25.06.2026
KYC in Insurance – Digital Onboarding and Regulatory Requirements
The insurance sector in Poland and across Europe is undergoing rapid digital transformation. At the centre of this shift is the KYC process, which determines how quickly and securely a prospective customer can take out a policy – and whether the insurer meets increasingly stringent regulatory requirements.
The insurance sector in Poland and across Europe is undergoing rapid digital transformation. At the centre of this shift is the KYC process, which determines how quickly and securely a prospective customer can take out a policy – and whether the insurer meets increasingly stringent regulatory requirements.
Key Takeaways
- From 2026–2027, EU insurers must align KYC with eIDAS 2.0 and EUDI Wallets to meet new requirements for digital customer identity verification.
- KYC procedures serve to prevent money laundering and terrorist financing, but customer experience and onboarding speed are becoming equally important – automation brings the process down to under 2 minutes.
- Effective KYC is built on a risk-based approach: customer risk assessment, ongoing monitoring, and the appropriate level of due diligence form three pillars of security.
- Digital onboarding platforms allow insurers to automate document verification, biometrics, liveness detection, and AML/PEP checks – in a single process, without replacing existing policy management systems.
What Is KYC in Insurance and Why Does It Matter in 2026?
KYC – know your customer – is a set of processes covering customer identification, identity verification, and risk assessment before an insurance policy is issued. KYC is mandatory for financial institutions, including insurers, which must establish not only the identity of the policyholder but also the beneficial owner and the source of funds – particularly for investment products and life insurance policies.
In Poland, the legal basis is the AML Act of 1 March 2018 on counteracting money laundering and terrorist financing, with significant amendments in 2021–2024 that expanded the list of obliged entities and tightened requirements for beneficial owner verification. Sector-specific guidelines issued by the Polish Financial Supervision Authority (KNF) define the obligations of insurance undertakings, including the possibility of video-based verification.
Since 2024, regulatory pressure at the EU level has been growing: the new AMLR regulation, the 6AMLD directive, the eIDAS 2.0 reform, and the establishment of the AMLA authority are changes that directly affect insurers operating across borders. Full operationalisation of the new regulations is expected in 2026–2027.
KYC in insurance is no longer just a legal obligation – it is an element of financial security strategy and the digital transformation of policy distribution, one that determines competitive positioning in the market.
Who Must Apply KYC Procedures in Insurance, and When?
Insurance undertakings, insurance intermediaries, and multi-agent networks operating in Poland are obliged entities under the AML Act. The obligation to apply KYC procedures applies regardless of the sales channel – whether traditional or digital.
Typical situations requiring KYC:
| Situation | KYC Required? | Due Diligence Level |
|---|---|---|
| Taking out a motor insurance policy (TPL/comprehensive) | Yes | SDD/CDD |
| Life insurance policy with an investment component | Yes | CDD/EDD |
| Personal accident insurance (e.g. school policy) | Yes (simplified) | SDD |
| Change of beneficial owner | Yes | CDD/EDD |
| Unusual benefit payout | Yes | EDD |
| Increase in the insured sum | Yes | CDD |
These procedures apply to both individuals and businesses (KYB). Regardless of the product type – motor, life, investment, or property insurance – the scope and rigour of the KYC process are determined by the AML Act and KNF guidelines.
Key Elements of the KYC Process in Insurance
The KYC procedure consists of several recurring stages, from collecting customer data through to ongoing monitoring of the business relationship. In the insurance sector, particular importance is placed on establishing the beneficial owner and the source of funds for investment and life insurance products.
Customer Identification and Data Collection
The first step is gathering customer data before a business relationship is established. Examples of data required in Poland include:
- Full name, national ID number (PESEL), residential address
- Identity document series and number (national ID card or passport)
- Contact details
- For businesses: tax identification number (NIP), company registration number (KRS), registered address, ownership structure
In digital onboarding, data is collected from a scanned document, an online form, a customer selfie, and public registers (KRS, CEIDG) via API. OCR and AI technologies automatically populate forms with data extracted from identity documents, reducing processing time and minimising errors. At this stage, information about the purpose of the business relationship must also be collected – and for higher-risk products, preliminary data on the source of funds.

Data, Document, and Identity Verification
Collecting data alone is not enough – financial institutions must confirm its accuracy against identity documents and external sources. Typical verification steps include:
- Document authenticity analysis (security features, MRZ, holograms)
- Comparison of the document photo with the customer’s selfie (face matching)
- Liveness detection
- Checking whether the document has been reported as stolen
AI-powered document verification achieves accuracy rates of 95–99%, and the entire process is conducted remotely – via a mobile app or browser, with no need to visit an agent. Sanctions list, PEP, and AML database checks run simultaneously.
