KYC/AML Onboarding Flow Template

KYC (Know Your Customer) is the process of verifying a customer's identity. It answers "who is this person?" AML (Anti-Money Laundering) is the broader regulatory framework that includes KYC plus ongoing monitoring, suspicious activity detection, and reporting. KYC happens primarily at onboarding. AML is continuous throughout the customer relationship. Both are required for most financial products. See the [glossary definition of KYC](/glossary/prioritization) for more detail.

Three strategies consistently improve completion rates. First, use progressive onboarding: let users access basic features immediately and prompt for verification only when they hit a tier limit. Second, minimize steps per session. Collecting name, DOB, and phone in one screen rather than three reduces perceived effort. Third, invest in clear error handling. When a document upload fails, tell the user exactly why and what to do differently. Generic "verification failed" messages cause abandonment because users do not know how to fix the problem.

Use a third-party provider unless KYC is your core product. Providers like Jumio, Onfido, and Socure handle document OCR, liveness detection, and sanctions screening at scale. Building in-house requires specialized ML expertise, ongoing model maintenance, and regulatory certifications. The typical integration takes 2-4 weeks versus 6-12 months to build. The cost is $1-3 per verification versus $50K+ in annual engineering time for in-house solutions.

Retention periods vary by jurisdiction. US Bank Secrecy Act requires 5 years after account closure. EU's 5th Anti-Money Laundering Directive requires 5 years after the end of the business relationship. Some states and countries require longer. Store documents securely (encrypted, access-controlled) for the required period, then delete or anonymize. Your [fintech compliance checklist](/templates/fintech-compliance-checklist-template) should track the specific retention periods for each data type.

Accept documents from the jurisdictions you support (passports are the most universal). Use a KYC provider with global document coverage. Be aware that address verification works differently by country. Some countries do not have utility bills in the Western sense. Proof of address may be a government-issued residency certificate or a tax document. Define accepted documents per country with your compliance team, and update the list as you expand to new markets. ---