Let’s start from the beginning. That’s always convenient. What is KYC? Well, it stands for Know Your Customer and it’s a part of the AML directive (there’s a bunch of them, the current version is AML5, KYC is part of all of them) and it basically says that a) you should be absolutely certain who you’re doing business with and b) they aren’t evil a-holes.
That’s all well and good — something that most people can sign off on is that it should be hard to fund horrible stuff like organised crime and terrorism. But it turns out that really knowing your customer is trickier than you might think. Because even if it’s pretty clear that social media platforms and big tech companies are collecting ALL THE DATA about you, a proper KYC process needs more than predictable data — it needs hard facts. Luckily we are here to tell you all you need to know to comply with the AML regulation.
You'll need either of these:
And all these:
So from here you have a couple of routes. Either you can do it by yourself or you can use a KYC-provider that will do it for you.
First of all you’ll need to figure out your customers National Identification Number, if there is one in the market you’re doing business in. Otherwise the date of birth will sometimes also work. Collecting any of those aren’t really that hard, the customer knows that by heart so it’s easy enough to fill in. The problem is verifying the information. To do that you need to require some sort of photo identification, preferably a passport.
You have to make sure that you have the full legal name of your customer. Again, this must be verified by a certified passport or some form of e-identification.
Which country are they living in? Yet again passport is the easiest route to confirm this together with proof of residence.
Where do they live? Getting an address is a bit trickier since you cannot use the passport for confirmation but will have to use a third party provider to do a lookup. This can prove fairly difficult if the name is very common or expensive if you have to rely on a specialized third party provider.
This one's a doozy... PEP stands for Politically Exposed Person and RCA is Relatives and Close Associates. The Financial Action Task Force defines a PEP as such:
A PEP is not automatically disallowed from doing business with you but they are considered higher risk clients due to the fact that their position in society exposes them to the temptations of bribes and the like. Which in turn makes money laundering more likely amongst PEP than the average citizen. There are lists of PEPs that you can check against, but it will require a lot of work and they are constantly updated so you will need to constantly monitor your user base.
The easiest way to make sure that you are compliant and are getting all the KYC-information that you need is to use a KYC-provider. There are a number of alternatives out there but if you want to get the most bang for your buck we’d recommend going for a payment service provider that also cover the KYC-check. That way you keep integration to a minimum and only have one point of contact for all sensitive data. Side note: you do know that Zimpler include KYC for free don’t you?
If you want to know more about how Zimpler can help you achieve your goals contact us.