Customer Onboarding, Identification, and Diligence
    • 14 Nov 2023
    • PDF

    Customer Onboarding, Identification, and Diligence

    • PDF

    Article summary

    This guide captures the requirements for onboarding customers onto your platform for bank accounts. By following the guidance, you and your Sponsor Bank will have high-fidelity data on your customers for ongoing monitoring and analysis. It will also help you meet bank and anti-money laundering compliance requirements, ensuring all parties can be set up for long-term success. Note your Sponsor Bank may have additional bank-specific requirements to comply with its bank policy. These will be covered during your implementation and final approval. The below sections are intended as guidance and not legal advice.

    Know-Your-Customer vs. Customer Identification Program

    In the industry, gathering and verifying customer information is sometimes known as Know-Your-Customer or KYC. KYC can be a broad term that describes all the steps in verifying customer identity. However, banks are regulated against specific requirements as part of their Customer Identification Program or CIP. This includes requirements around what information to gather on customers, what to assess, and how long to store the information. It is important that you understand the basics of these requirements to run a compliant onboarding and ongoing monitoring program. These requirements are outlined by the US Department of Treasury and it's bureau, the Financial Crimes Network or FinCEN.

    Customer Identification Program (CIP)

    All customers opening a bank account through your program or app are required by law to provide basic identification information that is stored and retained by Synctera and the Sponsor Bank. This information is used to perform KYC checks and identity verification. It is also used to comply with banking regulations and to monitor against government lists such as those published by the Office of Foreign Assets Control (OFAC) to mitigate terrorist financing and conducting business with sanctioned entities.

    Identification requirements apply to the following:

    • Consumers opening a bank account
    • Businesses opening a bank account
      • Beneficial owners of a business that is opening a business bank account including the individual opening the bank account on behalf of the business

    Identification requirements in the US can be further broken down by the citizenship and residency of the customer.

    US Persons - Individuals and Businesses

    US Person

    US citizens and those individuals that meet the US residency or substantial presence test. Generally, this includes individuals born in the US, born outside the US of a US parent, naturalized citizens, Green Card holders, and tax residents (also known as Resident Aliens by the IRS). It also includes domestic US partnerships and corporations. Further definition of a US Person can be found on the IRS site.

    US Individuals that open a bank account must provide the following information:

    • Name
    • Date of birth
    • Address
    • Residential or business street address;
    • For an individual without a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual
    • Identification number
    • Social Security Number (Individual Tax Identification Number (ITIN) may be permitted subject to bank approval)
    • Additional information may be required as part of customer due diligence

    US Businesses must provide the following information:

    • Legal name
    • Legal address (no PO Box)
    • Employer Identification Number (EIN), if applicable
    • The Sponsor Bank will require proof of legal formation such as:
      • Corporation: Articles of Incorporation, Certificate of Incorporation
      • Partnership: Partnership Agreement
      • LLC: Articles of Organization
    • Additional information is required as part of customer due diligence - see CDD section

    Non-US Persons - Individuals and Businesses

    Definition of Non-US Person

    Persons that do not meet the US Persons' definition - this includes non-US citizens that are residing outside of the US and is sometimes known as a nonresident alien for tax purposes. This also includes non-US corporations, partnerships, estates, and trusts.

    Non-US Individuals that open a bank account must provide the following information:

    • Name
    • Date of birth
    • Address
    • Residential or business street address;
    • Identification number
      • Tax Identification Number (or evidence of an application for one); or
      • Passport number and country of issuance; or
      • Alien identification card number; or
      • Number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.
    • The Sponsor Bank will require a copy of an unexpired passport or similar government ID and a "selfie check" via an approved process
      • Acceptable alternative forms of identification such as a National ID must be approved by the Sponsor Bank
    • Additional information is required as part of customer due diligence - see CDD section

    Non-US Businesses must provide the following information:

    • Legal name
    • Legal address (no PO Box)
    • Employer Identification Number (EIN), if applicable
    • The Sponsor Bank will require proof of legal formation such as Articles of Incorporation of Partnership documents
    • Additional information is required as part of customer due diligence - see CDD section

    Documentary and Non-Documentary Verification

    It is required to verify each customer so that there is a reasonable belief that you and bank know the customer's true identity. This typically incorporates a combination of documentary and non-documentary verification. Examples of verification are provided below. Synctera's KYC and KYB module provide non-documentary verification methods and can provide documentary verification under certain circumstances. In general, additional verification may be required when initial verification methods fail or are inconclusive. Additional verification can also be required when the customer changes their identification information e.g. name or address.

