A Guide to Electronic Know Your Customer (eKYC) Checks

07 February 2025

A man in a suit and tie is seated at a desk, working on a laptop with a focused expression.

For legal professionals, conducting “Know Your Customer” (KYC) checks are an essential component of Anti-Money Laundering (AML) compliance. These rigorous measures check a client’s identity by examining key information and documents about them, to assess the potential for their connection with financial crimes such as money laundering or terrorist financing.

However, this isn’t without its challenges, since the manual process of KYC can often be time-consuming and prone to errors, such as false positives. In recent years, in the drive for efficiency and access to wider sources of information, we have witnessed the rapid growth in the adoption of electronic Know Your Customer (eKYC).

In this article, we will explore what eKYC is, how it works, and how your firm can implement it as part of improved and more time effective AML checks and processes.

What Is eKYC?

Electronic Know Your Customer (eKYC) is a digital process by which firms obtain and analyse their clients identification documents and supporting information remotely, thereby removing physical document submission or in-person verification from KYC processes. Referred to as “RegTech” by the Financial Conduct Authority (FCA), this method is intended to enhance traditional KYC procedures by using advanced software to promote what eKYC service providers often describe as a secure, efficient, and user-friendly onboarding experience.

eKYC uses several technology-based verification methods, such as:

1. Biometric Data

eKYC systems often incorporate biometric data, such as facial or vocal recognition, to verify a customer's identity. By analysing unique biological traits, these systems aim to verify that the individual is who they claim to be. For example, facial recognition technology compares the customer's live image with the photo on their passport to seek a match.

2. Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA)

To add an extra layer of security, eKYC processes usually implement 2FA or MFA. Essentially, this means that, in addition to providing something they know (like a password), customers must also use biometrics, a second hardware token, or multiple channels to authenticate their identity during a transaction.

3. Document Recognition

Digital uploads of official identification documents, such as passports or driving licences, are often a fundamental part of eKYC. Advanced document recognition software can authenticate these documents by analysing security features, expiration dates, and other key details, ensuring their legitimacy.

4. Digital Breadcrumbs

eKYC software may analyse digital breadcrumbs - characteristic identifiers from a customer's meta-information, such as device “fingerprints”, IP addresses, and behavioural patterns. By assessing this data, firms might be able to detect anomalies or suspicious activities that may indicate fraudulent client behaviour.

5. Database Scanning

Commonly referred to as “electronic ID and verification” (EID/V) by the Legal Sector Affinity Group (LSAG), new customers and their associated businesses are checked against government registries, blacklists, and sanction lists. This helps firms to consider whether or not the client or prospective client is a Politically Exposed Person (PEP) or has a history of illicit activities.

Well-known providers of EID/V platforms include SmartSearch, InfoTrack, Thirdfort, and Credas.

What Are the Benefits of eKYC?

Up-to-Date Platforms: EID/V platforms are regularly updated - if a client’s details change, the provider might send the law firm an update. This supports Money Laundering Regulations 2017, in particular, “ongoing monitoring” which falls within Regulation 28.
Improved Security: Methods such as the use of biometric data and MFA reduce the risk of identity fraud, potentially helping staff feel more confident as to who they’re dealing with.
Faster Onboarding: Verification processes might be partially automated, reducing the amount of time that’s required to approve new clients - potentially improving their experience.
Rigorous Assessments: eKYC processes intend to keep track with lists of PEPs, sanctioned persons or entities, elevated risk attributes, and any other inconsistencies with KYC information.
Scalability: because the platforms are digitalised, they can usually be scaled as the firm grows, accommodating large volumes of customer verification to consistent levels of accuracy.
Reduced Errors: Humans are more prone to errors than automated software. In that light, eKYC can help firms reduce the likelihood of false positives and false negatives.
Towards Robust Compliance: Advanced checks, such as database scanning, add to the toolkit that firms can apply to help them stay on the right side of regulation.
Enhancing Efficiency: In some aspects eKYC has the potential to enhance the efficiency of reporting and monitoring, through on-demand reporting for AML Officers and compliance officers.

