Introduction
KYC stands for Know Your Customer or Know Your Client. KYC is a set of guidelines in the domain of finance.
The KYC guidelines require that professionals make an effort to verify the identity, suitability, and risks involved with maintaining a business relationship. The procedures fit within the broader scope of a bank's Anti Money Laundering policy.
According to Swedish law, all payment institutions have to have sufficient knowledge about
their customers in order to ensure that customer funds are not used for financing
terrorist organizations or that customers' assets aren't subject to money laundering.
The Traditional Approach
Today, financial institutions generally procure the information required by the KYC guidelines through paper forms. KYC forms are usually sent out through the mail, filled in, sent back and finally scanned or entered into databases.
Our Approach
We aim to automate the process of gathering information required by the KYC guidelines.
Our KYC application lets customers fill in their information into an interactive online form. This KYC application is integrated with systems of other providers, which lets us synchronize information with other companies.
In addition, customers and merchants can enter which bank accounts they want to use for payouts sent through Ping Payments. We use an Account Information
Service[1][2] for secure verification of accounts.
Features
- Easy data entry
- Easy selection of accounts for payment payouts
Integrations
Our KYC application lets use sync information with other provide. The KYC application is integrated with several other systems:
Flow
The app has two main flows:
- Private
- Corporate
Private Flow
This flow is used by private individuals.
In this flow, we retrieve certain information to authenticate an individual's identity, and to verify that they are eligible to make a payment.
Before a user can log in, they need reach the KYC application, and provide the information needed to log in.
Pre-login
- Link is created through API
- User provides the application with necessary information required to begin the login process
Now that the user has reached the application, and entered the information needed to begin the login process, we can get going.
Login
- Application prompts the user to choose a bank
- User chooses bank
- Application attempts to produce a QR code for login:
If QR code cannot be produced:
Application goes back to step 1 of the Login processIf QR code is successfully produced:
Application shows QR code to user- User scans QR-code using an appropriate app for authentication
- User signs in
- Application attempts authentication of user:
If authentication fails:
Application goes back to step 1 of the Login processIf authentication is successful:
User is logged in
The user was successfully logged in, and the application moves on to adding more information about the user from other sources.
Post-login
- Application attempts fetching name and address, using Billmate:
If name and address cannot be fetched:
Application goes back to step 1 of the Login processIf name and address is successfully fetched:
Application moves on to fetching additional information- Application attempts fetching additional information[9], using Pliance
If additional information cannot be fetched:
Application goes back to step 1 of the Login processIf additional information is successfully fetched:
Application moves on to prompt user for more information
The user gets started on filling in requested information.
Data Entry
User fills in information as requested by application form
When the user has filled in the necessary information, it's time to choose which account to use.
Account Selection
- Application prompts user to choose bank account
- User chooses bank account
- Application prompts user to authenticate using appropriate method
- User opens appropriate app for authentication
If authentication fails:
Application goes back to step 1 of the Account Selection processIf authentication is successful:
Application compiles a record of information collected
It's time for the user to review and confirm that the collected information is correct.
Confirmation
- User is shown a summary of collected information
- User reviews the summary
If information is incorrect:
● User chooses to start over
● Application goes back to step 1 of the Data Entry processIf information is correct:
● User confirms that collected information is correct
● Application prompts user to authenticate- User attempts to authenticate using appropriate method
If authentication fails:
Application goes back to step 1 of the Confirmation processIf authentication is successful:
Application prepares to finish the KYC process
All that remains is for the application to inform the user that the KYC process is done.
Finish
Application shows user a page indicating success
Corporate Flow
This flow is used by organizations, and assumes that the user is a representative of a company or other organization.
In this flow, we retrieve certain information to authenticate an individual's identity, and to verify that they are eligible to make a payment. We also ensure that the individual in question is eligible to act on the behalf of a corporate entity or other organization.
Before a user can log in, they need reach the KYC application, and provide the information needed to log in.
Pre-login
- Link is created through API
- User provides the application with necessary information required to begin the login process
Now that the user has reached the application, and entered the information needed to begin the login process, we can get going.
Login
- Application prompts the user to choose a bank
- User chooses bank
- Application attempts to produce a QR code for login:
If QR code cannot be produced:
Application goes back to step 1 of the Login processIf QR code is successfully produced:
Application shows QR code to user- User scans QR-code using an appropriate app for authentication
- User signs in
- Application attempts authentication of user:
If authentication fails:
Application goes back to step 1 of the Login processIf authentication is successful:
User is logged in
The user was successfully logged in, and the application moves on to adding more information about the user from other sources.
Post-login
- Application attempts fetching name and address, using Billmate:
If name and address cannot be fetched:
Application goes back to step 1 of the Login processIf name and address is successfully fetched:
Application moves on to fetching additional information- Application attempts fetching additional information[9], using Pliance
If additional information cannot be fetched:
Application goes back to step 1 of the Login processIf additional information is successfully fetched:
Application moves on to prompt user for more information
The user gets started on filling in requested information.
