Startups made easy. Sorted.

Magnifying glasses over KYC and AML
Startup Guides 7 min read
Expert reviewed

KYC and AML: Guide for startups

May 5, 2020
Updated: Aug 31, 2023
Suzanne Worthington
Suzanne Worthington

Senior Writer

Eliza Thompson, Themis
Expert contributor
Eliza Thompson

Research specialist at Themis

Know Your Customer (KYC) and Anti Money Laundering (AML) are frameworks for verifying your customers, investors and third parties. You should comply with KYC requirements and AML regulation whenever you take an investment, and run the checks when you go into business with anyone new.

In this post, we explain what UK startup founders need to know about KYC and AML and how to carry out checks to verify your investors and customers.



As a startup founder, when you’re considering taking money from investors, you’ll need to be aware of the regulations and due diligence processes, including AML, KYC and KYI (Know Your Investor). These regulations and checks are in place to prevent financial crimes such as money laundering and terrorist financing and to make sure the funds being invested are legitimate.

Startups in certain sectors have more obligations, for example fintechs must run KYC checks to verify every new customer.

What is Anti Money Laundering (AML)?

The AML framework is designed to combat money laundering, terrorist financing and threats to the integrity of the financial system.

The group of AML laws, regulations and processes help prevent illegally-obtained money from entering the financial system and other financial crimes from occurring.

What is Know Your Customer (KYC)?

Whereas AML checks are designed to ensure that money you receive hasn’t come from criminal or terrorist activity, KYC checks specifically verify the identity of your customers and investors, and their financial activities and any risks they might pose to people transacting with them.

Are AML and KYC checks obligatory?

If your company operates in any of the sectors below, you have an obligation under UK law to carry out AML and KYC checks:

  • financial institutions
    For example, banks, building societies, payments providers
  • money service businesses
    For example, remittance services and foreign currency exchanges
  • virtual currency service providers
  • credit institutions
  • auditors
  • insolvency practitioners
  • accountants
  • tax advisers
  • independent legal professionals
  • estate agents and letting agents
  • gaming and casinos
  • trust or company service providers
    For example, company formation agents, professional trustees, mail holding and forwarding services, accountants and solicitors
  • high value dealers
    Any sole trader or business that accepts or makes cash payments of 10,000 euros or more (or the equivalent in any currency) in exchange for goods.
  • art market participants
    Any sole trader or business, including intermediaries, that trade in buying and/or selling works of art, in deals worth 10,000 euros or more (or the equivalent in any currency)

If your business falls under one of these regulated categories, seek advice from the authority that regulates your sector.
For other companies, there’s no legal obligation to carry out AML and KYC checks, but you should carry out due diligence checks for money you receive to help protect your business from financial crime and other unethical business practices. We explain the risks of financial crime in more detail in our post about due diligence for startups.

Eliza Thompson, Themis

Financial crime is a very real and evolving problem and the impact on businesses is immense. This is especially true for new startups that lack the financial and reputational safety nets often afforded to larger companies.

At Themis, we’ve seen first-hand how criminals try to exploit weaknesses in a company’s armour. KYC checks can provide a first line of defence against this exploitation to help keep new companies safe.

Eliza Thompson

Research Specialist,


Anti Money Laundering checklist for startups

Investment from an individual

Before you receive an investment, ask the investor for:

  • Proof of identity
    For example, a passport or national ID card, showing photograph, name, date of birth and nationality (and if they’ve changed their name, the document confirming their name change)
  • Proof of address – residence and (if different) permanent address
    For example, a copy of a utility bill or bank statement issued within the last three months and displays name as per registration. PO Box addresses aren’t acceptable
  • Proof of the source of the money
    Information about the investor’s occupation and the source of the funds for the investment. For example, a signed High Net Worth Investor Certificate and/or their bank statement showing the funds.
What is a High Net Worth Investor?
A High Net Worth Investor is someone who has an annual income of more than £100,000 or net assets of more than £250,00 (not including their main home and pension).

When you have confirmed an individual’s identity and business activities, run checks for potential financial crime risks related to this person. This due diligence is an important element of managing your risks and protecting your business from bad actors. Screen all individuals and their network connections for financial crime exposure, including sanction exposure, PEPs status, adverse media and litigation history, and other factors that could increase an individual’s financial crime risks.

Investment from an organisation

Before you receive an investment, you should ask for copies of:

  • Certificate of incorporation or equivalent
    And if the company name has changed, the certificate about the change of name.
  • Memorandum and Articles of Association (or equivalent)
  • List of company directors and proof of residence for two officers
  • Confirmation that the investment is made by the company, not on behalf of any other party
  • Confirmation that the investment is made by a nominee company on behalf of others
  • Confirmation about the source of funds for investment

When you’ve obtained this information from an organisation, run the same due diligence checks on the organisation and its senior leadership as you would on an individual investor. Screening for potential links to criminals and illicit activity helps you verify that an organisation has no hidden connections to financial crime.

