A client inquiry comes in. You send over your onboarding form. Two days later, you haven’t heard back. They’ve found someone who asked fewer questions. The form wasn’t wrong exactly, it just wasn’t calibrated for the relationship you were trying to start.
For owner-managed services firms that fall under the UK’s anti-money laundering rules, client due diligence isn’t optional. But the way you structure the questions is entirely within your control, and it matters more than many firms realise.
What are KYC interview questions?
KYC stands for Know Your Customer. The questions you ask at client onboarding to verify identity, confirm beneficial ownership, and understand the nature of the engagement. For regulated professional services firms, specifically accountants, tax advisers, estate agents, and company service providers, these questions are a legal requirement under the Money Laundering Regulations 2017. Done well, they collect what the law needs without making the client feel interrogated.
The Regulations require four core elements: identity verification, beneficial ownership confirmation, understanding the purpose of the business relationship, and ongoing monitoring. Enhanced due diligence applies for higher-risk clients, such as politically exposed persons or those connected to high-risk jurisdictions. The practical challenge is sequencing those requirements in a way that feels like a professional intake process, not a customs interview.
For a corporate client, the base set covers legal name, company number, registered address, nature of business, and confirmation of who ultimately owns or controls the entity. For an individual, it is full legal name, date of birth, residential address, and preferred contact details. Companies House integration can auto-populate the corporate fields, reducing what the client types directly.
Why does question design matter as much as compliance?
How you sequence and frame these questions determines whether clients reach the end of your onboarding process. Signicat’s 2022 survey found that 68% of UK and European consumers had abandoned at least one financial services application in the previous 12 months, with verification complexity among the key reasons. Owner-managed services firms aren’t banks, but the same friction pattern applies when questionnaires are over-long, unclear, or ask for information clients can’t readily provide.
The FCA’s Financial Crime Guide is explicit that firms should tailor customer due diligence to the client’s risk profile, not run every client through the same maximum-level process. HM Treasury’s National Risk Assessment makes the same point: proportionate, risk-based questioning, not a box-ticking exercise. That regulatory expectation supports the design decision you want to make anyway, asking more from higher-risk clients and less from straightforward ones.
The Standard Chartered fine of £102.2 million in 2019, for failures in customer due diligence across its correspondent banking relationships, illustrates the direction of regulatory risk. For an owner-managed firm, the lesson is to ask the right questions in the right order and verify answers with independent sources, rather than using questionnaire volume as compliance insurance.
Where will you actually meet KYC requirements as a services firm?
The Money Laundering Regulations 2017 cover a defined set of sectors. Estate agents, accountants, tax advisers, insolvency practitioners, auditors, and company service providers all fall within scope. If your firm sits in one of those sectors, you already have a legal obligation to conduct customer due diligence before work begins. The question is how you design that process, not whether it applies.
Firms outside those defined sectors still encounter KYC-style processes from the other direction. If your clients are in financial services, regulated industries, or large corporate supply chains, they will ask you to complete due diligence questionnaires as a condition of the business relationship. Understanding what a well-designed KYC process looks like helps you complete those forms accurately and identify when something unusual is being requested.
The JMLSG guidance for the UK financial sector sets out the risk-based approach in practical detail, covering when simplified due diligence is acceptable, when standard applies, and when enhanced is required. It is the clearest published benchmark for proportionate customer due diligence available to UK firms, and it is publicly accessible. Regulated or not, reading the sectoral guidance for your closest parallel sector is a useful starting point for calibrating your own onboarding questions.
When should you go deeper, and when can you keep onboarding light?
Standard due diligence covers the majority of client onboarding. For lower-risk clients, a straightforward process covering identity, beneficial ownership, and the nature of the engagement is sufficient under the MLR 2017. Enhanced due diligence is required in specific circumstances: politically exposed persons, clients with connections to high-risk jurisdictions, and situations where the transaction pattern or value is disproportionate. Knowing which category applies at intake is the critical design decision.
A practical trigger system keeps this manageable. At intake, you collect jurisdiction, the nature of the work, and a broad value band. Those inputs sort clients into standard or higher-risk categories before any human reviews the file. Higher-risk clients then receive an additional set of questions covering source of funds, source of wealth for individuals, and a more detailed description of the business relationship. Clients who fall outside those parameters go through a lighter process.
On the question of PEP status, the cleaner onboarding approach is to frame the question around specific role types rather than asking clients to self-identify as politically exposed. Asking whether any individual holds or has recently held a prominent public function draws on the FCA’s PEP definition and generates a more actionable response. Screen names against a maintained list in the background, and reserve the detailed follow-up questions for situations where that screening returns a flag.
How does AI fit into KYC question design?
AI adds the most value in KYC onboarding at the question-routing and verification stages. Dynamic forms surface only the follow-up questions that are logically necessary based on earlier answers, whether the client is an individual or a corporate entity, UK-based or connected to an overseas jurisdiction. That reduces the total number of questions a client sees without reducing the information you collect.
Document verification tools, such as those provided by Onfido, use AI to confirm identity documents are genuine and match the person presenting them, completing in minutes what manual review takes days to achieve. Sanctions and PEP screening through services like ComplyAdvantage or Refinitiv World-Check run in the background against client names, flagging potential matches for human review.
The FCA has been clear that firms using AI in financial crime controls remain fully responsible for outcomes and must ensure appropriate oversight, data quality, and the ability to explain decisions. The ICO’s guidance under UK GDPR Article 22 adds a further constraint: solely automated decisions with significant effects on individuals require explicit consent or a clear legal basis, plus a mechanism for human review. Build human oversight into the design before you start, rather than treating it as a compliance add-on.
The NCSC recommends logging and monitoring AI system outputs to detect anomalies and security issues. For onboarding tools specifically, that recommendation aligns with the MLR 2017’s five-year record retention requirement. If your tool generates a chatbot transcript or a structured data record, your existing customer due diligence retention obligations extend to those outputs.
