The Evolution of Cross-Sector Customer Due Diligence within Global Anti-Money Laundering Frameworks

KYC is no longer about opening accounts—it's about understanding who you do business with, across every sector, throughout every relationship.

Sanchez P.

7/10/202627 min read

Abstract

Know Your Customer (KYC) has evolved from a customer identification process applied primarily within banking into a comprehensive regulatory framework underpinning anti-money laundering (AML), counter-terrorist financing (CTF), sanctions compliance, fraud prevention, and third-party risk management across multiple sectors. This paper examines the regulatory convergence that has driven the expansion of KYC obligations beyond traditional financial institutions into asset management, insurance, legal services, accountancy, tax advisory, trust and company service providers, and other designated non-financial businesses and professions (DNFBPs). Drawing upon international regulatory frameworks, including the Financial Action Task Force (FATF) Recommendations, the European Union Anti-Money Laundering Directives (AMLDs), the United States Financial Crimes Enforcement Network (FinCEN) Customer Due Diligence Rule and Customer Identification Program, and the United Kingdom's Money Laundering Regulations 2017, this paper demonstrates the emergence of a globally convergent, risk-based approach to customer due diligence.

The paper further examines how regulatory expectations have shifted from point-in-time customer verification toward continuous monitoring throughout the customer lifecycle, commonly described as perpetual KYC. While implementation varies across jurisdictions, international regulatory frameworks increasingly emphasise beneficial ownership transparency, ongoing monitoring, enhanced due diligence, and evidence-based risk assessment. The paper argues that KYC should no longer be understood solely as a compliance requirement but as an organisational capability supporting financial crime prevention, corporate governance, and enterprise risk management across interconnected financial ecosystems.

Keywords: Know Your Customer; Customer Due Diligence; Anti-Money Laundering; Financial Crime; FATF; Beneficial Ownership; Risk-Based Approach; Regulatory Convergence.

1. Introduction

Financial crime has become increasingly sophisticated, globalised and technologically enabled over the past three decades. The growth of cross-border financial services, digital payment infrastructures, virtual assets, complex corporate ownership structures and international professional service networks has significantly increased opportunities for money laundering, terrorist financing and sanctions evasion (Levi, 2010; Unger & van der Linde, 2013). In response, regulators have progressively strengthened customer identification and due diligence requirements, recognising that understanding the identity, ownership and risk profile of customers represents one of the most effective preventative measures available to regulated organisations.

Historically, Know Your Customer (KYC) was viewed principally as an operational process undertaken by banks during account opening. Its primary objective was verifying customer identity to satisfy regulatory obligations before establishing a banking relationship. Over time, however, international standards have transformed KYC into a broader framework encompassing customer due diligence (CDD), beneficial ownership verification, politically exposed person (PEP) identification, sanctions screening, enhanced due diligence (EDD), transaction monitoring and continuous reassessment of customer risk throughout the lifecycle of the business relationship (de Koker, 2011; Ryder, 2018).

This evolution has largely been driven by the international standards established by the Financial Action Task Force (FATF), whose Recommendations have become the global benchmark for anti-money laundering and counter-terrorist financing regulation. Recommendation 10, concerning Customer Due Diligence, requires regulated entities to identify customers, verify their identities using reliable independent information, identify beneficial owners, understand the purpose and intended nature of business relationships, and conduct ongoing monitoring proportionate to identified risks. These principles have subsequently been incorporated into national legislation across most major financial jurisdictions. The Moody's report similarly identifies FATF Recommendation 10 as the principal international reference point informing national KYC frameworks worldwide.

Regulatory convergence is particularly evident across four influential legal frameworks: the FATF Recommendations, the European Union Anti-Money Laundering Directives, the United States FinCEN Customer Due Diligence Rule together with Customer Identification Program requirements, and the United Kingdom Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017. Although these regimes differ in legal status and supervisory implementation, they exhibit substantial consistency regarding customer identification, beneficial ownership transparency, risk-based assessment, enhanced due diligence and ongoing monitoring. Comparative analysis demonstrates that these common principles increasingly outweigh jurisdictional differences, suggesting the emergence of an internationally harmonised approach to customer due diligence.

A second major development concerns the expansion of regulatory scope beyond traditional banking. Initially, AML regulation focused almost exclusively on banks because of their central role in processing financial transactions. However, successive FATF Recommendations and regional legislative reforms have progressively extended KYC obligations to asset managers, insurance companies, investment firms, accountants, lawyers, trust and company service providers, tax advisers and other designated non-financial businesses and professions (DNFBPs). This expansion reflects recognition that financial crime frequently exploits professional intermediaries and complex ownership arrangements rather than relying solely upon banking institutions (Sharman, 2011; Ferwerda, Deleanu & Unger, 2020).

Academic research has similarly documented a broader transformation in regulatory philosophy. Rather than treating compliance as a series of procedural obligations, regulators increasingly expect organisations to demonstrate the effectiveness of risk management systems and their ability to identify, assess and respond proportionately to evolving financial crime risks. This shift towards a risk-based approach represents one of the defining characteristics of modern AML regulation and has significant implications for organisational governance, technology adoption and regulatory supervision (Verhage, 2011; Nance, 2018).

Despite the growing importance of KYC, much of the academic literature continues to examine customer due diligence within banking alone, often overlooking the increasing convergence of regulatory obligations across multiple industries. Likewise, many practitioner reports provide valuable summaries of regulatory developments but devote limited attention to the broader theoretical implications of regulatory convergence, institutional harmonisation and enterprise-wide risk management. Consequently, there remains a need for an integrated analysis that bridges regulatory developments with contemporary academic scholarship.

