What Is KYC? Know Your Customer Explained for 2026

KYC (Know Your Customer) is the legal obligation that requires regulated businesses to verify the identity of their customers before — and throughout — a financial relationship. It is not a single check but a framework built on three core obligations: Customer Identification Program (CIP), Customer Due Diligence (CDD), and ongoing monitoring.

Regulators in every major financial market require it. Banks, neobanks, exchanges, payment processors, lenders, and insurers must all run KYC before accepting customers. This guide covers what each obligation involves, why the framework exists, and how Didit's full KYC core flow delivers against all three at $0.33 per verification.

Key takeaways

• KYC (Know Your Customer) is a legal requirement for regulated firms to verify who their customers are before entering a financial relationship.
• It has three core pillars: CIP (Customer Identification Program), CDD (Customer Due Diligence), and ongoing monitoring.
• KYC is not a one-time check — it is a continuous obligation for the life of the customer relationship.
• FATF recommendations and the EU AML directives define the global baseline; national regulators translate them into local rules.
• Didit's KYC core flow — ID Verification + Passive Liveness + Face Match + IP Analysis — runs in under 2 seconds and costs $0.33 per verification.
• 500 free verifications per month, pay per success, no minimums.

What KYC means

Know Your Customer is the obligation to collect, verify, and retain sufficient information to be confident a customer is who they say they are — and that transacting with them is not prohibited by law or regulation.

The term covers both the initial identity check at onboarding and the ongoing risk assessment that continues for the life of the account. A KYC program is not satisfied by a one-time document scan at signup. Regulators expect a living record of who your customer is, why they are with you, and whether their behaviour stays consistent with their declared purpose.

Why KYC exists

Financial systems attract bad actors. Money launderers, fraudsters, sanctions evaders, and terrorist financiers all rely on being able to open accounts and move money under false or concealed identities. KYC is the mechanism that stops that at the door.

For regulated firms, KYC is a license condition. Regulators in the EU, UK, US, Latin America, and Asia impose substantial fines, operational restrictions, and in some cases criminal liability for failures. For non-regulated businesses, KYC is still a risk decision: onboarding fraudulent or sanctioned customers creates fraud losses and reputational harm.

The three pillars of a KYC program

Customer Identification Program (CIP)

CIP is the entry point — the rules governing how you identify a customer when they first apply. At minimum this means collecting name, date of birth, address, and a government-issued document, then verifying that the identity is real and the document is genuine.

In practice a CIP check involves document capture and OCR extraction, authenticity verification (security features, chip reading where available), and biometric confirmation that the person presenting the document is physically or remotely present. Didit handles all of this in a single hosted session: ID Verification ($0.15) for document capture and OCR across 14,000+ document types in 220+ countries, Passive Liveness ($0.10) to confirm presence, and Face Match ($0.05) to link the face to the document photo. Add IP Analysis ($0.03) and the complete CIP layer runs to $0.33.

Customer Due Diligence (CDD)

Once you know who a customer is, CDD asks: what risk do they present? This involves screening the verified identity against watchlists — sanctions lists, politically exposed persons (PEPs), adverse media, and criminal records — and understanding the customer relationship: source of funds, business purpose, and expected transaction patterns.

For lower-risk customers, Simplified Due Diligence applies reduced checks. For higher-risk customers — PEPs, non-resident accounts, high-value relationships — Enhanced Due Diligence (EDD) requires deeper scrutiny and closer ongoing oversight.

Didit AML Screening ($0.20) covers 1,300+ watchlists and returns a risk classification that feeds directly into your CDD logic. Combined with ID Verification in one session, a single API call satisfies both CIP and CDD.

Ongoing monitoring

Risk does not freeze at onboarding. Sanctions lists update. Customers' circumstances change. Transaction behaviour drifts. Ongoing monitoring means reviewing customer records periodically, refreshing AML screening when watchlists change, and escalating accounts where risk has shifted.

Didit's Ongoing AML Monitoring costs $0.07 per user per year — continuous watchlist surveillance with automatic alerts when a match appears after onboarding.

Use cases

Fintech onboarding — neobanks and payment services must complete CIP before issuing accounts or enabling transfers. Sub-2s decisioning means a user can verify in the same session they apply.

Crypto exchanges — FATF Travel Rule obligations and VASP licensing in the EU, UK, and other markets require full KYC for account opening. Document + liveness + AML in one session covers the complete onboarding obligation.

Consumer lending — CIP is mandatory before extending credit. Document verification combined with database validation and AML screening in a single session satisfies most lending-license requirements.

iGaming and betting — age verification and identity checks are required at registration in most regulated markets. KYC at signup prevents underage access and money-laundering through gambling accounts.

How to integrate with Didit

Create a session from your backend and hand the user a URL to complete their KYC in Didit's hosted flow:

curl -X POST https://verification.didit.me/v3/session/ \
  -H "x-api-key: $DIDIT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "workflow_id": "your_kyc_workflow_id",
    "vendor_data": "user_12345",
    "callback": "https://yourapp.com/webhook/kyc"
  }'

The user opens session.url, completes document capture, liveness, and face match. The result arrives via webhook or polling on GET /v3/session/{sessionId}/decision/. Add AML Screening to the workflow in the Business Console and the same session satisfies CDD with no extra API calls.

1,500+ companies use Didit. Didit is the only provider formally attested by an EU member-state government (Spain's Tesoro / BdE / SEPBLAC / CNMV) as safer than in-person verification.

Frequently asked questions

How much does a full KYC check cost with Didit?

$0.33 for the core flow — ID Verification + Passive Liveness + Face Match + IP Analysis. Add AML Screening for $0.20. 500 free verifications per month, no minimums.

Is KYC a one-time check or ongoing?

Ongoing. CIP is performed at onboarding, but CDD and monitoring continue for the life of the customer relationship. Regulators expect records to be kept, updated, and rescreened as watchlists change.

Does Didit cover my country?

220+ countries, 14,000+ document types, 48+ languages. Coverage for major fintech markets — Europe, Latin America, North America, Southeast Asia, and Africa — is comprehensive.

Does KYC always require a document?

For most regulated financial products — banking, payments, crypto — document and biometric verification is required. Database-driven verification can satisfy CIP in some lower-risk use cases; consult your local regulator.

Does KYC replace a compliance team?

No. KYC technology automates the identity-verification layer. Your compliance team still sets policy, reviews high-risk cases, handles EDD, and files suspicious activity reports.

Ready to get started?

• See the platform → User Verification
• Read the docs → docs.didit.me
• Check pricing → Pricing — $0.33 full KYC, 500 free/month
• Start free → business.didit.me