Customer Due Diligence in Kuwait: Regulations and Best Practices

Customer Due Diligence (CDD) is a core requirement for financial institutions in Kuwait. The Central Bank of Kuwait (CBK), along with the Kuwait Financial Intelligence Unit (KWFIU), enforces strict rules that require financial institutions to verify customer identities, monitor transactions, and understand the source of funds. These rules are based on Law No. 106 of 2013 and are aligned with international standards such as the FATF Recommendations.

What is Customer Due Diligence in Kuwait?

Customer Due Diligence (CDD) in Kuwait refers to the process by which financial institutions and designated non-financial businesses and professions verify the identity of their customers, assess the risks associated with them, and monitor their transactions to prevent money laundering.

According to Article 4 from Kuwait’s AML law, “Financial institutions and designated non-financial businesses and professions shall conduct enhanced due diligence measures where the risk of money laundering or terrorism financing is identified as being higher. Financial institutions and designated non-financial businesses and professions may conduct simplified due diligence measures where the risk of money laundering or terrorism financing is identified as being lower”.

1. Timing and Circumstances for Due Diligence Measures

Financial institutions and designated non-financial businesses and professions in Kuwait must perform Customer Due Diligence (CDD) measures:

1. Before or during the process of opening an account or establishing a business relationship with a customer. This includes verifying the customer's identity and understanding the purpose and intended nature of the business relationship.

2, Before carrying out any transaction that exceeds the threshold set by the Executive Regulation of the law for customers with whom the institution does not have an established business relationship, whether it is a single transaction or a series of linked transactions. These measures are also mandatory before executing domestic or international wire transfers.

3. Whenever there is a suspicion of money laundering or when doubts arise about the adequacy of previously obtained customer identification data. The timing of these due diligence measures is critical to ensuring that financial institutions do not facilitate illicit activities.

2. Exceptions and Delays in Due Diligence Verification

While financial institutions must generally conduct due diligence before establishing a business relationship or processing a transaction, there are exceptions. The supervisory authority in Kuwait may allow financial institutions or designated non-financial businesses and professions to delay the verification of a customer's or beneficial owner's identity until after the business relationship is established or a transaction is executed.

However, this delay is subject to specific circumstances prescribed by the regulatory authority, and institutions must apply additional measures to manage any associated risks. This exception is typically allowed in cases where immediate action is necessary, but it requires financial institutions to remain vigilant and ensure that risks are managed appropriately to prevent facilitating illicit financial activities.

3. Actions for Non-Compliance with Due Diligence Obligations

If a financial institution or designated non-financial business or profession is unable to comply with the required due diligence measures, it must refrain from opening an account or starting a business relationship or carrying out the transaction. In cases where the relationship has already begun or a transaction is initiated, and the institution fails to complete the necessary due diligence, it must terminate the business relationship or cancel the transaction.

Furthermore, if due diligence requirements are not met, the institution is obligated to report the issue to the relevant financial intelligence unit, as prescribed by the law. This ensures that appropriate authorities are informed, and the risks associated with non-compliance are addressed. Non-compliance may result in severe legal and financial repercussions, underscoring the importance of adhering to these regulations.

4. Reliance on Third Parties for Customer Due Diligence

Financial institutions and designated non-financial businesses and professions in Kuwait may rely on third parties to perform some of the elements of the due diligence process. This delegation is permissible under specific conditions outlined by the Executive Regulation.

When relying on third parties, financial institutions must ensure that these parties meet the same standards required by law for customer identification and risk assessment. Additionally, the financial institution remains ultimately responsible for ensuring that all due diligence obligations are fulfilled, and the customer’s identity and risks are properly assessed. This practice allows institutions to outsource certain tasks while maintaining control over the overall compliance process.

CDD Regulations and Supervisory Expectations in Kuwait

Customer due diligence in Kuwait is guided by a well-defined legal and regulatory framework. These rules are enforced by national authorities and are closely aligned with international standards. Financial institutions are expected to apply due diligence processes that are proportionate to customer risk and appropriate for Kuwait’s financial environment.

