as money transfer services, currency exchange providers, prepaid card issuers, and check cashing businesses. Due to the nature of their services, MSBs are susceptible to being exploited for money laundering or terrorist financing, necessitating robust KYC and AML procedures.

Virtual Asset Service Providers (VASPs): With the rise of cryptocurrencies and virtual assets, VASPs, including cryptocurrency exchanges and wallet providers, are increasingly subject to KYC and AML regulations. These entities facilitate the exchange, storage, and transfer of virtual assets, which can be attractive for illicit purposes.

In the global financial landscape, combating money laundering, tax fraud and terrorist financing has become a top priority for regulatory bodies and financial institutions alike. To ensure the integrity of the financial system and prevent illicit activities, various types of financial institutions, are required to implement robust KYC and AML measures. This article will provide a detailed list of the types of financial institutions that must conduct KYC and AML data collection and monitoring.

Commercial and Private Money Lenders, and Loan Companies: Lenders, including but not limited to litigation finance companies, are obligated to conduct KYC and AML monitoring. Lending arrangements are often used as part of tax fraud and can be misused for money laundering purposes, and lenders need to verify the identities of loan recipients and assess the legitimacy of transactions.

Trust Companies and Trust Administrators: Trusts are often used to hide the true beneficial ownership and control of accounts. As these firms handle transactions which can be susceptible to illicit activities, trust companies and trust administrators are subject to KYC and AML requirements.

The following provides a more detailed list of examples of the types of firms that are required to comply with KYC and AML requirements:


  • Commercial banks
  • Retail banks
  • Investment banks
  • Correspondent banks
  • Islamic banks
  • Foreign bank or companies banking in the US
  • Credit unions
  • Community credit unions
  • Corporate credit unions

Insurance Companies

  • Life insurance companies
  • Property and casualty insurance companies
  • Reinsurance companies

Brokerage and Custodian Firms

  • Stock brokerage firms
  • ForEx brokerage firms
  • Commodity brokerage firms
  • Security and custodian/transfer agent firms

Money Services Businesses (MSBs)

  • Money transmitters
  • Third party assignment companies
  • Check cashers
  • Currency exchangers
  • Prepaid access providers

Commercial and Private Money Lenders, and Loan Companies

  • Traditional money lenders (banks credit unions, credit cards)
  • Peer-to-peer lending platforms
  • Online loan companies
  • Pay day money lenders
  • Consumer lenders
  • Commercial lenders
  • Private lenders
  • Litigation finance companies

Securities Dealers

  • Security exchanges
  • Broker-dealers
  • Securities clearing and settlement firms

Mutual Funds

  • Open-end funds
  • Closed-end funds
  • Exchange-traded funds (ETFs

Trust and Fiduciary Service Providers

  • Trust companies
  • Fiduciary service providers
  • Escrow service providers
  • Trust/custody administration providers

ForEx, Cross Border Accounts, and Anonymous Account Providers

  • ForEx institutions
  • Foreign assignment companies

Wealth Management Firms

  • Wealth Management Firms
  • Private placements
  • Hedge funds
  • Private money managers

Payment Service Providers

  • Payment processors
  • E-wallet providers
  • Mobile payment providers


KYC and AML Requirements

Financial institutions, are required to comply with KYC and AML regulations to mitigate the risk of money laundering and terrorist financing. The specific requirements may vary by jurisdiction, but they generally include:

Customer Identification Program (CIP)

CIPs verify the identity of customers through reliable and independent documents, data, or information, and involve the collection of information such as name, address, date of birth, and identification numbers.

Customer Due Diligence (CDD)

CDD is utilized to assess the risk profile of customers based on factors such as their nature of business, location, and transaction history.

In certain cases, CDD may also involve conducting enhanced due diligence for high-risk customers, including politically exposed persons (PEPs) and those involved in high-value transactions.

Beneficial Ownership Identification

Beneficial Ownership Identification involves identifying and verifying the beneficial owners of legal entity customers and gathering information on individuals who own or control the customer and assessing their risk profile.

