# Article

You can find more knowledge about products on this site.

# KYC and KYB requirements in card issuing

KYC (Know Your Customer) processes usually raise a lot of questions. In this article, I would like to summarize the most important decision points and requirements.

KYC regulations are directly connected with Anti-Money Laundering (AML), regulatory and sometimes with payment scheme requirements. In general, every payment or banking institution must be aware who its customers are, should know the source of its customers' funds, and should have information about the ways customers use money held by the payment institution. Regulators require that payment institutions know and monitor this in order to limit the risk of supporting terrorist or illegal actions.

The main question in every project is: "Who is the owner of the money on account?" We can have 2 situations:

**1. CONSUMERS** - If the consumer is an owner of the money on account, the KYC process has to happen. Usually it means that the user (consumer - not a company) needs to provide an ID document or passport and selfie, meeting or video call needs to happen to make sure that consumer is a real person signing a contract with a payment institution. There are various additional verification ways that a payment institution may require, but those are the key ones.

**2. BUSINESSES** - If a company is an owner of money, the KYB (Know Your Business) process has to happen. Usually it means that the user (company owner, manager etc.) not only needs to provide an ID document and make a selfie or a video call, but the payment institution needs to verify beneficiaries (the owners of more than 25% of shares in the company).

In both cases the payment institution is obliged to check whether the consumer, business manager or business owner is not present on various sanction lists, i.e. OFAC or UN sanction list.

These rules are critical and in fact all other implications are outcomes of them. In projects connected with launching Payout to Cards, the very first question that we need to answer is : "**Who is the owner of the money on account?**" If the consumer is an owner of the account (scenario 1) - the consumer needs to go through the KYC process. If the business is an owner of the money on account (scenario 2), the KYB process will have to happen and there will be no additional KYC.

There may be non-standard situations that will require some analysis. Let me present a few interesting scenarios:

- **Lendtech** - a company that provides loans to consumers. Let's imagine that this company is giving a loan of 1000 EUR to a consumer. We can have a project in two versions: 
    - if the consumer receives a loan on his/her personal card - then we have the KYC requirement.
    - but if a card is just a part of Lendtech account and formally the consumer gets a loan at the moment he/she takes out money from the card account - we do not have any KYC requirement; we just need to do KYB for Lendtech. It can simplify user acquisition a lot.
- **Insurance** - an insurance company sends insurance value to users after a claim process or just after an accident: 
    - if the user receives a gift card with 1000 EUR, which is the value of the claim, and at the moment of receiving the card, 1000 EUR on this card becomes his/her ownership - we have the KYC requirement for the user.
    - but if the user receives a card with a limit of 1000 EUR and when they pay - they use the insurer's money to cover costs of the claim, we do not have any KYC requirement. KYB will be enough for us.
- **Money transfer company** - let's imagine that the company sends a virtual card with 1000 EUR from Europe to the receiver in Singapore: 
    - if the user receives a virtual gift card, and 1000 EUR belongs immediately to this user, we have to do KYC of this user
    - however, if users receive a virtual card with a limit of 1000 EUR and the money becomes theirs the moment they pay or withdraw funds from the card, KYB is sufficient. KYC is not required.

As you can see, there can be different approaches to KYC and KYB requirements, so it is worth reviewing the legal structure and thinking about how to improve the user experience in such projects.

Thanks for reading.

# Know Your Customer – in-house or outsourcing

From time to time, our customers ask us whether it is better to perform **Know Your Customer** activities in-house or to hire a company to do it for them. In this article we would like to answer this question.

KYC activities are very important. **On-boarding** your customer is actually the first process that the customer uses, so smooth processes are critical for our future relationship with a particular customer. If the process does not work correctly, the customer can block and all our marketing and acquisition efforts will be useless. But how to do it right?

You can have 2 general scenarios:

##### **Scenario 1 – build KYC in-house**

You can start building this process yourself using **your IT team**. Actually, it is not so difficult. The process consists of a few **obligatory steps** that have to be performed by user:

1. Get user data
2. Get user photo or video
3. Get pictures of user’s document or documents
4. Check sanction lists
5. Approve / decline / get into interaction

It seems to be easy 😊 but actually it is not so easy. There are some security and legal regulations that need to be fulfilled. There are specific requirements of payment institutions that will have to be fulfilled. You need to collect this knowledge, be ready to update your systems. Additionally, you have to think of automatizing this process on your side so that the user does not wait too long for approval of their application. From a financial perspective it sometimes can be much cheaper than automated KYC. Let’s do a quick calculation. If you hire a person and pay 10 EUR per hour to this person for performing KYC activities you can imagine that such a KYC employee will perform simple consumer KYC actions (verification of data, photos etc.) for one customer during 1 minute. It means that the cost of processing a single application is 10 EUR divided by 60 minutes = 0,16 eur per user!!!

Additionally, if you need to perform regular scanning of sanction lists, avoiding per user costs becomes more critical because there may be requirements that users are scanned against sanction lists once per month… If you have 0,1 eur cost per such scanning it means that you have variable cost of your operations. Very important disadvantage.

