Compliance Updated Jun 2026 2 min read

What Is KYC (Know Your Customer) in iGaming?

The customer-identification baseline for licensed operators

In short:

KYC (Know Your Customer) is the regulatory process of verifying a customer’s identity before they can transact with a licensed operator. It covers identity documents, address proof, source-of-funds checks, and ongoing monitoring. KYC sits at the foundation of every operator’s AML programme.

What is KYC

KYC is the suite of identity-verification controls a licensed operator applies to every customer relationship. The objective is to verify that the customer is who they say they are, that they are of legal gambling age in their jurisdiction, that they are not subject to sanctions or exclusion orders, and (in higher-risk relationships) that the source of their funds is legitimate.

KYC is required under the licensing terms of every major regulator: the UK Gambling Commission, the Malta Gaming Authority, Spillemyndigheden, Spelinspektionen, and equivalent bodies. Operators that fail their KYC controls face fines, licence suspension, and (in severe cases) licence revocation.

KYC levels: SDD, CDD, EDD

KYC is tiered by customer-risk profile:

  • Simplified Due Diligence (SDD): low-risk customers, minimal verification. Allowed only in specific low-risk scenarios.
  • Customer Due Diligence (CDD): the standard tier. Identity document, address proof, age verification, screening against sanctions and PEP lists.
  • Enhanced Due Diligence (EDD): applied to higher-risk customers (high-deposit, high-velocity, high-risk geo, PEP). Adds source-of-funds, source-of-wealth, occupation verification, and ongoing monitoring.

Standard KYC documents

Identity verification typically requires a government-issued photo ID (passport, driving licence, national ID card) plus a recent utility bill or bank statement as proof of address. Higher-risk relationships add source-of-funds documentation: bank statements, salary slips, employment letters, or evidence of asset sales.

Modern KYC tooling automates most of this through document-capture APIs, liveness checks, facial-match biometrics, and electronic-database verification (eIDV). Leading providers include Onfido, Jumio, Veriff, Sumsub, and others.

KYC as a B2B operational discipline

For operators, KYC is both a compliance obligation and a customer-experience choke point. Friction in the KYC flow correlates with first-time-depositor (FTD) drop-off and complaint rates. The best programmes balance regulatory thoroughness with friction reduction: progressive KYC, where lighter verification is sufficient up to thresholds, with deeper verification triggered by behaviour.

For B2B vendors, KYC providers compete on accuracy, speed, geo-coverage, and cost per verification. Standard pricing runs roughly 1 to 5 units per CDD check and 5 to 20 units per EDD check, depending on volume and coverage.

Frequently asked questions about What Is KYC (Know Your Customer) in iGaming?

Most regulators require basic identity verification before the customer can deposit or withdraw. UKGC and MGA in particular require KYC at registration. Some jurisdictions allow deposits before verification but require completion before any withdrawal.

High-value deposits, high transaction velocity, PEP status, customers in high-risk geographies, source-of-funds inconsistencies, behavioural red flags, and matches against sanctions or adverse-media databases. The thresholds are operator- and jurisdiction-specific.

Most jurisdictions require retention for at least 5 years after the end of the customer relationship. Some require longer. UKGC requires retention for at least 5 years; MGA requires similar. Operators should maintain a written retention policy that meets the strictest jurisdiction they operate in.

KYC is the identity-verification layer. AML (Anti-Money Laundering) is the wider regulatory framework that includes KYC plus transaction monitoring, suspicious-activity reporting, sanctions screening, and source-of-funds verification. KYC is a subset of AML.

Related terms

KYC Risk Scoring KYC risk scoring is the process of assigning a quantified risk rating to each customer based on identity, behaviour, geography, and product use, used to drive proportionate due-diligence intensity under a risk-based approach. Loss Limit A loss limit is a responsible-gambling control that caps a customer's net losses per day, week, or month, set by the customer and enforced by the operator. MGA (Malta Gaming Authority) The MGA is the Malta Gaming Authority, the regulator that licenses, supervises, and enforces against gambling operators and B2B suppliers operating from or into Malta-regulated markets. Multi-Currency Support Multi-currency support is the platform capability to operate customer wallets, payments, accounting, and AML monitoring across multiple fiat and crypto currencies without manual conversion. PCI DSS (Payment Card Industry Data Security Standard) PCI DSS is the Payment Card Industry Data Security Standard, the security framework operators must follow when storing, processing, or transmitting payment-card data. Reality Check A reality check is an on-screen prompt that interrupts gameplay at customer-defined intervals to display elapsed session time and net win or loss, required by major regulators as a responsible-gambling control.
Our Team The seven permanent people running Gamblers Connect across leadership, editorial, commercial, and operations. Open Our Team → All Policies The Editorial Code, Conflict of Interest, RGI Methodology, and 60 other governing policies. Open Policies → About Gamblers Connect The story since 2021, the principles, the milestones, the awards, and the methodology. Open About →
Editorial reference, not financial advice. Glossary entries are explanatory content produced by Gamblers Connect editorial. They are not advice on whether to gamble, where to gamble, or how to allocate your funds. Online wagering is restricted to people aged 18 or 21 or over where applicable. See our full Policies hub.