KYC
What Is KYC and how does it prevent money laundering (AML)?
KYC (Know Your Customer) is the mandatory identity verification and risk assessment process that every financial institution must perform before establishing a business relationship. In the acquiring and payments industry, KYC determines whether a merchant can be onboarded into a payment gateway, process card transactions, or access electronic payment services.
KYC is far more than a compliance formality. It is the first line of defense against fraud, money laundering and terrorist financing. Without a robust KYC framework, no regulated payment institution can legally operate in Spain or within the European Economic Area.
How KYC works in merchant onboarding
The digital onboarding process for merchants typically follows this structured sequence:
- Document collection: ID or NIE of the legal representative, articles of incorporation, tax ID, tax filings, and proof of business activity.
- Biometric verification: Document validation using OCR and a liveness check through facial recognition.
- Ultimate Beneficial Owner (UBO) identification: Required for any individual holding more than 25% ownership of the company.
- Database screening: Checks against international sanctions lists and PEP (Politically Exposed Persons) registries.
- Risk classification: Merchants are categorized as low, medium, or high risk based on their MCC code, expected transaction volume, and business model.
- Continuous monitoring: KYC does not end after onboarding. Transaction patterns are monitored continuously to detect unusual or suspicious activity.
Law 10/2010 of April 28 requires financial institutions to retain all KYC documentation for at least 10 years after the business relationship ends.
Regulatory framework and compliance requirements
The regulatory framework governing KYC and customer due diligence in Spain and the European Union is extensive and mandatory:
| Regulation | Scope |
|---|---|
| Law 10/2010 and RD 304/2014 | AML/CFT obligations in Spain |
| Directive (EU) 2015/849 (4th and 5th AMLD) | EU-wide customer due diligence requirements |
| Regulation (EU) 2024/1624 | New EU AML framework (effective July 2027) |
| PSD2 – Directive (EU) 2015/2366 | Identification of payment service providers |
In 2026, SEPBLAC reinforced its supervisory stance with the publication "Supervisory Experience: Minimizing De-risking". The message is clear: rejecting entire categories of merchants is considered poor AML/CFT risk management. Each merchant must be assessed individually, as required by Article 7.3 of Law 10/2010.
Operational advantages and disadvantages of KYC
Advantages:
- Reduces exposure to identity fraud and fraudulent transactions.
- Prevents regulatory penalties that can reach hundreds of millions of euros.
- Strengthens trust with acquiring banks, enabling better commercial terms.
- Digital onboarding with biometric verification allows merchants to activate their accounts in minutes.
Disadvantages:
- Overly strict KYC policies can lead to de-risking, excluding legitimate merchants in high-risk sectors.
- Biometric verification and international database screening can be costly for smaller institutions.
- Ongoing documentation updates require continuous operational resources.
Was this term useful?
1 of 1 I found it useful
Leave a Comment