This paper addresses that gap by synthesising international regulatory frameworks with peer-reviewed literature to examine how KYC has evolved into a cross-sector regulatory capability. It first reviews the academic literature surrounding customer due diligence, financial crime prevention and risk-based regulation. It then compares the principal international regulatory frameworks governing KYC before examining their application across banking, asset management, insurance and professional services. Finally, the paper discusses the implications of increasing regulatory convergence for organisational governance, digital transformation and enterprise risk management.

Rather than viewing KYC solely as a compliance exercise, this paper argues that it has become a foundational component of modern organisational risk management. As financial systems become increasingly interconnected and ownership structures more complex, the ability to identify counterparties accurately, understand beneficial ownership, monitor evolving risks and demonstrate effective customer due diligence has become essential not only for regulatory compliance but also for maintaining financial integrity, protecting institutional reputation and supporting global financial stability.

2. Literature Review

2.1 Introduction

The literature on Know Your Customer (KYC) has expanded considerably over the past two decades alongside the increasing sophistication of anti-money laundering (AML) regulation. While early studies focused primarily on regulatory compliance within banking, more recent scholarship recognises KYC as an integral component of enterprise risk management, financial integrity, corporate governance and international regulatory coordination. Despite this growing body of work, the literature remains fragmented across disciplines including banking regulation, criminology, financial crime, compliance management and public policy. Consequently, there is limited synthesis of how KYC has evolved into a cross-sector regulatory framework.

This review examines five principal themes emerging from the literature: (1) the evolution of AML regulation; (2) the emergence of the risk-based approach; (3) beneficial ownership transparency; (4) technological transformation and perpetual KYC; and (5) the extension of KYC beyond banking into wider regulated sectors.

2.2 The Evolution of Anti-Money Laundering Regulation

Modern KYC obligations emerged from the broader development of international AML policy during the late twentieth century. Initial regulatory responses concentrated on identifying criminal proceeds generated through organised crime and narcotics trafficking. However, following the establishment of the Financial Action Task Force (FATF) in 1989, AML regulation progressively evolved into an internationally coordinated framework designed to address money laundering, terrorist financing, corruption, sanctions evasion and, more recently, proliferation financing (Levi, 2010).

Rather than prescribing identical legal systems across jurisdictions, FATF developed principles-based recommendations intended to establish minimum international standards. This model has proved highly influential because countries seeking access to international financial markets are incentivised to align domestic legislation with FATF expectations (Sharman, 2011). Consequently, customer due diligence has become one of the most harmonised areas of financial regulation despite substantial differences between national legal systems.

Academic studies have shown that this international convergence reflects institutional isomorphism, whereby organisations and regulators increasingly adopt similar governance practices in response to shared regulatory expectations and market pressures (DiMaggio & Powell, 1983). Although originally developed within organisational sociology, institutional theory provides a useful explanation for why KYC frameworks across Europe, North America and Asia exhibit considerable similarity despite independent legislative development.

2.3 The Emergence of the Risk-Based Approach

One of the most significant developments within AML scholarship concerns the transition from rules-based compliance towards risk-based regulation.

Earlier AML frameworks relied heavily upon prescriptive compliance checklists that required organisations to perform identical customer verification procedures irrespective of customer characteristics. Critics argued that this encouraged superficial compliance while diverting resources away from genuinely high-risk relationships (de Koker, 2011).

The risk-based approach (RBA), formally embedded within successive FATF Recommendations, represents a fundamental shift in regulatory philosophy. Rather than treating every customer equally, regulated entities are expected to identify, assess and manage risks proportionately. Higher-risk customers, jurisdictions and transaction types require enhanced due diligence (EDD), while simplified due diligence may be appropriate where demonstrably lower risks exist.

Verhage (2011) argues that this approach recognises the impossibility of eliminating financial crime entirely and instead seeks to allocate compliance resources more efficiently. Similarly, Nance (2018) suggests that modern AML regulation increasingly evaluates organisational judgement rather than procedural compliance alone.

This shift has profound organisational implications. Compliance functions are no longer limited to verifying identity documentation but must demonstrate that customer risk assessments are evidence-based, regularly updated and integrated into governance processes. Consequently, KYC has evolved into a continuous process requiring professional judgement rather than administrative verification.

2.4 Beneficial Ownership and Corporate Transparency

Perhaps the most influential development in recent KYC literature concerns beneficial ownership transparency.

Traditional customer identification procedures focused upon verifying the legal entity entering into a business relationship. However, major corruption scandals—including the Panama Papers and Paradise Papers—demonstrated that complex ownership structures could obscure the individuals ultimately controlling corporate entities (Obermayer & Obermaier, 2016).

Sharman (2011) argues that anonymous corporate vehicles represent one of the principal facilitators of transnational financial crime because they separate legal ownership from effective control. Consequently, regulators increasingly require firms to identify natural persons exercising ultimate ownership or control rather than merely recording registered companies.

Academic research generally supports these reforms. Ferwerda, Deleanu and Unger (2020) conclude that beneficial ownership transparency improves investigative capability while increasing the costs associated with laundering illicit funds. Nevertheless, implementation challenges remain substantial because ownership structures frequently span multiple jurisdictions with differing disclosure standards.

These observations align closely with current regulatory expectations. Across FATF, European Union, United States and United Kingdom frameworks, beneficial ownership verification has become a central component of customer due diligence. The Moody's report likewise identifies beneficial ownership as one of the strongest areas of international regulatory convergence.

2.5 From Onboarding to Perpetual KYC

Another recurring theme concerns the evolution from point-in-time verification towards continuous customer monitoring.

Historically, customer due diligence was primarily undertaken during account opening. Once identity had been verified, customer records frequently remained unchanged for many years unless significant events occurred.

Contemporary scholarship argues that this approach is increasingly inadequate. Customers relocate, ownership structures evolve, sanctions regimes change and politically exposed person (PEP) status may emerge after onboarding. Consequently, customer risk is inherently dynamic rather than static (Ryder, 2018).

