Introduction

KYC stands for Know Your Customer or Know Your Client. KYC is a set of guidelines in the domain of finance.

The KYC guidelines require that professionals make an effort to verify the identity, suitability, and risks involved with maintaining a business relationship. The procedures fit within the broader scope of a bank's Anti Money Laundering policy.

According to Swedish law, all payment institutions have to have sufficient knowledge about
their customers in order to ensure that customer funds are not used for financing
terrorist organizations or that customers' assets aren't subject to money laundering.







The Traditional Approach

Today, financial institutions generally procure the information required by the KYC guidelines through paper forms. KYC forms are usually sent out through the mail, filled in, sent back and finally scanned or entered into databases.




Our Approach

We aim to automate the process of gathering information required by the KYC guidelines.

Our KYC application lets customers fill in their information into an interactive online form. This KYC application is integrated with systems of other providers, which lets us synchronize information with other companies.

In addition, customers and merchants can enter which bank accounts they want to use for payouts sent through Ping Payments. We use an Account Information
Service[1][2] for secure verification of accounts.




Features

  • Easy data entry
  • Easy selection of accounts for payment payouts



Integrations

Our KYC application lets use sync information with other provide. The KYC application is integrated with several other systems:







Flow

The app has two main flows:

  • Private
  • Corporate






Private Flow

This flow is used by private individuals.

In this flow, we retrieve certain information to authenticate an individual's identity, and to verify that they are eligible to make a payment.




Before a user can log in, they need reach the KYC application, and provide the information needed to log in.

๐Ÿ“˜

Pre-login

  1. Link is created through API
  2. User provides the application with necessary information required to begin the login process



Now that the user has reached the application, and entered the information needed to begin the login process, we can get going.

๐Ÿ“˜

Login

  1. Application prompts the user to choose a bank
  2. User chooses bank
  3. Application attempts to produce a QR code for login:

    If QR code cannot be produced:
    Application goes back to step 1 of the Login process

    If QR code is successfully produced:
    Application shows QR code to user

  4. User scans QR-code using an appropriate app for authentication
  5. User signs in
  6. Application attempts authentication of user:

    If authentication fails:
    Application goes back to step 1 of the Login process

    If authentication is successful:
    User is logged in




The user was successfully logged in, and the application moves on to adding more information about the user from other sources.

๐Ÿ“˜

Post-login

  1. Application attempts fetching name and address, using Billmate:

    If name and address cannot be fetched:
    Application goes back to step 1 of the Login process

    If name and address is successfully fetched:
    Application moves on to fetching additional information

  2. Application attempts fetching additional information[9], using Pliance

    If additional information cannot be fetched:
    Application goes back to step 1 of the Login process

    If additional information is successfully fetched:
    Application moves on to prompt user for more information




The user gets started on filling in requested information.

๐Ÿ“˜

Data Entry

User fills in information as requested by application form




When the user has filled in the necessary information, it's time to choose which account to use.

๐Ÿ“˜

Account Selection

  1. Application prompts user to choose bank account
  2. User chooses bank account
  3. Application prompts user to authenticate using appropriate method
  4. User opens appropriate app for authentication

    If authentication fails:
    Application goes back to step 1 of the Account Selection process

    If authentication is successful:
    Application compiles a record of information collected




It's time for the user to review and confirm that the collected information is correct.

๐Ÿ“˜

Confirmation

  1. User is shown a summary of collected information
  2. User reviews the summary

    If information is incorrect:
    โ— User chooses to start over
    โ— Application goes back to step 1 of the Data Entry process

    If information is correct:
    โ— User confirms that collected information is correct
    โ— Application prompts user to authenticate

  3. User attempts to authenticate using appropriate method

    If authentication fails:
    Application goes back to step 1 of the Confirmation process

    If authentication is successful:
    Application prepares to finish the KYC process




All that remains is for the application to inform the user that the KYC process is done.

๐Ÿ“˜

Finish

Application shows user a page indicating success







Corporate Flow

This flow is used by organizations, and assumes that the user is a representative of a company or other organization.

In this flow, we retrieve certain information to authenticate an individual's identity, and to verify that they are eligible to make a payment. We also ensure that the individual in question is eligible to act on the behalf of a corporate entity or other organization.




Before a user can log in, they need reach the KYC application, and provide the information needed to log in.

๐Ÿ“˜

Pre-login

  1. Link is created through API
  2. User provides the application with necessary information required to begin the login process



Now that the user has reached the application, and entered the information needed to begin the login process, we can get going.

๐Ÿ“˜

Login

  1. Application prompts the user to choose a bank
  2. User chooses bank
  3. Application attempts to produce a QR code for login:

    If QR code cannot be produced:
    Application goes back to step 1 of the Login process

    If QR code is successfully produced:
    Application shows QR code to user

  4. User scans QR-code using an appropriate app for authentication
  5. User signs in
  6. Application attempts authentication of user:

    If authentication fails:
    Application goes back to step 1 of the Login process

    If authentication is successful:
    User is logged in




The user was successfully logged in, and the application moves on to adding more information about the user from other sources.

๐Ÿ“˜

Post-login

  1. Application attempts fetching name and address, using Billmate:

    If name and address cannot be fetched:
    Application goes back to step 1 of the Login process

    If name and address is successfully fetched:
    Application moves on to fetching additional information

  2. Application attempts fetching additional information[9], using Pliance

    If additional information cannot be fetched:
    Application goes back to step 1 of the Login process

    If additional information is successfully fetched:
    Application moves on to prompt user for more information




The user gets started on filling in requested information.