Ongoing Monitoring

Financial institutions are required to perform continuous monitoring of customer transactions and activities to detect any suspicious or unusual behavior. The following are the key factors that may prompt a US financial institution to request additional KYC information:

Regulatory Compliance: Financial institutions must comply with regulatory frameworks such as the Bank Secrecy Act (BSA) and the USA PATRIOT Act. These regulations require institutions to establish and maintain effective KYC programs to verify the identity of their customers and assess their risk profile. Additional KYC information may be requested to meet regulatory obligations and ensure compliance [1].

Risk-Based Approach: Financial institutions are expected to adopt a risk-based approach to KYC. This means that they must assess the risk associated with each customer and adjust their due diligence measures accordingly. If a customer is considered high risk based on factors such as their country of origin, business activities, or transaction patterns, the institution may request additional KYC information to gain a better understanding of the customer's profile and detect any potential red flags [1].

Changes in Customer Profile: Financial institutions need to keep customer information up to date. Financial Institutions should develop policies to review and confirm the customer information is current. Also, if the financial institution becomes aware, or has reason to believe, of potential changes in a customer's profile, such as changes in ownership, business activities, or transaction patterns, the institution may request additional KYC information to ensure the accuracy and completeness of customer records [3].

Transaction Monitoring: Financial institutions have an obligation to monitor customer transactions for material changes in transactional activity or suspicious activities and to report any suspicious transactions to the appropriate authorities. If a customer's transactions trigger alerts or raise suspicions, the institution may request additional KYC information to further investigate the nature and purpose of the transactions [1].

Compliance with FATCA: The Foreign Account Tax Compliance Act (FATCA) is a US law that requires foreign financial institutions to report information about financial accounts held by US taxpayers or entities with substantial US ownership interests. Financial institutions subject to FATCA may request additional KYC information to comply with these reporting obligations [2].

It's important to note that the specific triggers for requesting additional KYC information may vary based on the institution's internal policies, risk assessment processes, and regulatory requirements. Financial institutions must exercise discretion and judgment in determining when additional KYC information is necessary to ensure compliance and mitigate risk.


The importance of KYC and AML measures cannot be overstated in today's financial landscape. Various types of financial institutions, including lending companies, are required to verify a client’s identity (including but not limited to all Underlying Beneficial Owners and Control Person) as a crucial part of preventing money laundering and terrorist financing. By implementing robust KYC procedures, collecting relevant customer data, and conducting thorough AML monitoring, these institutions fulfill their mandated duty to contribute to the global efforts in maintaining the integrity and security of the financial system.

It's important to note that the lists provided in this article are not exhaustive. Financial institutions should always stay up to date with the latest regulations and guidance issued by the relevant authorities to ensure compliance.

[1] "Know Your Client (KYC) is a standard in the investment industry that ensures advisors can verify a client's identity and know their client's investment knowledge and financial profile."

[2] "Why does your bank suddenly want more of your information? One word: FATCA."

[3] "In recent years, authorities in the US and abroad have increased their focus on modernizing and enforcing anti-money laundering and terrorism financing (AML) regulations."

Disclosure: This content is an overview. It is not a detailed analysis and offers no legal or tax opinion on which you should solely rely. Always seek the advice of competent legal and tax advisors to review your specific facts and circumstances before making any decisions or relying on the content herein.
Any opinions, views, findings, conclusions, or recommendations expressed in the content contained herein are those of the author(s) and do not necessarily reflect the view of the Eastern Point Trust Company, its Affiliates, or their clients. The mere appearance of content does not constitute an endorsement by Eastern Point Trust Company (“EPTC”) or its Affiliates. The author’s opinions are based upon information they consider reliable, but neither EPTC nor its Affiliates, nor the company with which such author(s) are affiliated, warrant completeness, accuracy or disclosure of opposing interpretations.

EPTC and its Affiliates disclaim all liability to any party for any direct, indirect, implied, special, incidental, or other consequential damages arising directly or indirectly from any use of the content herein, which is expressly provided as is, without warranties.
Article Archive

Get More Information

Your submission has been received.
A member of our team will be in touch with you soon.
Something went wrong while submitting the form.
Please see our Contact Us page for more options to connect with us.