KYC Process: How Banks find the right Software

Around two to five percent of global gross domestic product is generated by money laundering. This corresponds to around 715 billion to 1.87 trillion euros per year. To counteract this, there are KYC procedures in Germany for banks and all other financial institutions regulated by Bafin. As you probably already know, KYC stands for "Know your Customer" and, in simple terms, specifies that companies must know with whom they are doing business. What this means in practice is that they must verify the identity of their customers. In practice, however, this is time-consuming for companies. This is because there is no standard KYC procedure in Germany that banks can carry out automatically. Instead, they have to carry out the process laboriously for each individual customer, either internally or via external consultants.

More and more banks are therefore using software to help automate the process. We show what makes software easier in the KYC process and what criteria financial institutions should consider when choosing the right provider.

Legal basis for KYC in Germany

The "Know Your Customer" (KYC) process is an important aspect of risk management and fraud prevention in the financial industry.

KYC rules are set forth in various laws and regulations that require banks and other financial institutions to verify the identity, suitability and risks associated with maintaining a business relationship.

These rules were developed to combat money laundering, fraud and terrorist financing.

In Germany, compliance with KYC regulations is ensured by the Federal Financial Supervisory Authority (BaFin) through continuous monitoring. Some of the key legislation mandating KYC processes are:

Money Laundering Act (AMLA)

This law requires banks and other financial institutions to verify the identity of their customers before entering into a business relationship with them. It also requires these institutions to conduct regular due diligence and report suspicious transactions.

German Banking Act (KWG)

The KWG sets out further, different requirements for the risk management of banks and other financial institutions, including the obligation to conduct KYC audits. 

Legal requirements for KYC procedures in Germany in detail

The exact provisions for KYC processes are set out in various legal texts. For Germany, the Money Laundering Act (GwG) and the Banking Act (KWG) are particularly relevant.

In the GwG, for example, Section 10 (1) states:

"Prior to establishing the business relationship, the obligee or obligor and his or her employees or agents shall perform the due diligence requirements set forth in paragraphs 2 through 4."

These due diligence obligations relate to the identification of the contractual partner, the collection and verification of data as well as the matching of data with sanctions lists and the continuous monitoring of the business relationship.

The provisions on the identification of the contracting party can then be found specifically in Section 10 (2) AMLA:

"For natural persons, the following information shall be collected: First and last name, place of birth, date of birth, nationality and address. In the case of legal entities, partnerships, foundations, trusts or comparable legal structures, the company name, the name or designation, the legal form suffix, the registration number, the address of the registered office or principal place of business, and the names of the members of the representative body or legal representatives shall be collected."

The German Banking Act also addresses KYC processes. Section 25a (1) of the KWG states:

"The managers shall ensure that the business organization meets the requirements of proper business conduct. In particular, the business organization must ensure the orderly conduct of business and compliance with the legal provisions to be observed by the institution and the business necessities. This shall include [...] adequate, effective and risk-oriented policies and procedures to prevent the use of the institution for money laundering, terrorist financing and other criminal activities that may lead to property crimes, including, to the extent referred to in supervisory law, policies and procedures to comply with relevant sanctions legislation, as well as adequate procedures to identify, assess, manage, monitor and communicate these risks [...]."

This means that banks are not only obliged to verify the identity of customers determine and verify their data, but also need to ensure that they have appropriate policies and procedures in place to prevent money laundering and terrorist financing.

Please note that the application of the above requirements depends on many factors, including the type of financial institution, the type of customers and the type of services the institution provides. Therefore, it is advisable to consult legal counsel or compliance specialists for specific questions regarding KYC requirements.

International legal basis for KYC

Internationally, there are also a number of regulatory bodies and standards that mandate KYC procedures. These include:

Financial Action Task Force (FATF)

The FATF is an intergovernmental body that sets standards for combating money laundering and terrorist financing. The FATF Recommendations are the internationally recognized standard for combating money laundering and terrorist financing, including requirements for KYC procedures.

Bank for International Settlements (BIS)

BIS, also known as the "Bank of Central Banks," publishes financial stability guidelines and standards, including requirements for KYC procedures.

Office of Foreign Assets Control (OFAC) of the United States

OFAC publishes sanctions lists and other information that banks and other financial institutions must use when conducting KYC procedures.

It is important to note that the specific requirements for KYC procedures may vary by country and type of financial institution.

kyc procedure problems

Why financial Institutions should automate KYC procedures

There are numerous issues and challenges associated with performing KYC procedures manually. These include, but are not limited to:

Time and cost intensive

Manual KYC procedures require a lot of time and resources. Employees have to manually capture, verify and validate data from customers. This leads to higher personnel costs and longer processing times for customer inquiries.


