Know your customer or know your client (KYC) laws, regulations and guidelines in financial services require regulated businesses and professionals to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer. These procedures fit within the broader scope of anti-money laundering (AML) and counter terrorism financing (CTF) regulations.

KYC requirements have evolved from simple identity verification into comprehensive risk management frameworks designed to combat illicit financial activity. These procedures enable institutions to further understand their clients' financial behaviour, identity, and transactions, and aids in assessing exposure to money laundering and an extensive range of underlying crime, including bribery, corruption, fraud, extortion, human trafficking and drug smuggling. Information collected by regulated entities as a result of complying with KYC obligations is used to aid law enforcement and national security. In addition to verifying personal or corporate identities, modern KYC standards often include customer and enhanced due-diligence for higher risk clients, ensuring compliance with global inter-governmental standards set out by the Financial Action Task Force since 1989.

KYC processes are also employed by companies of all sizes for the purpose of ensuring their proposed customers, agents, consultants, or distributors are anti-bribery compliant and are actually who they claim to be. Banks, insurers, export creditors, and other financial institutions are increasingly required to make sure that customers provide detailed due-diligence information. Initially, these regulations were imposed only on the financial institutions, but now the non-financial industry, fintech, virtual assets dealers, and even non-profit organizations are included in regulations in many countries.

AML/CFT legislation strengthens the prevention of and the fight against money laundering, its predicate offences and terrorist financing. It places legally binding obligations on sectors exposed to the risk of money laundering or the financing of terrorism to monitor their customers and transactions, and to report suspicious activities to governments.

In the European Union these sectors are described as obliged entities, whereas in the United States the term covered institutions is used.

Obliged entities are required to identify and assess the risks of money laundering and terrorist financing to which they are exposed. This business-wide risk assessment must be kept up-to-date. To manage these risks and comply with relevant AML legislation, obliged entities must have internal policies, procedures and controls in place. This includes applying Customer Due Diligence (CDD) measures and may require Enhanced Due Diligence (EDD) checks for certain categories of customers or transactions.

The US Financial Crimes Enforcement Network (FinCEN), a bureau of the US Department of Treasury, which is tasked with safeguarding the financial system from illicit activity, set out the core elements of CDD:

KYC encompasses a set of practices to verify business clients. These include verification of registration credentials, location, the UBOs (Ultimate Beneficial Owners) of that business client, etc. Also, the business client is screened against blacklists and grey lists to check if they are in involved in any sort of criminal activity, e.g. money laundering, terrorist financing or corruption. KYC is significant in identifying fake business entities and shell companies. KYC protocols for business clients typically include verifying business activities to determine whether they align with a company's risk tolerance. High-risk sectors may include gambling facilities, money services businesses, and adult entertainment industries, among others. KYC service providers such as LexisNexis and Enigma Technologies offer data and ongoing monitoring solutions that enable verification during both initial onboarding and throughout the entire business relationship lifecycle.