Identity Verification
What is BSA and why does it matter?
The BSA is a U.S. law requiring financial institutions in the United States to assist U.S. government agencies in detecting and preventing money laundering and terrorist financing.
Because it applies to our bank sponsor partners, Bond is contractually obligated to adhere to it because the banks outsource their BSA obligations to Bond (and Brands).
What is KYC?
The BSA has been amended several times, including the USA PATRIOT Act of 2001, which requires that financial institutions comply with the stricter Know Your Customer (KYC) rules:
- Customer Identification Program (CIP) - bank required to form a reasonable belief that it knows the true identity of each customer
- Customer Due Diligence (CDD) - bank required to gather relevant info about the customer & evaluate for any potential risk for the organization or money laundering/terrorist financing activities
- Enhanced Due Diligence (EDD) - the process of gathering data & info to verify the identity of customers, but with additional information required to mitigate the risk associated with the customer
Until 2016, one major loophole in KYC remained; banks weren’t required to ID the stakeholders and beneficiaries of the businesses they served.
In practice, this meant that seemingly legitimate businesses could shelter bad actors’ identities while performing illegal, high-value transactions on their behalf.
The regulatory fix, titled “Customer Due Diligence Requirements for Financial Institutions,” is what we know as Know Your Business (KYB).
Banks are required to conduct due diligence on the beneficial owners of the business. There are two methods that are assessed to determine this:
- Ownership: Any individual, if any, who directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, owns 25% or more of the equity interests of a legal entity customer.
- Control: A single individual with significant responsibility to control, manage, or direct a legal entity customer. This includes, for example, an executive officer or senior manager, or any other individual who regularly performs similar functions.
Note
There must be at least one individual identified for each of the ownership and control methods, but they can be the same person. In all cases, each legal entity will have between one and five beneficial owners (for for the control method and between none and four under the ownership method).
What information do I need to collect about my customers?
This is our most commonly asked question. It depends on the type of program (commercial or consumer) and the specific sponsor bank you've chosen to work with. The examples below are for illustrative purposes only and in reality, might be slightly different when you onboard your program with Bond.
Additionally, we support several methods for identity verification through a series of vendors based on what information your customer may or may not have, as well as the user experience you want to provide as you balance onboarding time versus risk.
| Method | Information | Preference for... |
|---|---|---|
| Non-documentary | - Independent verification by comparing info provided by the customer with information obtained from a credit bureau, public or govt. database, or other source - IDV, fraud, synthetic ID, email/mobile verification tools - In person - Checking references with other financial institutions | Fastest onboarding time |
| Documentary | - Name and DOB: Driver’s license, Passport, or Birth Certificate - Address: Utility Bill or Lease Agreement - Tax ID: Social security card or W-9 Form - Business: TIN, state issued business license, articles of incorporation or other organizational legal documents | Highest approval rates |
Credit Checks
Note that credit checks are only applicable to credit card products. If you are performing a KYC on a customer for the purposes of a deposit product such as a prepaid card, credit checks are not performed, and there is no pull on the customer's credit.
What if my customer doesn't have an SSN?
The non-documentary verification method requires that the customer has a critical identifier such as an SSN (social security number).
Other pieces of documents such as an ITIN (individual taxpayer-identification numbers) cannot be used instead. This is often an indication that your customer should be treated as a business rather than a person. With business information including an ITIN, your customer can go through a KYB flow.
For the scenario where the customer does not have an SSN and cannot be treated as a business (for example, an international student) you can use documentary verification.
Do I need to run my customers through KYC again if I am switching to Bond?
The CIP guidelines do not include any specific requirements to perform ongoing KYC/KYB validations. Instead, banks are expected to take a risk-focused approach and reverify identity on certain high-risk customers or in conjunction with suspicious activity monitoring.
When you are switching to Bond and the existing bank is not one of Bond's sponsor banks, we are creating a new relationship with the customer and the bank and we need to run KYC again.
That said, by designing simple and informative screens in your app, you might be able to reduce this burden for your end-users. We're happy to let you know about it when you contact your designated Compliance representative.
Updated over 2 years ago