The concept of perpetual KYC has therefore gained prominence. Rather than treating due diligence as an isolated compliance event, organisations increasingly employ automated monitoring systems capable of detecting changes in customer identity, ownership, adverse media, sanctions exposure and transactional behaviour.

From a governance perspective, perpetual KYC reflects broader trends towards continuous assurance and data-driven supervision. Artificial intelligence, machine learning and entity resolution technologies have significantly expanded organisations' ability to maintain current customer profiles while reducing reliance upon periodic manual reviews.

However, scholars caution that technological capability should not be confused with regulatory effectiveness. Algorithmic systems remain dependent upon data quality, transparency and human oversight. Poor governance may simply automate poor decision-making at greater speed.

2.6 KYC Beyond Banking

Perhaps the least explored area within the academic literature concerns the extension of KYC obligations beyond banking.

Historically, banks occupied the centre of AML regulation because they facilitated payment systems and cross-border financial transfers. Increasingly, however, regulators recognise that financial crime frequently exploits intermediaries operating outside traditional banking channels.

Law firms establish corporate structures. Accountants provide tax advice. Trust and company service providers create beneficial ownership arrangements. Asset managers administer investment vehicles. Insurers manage long-term financial products. Collectively, these organisations occupy critical positions within modern financial ecosystems.

The FATF therefore introduced the concept of Designated Non-Financial Businesses and Professions (DNFBPs), recognising that professional intermediaries perform functions capable of facilitating or preventing illicit finance.

Recent scholarship supports this broader perspective. Ryder (2018) argues that effective AML regulation increasingly depends upon coordinated compliance across interconnected financial networks rather than isolated institutional obligations. Similarly, Unger and van der Linde (2013) contend that systemic resilience requires consistent customer due diligence standards throughout the financial services value chain.

2.7 Research Gap

Despite significant advances, three notable gaps remain within existing scholarship.

First, much empirical research continues to examine AML compliance primarily within banking, despite regulatory expansion into numerous non-bank sectors.

Second, existing studies often analyse individual jurisdictions in isolation, providing limited comparative assessment of international regulatory convergence.

Third, relatively little research synthesises academic theories of institutional governance with practical developments in customer due diligence technologies, beneficial ownership transparency and lifecycle monitoring.

This paper addresses these limitations by integrating international regulatory analysis with peer-reviewed literature to examine KYC as a cross-sector regulatory capability rather than a banking-specific compliance process. By comparing FATF standards with EU, US and UK implementation while examining banking, asset management, insurance and professional services collectively, the paper provides a more comprehensive understanding of contemporary KYC regulation than has generally been presented in either academic or practitioner literature.

3. Comparative Analysis of Global KYC Regulatory Frameworks

3.1 Introduction

Although anti-money laundering (AML) legislation is enacted at the national or regional level, contemporary Know Your Customer (KYC) requirements demonstrate a remarkable degree of international convergence. This convergence has largely been driven by the Financial Action Task Force (FATF), whose Recommendations have become the global benchmark for customer due diligence (CDD), beneficial ownership transparency and risk-based supervision. National regulators have generally implemented these principles through legislation tailored to their respective legal systems, resulting in regulatory frameworks that differ procedurally but share common objectives.

This section compares four of the most influential regulatory regimes governing KYC: the FATF Recommendations, the European Union Anti-Money Laundering framework, the United States Financial Crimes Enforcement Network (FinCEN) regulations, and the United Kingdom Money Laundering Regulations 2017. The analysis demonstrates that while differences exist in legal form, supervisory architecture and implementation, all four frameworks are increasingly aligned around five core principles:

  1. Customer identification and verification.

  2. Beneficial ownership transparency.

  3. Risk-based customer due diligence.

  4. Enhanced due diligence for higher-risk relationships.

  5. Ongoing monitoring throughout the customer lifecycle.

Together, these principles constitute the foundation of modern KYC regulation across most developed financial systems.

3.2 FATF: Establishing the Global Standard

The Financial Action Task Force occupies a unique position within international financial regulation. Unlike national regulators, FATF possesses no legislative authority. Instead, its influence derives from its ability to establish internationally recognised standards that member jurisdictions are expected to implement through domestic legislation. Countries demonstrating significant deficiencies may be subject to enhanced monitoring or inclusion on FATF's grey or black lists, creating substantial incentives for regulatory alignment (Sharman, 2011).

Recommendation 10 represents the cornerstone of international customer due diligence. It requires regulated entities to:

  • identify customers;

  • verify customer identity using reliable, independent documentation;

  • identify beneficial owners;

  • understand ownership and control structures;

  • determine the purpose and intended nature of business relationships; and

  • conduct ongoing monitoring throughout the relationship.

Importantly, FATF does not prescribe identical operational procedures. Instead, it promotes a principles-based framework centred upon proportionality and risk assessment. Organisations are expected to tailor due diligence according to the money laundering and terrorist financing risks presented by individual customers, products and jurisdictions.

Academic commentators generally regard FATF's approach as one of the most successful examples of international regulatory harmonisation. Levi (2010) argues that FATF has transformed AML from a collection of domestic initiatives into a coordinated international governance framework, while Sharman (2011) notes that its peer-review process has created powerful incentives for jurisdictions to adopt common regulatory standards despite considerable legal diversity.

3.3 The European Union: Harmonising Customer Due Diligence

Within Europe, FATF principles have been translated into binding legislation through successive Anti-Money Laundering Directives (AMLDs) and, more recently, the Anti-Money Laundering Regulation (AMLR). Unlike FATF Recommendations, which function as international standards, European legislation imposes legally enforceable obligations upon Member States and regulated entities.

European AML legislation has progressively expanded both the depth and breadth of customer due diligence requirements. Earlier directives concentrated primarily on financial institutions, whereas subsequent reforms incorporated a much wider range of obliged entities, including auditors, accountants, tax advisers, estate agents, trust and company service providers, legal professionals operating in specified circumstances, crypto-asset service providers and participants in high-value goods markets.