    • Documentary Verification
      • Government-issued IDs such as passport, driver's license, or national ID
      • Financial documents, where applicable, such as financial statements or bank statements used to verify financial status of a customer
      • Legal documents such as articles of incorporation, DBA or name change documents, tax documents or business licenses
      • Utility bills to verify a customer's address
    • Non-Documentary Verification
      • Database checks including cross-verification of the customer's information against independent and public data sources such as consumer reporting agency data
      • Biometric verification such as facial scan
      • Contacting the customer directly
    Use of Synctera KYC and KYB

    Synctera provides integrated KYC and KYB tools to perform documentary and non-documentary verification.

    KYC includes integration with Socure to conduct identity verification, fraud checks, and watchlist screening utilizing various data sources. This also includes document verification capabilities that can scan certain government-issued ID such as driver's license and passport uploaded by your customer.

    KYB includes integration with Middesk to conduct screening of businesses including state registration and OFAC screening. Note that no automated systems are foolproof and various risk-based methods should be combined to mitigate fraud risk.

    Customer Due Diligence (CDD)

    As part of meeting bank regulations, it is required that you know your customers to help banks combat financial crime such as money laundering, terrorist financing, and drug trafficking. This is known as customer due diligence or CDD and can be summarized as the following:

    • Identify and verify the identity of customers
    • Identify and verify the identity of the beneficial owners of companies opening accounts
    • Understand the nature and purpose of customer relationships to develop customer risk profiles
    • Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

    CDD for Consumers

    As part of CDD requirements, it may be required to ask additional questions of your customers during the onboarding process. This allows the bank to risk profile the customer and can require enhanced due diligence depending on the customer attributes, which are driven by factors such as geographical location, expected activity, and nature of the account. Examples of customer bases that may require additional questions include:

    Below are examples of CDD-related questions during onboarding. Questions will be dependent on the nature of your use case and customer base - these will be covered during implementation:

    QuestionSample Response OptionsContext
    E-mail and Phone NumberCustomer provides and entries may be validatedThis information can also be used for fraud and synthetic ID checks via Synctera's KYC module and complement security controls that you may put into the app such as two-factor authentication and one-time passwords during onboarding. Generally, phone numbers that are VOIP have higher risk of fraud.
    Use of accountProvide options where customer can select multiple such as: Transferring money to friends/family, Bill payment, Investment activities, International transfers, Online shopping, Business transactions, SavingThis information may be used to reconcile against unusual activity or large transactions detected. Certain activities such as international transfers or frequent peer-to-peer transfers may warrant more investigation.
    Country of citizenshipDrop-down menu of countriesCustomers that are citizens of higher risk countries (e.g. money laundering, sanctions, drug trafficking) may require additional diligence
    Occupation or Source of IncomeDrop-down menu with options aligned to NAICS codes and options for retired / student / otherThis information may be used to reconcile against any unusual activity or large transactions detected
    Income LevelDrop-down menu with ranges (this may be tailored based on the expected customer base): $0 - $50,000; $50,001 - $150,000; $150,001 - $250,000, $250,001 or aboveThis information may be used to reconcile against any unusual activity or large transactions detected
    Source of WealthDrop-down menu with selections: Salary; Property Sale; Investments; Retirement; Inheritance; OtherThis information is typically used for investment use cases or large funding amounts and can help gauge whether the customer's transactions into their bank account align with their source of wealth
    Other customer identifiers such as device ID and IP addressGathered via your appThis information can be used in conjunction with Synctera's KYC and AML modules to detect suspicious or potentially fraudulent activity

    CDD for Business and Legal Entity Customers

    Business and legal entity customers generally require additional CDD due to the additional complexity and higher transaction amounts associated with businesses and the prohibitions your Sponsor Bank may have on certain business or industry types.

    Below are examples of CDD-related questions during onboarding. The number and range of questions required will be dependent on the nature of your use case and customer base - these will be reviewed during implementation and require bank approval. At a minimum, certain information such as Company Type, Website, and Industry are required. In general, you should have a clear understanding of what types of customers you are onboarding and why they are using your product. This will also be a critical part of investigating potential fraud and money laundering / terrorist financing when alerts are generated.

