- Know Your Customer’s Customer goes beyond just verifying your direct customer (KYC) and looks at who they are transacting with.
- While KYCC is not explicitly required by all regulations, it is heavily encouraged in sectors like banking and finance where there is a risk of money laundering or terrorist financing through third parties.
- KYCC can also provide financial institutions with valuable insights into the broader network of customers, allowing for the identification of potentially suspicious patterns that would otherwise remain hidden.
Ever heard of KYCC? It might sound like another acronym in the compliance world, but understanding it could be the key to protecting your business from hidden risks.
KYCC, or Know Your Customer’s Customer, goes beyond traditional KYC to ensure you’re not unknowingly linked to high-risk or fraudulent parties through your clients.
Curious how it works?
Thinking about what you need to take care of as a business?
Let’s not waste time then and directly dive in.
What is KYCC (Know Your Customer’s Customer)?
KYCC stands for “Know Your Customer’s Customer.” It’s an extension of KYC (Know Your Customer), used mainly in compliance-heavy industries like fintech, banking, and financial services.
This is crucial for detecting money laundering, fraud, and other financial crimes, especially for businesses that deal with high-risk users or operate in regulatory-sensitive areas.
For example, a payment processor (like Stripe or PayPal) needs to verify not just the businesses using their service but also the customers of those businesses. If a merchant processes payments from high-risk customers (like fraudsters or sanctioned entities), the processor can be held liable.
To put it in a line: KYCC is a next-level risk management move, ensuring you’re not just onboarding legit customers, but also that their transactions don’t introduce hidden risks.
Difference between KYC and KYCC
KYC is about knowing who you’re working with, and KYCC is about knowing who THEY are working with.
Here’s a detailed comparison.
| Feature | KYC (Know Your Customer) | KYCC (Know Your Customer’s Customer) |
| Definition | Verifying the identity of your direct customer. | Verifying the customers of your customer. |
| Focus | Individual/business onboarding. | The transactions and connections of your customer. |
| Purpose | Prevent fraud, money laundering, and identity theft. | Ensure that customers aren’t dealing with high-risk entities. |
| Who Uses It? | Banks, fintechs, crypto exchanges, financial institutions. | Payment processors, B2B fintechs, high-risk industries (gambling, remittances, etc.). |
| Example | A bank verifies John Doe’s ID before opening an account. | A payment processor checks if John Doe’s customers are involved in suspicious activities. |
| Regulatory Relevance | Standard compliance requirement for most financial institutions. | Increasingly important for businesses handling high-risk users. |
| Risk Level | Protects against direct fraud or money laundering attempts. | Protects against hidden risks from indirect transactions. |
How to conduct KYCC
While there’s no definite process, you can follow these important steps as a good starting point. As compliance is an ongoing task, keep modifying your processes and systems as per requirements–iterate But to start right away, here’s a process for you.
Step 1. Identify Which Customers Need KYCC
KYCC isn’t for everyone. You need to focus only on high-risk customers where your business might unknowingly facilitate financial crime.
So, what makes a customer high-risk?
- They’re a financial intermediary. Payment processors, remittance companies, and digital wallets are riskier because they facilitate transactions for others.
- They handle large, frequent, or irregular transactions. If a business consistently moves high volumes of money through your system, you need to check who they’re moving it to.
- They operate in a high-risk industry. Crypto, gambling, forex trading, and shell company services are prime for money laundering.
If your customer falls into these categories, KYCC applies.
2. Analyze the Payment Flow Within Your Platform
Once you know whom to track, analyze what they are doing within your system.
Look for:
- Who is receiving payments?
Classify in two buckets: Legitimate businesses and unknown individuals.
- Where is money going?
Classify in three buckets: Domestic, offshore, and high-risk regions.
Apart from this, to stay away from being part of a money structuring scheme, look if they are splitting payments unnaturally. Normally, fraud accounts will show frequent small transactions (often just below the reporting requirements) to different accounts.
In short, at this step, look for anomalies in how your users are using your platform.
3. Verify Third-Party Connections (UBOs & Key Counterparties)
Since you can’t track all their transactions, you focus on who they transact with inside your system.
Mainly, start KYCC by verifying three things:
- Ultimate Beneficial Owners (UBOs): Identify who actually owns and controls their business. If they’re tied to sanctioned or high-risk individuals, that’s a red flag.
- Major transaction counterparties (inside your system): If your customer is constantly sending money to one or two entities, check who those are.
- Legal entity checks: If they’re transacting heavily with a business that isn’t properly registered or has a shady online presence, that’s a problem.
This way, you’re not tracking every customer’s customer, but just confirming the key counterparties that flow through your platform.
4. Continuous Monitoring, Not Just One-Time Checks
Like KYC, KYCC is also an ongoing process.
Conduct periodic re-verification. If your customer’s business model shifts (e.g., they start handling way more transactions), review them.
Moreover, investigate if their transaction partners change suddenly or money flows in new ways. Or, if a customer’s counterparties get flagged in sanctions lists, you need to take action.
Given this continuous nature, conduct KYCC where required. No need to track their entire life, just protect your platform.
Getting Started
Before you even think about KYCC, you need to secure the first layer: your own customers.
Most fraud and compliance risks can be eliminated right at onboarding by verifying who you’re dealing with. If you don’t have strong KYC and business verification in place, trying to analyze their customers is pointless.
The first step is always filtering out fraudsters and high-risk entities upfront, so you’re not wasting time on deeper checks for bad actors who shouldn’t have been onboarded in the first place.
This is where Signzy’s KYC, UBO verification, and criminal screening APIs come into play. Our solutions allow you to automate identity verification, check business legitimacy, and flag hidden risks before onboarding.
Once you’ve secured your first layer with robust KYC, you can then assess transaction patterns and counterparties to determine if additional KYCC reviews are necessary.
FAQs
Is KYCC legally required?
There’s no standalone KYCC law, but regulations like the BSA, CDD Rule, and AMLA 2020 indirectly require businesses to assess transaction risks beyond direct customers.
Who needs to conduct KYCC?
Fintechs, payment processors, banks, and businesses handling high-risk transactions or financial intermediaries should implement KYCC to avoid compliance risks.
Can I track all my customer’s transactions?
No, you can only monitor what flows through your platform. KYCC is about analyzing transaction patterns and counterparties within your system.
How do I identify if a customer needs KYCC checks?
If they are a payment intermediary, move large sums frequently, or transact with offshore/high-risk entities, they require deeper scrutiny.