European regulation places particular emphasis upon:

  • beneficial ownership transparency;

  • enhanced due diligence for politically exposed persons (PEPs);

  • cross-border cooperation;

  • centralised beneficial ownership registers;

  • lifecycle monitoring of customer relationships.

Unlike some other jurisdictions, the European framework provides relatively detailed statutory guidance regarding circumstances requiring enhanced due diligence, thereby promoting greater consistency across Member States.

The Moody's report similarly identifies the EU AML framework as one of the most comprehensive examples of harmonised customer due diligence legislation extending beyond banking into professional services and other designated non-financial businesses and professions.

Academic literature generally characterises European AML regulation as representing a transition from sector-specific compliance towards integrated financial crime governance, reflecting broader European objectives concerning transparency, market integrity and cross-border supervision (Ryder, 2018).

3.4 The United States: A Rules-Based Regulatory Model

The United States adopts a regulatory architecture that differs from both FATF and the European Union while pursuing broadly similar objectives.

Customer identification requirements derive principally from the Bank Secrecy Act, the USA PATRIOT Act and regulations administered by the Financial Crimes Enforcement Network (FinCEN). Two components are particularly important.

First, the Customer Identification Program (CIP) requires financial institutions to collect minimum identifying information before opening customer accounts. This includes verification of name, address, date of birth and taxpayer identification information using documentary or non-documentary methods.

Second, the Customer Due Diligence Rule requires covered institutions to identify and verify beneficial owners of legal entity customers while incorporating risk-based procedures into ongoing customer monitoring.

Compared with European legislation, US regulation has traditionally been regarded as more rules-oriented, specifying minimum procedural requirements while allowing institutions flexibility regarding broader risk management processes. However, recent regulatory developments indicate increasing convergence with international principles emphasising effectiveness rather than procedural compliance.

For example, FinCEN's recent proposals concerning AML programme effectiveness place greater emphasis upon organisational risk assessment, governance and the allocation of compliance resources towards higher-risk customers. These developments mirror FATF's longstanding advocacy of risk-based supervision and suggest a gradual convergence between traditionally rules-based and principles-based regulatory philosophies.

Nance (2018) argues that this evolution reflects recognition that effective AML compliance depends less upon procedural completeness than upon an institution's capacity to identify, prioritise and mitigate financial crime risks dynamically.

3.5 The United Kingdom: Risk-Based Supervision Following Regulatory Continuity

The United Kingdom's Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 represent one of the most mature examples of risk-based AML legislation.

Although originally influenced by successive European AML Directives, the UK's post-Brexit regulatory framework has maintained substantial continuity with international standards while introducing greater domestic flexibility through supervisory guidance issued by bodies including the Financial Conduct Authority (FCA), HM Revenue & Customs (HMRC) and professional supervisory organisations.

MLR 2017 requires regulated entities to undertake:

  • customer due diligence;

  • beneficial ownership verification;

  • enhanced due diligence;

  • ongoing monitoring;

  • risk assessment;

  • internal governance and record keeping.

Unlike purely prescriptive legislation, UK regulation places considerable emphasis upon organisational judgement supported by documented risk assessment. Firms are expected not merely to perform customer checks but to demonstrate why specific due diligence measures are proportionate to identified risks.

This reflects the UK's long-standing preference for principles-based financial regulation, whereby supervisory attention increasingly focuses upon governance, accountability and demonstrable effectiveness rather than mechanical procedural compliance.

3.6 Areas of International Regulatory Convergence

Despite institutional differences, comparative analysis reveals remarkable consistency across all four regulatory frameworks.

Customer Identification

All jurisdictions require organisations to establish the identity of customers before entering business relationships. Although acceptable verification methods differ, the underlying objective—ensuring that firms know with whom they are conducting business—remains universal.

Beneficial Ownership

Each framework requires regulated entities to identify the natural persons exercising ultimate ownership or control over legal entities. This represents one of the strongest examples of international regulatory convergence and reflects increasing concern regarding anonymous corporate structures.

Risk-Based Assessment

Rather than applying identical procedures to every customer, regulators universally expect organisations to allocate resources according to assessed financial crime risks. This principle has become the defining characteristic of contemporary AML supervision.

Enhanced Due Diligence

Although implementation varies, all four frameworks require additional scrutiny where customers, jurisdictions, products or ownership structures present elevated risks. Differences concern operational detail rather than underlying regulatory philosophy.

Ongoing Monitoring

Perhaps the most significant development concerns the recognition that customer due diligence is not completed during onboarding. Instead, organisations are expected to maintain current understanding of customer relationships throughout their lifecycle.

3.7 Remaining Areas of Divergence

Although convergence is substantial, important differences remain.

First, legal architecture differs considerably. FATF Recommendations constitute international standards, whereas European, American and British requirements derive from legally enforceable legislation.

Second, supervisory structures vary. European oversight combines national regulators with supranational institutions, while the United States employs multiple federal supervisory agencies and the United Kingdom operates a hybrid model involving statutory regulators and professional supervisory bodies.

Third, implementation guidance differs regarding enhanced due diligence, customer risk categorisation and beneficial ownership thresholds. Consequently, multinational organisations frequently develop enterprise-wide KYC frameworks that exceed minimum local regulatory requirements in order to achieve operational consistency across jurisdictions.

These differences illustrate that regulatory harmonisation should not be interpreted as complete uniformity. Rather, international convergence has produced a common set of regulatory objectives implemented through distinct legal and institutional mechanisms.

3.8 Conclusion

Comparative analysis demonstrates that modern KYC regulation has achieved a high degree of international consistency despite differing legal traditions. FATF has established the normative framework, while the European Union, the United States and the United Kingdom have translated these principles into enforceable domestic legislation.