Since the KYC check is performed manually by employees, mistakes can be made. Incorrectly entered or inaccurate data can cause delays and affect the efficiency of the process. In addition, errors in the KYC process can have legal and regulatory consequences.

Lack of scalability

Manual processes tend to be difficult to scale - especially when a financial institution has to handle a growing number of customers. It can therefore be difficult to keep up with the increasing workload while maintaining quality.

Consistency issues

Manual processing of KYC procedures can lead to inconsistencies in data validation. Different staff members may apply different standards or have different interpretations of regulations, leading to inconsistent results.

Delays for customers

Manual KYC processes can lead to longer wait times for customers, especially when a company is experiencing an increased volume of requests. This can lead to a negative customer experience and possibly loss of business.

Security risks

Manual processes pose a risk for data breaches and security vulnerabilities. The use of paper documents or unencrypted digital information can put customer and company data at risk.

kyc procedure software requirements

6 Factors: What Software for KYC Processes must be able to do

To overcome the aforementioned drawbacks, more and more financial institutions are turning to automated KYC solutions based on technologies such as artificial intelligence and machine learning These automated systems can speed up the process, improve accuracy and increase security. What criteria should software for KYC processes fulfill?

Scope and flexibility

A software for KYC procedures should be able to process a wide range of customer identification data and documents in order to perform a thorough verification. It should also be adaptable to the specific requirements of the company or industry in question.


Since KYC data is sensitive, the security of the software is crucial. The software should therefore have high security standards and encryption methods to ensure the protection of customer data.

Automation and efficiency

Effective KYC software should be able to fully automate and accelerate the identification process. In this way, companies can minimize human error and reduce the effort required for the process.

Integration with existing systems

The software should integrate seamlessly with the existing IT infrastructure and databases to ensure a smooth workflow.

Ease of use

The software should be intuitive and user-friendly so that employees can use it efficiently.


The software should offer the possibility to scale with the growth of the company. In practice, this means that it should also be able to handle rapidly increasing customer requests without requiring significantly more time.

kyc procedure with Konfuzio

Approach KYC Processes efficiently and securely with Konfuzio

The German software Konfuzio has several modules and functions that financial institutions can use within the KYC processes. These include these:

Extract data

With Konfuzio, Banks and financial institutions can extract data from any file format. For this the technology comes with optical character recognition (OCR). OCR can not only read out the desired data, but also subsequently process and classify.

Konfuzio's OCR can extract data even from difficult-to-read image scans and recognize rare fonts in over 100 languages.

To use Konfuzio's OCR, companies get access to a Konfuzio API hosted in the cloud. In addition, other APIs are also available, such as for natural language processing (NLP).

Detect fraud

Fraud detection in particular is difficult for bank employees. After all, how are they supposed to recognize whether a customer has changed a document - for example, via Photoshop? Konfuzio's software can detect whether changes have been made to a document in formats such as PDF, Word and JPEG, among others.

Evaluate data

In order to not only extract and process customer data automatically, Konfuzio is also able to assign the data to individual customers and then evaluate it. Companies can specify certain criteria for this. For KYC procedures, this means that banks can specify the relevant identity verification requirements and have Konfuzio perform the evaluation automatically.

KYC Process: Konfuzio in practice

Companies can quickly and easily integrate Konfuzio into their own systems. In addition, the user interface is easy to understand, so employees can prepare the software for KYC procedures in no time.

The process itself then runs like this: Konfuzio automatically reads the documents submitted by customers and checks them for completeness and possible manipulation. It then extracts the required data and stores it in a database of the financial institution after evaluation - done. Financial institutions can reduce the KYC check to a few seconds per customer in this way.

Learn more about Konfuzion's OCR API now!


What is the KYC process?

KYC stands for "Know Your Customer" and describes a process, not uniformly regulated in Germany, that companies use to verify the identity and relevant information of their customers. It is used to prevent money laundering, fraud and other illegal activities. KYC involves the collection and verification of personal information to assess the risks and suitability of a business relationship. The information may include identification documents, proof of address and other proof of identity.

How can banks address KYC procedures with an automated solution?

Whether software is suitable for banks' KYC procedures is determined by criteria such as security and data protection, scalability, ease of use, integration with existing systems, automated data collection and processing, real-time checks, and the ability to assess risks appropriately. A comprehensive software solution that meets these requirements is critical for banks to perform KYC procedures efficiently and reliably.

Which software is suitable for banks' KYC procedures?

The German software Konfuzio has several modules that banks and other financial institutions can use for KYC procedures. For example, the software enables documents submitted by customers to be automatically checked for completeness, all relevant data to be extracted from them and validated, and classified and evaluated according to predefined criteria. In this way, the KYC process takes just a few seconds.

Jan Schäfer Avatar

Latest articles