1. The Legal Basis for CDD in Kuwait

Kuwait’s main AML law is Law No. 106 of 2013, which includes verifying customer identities, identifying beneficial owners, monitoring customer activity, and reporting anything suspicious to the authorities.

The law applies to all financial institutions in Kuwait, including but not limited to banks, exchange companies, investment firms, and designated non-financial businesses and professions (DNFBPs)

According to the CBK’s Instructions on Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT), financial institutions must identify and verify their customers, understand the nature and purpose of their transactions, determine the true beneficiary, and continuously monitor the customer relationship and transactions to ensure consistency with the customer’s profile and risk level. These steps are part of a risk-based approach to prevent misuse of financial systems.

2. Role of Kuwait Financial Intelligence Unit (KWFIU)

The Kuwait Financial Intelligence Unit (KWFIU) is the national agency that receives and analyzes suspicious transaction reports (STRs) from financial institutions. It also shares intelligence with law enforcement agencies and plays a central role in Kuwait’s AML enforcement structure.

Financial institutions are required to report to KWFIU when they detect unusual or potentially illegal activity, even if the transaction is not completed.

3. International Standards and Kuwait’s Commitments

Kuwait is a member of the Middle East and North Africa Financial Action Task Force (MENAFATF) and complies with the Financial Action Task Force (FATF) standards. These standards form the global benchmark for how countries should implement AML and CDD measures.

FATF requires financial institutions to:

• Identify and verify customers and beneficial owners
  

• Understand the nature and purpose of customer relationships
  

• Conduct ongoing monitoring
  

• Apply enhanced due diligence where needed (e.g., for PEPs or high-risk jurisdictions)

Key Elements of a Strong CDD Program in Kuwait

A solid Customer Due Diligence (CDD) program is essential for all financial institutions in Kuwait to ensure compliance with national regulations and to prevent financial crimes.

1. Customer Identification and Verification

The first step in CDD is to identify and verify the customer’s identity. In Kuwait, financial institutions are required by the Central Bank of Kuwait (CBK) to collect basic information about their customers like their full name, national ID/passport number, DoB, and address.

For businesses, additional information is needed, such as the company’s registration details, the nature of its business, and its ownership structure.

2. Understanding the Purpose of the Relationship

Once the customer’s identity is confirmed, institutions need to understand the purpose and nature of the business relationship. This helps institutions determine what level of risk the customer poses.

3. Risk-Based Approach to Customer Segmentation

Kuwait’s regulations require financial institutions to take a risk-based approach when applying CDD. This means assessing the risk each customer presents and applying appropriate due diligence measures based on that risk.

The main factors to consider include:

• The customer’s location (e.g., whether they are from a high-risk country)
  

• The type of customer (individuals, corporations, or government-related entities)
  

• The nature of the business (some industries are considered higher risk than others, such as real estate)
  

Once customers are classified by risk, financial institutions must apply different levels of due diligence. For lower-risk customers, standard checks may be enough, but higher-risk customers will require more thorough investigation, often referred to as Enhanced Due Diligence (EDD).

Read more: Customer Due Diligence in the UAE: Key Regulations, Importance, and Best Practices

4. Identifying Beneficial Ownership

In Kuwait, identifying the beneficial owners of businesses or trusts is a critical part of CDD. According to FATF’s Report in October 2024, Kuwait lacks complete and reliable information on beneficial ownership, largely due to limited regulatory focus and understanding among supervisory authorities, especially in the financial and non-financial sectors. This gap presents a vulnerability for money laundering, as legal persons can be misused without transparency about who truly controls them. Strengthening beneficial ownership oversight is essential for effective anti-money laundering efforts.

Read more: Kuwait Faces FATF Scrutiny for Money Laundering Shortcomings

5. Ongoing Monitoring and Record Keeping

CDD does not end once a customer is onboarded. Ongoing monitoring is essential to track transactions and ensure they align with the customer’s risk profile. This means reviewing account activity regularly, especially for higher-risk customers or those making large or unusual transactions.

Kuwaiti regulations require that these records be kept for at least five years to comply with both CBK and Kuwait Financial Intelligence Unit (KWFIU) requirements.