    QuestionSample Response OptionsContext
    Other company namesCustomer provides other DBA names that are not the company's legal nameEnsures other company names are also identified for due diligence purposes
    Company typeDrop-down menu that includes the following options (options may differ depending on your target customer base): Corporation; Partnership; Limited Liability Company (LLC); Limited Liability Partnership (LLP); Limited Partnership; Non-Profit; Partnership; Sole Proprietorship; Other (describe)Should correspond to legal formation documents
    Company website, social media, email, phone number (VOIP discouraged)Customer providesOther identifiers that may be used to mitigate fraud or for diligence purposes
    IndustryDrop-down menu with options aligned to NAICS codes - this may be more granular depending on your target customer baseMay be used to identify if the customer is within a higher-risk or prohibited industry
    Years in businessCustomer selects number of years in businessBasic part of diligence and may be derived from legal formation documents
    Business descriptionCustomer briefly summarizes what their business involvesBasic part of due diligence of the purpose of the company
    Use of accountProvide options where customer can select multiple such as: Operating expenses (such as payroll, travel); Sending wires; Bill and vendor payments; Receiving payments; Receiving investor funds; OtherFacilitates an understanding of expected size and volume of transactions
    International transactionsCustomer checks if the business will receive or make international payments (must be approved and enabled by your bank); if yes, then additional questions on which countries should be askedForeign activity and transactions may have higher money laundering risk and require enhanced diligence - certain countries may not be permissible
    Tax documentationProvide ability to upload EIN tax documentation, which may be either a Form CP 575 or a 147c letter.Ensures company is registered in the US
    Annual business revenueProvide drop-down menu with selection: $0-$500K; $500,001-$1M; Over $1MFacilitates an understanding of expected size and volume of transactions
    Expected monthly transaction volumeProvide ability for customer to enter in expected monthly $ volume of transactions based on product type including ACH debit origination (pulling of funds from external account); ACH credit origination (pushing of funds to external accounts); Wire origination (domestic and international); Mobile remote deposit checks; Card spendFacilitates an understanding of expected size and volume of transactions and may assist in AML-related investigations when there are unusual transaction types

    Prohibited or High-Risk Businesses or Industries
    Your Sponsor Bank will generally have prohibited businesses or businesses considered high risk for money laundering due to the nature of their industry. Prohibited businesses are not permitted for onboarding while higher risk businesses may require additional CDD or enhanced diligence. **It is your duty to gather sufficient information and documentation on your customers to meet these requirements and to evidence them via the Synctera platform for the bank's audit trail.
    Typical businesses that are considered high-risk or prohibited may be the following:

    • Money Services Business: Currency exchanges, crypto exchanges, check cashers, money transmitters (domestic or cross-border), which have high inherent risk for money laundering
    • Crypto Businesses: These platforms can sometimes be used to launder money due to the potential for anonymity.
    • Online Gambling and Gaming Businesses: These sectors may be targeted for fraud and money laundering due to the volume of transactions and potential for anonymity.
    • Precious Metals and Jewelry Dealers: Transactions involving precious metals and jewels can sometimes be used to move and launder illicit funds.
    • Cash-Intensive Businesses: Any business dealing primarily in cash can be a potential risk for money laundering, including retail businesses with high volumes of cash transactions.
    • Real Estate: This sector can be used for money laundering, where purchases are made to hide assets or launder money through property transactions.
    • Arms and Ammunition Dealers: This sector is scrutinized due to the potential for facilitating illegal activities.
    • Pawn Shops: These establishments can be used for fraudulent activities or to launder money through the sale of stolen goods.
    • Adult Entertainment Industry: Businesses in this sector can sometimes be involved in illegal activities and might be used for money laundering.
    • Offshore Corporations and Shell Companies: Entities that are used to obscure the true ownership can be high-risk from an AML standpoint.
    • Antique Dealers and Art Galleries: High-value transactions with art and antiques can sometimes be used to launder money.
    • Cannabis-related companies: Most banks will generally prohibit cannabis companies due to conflicting federal and state laws surrounding legality of the sale of cannabis.
    What is CDD used for?

    CDD allows the bank to assess the level of risk a customer presents and may include a risk rating of the customer to determine if enhanced due diligence is required. It's important to note that the primary risk being focused on here is NOT fraud risk, but rather money laundering / terrorist financing risk although the two may be connected.