**Advantages:**

- Full control over the process
- Possibility of changing process in-house after product launch
- Full control over costs
- Possibility to avoid variable costs per user
- Possibility to avoid recurring costs per user
- Quicker responses to regulatory complaints as everything is in your system
- No dependency on external partners

**Disadvantages:**

- You need to spend time and energy on this process
- Time consuming process
- High fixed costs (team to develop and update the system)

##### **Scenario 2 – outsource KYC**

In this scenario you perform a tender and **choose the best KYC provider** for you. You can be quick with this process, you will get all technology this partner has but you will have to pay per user and maybe for some development and customizations. You will have an outsourcing company that most likely will have to be officially registered at your regulator as you are outsourcing anti-money laundering processes to this partner. It is definitely an easier process at the beginning of your journey but think about dependencies and cost.

In the long term you may also encounter problems with your partner that some specific requirements or unhappy path for your users does not work correctly. You should not think that you can automatize 100% of your on-boarding processes and you do not need to hire anyone. You must have some manual process, possibility to check application yourself and you must hold data yourself for future use.

From a financial perspective – you will have to pay per user or sometimes recurring fees per verification additionally. This may be a heavy cost for your business model. I think that this long term dependency is the critical disadvantage and you need to be careful.

**Advantages:**

- Quick time-to-market
- Professional processes achieved quickly

**Disadvantages:**

- High variable costs – clicks per user, monthly per user etc.
- Dependency on particular vendor
- Tendency to forget that you must have manual processes built together with such partner
- Risk of regulatory incompliance in case you do not monitor partner correctly

##### **Summary**

It is a difficult choice. In our opinion, in the short-term, it may be better to involve a 3<sup>rd</sup> party. However, in the long term, risk of dependencies, partner stability and variable fees seem important and you need to carefully consider if you do not want to have those capabilities in-house. Please also remember that while implementing 3<sup>rd</sup> party automatic solutions, you must have a manual process ready to process unusual customers.

Our services in this area are focused on this strategy. We use both 3<sup>rd</sup> party vendors and an internal system for managing KYC processes for ourselves and for our customers.

# KYC requirements in Payout and Money Transfer projects

Know Your Customer (KYC) processes usually generate many questions. Key requirements and decision points are summarized in this article.

The KYC regulations are directly related to AML (Anti-Money Laundering), regulatory and payment scheme requirements. In general, any payment or banking institution has to know who their customers are, what the source of their customers' money is and how the customers use the money held by the payment institution. To limit the risk of supporting terrorist or illegal activities, regulators require payment institutions to be aware of and monitor them.

The key question in every project is: "Who is the owner of the money on the account?" There may be the following situations:

1. **CONSUMERS** - If consumers own the money on account, the KYC process has to happen. It usually means that the user (consumer - not a company) needs to provide his/her ID document or passport and selfie, a meeting or video call needs to happen to make sure that the consumer is a real person who signs a contract with the payment institution. There are many additional verification ways that the payment institution may require, but these are the main ones.
2. **BUSINESSES** - If a company owns the money, the KYB (Know Your Business) process has to happen. It usually means that the user (company owner, manager etc.) needs to provide not only his/her ID document and make a selfie or a video call, but the payment institution needs to check beneficiaries (owners of more than 25% of shares in the company).

In both cases, the payment institution is obliged to check whether the consumer, company director or company owner is on various sanctions lists, e.g. OFAC or UN sanctions lists.

The above rules are critical and in fact all other implications are results of them. In projects related to the implementation of Payout to Cards, the first question we need to answer is: "Who is the owner of the money on the account?" If the consumer is the owner of the account (scenario 1) - the consumer must go through the KYC process. If the business is an owner of the money on the account (scenario 2), the KYB process will have to happen and there will be no additional KYC.

In the majority of Payout to Cards projects we are in Scenario 2. It means that the KYB process needs to happen and there will be no additional verification of consumers. The reason for that is that we usually talk with payment institutions, wallets, fintechs that have registered users, the users have their accounts (already after KYC) and our money transfer institution will work directly with this business customer to enable Payouts from accounts of this payment institution to the receiver. The account owner will be a payment institution or a business that we work with. From a legal point of view, our customer (B2B customer) will take money from the user's account, place it on their own account and initiate a payment to the receiver from their own account. In such a situation we will do KYB, we will verify if our partner has a legal right to perform such activities and it will be enough. We will request our partners to send us some customer (Sender) data including the first name, last name, but nothing else.

In some situations there will be a need to initiate direct payments from the consumer account to the receiver - Scenario 1. In this scenario we will require that either the partner does a <span style="font-weight: 400;">professional</span> KYC process according to requirements (see above) and sends results of KYC to us, including a selfie, ID documents etc. Or in specific cases we can perform KYC on behalf of the partner.

I hope I clarified the topic. Please make sure that you define quickly if you are in scenario 1 (consumer KYC) or scenario 2 (business KYB) and you can quickly enable Payouts with us.

Thanks for reading.