Across all four jurisdictions, customer due diligence has expanded beyond identity verification to encompass beneficial ownership transparency, risk-based assessment, enhanced due diligence and ongoing lifecycle monitoring. These developments indicate that KYC has evolved from a procedural compliance obligation into a comprehensive governance framework supporting financial integrity, organisational resilience and international cooperation against financial crime.

The next section examines how these convergent regulatory principles are applied across banking, asset management, insurance and professional services, illustrating the transition of KYC from a banking-specific obligation to a cross-sector organisational capability.

4. Cross-Sector Implementation of Know Your Customer: From Banking Compliance to Enterprise Risk Management

4.1 Introduction

Although the regulatory principles governing Know Your Customer (KYC) have become increasingly harmonised internationally, their implementation varies significantly according to sector-specific business models, customer relationships and financial crime risks. Banks, asset managers, insurers and professional service firms operate within distinct commercial environments, creating different exposure profiles despite sharing common customer due diligence (CDD) obligations.

Historically, banking institutions formed the primary focus of AML regulation because they provide direct access to payment systems and international capital flows. However, regulators now recognise that illicit financial activity frequently involves multiple intermediaries operating across complex financial ecosystems. Asset managers administer investment vehicles, insurers facilitate long-term financial products, while lawyers and accountants establish legal structures capable of obscuring ownership or facilitating cross-border transactions. Consequently, contemporary KYC regulation increasingly treats these sectors as interconnected components of a broader financial integrity system rather than independent compliance domains.

This section analyses how common regulatory principles are operationalised across four principal sectors and argues that differences increasingly concern implementation rather than regulatory objectives.

4.2 Banking: The Evolution from Customer Identification to Dynamic Risk Management

Banking remains the sector most closely associated with KYC because commercial banks occupy a central position within global payment infrastructures. Every customer relationship potentially provides opportunities for money laundering, sanctions evasion, terrorist financing or fraud. Consequently, banks have traditionally maintained the most mature customer due diligence programmes.

Early KYC programmes focused largely upon customer identification during account opening. Once identity had been verified, compliance obligations were frequently considered complete unless suspicious activity emerged. Academic research has demonstrated that this model became increasingly inadequate as criminal methodologies evolved to exploit long-term customer relationships, complex ownership structures and international corporate networks (Levi, 2010).

Modern banking regulation therefore requires institutions to develop comprehensive customer risk profiles encompassing identity verification, beneficial ownership, expected account activity, source of funds, geographic exposure and transactional behaviour. Rather than representing isolated compliance checks, these datasets form part of broader enterprise-wide financial crime risk management systems.

This transformation reflects the wider regulatory transition towards continuous monitoring. Customer relationships are now expected to evolve dynamically as ownership structures change, sanctions regimes develop, politically exposed person (PEP) status emerges or adverse media alters organisational risk assessments. Consequently, customer due diligence increasingly functions as a continuously updated information system rather than a one-off onboarding exercise.

From an academic perspective, this reflects broader developments in organisational governance. Compliance has shifted from verifying procedural completion towards demonstrating institutional capability to identify, assess and mitigate financial crime risks throughout the customer lifecycle (Ryder, 2018).

4.3 Asset Management: Looking Beyond the Immediate Investor

Compared with banking, the asset management sector presents a different set of KYC challenges. Transactions occur less frequently, yet ownership structures are often substantially more complex.

Investment funds regularly involve multiple intermediaries including distributors, nominee shareholders, custodians, transfer agents and institutional investors. Consequently, the individual or organisation subscribing to a fund may not represent the ultimate beneficial owner of invested capital.

Academic literature increasingly recognises that this complexity creates opportunities for money laundering through layered ownership structures spanning multiple jurisdictions (Sharman, 2011). Effective customer due diligence therefore requires organisations to understand not only immediate investors but also underlying ownership, sources of wealth and the economic purpose of investment arrangements.

Regulatory expectations have evolved accordingly. Asset managers are increasingly expected to undertake:

  • beneficial ownership verification;

  • investor risk categorisation;

  • ongoing monitoring of ownership changes;

  • assessment of intermediaries;

  • enhanced due diligence where investment structures present elevated risks.

These requirements illustrate an important conceptual shift. Whereas suitability assessments traditionally dominated investor onboarding, contemporary regulation increasingly integrates AML considerations into investment governance.

This convergence illustrates how customer due diligence has expanded beyond transactional relationships to encompass broader assessments of ownership, control and financial integrity.

4.4 Insurance: Customer Due Diligence Across Long-Term Relationships

Insurance has historically received less attention within AML scholarship than banking despite managing substantial financial assets and long-duration customer relationships.

Life insurance products, investment-linked policies and annuity arrangements may facilitate the movement or storage of value over extended periods. Criminal actors may exploit premium payments, policy transfers or early surrender mechanisms to disguise illicit financial activity.

Unlike banking, insurance risk frequently involves multiple parties including policyholders, beneficiaries, trustees and intermediaries. Consequently, customer due diligence extends beyond identifying policy purchasers to understanding wider relationships connected to insurance products.

Academic commentators argue that this broader relational perspective distinguishes insurance from many other regulated sectors. Risk assessment increasingly considers behavioural indicators alongside traditional customer identification. Unusual premium patterns, frequent beneficiary changes, unexpected policy transfers or early redemptions may each indicate elevated financial crime risks requiring enhanced investigation.

Accordingly, insurers increasingly employ customer monitoring systems capable of detecting changes occurring throughout policy lifecycles rather than solely during policy inception.

These developments reinforce the broader academic argument that effective customer due diligence increasingly requires longitudinal understanding of customer behaviour rather than isolated identity verification.

4.5 Professional Services: The Emergence of Front-Line Financial Crime Gatekeepers

Perhaps the most significant expansion of KYC regulation concerns professional service firms.

