Know Your Customer
How Do We Know You are You?
In the past, a customer would physically walk into his local bank branch and the bank employees would recognize him because they all lived in the same neighborhood. However, the virtual world has changed all that. With hackers, AI, deep-fakes and spoofing, in the virtual world it is now more important than ever to verify that customer you are dealing with is in fact who they claim to be. In addition, the government regulators that oversee the banking and financial services infrastructure, have mandated that controls are in place to validate the customer's identity. Government regulators regularly audit financial institutions to ensure they can indeed capture such fraudulent usage.
CIP
CIP stands for Customer Identification Program. CIP is the legal requirement for financial institutions to verify information provided by a consumer as outlined in the USA PATRIOT Act, whereas KYC refers to the specific processes a financial institution utilizes to verify a consumer’s identity before engaging in transactions. The Bank Secrecy Act of 1970 (BSA) requires financial institutions to assist U.S. government agencies in the detection and prevention of money laundering. Compliance with the BSA includes financial institutions maintaining a Customer Identification Program to prove that the identities of new customers have been verified at account opening. CIP is also governed by Section 326 of the USA PATRIOT Act and the Financial Crimes Enforcement Network (FinCEN), which enforce these regulations to combat money laundering, terrorist financing, and other financial crimes.
KYC
KYC stands for Know Your Customer. It refers to the various processes and practices that are used to verify the identity of the customer. Numerous external data sources are used as part of this validation. These include, Social Security records, government issued driver's licenses, billing addresses, government watch lists and the like. Mbanq uses a number of third-party services and data sources to verify a customer's identity.
KYB
KYB stands for Know Your Business. It is similar to KYC except that KYB focuses on validating business identity vs. consumer identity. The process is similar, but the external third party services and data sources are quite different. For the business, there are a number of required business documents as outlined in the chart below. In addition, the principals of the business (owners and high-level managers) must be fully vetted at Full KYC - Level 2 verification.
Key Components of CIP and KYC
- Collection of customer information: Name, date-of-birth, address and a taxpayer identification number are the minimum requirements. For a U.S. citizen, a SSN serves as the taxpayer identification number. For non-U.S. persons, an identification number from a government issued ID bearing a photograph or similar safeguard is considered acceptable.
- Identity verification procedures: While the specific procedures used are not mandated, the procedures must enable the financial institution to form a reasonable belief that it knows the true identity of the customer. In online channels, this is often satisfied with comparing consumer provided information to records from databases, and/or document risk-based procedures for verifying the identity of each customer.
- Comparison with government lists: Ensuring the customer is not included on any sanctions list of known or suspected terrorists or terrorist organizations issued by any federal government agency, most commonly deployed via OFAC.
- Record keeping requirements: Written procedures are necessary for the collection and maintenance of records for all information obtained in the identity verification process. This includes all identifying information, a description of any document relied upon for identity verification, a description of the methods and the results of any measures undertaken to verify the identity of the customer, and a description of the resolution of any substantive discrepancy discovered when verifying the identifying information obtained.
- Retention of records: Requirement to maintain customer data for five years after the date the account is closed or, in the case of credit card accounts, five years after the account is closed or becomes dormant.
Customer notice: Documented process for providing bank customers with adequate notice that the bank is requesting information to verify their identities.
KYC Levels - Required Documents & ID Checks
Mbanq and the partner bank will provide you with the final KYC or KYB document requirements, and these will be detailed in your Platform Program Parameters as follows:
| Client Type | Products | Standard KYC | EDD Docs |
|---|---|---|---|
| Individual - Level 1 - Partial KYC | Savings Checking Debit Card | Name, Address DOB Phone, Email Tax ID (like SSN) Country | None required |
| Individual - Level 2 - Full KYC | Savings Checking Debit Card Credit Card Loan | Name, Address DOB Phone, Email Tax ID (like SSN) Country | Driver's License, Passport, College ID - Gov't ID Front - Gov't ID Back Video Auth Utility Bill |
| Corporate | Savings Checking Debit Card Credit Card Wires | - Full business name - Physical and mailing address, if different from that of the business or Trustee - Phone Number of the Business - Entity Type (LLC, Corp, etc) - Entity Scope (Industry) - Employer Identification Number (“EIN”) Verification Letter issued by IRS | Entity Formation Date Bylaws Certificate of Incorporation Business License Various formation documents (such as: Company Bylaws, business license, articles of incorporation, etc.) Articles of Incorporation Financial Statements |
The above are only directional examples, your actual requirements may vary.