Risk Assessment and the Risk-Based Approach
Customer risk assessment is a central element of KYC in insurance. Insurers classify customers into low, standard, or elevated risk categories. Assessment factors include, among others:
- Country of residence (including ties to high-risk countries)
- Product profile (straightforward policy vs. investment product)
- Ownership structure and the nature of the business relationship
- Payment history and transaction data
For high-risk customers, enhanced measures (EDD) apply: additional questions about the source of funds, beneficial owner verification, and more frequent data reviews. AI models that combine data from multiple sources into a single AML/CFT risk score are increasingly used in this process.
Due Diligence in Insurance: SDD, CDD, and EDD
Three levels of due diligence apply in the insurance context:
- SDD (Simplified Due Diligence): straightforward motor insurance policies for EU-resident customers, with no investment components.
- CDD (Customer Due Diligence): standard life insurance policies, group policies, corporate clients.
- EDD (Enhanced Due Diligence): investment products, PEP customers, offshore structures, ties to high-risk countries.
A KYC system can automatically match the verification path to the customer’s risk profile, reducing processing time for low-risk cases. Properly documented due diligence carries evidentiary weight in the event of a KNF inspection.
Ongoing Monitoring and Customer Data Updates
KYC is a continuous process – it does not end when a policy is issued. Events that trigger a reassessment of risk include, among others:
- Change of residential address or tax residence
- Significant top-ups to investment policies
- Unusual benefit payouts
- Change of beneficiary
Alerts are generated automatically by rules engines and AI models – the compliance team reviews only elevated-risk cases. Customer data in insurance must be retained for at least five years after the end of the relationship, in compliance with GDPR requirements.
AML/KYC Regulations and the Insurance Sector in Poland and the EU
Insurers must align national regulations (the AML Act, KNF guidelines) with EU-level requirements (eIDAS 2.0, AMLR, 6AMLD). Amendments to the AML Act in 2021–2024 expanded the obligations of insurance undertakings in the area of KYC, including:
- An extended list of obliged entities
- Stricter requirements for beneficial owner verification
- Management board accountability for the adequacy of procedures
Failure to comply with KYC procedures carries the risk of substantial financial penalties – in 2024, AML-related fines worldwide totalled USD 4.6 billion. The KNF has indicated that deficiencies in AML/CFT procedures accounted for nearly 20% of all irregularities identified during supervisory inspections.
From December 2026, EU member states must make EUDI Wallets available to citizens, and from 2027, institutions in regulated sectors will be required to accept them in KYC processes. This creates an urgent need to modernise systems – 70% of insurance companies’ IT budgets are currently spent on maintaining legacy infrastructure.
Digital Onboarding in Insurance: How Modern KYC Works
Digital onboarding is a process in which a customer takes out a policy entirely online, while identity verification runs in the background – automatically and in real time. Automation has reduced onboarding time from several minutes to under 2 minutes, with a direct impact on conversion rates and customer experience.
KYC platforms provide ready-made components (SDK, API, webflow) that insurers can integrate into their sales portals without building a verification process from scratch.
Step by Step: A Digital KYC Procedure for a Life Insurance Policy
- The customer selects a product and completes an online form
- Scans their identity document using their phone camera
- Takes a selfie – the system performs biometric verification and liveness detection
- Automatic document and biometric verification
- AML/PEP/sanctions screening
- Risk assessment – automatic decision or additional questions (EDD)
- Digital signature and acceptance of policy terms and conditions
- The customer receives the policy and confirmation
The entire process takes under 2–3 minutes, even with full due diligence applied.
The Role of AI: Biometrics, Liveness Detection, and Behavioural Analysis
Key applications of AI in KYC:
- Automatic detection of fraudulent identity documents
- Face matching against the document photograph
- Passive liveness detection – reduces fraud attempts by 91%
- Behavioural biometrics analysing over 3,000 user signals (how the phone is held, typing dynamics, cursor movements)
In 2025, identity theft losses worldwide reached USD 27.2 billion. Traditional biometrics has an effectiveness rate of just 40% against deepfakes, which is why advanced AI-based detection plays a critical role. These systems must be regularly tested and updated to keep pace with new fraud methods, including synthetic identities.

Significant Risk Transfer (SRT) and KYC – What Insurers Need to Know
Significant Risk Transfer (SRT) transactions are financial structures in which a bank or financial institution transfers a portion of the credit risk from its portfolio to external investors – for example, through credit-linked notes (CLN) or derivatives (CDS). Regulators, including the EBA and the ECB, require that the transfer is genuine and measurable, not merely formal.
Although SRT is primarily associated with banking, insurers are increasingly encountering the concept in two contexts: as investors acquiring SRT exposures from banks, and as parties to reinsurance transactions with a similar risk structure.