Law firms, accounting practices, tax advisers, auditors and trust and company service providers have historically regarded themselves as advisers rather than financial institutions. Nevertheless, international investigations including the Panama Papers demonstrated that professional intermediaries frequently establish or administer the corporate structures later exploited for money laundering, corruption or tax evasion (Obermayer & Obermaier, 2016).

Recognising this risk, FATF introduced Designated Non-Financial Businesses and Professions (DNFBPs), extending customer due diligence obligations beyond traditional financial services. Subsequent European and UK legislation incorporated these professions directly within AML supervision.

Professional service firms now commonly undertake:

  • customer identity verification;

  • beneficial ownership analysis;

  • politically exposed person screening;

  • sanctions screening;

  • source of funds enquiries;

  • ongoing monitoring of higher-risk engagements.

Unlike banks, however, professional advisers frequently encounter highly complex legal structures involving trusts, multinational corporations, private investment vehicles and family offices. Consequently, customer due diligence often requires substantial legal and commercial judgement rather than reliance upon standardised onboarding procedures.

Academic research suggests that this represents one of the most significant institutional developments within contemporary AML regulation. Professional advisers increasingly function as gatekeepers responsible for protecting financial system integrity while balancing legal privilege, client confidentiality and commercial relationships (Ryder, 2018).

4.6 Common Themes Across Sectors

Despite differing commercial activities, comparative analysis reveals several themes common to all four sectors.

First, customer identification alone is no longer regarded as sufficient. Regulators increasingly expect organisations to understand beneficial ownership, control structures and the economic rationale underpinning business relationships.

Second, risk assessment has become dynamic rather than static. Customer risk profiles evolve as ownership changes, political exposure emerges or new information becomes available.

Third, organisational governance has become increasingly important. Regulators evaluate whether firms can demonstrate consistent, evidence-based decision-making supported by appropriate documentation, senior management oversight and effective compliance cultures.

Finally, technological capability has become central to regulatory effectiveness. The scale and complexity of modern customer relationships make manual monitoring increasingly impractical. Consequently, organisations have invested heavily in digital identity verification, entity resolution, adverse media screening, sanctions monitoring and automated customer risk assessment systems.

These developments suggest that KYC has evolved into an enterprise-wide capability integrating compliance, operational risk, technology and corporate governance.

4.7 Cross-Sector Convergence and Remaining Differences

Although convergence is substantial, meaningful sectoral differences remain.

Banks continue to emphasise transactional monitoring because of their role in payment systems. Asset managers focus more heavily upon ownership transparency and investor structures. Insurers prioritise behavioural indicators arising throughout long-term policy relationships. Professional service firms concentrate upon beneficial ownership analysis and complex legal arrangements.

These differences reflect operational realities rather than divergent regulatory philosophies. Across all sectors, regulators increasingly expect organisations to demonstrate that customer due diligence is proportionate, evidence-based and responsive to changing financial crime risks.

Consequently, KYC should be understood as a flexible governance framework capable of adapting common regulatory principles to diverse organisational contexts rather than a prescriptive checklist applied uniformly across industries.

4.8 Conclusion

The expansion of KYC beyond banking represents one of the most significant developments in contemporary financial regulation. Although banks remain central to AML supervision, asset managers, insurers and professional service firms now perform equally important roles within the broader financial crime prevention ecosystem.

Across all sectors, regulatory expectations have shifted from customer identification towards comprehensive lifecycle risk management incorporating beneficial ownership transparency, ongoing monitoring, governance and technological capability. Differences increasingly concern operational implementation rather than regulatory intent.

This cross-sector convergence supports the central argument of this paper: KYC has evolved from a banking-specific compliance obligation into a foundational organisational capability underpinning financial integrity, enterprise risk management and international regulatory cooperation.

The following section examines the strategic implications of this transformation, considering the role of digital technologies, artificial intelligence, regulatory technology (RegTech) and data governance in shaping the future development of KYC systems.


5. Discussion: The Future of Know Your Customer as a Strategic Risk Management Capability

5.1 Introduction

The preceding analysis demonstrates that Know Your Customer (KYC) has undergone a fundamental transformation during the past three decades. Originally conceived as a customer identification procedure within banking, KYC has evolved into an integrated framework supporting anti-money laundering (AML), counter-terrorist financing (CTF), sanctions compliance, fraud prevention and enterprise-wide risk management. This evolution has been driven by increasing international regulatory convergence, technological innovation and the growing complexity of global financial systems.

This discussion synthesises the findings presented in earlier sections and considers their broader implications for regulators, financial institutions and academic research. It argues that contemporary KYC should be understood not merely as a regulatory obligation but as an organisational capability underpinning institutional resilience and financial system integrity.

5.2 Regulatory Convergence and Global Financial Governance

One of the clearest findings emerging from this study is the remarkable convergence of international KYC regulation. Despite significant differences in legislative architecture, FATF, the European Union, the United States and the United Kingdom all require regulated organisations to demonstrate a broadly consistent approach to customer due diligence.

This convergence reflects wider developments in global financial governance. Rather than creating identical legislation, international regulators have increasingly adopted common principles centred upon transparency, proportionality and accountability. FATF Recommendations function as normative standards that influence domestic legislation while allowing jurisdictions flexibility regarding implementation.

Institutional theory provides a useful explanation for this phenomenon. DiMaggio and Powell's (1983) concept of institutional isomorphism suggests organisations facing similar regulatory pressures gradually adopt comparable governance structures irrespective of local institutional differences. Contemporary KYC regulation illustrates this process clearly. Banks, insurers, asset managers and professional services firms increasingly perform similar customer due diligence activities because regulators expect comparable standards of transparency and financial crime prevention.