๐Ÿ“˜

Data Entry

User fills in information as requested by application form




When the user has filled in the necessary information, it's time to choose which account to use.

๐Ÿ“˜

Account Selection

  1. Application prompts user to choose bank account
  2. User chooses bank account
  3. Application prompts user to authenticate using appropriate method
  4. User opens appropriate app for authentication

    If authentication fails:
    Application goes back to step 1 of the Account Selection process

    If authentication is successful:
    Application compiles a record of information collected




As the user going through the KYC process is a representative of a corporate entity or other organization, we need some additional information to be able to verify their identity and confirm that they are eligible to use the selected account.

๐Ÿ“˜

Data Retrieval

  1. Application collects user's name and address, using Billmate
  2. Application collects additional information[11], using Pliance
  3. Application compiles data retrieved from Billmate and Pliance, and adds this information to the collected user data



It's time for the user to review and confirm that the collected information is correct.

๐Ÿ“˜

Confirmation

  1. User is shown a summary of collected information
  2. User reviews the summary

    If information is incorrect:
    โ— User chooses to start over
    โ— Application goes back to step 1 of the Data Entry process

    If information is correct:
    โ— User confirms that collected information is correct
    โ— Application prompts user to authenticate

  3. User attempts to authenticate using appropriate method

    If authentication fails:
    Application goes back to step 1 of the Confirmation process

    If authentication is successful:
    Application prepares to finish the KYC process




All that remains is for the application to inform the user that the KYC process is done.

๐Ÿ“˜

Finish

Application shows user a page indicating success









Footnotes

1, 3. Open Payments (Sweden) โ†ฉ:
Used as an Account Information Service for Swedish users.

We prompt users to authenticate their identity through their Swedish bank's servers to give us consent to
access personal account information.

We can make sure that the user is authorized to use the account in question through this Account Information Service.

2, 4. Neonomics (Norway) โ†ฉ:
Used as an Account Information Service for Norwegian users.

We prompt users to authenticate their identity through their Norwegian bank's servers to give us consent to
access personal account information.

We can make sure that the user is authorized to use the account in question through this Account Information Service.

5. Billmate (Sweden) โ†ฉ:
Used to get the name and address of the business or person that is going through the KYC process

6, 9, 10, 11. Pliance (Sweden) โ†ฉ:
Corporate:

  • Type of company
  • Owner(s) of company
  • Sanctioned company status
  • Parent company

For a complete list of corporate information obtained through Pliance check:
https://pliance.io/api/#schemas-view-company-response-data and
https://pliance.io/api/#schemas-company-data

Private:

  • Politically Exposed Person status
  • Coordinated individual plans (Swedish: Samordnad Individuell Plan or SIP)
  • Relatives and Close Associates

For a complete list of private information obtained through Pliance check:
https://pliance.io/api/#schemas-view-person-response-data

7. BankID (Sweden) โ†ฉ:

Private:

  • Authenticating
  • Signing off on given information

Corporate:

  • Authenticating
  • Signing off on given information
  • Retrieving name of signee
  • Retrieving Swedish personal identity number of signee

Draft/Source:

KYC?
According to Swedish law all payment institutions have to have sufficient knowledge about
their customers so that we can be sure that the money we handle are not used for financing
terrorist organizations or that the transactions that we handle are not used for money
laundering. This is where KYC (Know Your Customer) comes in, this is the process of
collecting information about a client so that we can be sure their business is legitimate
Whatโ€™s the KYC form used for?
Right now all KYC:s are gone manually, by sending different kinds of forms to customers and
requesting all needed information that we need to make sure we want to do business with
them.
This application is supposed to automate this process, by having customers fill in their
information in a digital form and answer the necessary questions. We also through several
integrations with other service providers (discussed more later) we get as much information
about the customer as we can. We also use this form for the user to choose which of their
bank accounts they want to get paid out to, doing this using an AIS (explained in
integrations) we can make sure it is actually the user that is choosing the account that has
access to this account.
Right now the form only works in Sweden because the integrations used to retrieve
information is mostly Sweden specific, work has been done to integrate with similar Services
in norway but that work is not complete yet.
Integrations
โ— Billmate (Sweden): Used mostly to get the name and address of the business or
person that is going through the KYC process
โ— Pliance (Sweden):
โ—‹ Corporate: Here we get information like, corporate_form, owners, if the
company is sanction, parent company and more. For complete list check
https://pliance.io/api/#schemas-view-company-response-data and
https://pliance.io/api/#schemas-company-data
โ—‹ Private: Here we get information that the person is PEP (Politically Exposed
Person), SIP (Samordnad Individuell Plan), RCA (Relatives And Close
Associates) and more. For complete list check
https://pliance.io/api/#schemas-view-person-response-data

โ— Open Payments (Sweden): Here we use Open Payments as Account Information
Service (AIS) this means, the user signs in to their bank thereby giving us consent to
access their account information, and through this we can make sure that they own
the account (or atleast have access)
โ— BankID (Sweden): BankID is used to sign the answers given and account chosen, in
the corporate flow it is also used to get name and social security number of the
person actually doing the KYC
โ— Neonomics (Norway): This the equivalent of Open Payments except for Norway

Flows
The app has two main flows, Corporate and Private. Where Corporate is for organizations
and Private is for private persons. The difference is mostly in which questions that has to be
answered, but also as stated above there is an extra BankID identification to identify the
person representing the company.

1234