Data Entry
User fills in information as requested by application form
When the user has filled in the necessary information, it's time to choose which account to use.
Account Selection
- Application prompts user to choose bank account
- User chooses bank account
- Application prompts user to authenticate using appropriate method
- User opens appropriate app for authentication
If authentication fails:
Application goes back to step 1 of the Account Selection processIf authentication is successful:
Application compiles a record of information collected
As the user going through the KYC process is a representative of a corporate entity or other organization, we need some additional information to be able to verify their identity and confirm that they are eligible to use the selected account.
Data Retrieval
- Application collects user's name and address, using Billmate
- Application collects additional information[11], using Pliance
- Application compiles data retrieved from Billmate and Pliance, and adds this information to the collected user data
It's time for the user to review and confirm that the collected information is correct.
Confirmation
- User is shown a summary of collected information
- User reviews the summary
If information is incorrect:
● User chooses to start over
● Application goes back to step 1 of the Data Entry processIf information is correct:
● User confirms that collected information is correct
● Application prompts user to authenticate- User attempts to authenticate using appropriate method
If authentication fails:
Application goes back to step 1 of the Confirmation processIf authentication is successful:
Application prepares to finish the KYC process
All that remains is for the application to inform the user that the KYC process is done.
Finish
Application shows user a page indicating success
Footnotes
1, 3. Open Payments (Sweden) ↩:
Used as an Account Information Service for Swedish users.We prompt users to authenticate their identity through their Swedish bank's servers to give us consent to
access personal account information.We can make sure that the user is authorized to use the account in question through this Account Information Service.
2, 4. Neonomics (Norway) ↩:
Used as an Account Information Service for Norwegian users.We prompt users to authenticate their identity through their Norwegian bank's servers to give us consent to
access personal account information.We can make sure that the user is authorized to use the account in question through this Account Information Service.
5. Billmate (Sweden) ↩:
Used to get the name and address of the business or person that is going through the KYC process6, 9, 10, 11. Pliance (Sweden) ↩:
Corporate:
- Type of company
- Owner(s) of company
- Sanctioned company status
- Parent company
For a complete list of corporate information obtained through Pliance check:
https://pliance.io/api/#schemas-view-company-response-data and
https://pliance.io/api/#schemas-company-dataPrivate:
- Politically Exposed Person status
- Coordinated individual plans (Swedish: Samordnad Individuell Plan or SIP)
- Relatives and Close Associates
For a complete list of private information obtained through Pliance check:
https://pliance.io/api/#schemas-view-person-response-data7. BankID (Sweden) ↩:
Private:
- Authenticating
- Signing off on given information
Corporate:
- Authenticating
- Signing off on given information
- Retrieving name of signee
- Retrieving Swedish personal identity number of signee
Draft/Source:
KYC?
According to Swedish law all payment institutions have to have sufficient knowledge about
their customers so that we can be sure that the money we handle are not used for financing
terrorist organizations or that the transactions that we handle are not used for money
laundering. This is where KYC (Know Your Customer) comes in, this is the process of
collecting information about a client so that we can be sure their business is legitimate
What’s the KYC form used for?
Right now all KYC:s are gone manually, by sending different kinds of forms to customers and
requesting all needed information that we need to make sure we want to do business with
them.
This application is supposed to automate this process, by having customers fill in their
information in a digital form and answer the necessary questions. We also through several
integrations with other service providers (discussed more later) we get as much information
about the customer as we can. We also use this form for the user to choose which of their
bank accounts they want to get paid out to, doing this using an AIS (explained in
integrations) we can make sure it is actually the user that is choosing the account that has
access to this account.
Right now the form only works in Sweden because the integrations used to retrieve
information is mostly Sweden specific, work has been done to integrate with similar Services
in norway but that work is not complete yet.
Integrations
● Billmate (Sweden): Used mostly to get the name and address of the business or
person that is going through the KYC process
● Pliance (Sweden):
○ Corporate: Here we get information like, corporate_form, owners, if the
company is sanction, parent company and more. For complete list check
https://pliance.io/api/#schemas-view-company-response-data and
https://pliance.io/api/#schemas-company-data
○ Private: Here we get information that the person is PEP (Politically Exposed
Person), SIP (Samordnad Individuell Plan), RCA (Relatives And Close
Associates) and more. For complete list check
https://pliance.io/api/#schemas-view-person-response-data
● Open Payments (Sweden): Here we use Open Payments as Account Information
Service (AIS) this means, the user signs in to their bank thereby giving us consent to
access their account information, and through this we can make sure that they own
the account (or atleast have access)
● BankID (Sweden): BankID is used to sign the answers given and account chosen, in
the corporate flow it is also used to get name and social security number of the
person actually doing the KYC
● Neonomics (Norway): This the equivalent of Open Payments except for Norway
Flows
The app has two main flows, Corporate and Private. Where Corporate is for organizations
and Private is for private persons. The difference is mostly in which questions that has to be
answered, but also as stated above there is an extra BankID identification to identify the
person representing the company.