Nevertheless, convergence should not be confused with complete uniformity. National legal traditions, supervisory priorities and institutional capacities continue to influence implementation. Consequently, multinational organisations frequently adopt enterprise-wide KYC standards exceeding minimum legal requirements in order to ensure consistency across multiple jurisdictions.

5.3 KYC as Enterprise Risk Management

Perhaps the most significant conceptual shift concerns the changing purpose of KYC itself.

Historically, customer due diligence was primarily regarded as a compliance obligation intended to satisfy regulatory requirements. Success was measured by procedural completion—whether customer files contained the necessary documentation.

Contemporary regulation increasingly adopts a different perspective. Organisations are expected not merely to complete prescribed procedures but to demonstrate that customer due diligence contributes meaningfully to understanding financial crime risk.

This distinction has profound implications for organisational governance.

Modern KYC systems contribute to multiple organisational objectives simultaneously:

  • preventing money laundering and terrorist financing;

  • supporting sanctions compliance;

  • reducing fraud exposure;

  • improving third-party risk management;

  • strengthening corporate governance;

  • protecting institutional reputation;

  • supporting operational resilience.

Accordingly, responsibility for KYC increasingly extends beyond compliance departments. Risk management, legal functions, operations, technology teams and senior executives all contribute to organisational KYC capability.

Academic literature increasingly supports this broader interpretation. Ryder (2018) argues that AML regulation has evolved towards integrated governance rather than isolated compliance, while Nance (2018) suggests regulatory effectiveness increasingly depends upon organisational decision-making rather than procedural adherence.

5.4 Technology and the Emergence of Perpetual KYC

Technological innovation has fundamentally altered how organisations implement customer due diligence.

Traditional KYC programmes relied heavily upon manual document collection, periodic file reviews and human judgement. While these approaches remain important, they have become increasingly difficult to sustain given the volume, complexity and international nature of modern customer relationships.

Consequently, organisations have invested heavily in regulatory technology (RegTech), artificial intelligence (AI) and advanced analytics capable of supporting:

  • digital identity verification;

  • entity resolution;

  • beneficial ownership mapping;

  • adverse media monitoring;

  • sanctions screening;

  • politically exposed person identification;

  • transaction monitoring;

  • continuous customer risk assessment.

These technologies facilitate what has become known as perpetual KYC, whereby customer information is updated continuously rather than periodically.

From a regulatory perspective, perpetual KYC aligns closely with the risk-based philosophy promoted by FATF. Customer risk is recognised as dynamic rather than static; therefore, customer due diligence must likewise evolve throughout the business relationship.

However, technological capability introduces new governance challenges.

Artificial intelligence systems may inherit biases present within training data. Automated risk models may lack transparency or explainability. False positives generated by sanctions screening systems can impose significant operational costs, while false negatives may expose institutions to regulatory enforcement.

Consequently, scholars increasingly argue that technological innovation should complement rather than replace professional judgement. Effective governance requires organisations to understand not only how automated systems generate risk assessments but also how those assessments are reviewed, challenged and documented.

5.5 Beneficial Ownership and Transparency

Beneficial ownership remains one of the most challenging aspects of modern KYC.

Although regulatory expectations have become increasingly consistent internationally, practical implementation remains difficult because ownership structures frequently extend across multiple jurisdictions with differing disclosure standards.

Corporate vehicles, trusts, nominee arrangements and complex investment structures may obscure the individuals exercising effective control over assets. While beneficial ownership registers have improved transparency in many jurisdictions, data quality, verification standards and international interoperability remain inconsistent.

Academic literature therefore suggests that beneficial ownership should be viewed as an evolving governance challenge rather than a solved regulatory problem.

Future progress is likely to depend upon:

  • greater international cooperation;

  • improved corporate transparency;

  • higher-quality ownership data;

  • stronger verification mechanisms;

  • interoperability between public and private information sources.

These developments would strengthen both financial crime investigations and routine customer due diligence.

5.6 Cross-Sector Implications

A further contribution of this paper concerns the recognition that KYC has become genuinely cross-sector.

Banks remain central to AML supervision, yet they no longer operate in isolation.

Asset managers increasingly undertake sophisticated investor due diligence.

Insurance companies monitor policyholder behaviour throughout long-term relationships.

Law firms and accountants perform customer due diligence before accepting engagements.

Trust and company service providers verify beneficial ownership before establishing legal structures.

This convergence reflects the interconnected nature of contemporary financial systems. Financial crime rarely occurs entirely within a single institution; rather, illicit activity often exploits weaknesses across multiple organisations simultaneously.

Accordingly, regulators increasingly expect coordinated risk management throughout financial ecosystems rather than isolated institutional compliance.

5.7 Limitations

Several limitations should be acknowledged.

First, this paper primarily examines regulatory convergence across four influential jurisdictions. Although these frameworks shape international practice, implementation varies considerably across emerging economies.

Second, much existing academic literature remains concentrated upon banking, limiting empirical evidence concerning non-bank sectors such as insurance and professional services.

Third, rapid technological developments—including artificial intelligence, decentralised identity systems and digital assets—continue to reshape KYC practices faster than much peer-reviewed research can evaluate their long-term implications.

Finally, while this paper examines regulatory expectations, it does not evaluate organisational effectiveness empirically. Future studies employing interviews, case studies or quantitative compliance data would provide valuable evidence regarding how KYC frameworks operate in practice.

5.8 Future Research

Several promising avenues for future research emerge from this review.

The first concerns artificial intelligence and explainable regulatory technology. As AI becomes increasingly integrated into customer due diligence, greater understanding is required regarding governance, accountability and regulatory acceptance.

Second, comparative empirical research examining KYC implementation across banking, insurance, professional services and digital asset providers would improve understanding of sector-specific challenges.

Third, the emergence of decentralised digital identity systems presents opportunities to reconsider how customer identity may be verified internationally while preserving privacy and regulatory oversight.

