kyccost

Independent reference. Not legal or regulatory advice. Consult a qualified compliance specialist for advice specific to your jurisdiction and risk profile. See methodology.

Cluster 11 / Stack context

Where KYC sits in the wider compliance stack.

KYC is one line in a larger fintech compliance budget. AML transaction monitoring, sanctions screening, fraud, GDPR, PCI DSS, SOC 2 each have their own cost shape and own owner. Mapping the stack helps a procurement team avoid double-paying.

KYC: 30-45% of FCC spend | FCC: 50-65% of total compliance | Total UK FS compliance: £33.9bn / yr

The fintech compliance stack.

KYC

Identity, beneficial ownership, risk rating at onboarding. Per-customer-onboarded cost shape.

AML transaction monitoring

Ongoing transaction-pattern review. Per-transaction-monitored cost shape; system cost dominates.

Sanctions screening

Per-cycle vendor commercial plus hit-rate × labour. Often shared with KYC; sometimes separately licensed.

Fraud

Behavioural / device fingerprint signals. Adjacent to KYC at onboarding; distinct ops team typically.

GDPR / privacy

Personal data processing and retention. Direct overlap with KYC artefacts.

PCI DSS

Card data security. Operationally overlaps KYC where the firm processes cards.

SOC 2

Security and trust attestation. Applies where the fintech is also a SaaS provider.

Operational resilience

DORA in EU; FCA Operational Resilience rules in UK. Adjacent to KYC infra availability.

Spend share within compliance.

Industry data (LSEG / Forrester, KPMG Pulse of Fintech, Fenergo benchmarks) places KYC at typically 30-45% of total financial-crime compliance budget. AML transaction monitoring runs 35-50%, with sanctions screening and fraud the remainder. Financial-crime compliance is in turn 50-65% of total compliance spend at most fintechs; data-protection (GDPR), operational resilience and prudential reporting account for the rest.

The shape varies by segment. Crypto exchanges over-index on KYC (50-60% of FCC) because customer-risk profile dominates; large retail banks under-index on KYC (25-35%) because transaction-monitoring scale is the larger system spend.

FCC spend share (typical mid-sized fintech)
KYC30 - 45%
AML transaction monitoring35 - 50%
Sanctions screening10 - 15%
Fraud5 - 12%

Stack integration is itself a cost line.

Identity verification feeding case management feeding regulatory reporting feeding monitoring. Each handover is a integration line: data mapping, error-handling, data-quality monitoring, audit trail. For a mid-sized fintech with 4-6 distinct compliance vendors, integration typically adds 8-15% to total RegTech spend; for large institutions with 15-25 vendors, integration is sometimes the single largest line on the RegTech engineering budget.

The procurement implication: vendor RFPs that score on platform price alone routinely under-budget integration. RFP discipline that scores integration as a discrete line typically reduces total RegTech TCO 8-15% across the contract horizon.

Where KYC ends and AML begins.

KYC is identity plus risk rating at onboarding plus the ongoing-monitoring obligation that flows from the customer relationship. AML is the analysis of transaction patterns once the customer is onboarded. They share data (the customer profile) and they share tooling at the case-management layer, but they have different cost shapes. Procurement teams that treat them as a single line typically overpay on AML and underspend on KYC because the AML vendor commercial dominates their attention.

PCI DSS overlap.

For fintechs that process card data, PCI DSS is a separate compliance line that overlaps KYC operationally (shared customer data, shared system boundaries) but is funded and audited separately. Mid-sized fintechs typically run a PCI programme alongside KYC at £40,000-£200,000 annual cost depending on merchant level. See pcicompliancecost.com for a discrete reference.

Total fintech compliance spend benchmarks.

UK financial services regulatory compliance
£33.9bn / yr
TheCityUK / PwC, 2024 edition
As share of operating cost
~13%
TheCityUK / PwC, 2024 edition
Average annual KYC + AML spend at large institutions
$72.9M
LSEG / Forrester True Cost of AML Compliance

RegTech context questions

What is the average cost of RegTech for a fintech?+
TheCityUK and PwC put UK financial services regulatory compliance at over £33.9bn a year, equivalent to roughly 13% of operating cost. For a mid-sized fintech, RegTech (the technology component of compliance) typically runs 25-40% of total compliance spend, with people the larger remainder. RegTech spend per active customer typically lands £6-£18 a year for retail fintechs, materially higher for crypto and broker segments.
How does AML cost compare to KYC cost?+
KYC (onboarding identity, beneficial ownership, risk rating) and AML (ongoing transaction-pattern monitoring) share data and tooling but have different cost shapes. KYC is per-customer-onboarded; AML is per-transaction-monitored. As a share of total financial-crime compliance budget, KYC typically accounts for 30-45% and AML transaction monitoring 35-50%, with sanctions screening and fraud the remainder.
What is the total cost of financial crime compliance?+
LSEG / Forrester True Cost of AML Compliance places the average annual KYC and AML spend at large institutions at $72.9M (cited in FNZ, Fenergo, Lucinity). For mid-sized fintechs the figure is materially smaller in absolute terms but typically larger as a share of operating cost (15-25% of operating spend vs 8-12% at large institutions).
How big is the RegTech market?+
Industry analyst commentary (Juniper Research, KPMG Pulse of Fintech) places the global RegTech market at $20-$25bn in 2026, with a forward growth rate of 18-22% CAGR. KYC and AML tooling is the largest single category, capturing roughly 35-45% of total RegTech spend. Sanctions screening, fraud, and GDPR / privacy-tech follow.
Where does PCI DSS fit?+
For fintechs that process card data, PCI DSS is a separate compliance line that overlaps KYC operationally (shared customer data, shared system boundaries) but is funded and audited separately. Mid-sized fintechs typically run a PCI programme alongside KYC at £40,000-£200,000 annual cost depending on merchant level. See pcicompliancecost.com for a discrete reference.

Sources cited on this page

  1. TheCityUK / PwC UK financial services regulatory compliance research
  2. LSEG / Forrester True Cost of AML Compliance, most recent edition
  3. KPMG Pulse of Fintech research
  4. Fenergo KYC Compliance For Banks research
  5. Juniper Research RegTech market sizing
  6. pcicompliancecost.com - PCI DSS reference