Entities Required to Comply with KYC in the UK, US, and Europe

Complete list of regulated entities that must comply with KYC and AML obligations under UK, US, and European legislation.

Who Is Required to Perform KYC

Anti-money laundering regulations define a list of obliged entities: organisations and professionals that must implement KYC processes and comply with prevention obligations.

In the UK, these obligations stem from the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (as amended), supervised by the FCA, HMRC, and sector-specific bodies. In the US, the Bank Secrecy Act (BSA) and FinCEN's Customer Due Diligence Rule define who must comply. At the EU level, the AML Directives set the baseline that member states transpose into national law.

Obliged Entities

Financial Institutions

These are the traditionally regulated entities with the strictest obligations:

  • Banks and building societies — Required to verify the identity of all customers when opening accounts, granting credit, or processing transfers. See banking solution.
  • Payment institutions and e-money issuers — Includes neobanks and payment gateways. See fintech solution.
  • Investment firms — Fund managers, broker-dealers, crowdfunding platforms.
  • Insurance companies — Especially for life insurance and savings products. See insurtech solution.

Crypto-Asset Service Providers

Since the transposition of AMLD5 and the introduction of MiCA in Europe, crypto exchanges, custodians, and virtual wallet providers are fully subject to KYC requirements. In the UK, the FCA registers and supervises crypto firms under the Money Laundering Regulations. In the US, FinCEN treats crypto exchanges as money services businesses (MSBs).

See crypto and Web3 solution.

Real Estate

Estate agents, letting agents, and property developers are obliged entities when they facilitate property transactions. In the UK, this applies to transactions of any value. In the US, the Corporate Transparency Act and FinCEN's evolving rules are expanding real estate KYC requirements.

See real estate solution.

High-Value Goods Dealers

Any person or business that trades in goods and accepts cash payments of EUR 10,000 or more (or equivalent) is an obliged entity. In the UK, the threshold is GBP 10,000. This includes:

  • Jewellers and watchmakers
  • Art galleries and auction houses
  • Luxury vehicle dealers
  • Dealers in precious stones and metals

See luxury solution.

Gambling Operators

Casinos (physical and online), betting operators, and gaming companies are required to verify the identity and age of all participants. The UK Gambling Commission and state regulators in the US enforce strict KYC requirements.

See gaming solution.

Professional Service Providers

Several professional groups have KYC obligations:

  • Solicitors and barristers — When involved in financial, property, or corporate transactions.
  • Accountants and auditors — In the course of their professional activity.
  • Tax advisers — When advising on tax planning or corporate structures.
  • Trust or company service providers (TCSPs) — When forming companies or trusts, or acting as a registered agent.

Hospitality and Accommodation

Hotels and accommodation providers have obligations to register and verify the identity of guests, particularly in jurisdictions that require reporting guest data to authorities.

See hotel solution.

Due Diligence Levels

Regulations establish three tiers of diligence:

Simplified Due Diligence (SDD)

Applicable when the risk is low:

  • Known customers with a clean track record
  • Low-value transactions
  • Low-risk financial products

Standard Due Diligence (CDD)

The default for most business relationships:

  • Formal identification of the customer
  • Document verification
  • Recording the purpose of the business relationship

Enhanced Due Diligence (EDD)

Mandatory in high-risk situations:

  • Politically Exposed Persons (PEPs)
  • Customers from high-risk countries (FATF grey or black list)
  • Unusually complex or high-value transactions
  • Correspondent banking relationships with third-country institutions

Core Obligations of Regulated Entities

Every obliged entity must:

  1. Identify the customer before establishing a business relationship.
  2. Verify the identity using reliable, independent documents or data.
  3. Identify the beneficial owner when the customer acts on behalf of a third party.
  4. Understand the purpose of the business relationship.
  5. Monitor transactions on an ongoing basis.
  6. Report suspicious activity to the relevant authority (NCA in the UK, FinCEN in the US).
  7. Retain records for a minimum of 5 years (UK/EU) or 5 years (US).
  8. Train employees in AML prevention.
  9. Appoint a nominated officer (MLRO in the UK) responsible for compliance.

Penalties for Non-Compliance

Severity Potential Penalty
Minor Up to GBP 50,000 / USD 100,000
Serious Up to GBP 5,000,000 / USD 10,000,000
Severe Unlimited fines, or 10% of annual turnover (EU)

In addition, serious breaches can result in:

  • Public censure and naming
  • Licence revocation
  • Criminal prosecution of directors and senior managers
  • Deferred prosecution agreements (US)

Frequently Asked Questions

Are startups and SMEs also obliged to comply?

Yes, if their activity falls within the scope of AML regulations. The size of the business does not exempt it from compliance. There are KYC solutions designed for SMEs that allow compliance without major upfront investments.

Are marketplaces required to do KYC?

It depends. If the marketplace intermediates payments or deals in high-value goods, yes. In practice, more and more marketplaces implement KYC voluntarily to reduce fraud and build trust.

What about cryptocurrency transactions?

Since 2020, all crypto-asset service providers are fully subject to AML rules. MiCA in Europe and the FCA's registration regime in the UK have unified obligations, and FinCEN applies BSA requirements to crypto firms operating in the US.

How often must I refresh customer KYC?

Regulations require periodic review. Frequency depends on risk level: annually for high-risk customers, every 3 to 5 years for standard-risk relationships. Trigger events (unusual activity, sanctions list updates) can also prompt a refresh.

Not sure whether your business is an obliged entity? Consult the experts at Joinble to evaluate your obligations and implement the right solution.

Ready to implement KYC in your business?

Talk to our experts and discover how Joinble can help you comply with regulations without friction.

Talk to an expert

Stay up to date on AI & KYC

Get the best articles on artificial intelligence, identity verification and compliance delivered straight to your inbox.

No spam. Unsubscribe at any time.

Other resources

compare

Digital KYC vs. Traditional KYC: A Complete Comparison

Detailed analysis of manual vs. AI-powered digital KYC: costs, speed, security, user experience, and scalability.

policy

KYC and AML Regulations: The Regulatory Framework Explained

Guide to European AML Directives, UK and US regulations, and how they affect your business KYC process. Covers AMLD6, MiCA, and AMLA.

shield

KYC Benefits for Businesses and Users

Discover the real advantages of implementing KYC: fraud protection, compliance, cost reduction, and improved customer trust.

Joinble

Join the power of AI.
Power the future

Blog

Resources

Office

Calle Hermosilla 48, 1º Dcha
28001 - Madrid - Spain

Contacts

contact@joinble.io

Industries

Fintech & CryptoReal EstateMobilityHuman ResourcesLuxuryHospitalityBankingTelecom & eSIMMarketplacesCrypto & Web3TokenizationDigital HealthGaming & BettingTravelEducationE-CommerceInsurtechGovernmentPeople Tech

© 2026. All rights reserved.

Privacy PolicyTerms and Conditions
Entities Required to Comply with KYC in the UK, US, and Europe | Joinble