Where KYC and SRT Intersect
Both areas share the obligation to verify the identity and assess the risk of the parties to a transaction. In practice, this means:
- Investor and counterparty verification – parties to SRT transactions are subject to the same identification and due diligence requirements as individual customers, though typically at the EDD level given the complexity of the structures and the amounts involved.
- Beneficial owner assessment – SRT structures often involve investment vehicles (SPVs), funds, or offshore entities; establishing beneficial ownership is particularly important and demanding in this context.
- Ongoing monitoring – changes in ownership structure or counterparty risk may require a renewed KYC assessment during the life of the transaction.
For insurers engaging in SRT transactions, implementing a KYC process that handles not only individual customers but also complex corporate and institutional structures is essential – with an appropriate level of automation and documentation to withstand regulatory scrutiny.
EUDI Wallets, eIDAS 2.0, and the Future of Digital Identity in Insurance
By the end of 2026, EU member states will be rolling out European Digital Identity (EUDI) Wallets. It is estimated that 500 million citizens will be using EUDI Wallets by 2026, with 82% of companies planning to integrate them by that time. From 2027, institutions in regulated sectors will be required to accept EUDI Wallet-based identity in KYC processes.
The EUDI Wallet will allow customers to share only the attributes strictly necessary for a given transaction (e.g. “aged 18 or over”, “resident of Poland”) without disclosing their full personal data – fundamentally changing how KYC processes are designed.
| Deadline | Requirement |
|---|---|
| By 24 December 2026 | EU member states make EUDI Wallets available to citizens |
| From 6 December 2027 | Institutions in regulated sectors accept EUDI Wallet-based identity |
Customer Data Security, Privacy, and Trust in Digital KYC
An effective KYC procedure must balance AML/CFT requirements with GDPR-compliant personal data protection. Processing customer data requires a legal basis and compliance with the data minimisation principle. Customers’ main concerns relate to submitting document scans, biometric data, and proof of address. The responses to these concerns include:
- End-to-end encryption and data tokenisation
- Certified data centres and auditable access logs
- Clear, in-interface communication about the purposes and scope of data processing
As obliged entities, insurance undertakings are legally required to ensure data security within the KYC framework – both towards regulators and their customers.
How IDENTT Supports Insurance Undertakings in Meeting KYC/AML Requirements
IDENTT helps insurers implement an automated, regulation-compliant KYC and digital onboarding process through:
- Identity document verification (IDV) – automated analysis of national ID cards, passports, and driving licences
- Facial recognition and liveness detection – protection against deepfakes and fraud attempts
- PEP/sanctions screening
- AML risk assessment and ongoing customer relationship monitoring
IDENTT offers flexible integrations (API, SDK), allowing insurers to deploy a new KYC process within a matter of months – without replacing their existing policy management system.
FAQ – Frequently Asked Questions about KYC in Insurance
Do all insurance policies require a full KYC procedure?
No – the level of KYC depends on the AML/CFT risk assessment. Simple motor insurance policies may be subject to a simplified procedure (SDD), while life and investment products require full due diligence (CDD or EDD). The AML Act and KNF guidelines set out when simplified procedures are permissible and when enhanced due diligence is required – for example, for PEP customers, those with ties to high-risk countries, or complex ownership structures.
How often should an insurer update customer data as part of KYC?
The frequency depends on the risk category. High-risk customers should be reviewed at least once a year; low-risk customers every one to three years. Re-verification is required whenever a material change occurs in the relationship: a significant increase in the insured sum, a change of beneficiary, or a change in the nature of the business relationship. KYC systems with ongoing monitoring functionality automatically generate alerts for suspicious transactions.
Can a customer refuse to provide data required under KYC?
Customers have a right to privacy, but if they refuse to provide data required under the AML Act, the insurer cannot enter into a contract or continue the relationship. The obliged entity may also be required to report the situation to the General Inspector of Financial Information (GIIF) if there are reasonable grounds to suspect money laundering or terrorist financing.
How does KYC in insurance differ from KYC in banking?
The underlying principles – identification, verification, risk assessment, and ongoing monitoring – are similar, but the fraud scenarios differ. In insurance, common risks include claims fraud and the use of investment policies for money laundering. Linking the data of the customer, the insured, the policyholder, and the beneficial owner is particularly important, as is product-level risk analysis – aspects that carry less weight in banking.
Is digital KYC (eKYC) secure for insurance customers?
When properly implemented, eKYC is at least as secure as traditional verification – and often more so, as it enables the use of strong biometrics and advanced anti-fraud mechanisms. Key factors include data encryption, GDPR compliance, the use of certified providers, and clear communication to customers about the purposes for which their data is being processed.
Need a custom solution? We’re ready for it.
IDENTT specializes in crafting customized KYC solutions to perfectly match your unique requirements. Get the precise level of verification and compliance you need to enhance security and streamline your onboarding process.