    Synctera's AML module helps identify unusual transactions activity based on certain scenarios and triggers. CDD information allows you and the bank to verify whether those alerts are true or false positives by corroborating the alert against the information provided by the customer. As an example, transactions that are more volatile in size or frequency may be more expected for higher growth software companies, but may be unusual for companies in lower-growth, mature industries.

    Watchlist Monitoring and OFAC Screening

    Customers must generally be screened on an ongoing basis against lists published by the Office of Foreign Assets Control (OFAC), a division of the U.S. Department of the Treasury, responsible for implementing economic and trade sanctions against targeted foreign countries, entities, and individuals. One such list is the Specially Designated Nationals (SDN) List. US banks and companies are prohibited from doing business with entities on the SDN list.

    There are other watchlists that are important to screen for to identify potential money launderers, fraudsters, and human / drug trafficking. These lists include:

    • Law enforcement
    • Governmental agency
    • Other country sanctions lists

    In addition, a Politically Exposed Person (PEP) must be identified. A PEP is an individual who holds or has held a significant public position, either domestically or internationally. This designation can also extend to their immediate family members and close associates. Because of their position, they may be at higher risk for involvement in bribery or corruption. PEPs will generally require enhanced due diligene if onboarded.

    Watchlist Monitoring and OFAC Screening Cadence

    When your customers are enrolled to Watchlist alerts, they are screened upon onboarding and on an ongoing basis in the event lists are updated.

    Enhanced Due Diligence (EDD)

    EDD is a more comprehensive and detailed scrutiny process that financial institutions undertake for high-risk customers to prevent fraud and comply with regulatory requirements. It goes beyond the standard due diligence processes to include deeper investigation into a customer’s background, source of funds, transaction behaviors, and the purpose of the account or relationship.

    EDD requirements may be driven from initial CDD and customer risk ratings. A customer's risk profile may also change overtime as their behavior and transactional activity evolves such that they may be initially lower risk and then transition to higher risk, requiring EDD. Below are examples of typical EDD procedures:

    EDD for Consumer Customers

    • Re-verifying customer information including CDD questions or asking additional CDD questions
    • More frequent monitoring of the customer's transactions (e.g. quarterly, bi-annually, annually)
    • Conducting a negative news screen

    EDD for Business Customers and Legal Entities

    • Re-verifying customer information including CDD questions or asking additional CDD questions
    • More frequent monitoring of the customer's transactions (e.g. quarterly, bi-annually, annually)
    • Conducting a negative news screen
    • Conducting financial analysis of the company to verify revenue such as requesting financial statements or bank statements
    • Reviewing and investigating any other business relationships the company has

    Beneficial Ownership & Control/Managing Person

    Gathering and confirming beneficial ownership information for legal entity customers is required. This includes the following:

    • Identify individuals directly or indirectly owning at least 25% of the equity of the business - up to four individuals per business
    • Identify one Control / Managing Person with significant management responsibility.
    • A Control / Managing Person may also own 25% or more equity - they should be identified as both a Control / Managing Person and an Owner (Synctera contains APIs that allow you to pass that information into our platform for required record keeping).

    Your onboarding process should include identification of those individuals prior to account opening. Each individual should provide CIP information. In addition, they should include:

    • Entity ownership percentage
    • Business title

    Additional verification may be required if the beneficial owner or Control Person fails KYC checks.

    Corporate Transparency Act

    In the US, the Corporate Transparency Act was passed in 2021, requiring business entities to report beneficial ownership information to FinCEN. This legislation aims to prevent misuse of corporate structures for illicit activities such as money laundering and fraud. This also means FinCEN will begin establishing a database of businesses with beneficial owners beginning in 2024. Eventually, this may be used to reconcile against beneficial ownership information you gather of your business customers. Today, there is no central source of truth and relies on the truthfulness of the account opener and their certification. Additional FAQ is provided by FinCEN.

    Indirect Ownership

    Beneficial owners with at least 25% indirect ownership should be identified. Indirect ownership occurs when a business is owned in part by another entity that is owned in part by an individual.