Finally, research examining organisational culture, governance and board oversight could significantly enhance understanding of why apparently similar regulatory frameworks produce differing compliance outcomes.

6. Conclusion

The analysis presented in this paper demonstrates that KYC has evolved from a procedural banking requirement into a comprehensive organisational capability supporting financial crime prevention, corporate governance and enterprise risk management.

International regulatory convergence has produced a remarkably consistent framework centred upon customer identification, beneficial ownership transparency, risk-based assessment, enhanced due diligence and ongoing monitoring. Although implementation varies across jurisdictions and sectors, these principles increasingly underpin global financial regulation.

Perhaps the most important conclusion is that KYC should no longer be regarded solely as a compliance function. Instead, it has become a strategic organisational capability integrating governance, technology, operational resilience and financial integrity.

As financial systems become increasingly digital, interconnected and internationally integrated, organisations capable of maintaining accurate, dynamic and transparent customer intelligence will be better positioned not only to satisfy regulators but also to strengthen institutional resilience and public trust.

Ultimately, effective KYC is no longer simply about knowing who a customer is. It is about understanding who they are, who controls them, how their risk evolves over time, and how that knowledge contributes to protecting the integrity of the global financial system.

7. References

Amoore, L. and de Goede, M. (2008) Risk and the War on Terror. London: Routledge.

Basel Committee on Banking Supervision (2020) Sound Management of Risks Related to Money Laundering and Financing of Terrorism. Basel: Bank for International Settlements.

Button, M., Blackbourn, D. and Tunley, M. (2015) ‘The Not So Thin Blue Line After All? Investigative Resources Dedicated to Fighting Fraud/Economic Crime in the United Kingdom’, Policing: A Journal of Policy and Practice, 9(2), pp. 129–142.

Council of the European Union (2015) Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the Prevention of the Use of the Financial System for the Purposes of Money Laundering or Terrorist Financing. Brussels: European Union.

Council of the European Union (2018) Directive (EU) 2018/843 (5th Anti-Money Laundering Directive). Brussels: European Union.

de Koker, L. (2006) ‘Money Laundering Control and Suppression of Financing of Terrorism: Some Thoughts on the Impact of Customer Due Diligence Measures on Financial Exclusion’, Journal of Financial Crime, 13(1), pp. 26–50.

de Koker, L. (2011) ‘Aligning Anti-Money Laundering, Combating of Financing of Terrorism and Financial Inclusion’, Journal of Financial Crime, 18(4), pp. 361–386.

DiMaggio, P.J. and Powell, W.W. (1983) ‘The Iron Cage Revisited: Institutional Isomorphism and Collective Rationality in Organizational Fields’, American Sociological Review, 48(2), pp. 147–160.

European Banking Authority (2021) Guidelines on Customer Due Diligence and the Factors Credit and Financial Institutions Should Consider When Assessing Money Laundering and Terrorist Financing Risk.

European Commission (2021) Anti-Money Laundering and Countering the Financing of Terrorism Legislative Package. Brussels.

Financial Action Task Force (2012, updated 2026) International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation: The FATF Recommendations. Paris: FATF.

Financial Action Task Force (2021) Guidance on Risk-Based Approach. Paris: FATF.

Ferwerda, J., Deleanu, I. and Unger, B. (2020) ‘Corruption in Public Procurement: Finding the Right Indicators’, European Journal on Criminal Policy and Research, 26(2), pp. 245–267.

Financial Crimes Enforcement Network (2016) Customer Due Diligence Requirements for Financial Institutions. Washington, DC: U.S. Department of the Treasury.

Financial Crimes Enforcement Network (2024) Anti-Money Laundering and Countering the Financing of Terrorism National Priorities.

HM Treasury (2017) The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. London: HMSO.

HM Revenue & Customs (2024) Anti-Money Laundering Guidance for Accountancy Service Providers.

Levi, M. (2010) ‘Money Laundering and Its Regulation’, The Annals of the American Academy of Political and Social Science, 582(1), pp. 181–194.

Levi, M. and Reuter, P. (2006) ‘Money Laundering’, Crime and Justice, 34(1), pp. 289–375.

Nance, M.T. (2018) The regime that FATF built: an introduction to the Financial Action Task Force.

Obermayer, B. and Obermaier, F. (2016) The Panama Papers. London: Oneworld.

Organisation for Economic Co-operation and Development (2019) Ending the Shell Game: Cracking Down on the Professionals Who Enable Tax and White Collar Crimes. Paris: OECD.

Ryder, N. (2012) Money Laundering – An Endless Cycle? London: Routledge.

Ryder, N. (2018) The Financial War on Terror. 2nd edn. London: Routledge.

Sharman, J.C. (2011) The Money Laundry: Regulating Criminal Finance in the Global Economy. Ithaca: Cornell University Press.

Takáts, E. (2011) ‘A Theory of “Crying Wolf”: The Economics of Money Laundering Enforcement’, Journal of Law, Economics and Organization, 27(1), pp. 32–78.

Unger, B. and van der Linde, D. (2013) Research Handbook on Money Laundering. Cheltenham: Edward Elgar.

United Nations Office on Drugs and Crime (2020) Global Study on Illicit Financial Flows. Vienna: UNODC.

United States Congress (2001) USA PATRIOT Act. Washington, DC.

Van Duyne, P.C., Harvey, J. and Gelemerova, L. (eds.) (2018) The Critical Handbook of Money Laundering. London: Palgrave Macmillan.

Verhage, A. (2011) The Anti Money Laundering Complex and the Compliance Industry. London: Routledge.

World Bank (2022) Beneficial Ownership Transparency in Practice. Washington, DC.

Contact

Reach out via email for inquiries.

Email

Subscribe to newsletter

info@grcadvisory.ch

© 2025. All rights reserved.