CDD Regulatory Framework in Kuwait

Customer due diligence in Kuwait is governed by national legislation, CBK directives, and international standards. Financial institutions must ensure that their CDD practices align with these legal and regulatory pillars.

1. Law No. 106 of 2013 (AML/CFT Law)

Kuwait’s foundational anti-money laundering legislation requires all financial institutions to:

• Identify and verify the identity of customers and beneficial owners
  

• Apply a risk-based approach to due diligence
  

• Retain customer and transaction records for at least five years
  

• Submit suspicious activity reports to the Kuwait Financial Intelligence Unit (KWFIU)
  

This law establishes the legal obligation to perform CDD and outlines penalties for non-compliance.

2. Central Bank of Kuwait AML/CFT Instructions (2023 Revision)

CBK’s updated guidelines translate AML law into operational compliance requirements. Key expectations include:

• Implementation of electronic KYC (eKYC) system
  

• Continuous customer monitoring based on risk level
  

• Enhanced due diligence for high-risk categories such as PEPs and offshore clients
  

• Periodic staff training and review of AML controls
  

These instructions serve as the practical compliance standard for all licensed financial institutions in Kuwait.

3. Kuwait Financial Intelligence Unit (KWFIU)

KWFIU is the national authority responsible for receiving, analyzing, and disseminating financial intelligence related to money laundering. Institutions are expected to:

• File timely and accurate suspicious transaction reports (STRs)
  

• Respond to information requests from KWFIU
  

• Monitor and adapt to new threat typologies shared by the unit
  

4. FATF and MENA-FATF Alignment

Kuwait adheres to the Financial Action Task Force (FATF) standards and participates in MENA-FATF evaluations. The country has committed to continuous improvement following its latest mutual evaluation.

Best Practices for Strengthening CDD in Kuwaiti Financial Institutions

To ensure full compliance with Kuwaiti regulations and mitigate risks, banks and financial institutions need to strengthen their CDD processes. The following best practices will help optimize due diligence procedures.

1. Implement Consistent Risk Classification: Kuwaiti institutions should adopt a uniform system for classifying customers based on risk. This includes assessing customer profiles, source of funds, transaction patterns, and geographical location. Having a consistent approach ensures that each client is assessed accurately and reduces the chances of overlooking risks.

2. Verify Beneficial Ownership Thoroughly: Banks must go beyond basic documentation to verify the true owners behind companies and trusts. In cases of complex ownership structures, especially those involving offshore entities, financial institutions should request additional proof and cross-check data from multiple sources to confirm the identity of the beneficial owners.

3. Adopt Advanced eKYC Solutions: Leveraging electronic Know Your Customer (eKYC) tools improves both the speed and accuracy of client onboarding. Digital verification methods, such as biometric checks and government registry confirmations, should be used to streamline processes and ensure compliance with CBK guidelines.

4. Continuous Customer Monitoring: Financial institutions should continuously monitor customers' activities, especially those identified as high-risk.

5. Tailor Staff Training to Local Requirements: Compliance teams should receive training that reflects Kuwait’s regulatory landscape, focusing on local risks and typologies. Staff must understand how money laundering activities manifest in Kuwait and the MENA region, particularly in sectors like real estate or trade-based money laundering.

6. Maintain Detailed Documentation: Every decision made during the CDD process must be well-documented. From customer risk profiles to suspicious activity reports, having clear, organized records will help ensure accountability and protect the institution in the event of an audit or investigation.

Streamline Customer Due Diligence with FOCAL

FOCAL provides AML compliance solutions for Kuwaiti banks and financial/non-financial businesses. As you onboard customers, you can automatically screen them against updated lists of sanctions and watchlists in real time. If a customer appears on any of these lists, an alert will notify you, ensuring that high-risk individuals are flagged immediately.

FOCAL's tailored solutions empower financial institutions to perform thorough due diligence, streamline compliance workflows, reduce human error, and minimize the risk of financial crime. With FOCAL, Kuwaiti institutions can build a secure, compliant, and efficient approach to customer onboarding and ongoing monitoring, enhancing their overall AML compliance framework.