    The following is an example provided by FinCEN:

    Screenshot 2023-09-14 at 4.05.23 PM.png

    Under this example:

    • Allan is a beneficial owner of Customer because he indirectly owns 30 percent of its equity interests through his direct ownership of Company A.
    • Betty is a beneficial owner of Customer because she indirectly owns 20 percent of its equity interests through her direct ownership of Company A plus 16⅔ percent through Company B for a total of indirect ownership interest of 36⅔ percent.
    • Neither Carl nor Diane is a beneficial owner because each indirectly owns only 16⅔ percent of Customer’s equity interests through their direct ownership of Company B.

    Exclusions and Exemptions to Beneficial Ownership Identification

    Certain entities are excluded from the definition of legal entity customers and do not require beneficial ownership identification. The most common exclusion are sole proprietorships.

    Certain entities may be exempt from providing beneficial ownership information. The more common entity types include the following and are fully listed here:

    • Publicly traded companies on NYSE or NASDAQ
    • US banks and bank-holding companies
    • Companies registered with the SEC
    • State regulated insurance company
    • Public accounting firm
    • Non-profit companies - Control / Managing Person must still be identified, but 25% or more owners are not required

    In addition, legal entity customers are defined as

    Beneficial Ownership Certification and Re-Certification

    Beneficial Ownership Certification

    The account owner responsible for identifying beneficial owners (typically a Control / Managing Person) must electronically confirm identification of owners and the Control / Managing Person with the following language.

    Beneficial Ownership Certification language

    I certify to the best of my knowledge that the information provided is complete and correct.

    There are several instances when recertification (along with re-KYB) is required and the account owner must re-confirm that beneficial owner information is up-to-date:

    • When changes are identified to the list of beneficial owners
    • When additional accounts are opened after the date of the initial account opening

    If requested, you must be able to provide the bank evidence of the certification including the name of the account owner, account owner e-signature, and date of certification. This is can be passed through to the Synctera platform via API.

    Beneficial Ownership Instructions

    • When gathering beneficial ownership information, instructions must be provided to the customer to ensure they understand what and how to identify beneficial owners and the Control/Managing person. This is usually accompanied with disclosures that explain why the information is gathered. Below is an example of language that can be used for instructions.
    Beneficial Ownership Form Instructions

    What is this form?
    To help the government fight financial crime, Federal regulation requires certain financial institutions to obtain, verify, and record information about the beneficial owners of legal entity customers. Legal entities can be abused to disguise involvement in terrorist financing, money laundering, tax evasion, corruption, fraud, and other financial crimes. Requiring the disclosure of key individuals who own or control a legal entity (i.e., the beneficial owners) helps law enforcement investigate and prosecute these crimes.

    Who must complete this form?
    This form must be completed by the person opening a new account on behalf of a legal entity with any of the following U.S. financial institutions: (i) a bank or credit union; (ii) a broker or dealer in securities; (iii) a mutual fund; (iv) a futures commission merchant; or (v) an introducing broker in commodities.

    For the purposes of this form, a legal entity includes a corporation, limited liability company, or other entity that is created by filing a public document with a Secretary of State or similar office, a general partnership, and any similar business entity formed in the United States or a foreign country. Legal entity does not include sole proprietorships, unincorporated associations, or natural persons opening accounts on their own behalf.

    What information do I have to provide?
    This form requires you to provide the name, address, date of birth and Social Security number (or passport number or other similar information, in the case of foreign persons) for the following individuals (i.e., the beneficial owners):

    Each individual, if any, who owns, directly or indirectly, 25 percent or more of the equity interests of the legal entity customer (e.g., each natural person that owns 25 percent or more of the shares of a corporation); and An individual with significant responsibility for managing the legal entity customer (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer). The number of individuals that satisfy this definition of “beneficial owner” may vary. Under section (i), depending on the factual circumstances, up to four individuals (but as few as zero) may need to be identified. Regardless of the number of individuals identified under section (i), you must provide the identifying information of one individual under section (ii). It is possible that in some circumstances the same individual might be identified under both sections (e.g., the President of Acme, Inc. who also holds a 30% equity interest). Thus, a completed form will contain the identifying information of at least one individual (under section (ii)), and up to five individuals (i.e., one individual under section (ii) and four 25 percent equity holders under section (i)).

    The financial institution may ask to see and obtain a legible copy of a driver’s license or other identifying document for each beneficial owner and control owner, listed on this form. The image must be of sufficient quality to be legible after being scanned into the bank’s system.

    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.