What Are the Challenges of eKYC?

Implementation Requirements: Firms must ensure that the eKYC software marries with current hardware, existing controls, and case management systems.
Staff Training Needs: Staff must be adequately trained to use eKYC software correctly, and they must be familiar with how to examine and interpret results.
Retained Reports: eKYC reports should be retained on the matter file and, critically, the outcomes of the reports are then further summarised on matter file Client Matter Risk Assessment (CMRA) forms.
Infrastructure Dependence: To use eKYC processes, firms must have a reliable, stable internet connection.
Data Privacy Concerns: Collecting biometric data and sensitive information can raise concerns about the misuse of data or potential cyber security breaches. All firms that use eKYC sources should appropriately update their records of data processing in compliance with Article 30 of the GDPR.
Initial Setup Costs: Implementing eKYC requires investment in technology, IT infrastructure, and staff training, which may be costly for small firms.

How Does eKYC Compare to Traditional KYC?

While their methods differ, eKYC and traditional KYC adhere to the same fundamental principles, resting on three core pillars: Identification, Customer Due Diligence (CDD), and Monitoring.

Identification
eKYC uses digitalised methods, such as facial recognition and biometric scanning, allowing for remote identification and verification.	Traditional KYC relies on physical presence and manual verification of identity documents, such as passports or driver's licenses.
Customer Due Diligence (CDD)
eKYC automates data collection and analysis, using algorithms to assess risk based on factors like location, transaction history, and public databases.	Traditional KYC involves manual assessment of customer risk profiles based on information gathered through forms and interviews.
Monitoring
eKYC employs real-time monitoring systems that can flag unusual activities, automate alerts, and trigger further investigation when necessary.	Traditional KYC requires an ongoing manual review of customer activity and transactions to identify suspicious patterns and relationship updates.

Although eKYC offers a wide range of benefits, it does not entirely replace traditional KYC processes; eKYC can only augment it. Ultimately, the best results are achieved through the use of a blended approach - combining traditional KYC with eKYC.

Human judgment is still important for several aspects of customer verification, such as:

Handling Complex Cases: Handling situations that require nuanced understanding and flexible decision-making.
Detecting Sophisticated Fraud: Identifying subtle cues and inconsistencies that may indicate advanced fraud attempts, which could bypass automated systems.
Interpreting Context and Intent: Interpreting client behaviour within its context to avoid false positives and ensure accurate risk assessment.
Reduce Data Bias: Mitigating potential biases embedded in AI algorithms and ensuring fair and equitable outcomes for all clients.

Ultimately, the buck stops with the Firm

No matter the assurances or processes in place, the law firm using the eKYC platform is responsible for its usage and the outcomes and interpretation of its outputs.

eKYC does not absolve or shield law firms from their KYC of CDD responsibility.

How Can Firms Implement eKYC?

Before implementing eKYC, firms should review their current KYC processes, identifying the main areas for improvement and comparing the controls in light of their own unique AML risk profile. When selecting an eKYC provider, for the majority of legal businesses, off-the-shelf solutions from existing providers will be the most appropriate option, although some larger firms may choose an in-house system built from scratch. Either way, the eKYC system should:

Integrate smoothly with existing systems, such as their current CRM system.
Align with GDPR and AML requirements to support regulatory compliance.
Ensure robust real-time validation.
Use added layers of verification, such as face or voice recognition.
Adapt to rising cyber security threats.

Once an appropriate eKYC software has been identified and implemented, AML Officers compliance officers should provide training to ensure all relevant staff are confident in using the software effectively and securely. Systems must be continuously monitored and analysed to address any inefficiencies, update technologies, and tighten security.

For Bespoke, Expert AML Services, Choose PDA Legal

One of the most important parts of KYC and eKYC is ensuring that your processes are as appropriate and efficient as possible. At PDA Legal, we help firms test their policies, controls, and procedures (PCPs) through independent AML audits, identifying areas for improvement and supporting you in achieving compliance.

To get started with us, or to discuss how we can help, please get in touch to book a FREE, no obligation initial consultation today.