KYC & KYB Policy
Mbanq and the partner bank will also require that you as the platform will adhere to well defined policies and procedures around the KYC and KYB processes. These will be added as an addendum to the Platform Program Parameters.
KYC Levels Limits
Mbanq splits Clients into different levels based on the KYC verification (partial KYC or Full KYC). Based on their level they will have restrictions on the Transfer Limits which have been suggested by your Partner Bank.
- Not Verified
- Partial KYC (Level 1)
- Full KYC (Level 2)
- Failed
For Example:
| Card Transactions | Non-Card Transactions | |
|---|---|---|
| Daily Transfer Limits-Partial KYC | $250 | $250 |
| Monthly Transfer Limits-Partial KYC | $2,500 | $2,500 |
| Incoming Limits-Partial KYC | $5,000 Monthly | |
| Daily Transfer Limits-Full KYC | $4,000 | $4,000 |
| Monthly Transfer Limits-Full KYC | $10,000 | $10,000 |
| Incoming Limits-Full KYC | $20,000 |
Other Factors
- Domestic students follow the same KYC requirements as above.
- International students follow the enhanced due diligence requirements for KYC.
- Residency Status: your residency status will also influence the level of diligence required as part of the KYC process. Foreign individuals who are residing in the United States on a temporary visa or work permit will also require Enhanced Due Diligence.
- Mbanq only leverages a manual review for possible Watchlist, Adverse Media and PEP related hits.
- OFAC - Office of Foreign Asset Control
- PEP - Politically Exposed Persons
- Mbanq will examine the supplied identification data to determine if the match against the government watch list was a false positive.
- The Mbanq compliance team has the authority to allow a manual review individual to proceed with onboarding
Customer Risk Rating (“CRR”)
In order to have an understanding of the money laundering and terrorist financing risks of its customers, Mbanq has developed a Customer Risk Rating. Every new customer will be assigned a CRR at the time of onboarding, which can then be changed throughout the relationship as new information about the customer is learned or they engage in higher risk activities. Mbanq places customers in one of following risk categories:
Low Risk:
- US Resident Consumer Accounts with no additional risk factors such as high-risk
occupations, Adverse Media, PEP relations or moderate and/or high AML/TF risk country connections will default to “Low Risk” and require only basic profile information such as the CIP required information and occupation.
Moderate Risk:
- Local Commercial and Franchise Businesses with no additional risk factors such as high-risk occupations, Adverse Media, PEP relations or moderate and/or high AML/TF risk country connections will be considered “Moderate Risk” and will be required to provide additional information such as business Industry, expected activity, and geographical locations of operations (business).
- Individuals with potential Adverse Media, PEP relations or moderate and/or high AML/TF risk country connections will be considered “Moderate Risk” and will be required to provide additional information such as expected activity, annual income, and purpose of account.
High Risk – Subject to Enhanced Due Diligence:
- Individual accounts (i) have high AML/TF risk country connections or (ii) have an
occupation in a “High Risk” business sector, as determined by NAICS code; (v) any activities determined to be potentially suspicious upon investigation by Company personnel, such as recent negative news for financial related crimes or (ii) do not fall into the Low or Moderate risk categories for other reasons not previously identified will be considered “High Risk” - Business Accounts (i) have high AML/TF risk country connections such as UBOs or (ii) Operate a “High Risk” business sector, as determined by NAICS code; (iii) use a registered agent as the physical address for the business entity in conjunction with a beneficial owner that resides outside of the US (iv) any activities determined to be potentially suspicious upon investigation by Company personnel, such as recent negative news for financial related crimes or (v) do not fall into the Low or Moderate risk categories for other reasons not previously identified will be considered “High Risk” (vi) lists cryptocurrency as their use case (vii) any non-US SPV
Updated 10 months ago