Eliza Thompson, Themis

A legitimate investor will not only understand that due diligence is a necessary part of compliance but should also appreciate that it indicates a commitment to protecting the company from potential harm, protecting their investment as well.

Due diligence helps foster a sense of trust between all parties, a key building block for a successful startup. If a potential investor seems hesitant to provide the information you request, stop to consider why and, if you decide to go ahead, how it could impact your business relationship.

Eliza Thompson

Research specialist,


KYC checklist for startups

1. Ask for ID documents

If your startup needs to run KYC checks on customers and investors, you’ll need to ask for:

  • Proof of identity
    For example, passport or national ID card, showing photograph, name, date of birth and nationality (and if they’ve changed their name, the document confirming their name change)
  • Proof of address – residence and (if different) permanent address
    For example, a copy of a utility bill or bank statement issued within the last three months and displays name as per registration. PO Box addresses aren’t acceptable
  • Date of birth
  • National Insurance number
  • Company incorporation documents
    (if the application is for a company)

2. Run checks

Check the customer’s identity against these lists and registers:

  • global sanctions and watch lists
  • high-risk jurisdictions
    Running checks to see if an individual is from a country considered high-risk will help to decide whether enhanced due diligence (EDD) is necessary. EDD involves collecting additional information for higher-risk customers to provide a deeper understanding of customer activity to mitigate associated risks.
  • PEP registers
    Lists of ‘politically exposed persons’
  • crime databases and registers
    Including lists of people involved in bribery and corruption
  • adverse media and litigation history

3. Assign the customer a KYC risk rating

The calculation for this risk assessment is based on a range of factors, including how likely it is that the customer is involved in financial crime.

If the risk assessment determines the customer is high risk, you should carry out more intensive AML checks, including:

  • enhanced due diligence
  • investigate the source of the customer’s money
  • check for adverse media

If the risk assessment determines the customer is low risk, the AML checks can be less intensive and you’ll be able to onboard the customer faster.

4. Carry out ongoing KYC checks

After onboarding, continually monitor your customer’s activity and review their risk rating.

  • Screen payments
    Check the customer’s transactions. Who are they sending money to? And in what regions?
  • Monitor transactions
    Does the customer’s behaviour match what you’d expect based on their risk rating?
  • Check registers and databases
    Run regular checks to verify the customer does not appear on PEP or sanctions lists etc.

Companies which need to carry out KYC checks automate the process, using specialist software such as Themis Search for KYC/AML.

Eliza Thompson, Themis

We’ve found that companies often have to navigate between multiple systems to carry out proper due diligence and KYC checks, dealing with antiquated systems to monitor clients and manage financial crime risks.

Older systems require significantly more effort to use, and are often less accurate than tech-forward systems. In contrast, new systems open up whole new lines of discovery through smarter use of data, network mapping, and visualisation of hidden connections. With next generation tech, you can integrate due diligence into your work-streams with one click of a button.

Eliza Thompson

Research specialist,


Stay on top of KYC and AML with Themis

To make it easier to protect your business, you can integrate KYC, AML and ongoing due diligence as a standard business process with a tool such as Themis Search & Monitoring.

The Themis platform makes it easy for startups to check all investors for red flags and potential criminal behaviour. The software is a simple way to carry out screening, KYC onboarding, risk mapping, enhanced due diligence and automated monitoring.

With Themis Search, you get access to:
  • over 230 different jurisdictions covered
  • over 250 million company records and 280 million individual directors in over 200 jurisdictions worldwide
  • political exposure (PEP) status of over 1.5 millions PEPs
  • comprehensive sanctions data from over 70 different countries and OFAC, UN and EU, lists updated every 6 hours
  • over 25 million adverse media articles spanning 15 years in over 40 different languages
  • unique proprietary special interest list data covering convictions of specific crimes, from fraud, bribery and corruption, sanctions evasion or enablement and terrorist financing, through to more hidden crimes such as modern slavery and human trafficking, the illegal wildlife trade and other forms of environmental crime

💡 Find out more at the Themis website

Protect your startup

No-one should have their hard work undone by criminals or illegal behaviour. That’s why we’ve partnered with Themis. With our legaltech services and the powerful Themis Search & Monitoring platform, you can speed up investment deals and protect your company. With experts taking care of your legals and due diligence, you can maintain your focus on growing your business and achieving your goals.

SeedLegals members: Get 15% off Themis Search for KYC/AML (T&Cs apply, new customers only). For more offers and discounts, visit our Perks page.

Start your journey with us

  • Beulah
  • Brolly
  • Oddbox Transparent
  • Index Ventures
  • Seedcamp
  • Qured