What is KYC (Know Your Customer) for UK accountants?
KYC is the identity verification step that sits at the heart of every AML programme. Before you act for any client, you must confirm who they are — and keep the evidence. Here is what it involves, how it differs from CDD, and how to get it right.
TL;DR — Quick Summary
- •KYC (Know Your Customer) means collecting and verifying a client's identity before you begin work
- •It applies to every new client engagement — there are no blanket exemptions for existing clients
- •You must verify name, date of birth, and address, backed by an acceptable document
- •KYC is the identity step within the broader Customer Due Diligence (CDD) process
- •UK accountants supervised by HMRC or a professional body are legally required to complete KYC under MLR 2017
Answer-first summary
What does KYC mean for accountants?
KYC — Know Your Customer — is the legal requirement to identify and verify a client's identity before you provide any regulated service to them. For UK accountants, this means confirming who the client is, where they live, and — for corporate clients — who ultimately owns and controls the business. KYC is not a checkbox; it is a documented process with evidence that must be retained for at least five years.
- Verify identity using a current, government-issued document before beginning work
- Confirm the client's address against a document issued within the past three months
- For companies, identify individuals with 25% or more ownership or control
- Record the evidence, the method of verification, and the date — and keep it for five years
What KYC involves
KYC is made up of four distinct steps. Each one must be completed and evidenced before you begin work for a client.
Identity verification
Collect and verify the client's full name, date of birth, and residential address. Verification means checking the information against a reliable, independent source — not simply accepting what the client tells you.
Document collection
Obtain an acceptable identity document: a current passport, UK or EEA driving licence, or national identity card. The document must be valid — expired documents do not satisfy the requirement.
Proof of address
Collect a proof of address document issued within the past three months. Acceptable examples include a utility bill, bank statement, or HMRC correspondence confirming the client's current address.
Beneficial ownership
For corporate clients, identify the individuals who ultimately own or control the entity — any person holding 25% or more of shares, voting rights, or who exercises significant control. Record the basis for your determination.
KYC vs CDD — what is the difference?
KYC and CDD are closely related but not the same thing. KYC is the identity verification step. CDD is the full compliance process — which includes KYC as a component, but also covers risk assessment and ongoing monitoring. Understanding the distinction matters because accountants must do both.
| Aspect | KYC | CDD |
|---|---|---|
| What it covers | Identity verification only | Identity + risk assessment + ongoing monitoring |
| When it applies | Before beginning work | Before and throughout the relationship |
| Output | Verified identity record | Full compliance file with risk rating |
| Relationship | A component of CDD | The complete process, including KYC |
For a deeper explanation of the full CDD process, see the CDD guide.
When to apply KYC
KYC applies more broadly than many accountants realise. These are the four key triggers.
New client engagement
Apply KYC before you begin work for any new client. You must not act until identity has been verified to a sufficient standard.
Returning client after a long gap
If a client returns after two or more years of inactivity, treat them as a new engagement and repeat the KYC process. Circumstances — including ownership, address, and risk profile — may have changed.
Change in client circumstances
Material changes — a new director, a change of beneficial owner, a new jurisdiction — should trigger a refresh of the KYC records even if the client relationship is ongoing.
Regulatory trigger or suspicion
Where you have cause for suspicion, or where your supervisory body flags a trigger event, revisit the KYC file before continuing to act.
Common KYC mistakes to avoid
These errors come up repeatedly in HMRC supervision visits and professional body reviews.
Accepting expired documents
An expired passport or driving licence does not satisfy the identity verification requirement. Always check expiry dates before accepting a document as evidence.
Using a photocopy without sight of the original
Where identity is verified in person, you should see the original document — a photocopy alone is not sufficient unless you are using a certified copy or digital verification service.
Not verifying beneficial owners of corporate clients
KYC applies to the individuals behind a corporate entity, not just the company itself. Failing to identify ultimate beneficial owners is one of the most common gaps found during HMRC supervision visits.
Not re-verifying after a long gap
KYC is not a one-time event. A client whose records are two or more years old, or whose circumstances have changed, should be re-verified before you continue to act.
How Certivus handles KYC
Certivus turns your KYC process into a structured, evidenced workflow that runs in minutes — not days.
Send a secure KYC request link
From your Certivus dashboard, generate and send a branded KYC request to the client in seconds. No email attachments, no chasing by phone.
Learn moreClient uploads ID and selfie
The client completes the request on any device — laptop or mobile — by uploading their identity document and a selfie for liveness confirmation. No app download needed.
Learn moreReview results, verify, and store evidence
Certivus returns the verified result for your review. Approve or note your decision. The full evidence record — documents, timestamps, and decision notes — is stored securely and exportable for HMRC.
Learn moreKYC questions answered
What is KYC?
KYC stands for Know Your Customer. It is the process of collecting and verifying the identity of a client before entering into a business relationship with them. For UK accountants, KYC is a legal requirement under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017). It involves confirming who a client is — their name, date of birth, and address — and checking that information against an acceptable document or independent data source.
How is KYC different from CDD?
KYC (Know Your Customer) is the identity verification step — confirming who the client is. CDD (Customer Due Diligence) is the wider process that includes KYC plus a risk assessment of the client and the intended business relationship, plus ongoing monitoring throughout the relationship. Put simply: KYC is part of CDD, but CDD goes further. Accountants must complete both.
What documents count for KYC?
For identity verification, acceptable documents include a current passport, a UK or EEA photocard driving licence, or a national identity card. The document must be in date. For proof of address, acceptable documents include a bank statement, utility bill, HMRC correspondence, or local authority tax bill — each dated within the past three months. Expired documents do not satisfy the requirement.
Do I need to verify every client?
Yes. MLR 2017 requires accountants to apply customer due diligence — which includes KYC identity checks — to every client before beginning work. There are limited circumstances where simplified due diligence is permitted for demonstrably low-risk clients, but these are exceptions, not the default. When in doubt, apply standard CDD.
What happens if KYC fails?
If you are unable to verify a client's identity to a sufficient standard, you must not act for them — and must consider whether you need to file a Suspicious Activity Report (SAR) with the National Crime Agency. You should not return funds already received until you have taken advice. Document the failure and your decision-making process in the client file.
How long should I keep KYC records?
You must retain KYC records — identity documents, verification results, address evidence, and decision notes — for at least five years from the date the business relationship ends, or from the date of an occasional transaction. This is a minimum legal requirement under MLR 2017. Many firms retain records for longer as a matter of policy.
For the full CDD process, see the CDD explained guide. For definitions, visit the AML glossary.
Related reading
What is AML compliance?
A plain-English guide to Anti-Money Laundering obligations for UK accountants and law firms.
What is CDD?
How Customer Due Diligence builds on KYC — and when Enhanced Due Diligence applies.
KYC and CDD software
Send secure KYC requests, collect identity evidence, and store everything in one place.
AML and KYC glossary
Definitions of PEP, UBO, CDD, EDD, SAR, and 16 more compliance terms.