Customer Onboarding, Identification, and Diligence

This guide captures the requirements for onboarding customers onto your platform for bank accounts. By following the guidance, you and your Sponsor Bank will have high-fidelity data on your customers for ongoing monitoring and analysis. It will also help you meet bank and anti-money laundering compliance requirements, ensuring all parties can be set up for long-term success. Note your Sponsor Bank may have additional bank-specific requirements to comply with its bank policy. These will be covered during your implementation and final approval. The below sections are intended as guidance and not legal advice.

Customer Identification Program (CIP)

All customers opening a bank account through your program or app are required by law to provide basic identification information that is stored and retained by Synctera and the Sponsor Bank. This information is used to perform KYC checks and identity verification. It is also used to comply with banking regulations and to monitor against government lists such as those published by the Office of Foreign Assets Control (OFAC) to mitigate terrorist financing and conducting business with sanctioned entities.

Identification requirements apply to the following:

• Consumers opening a bank account
• Businesses opening a bank account
  • Beneficial owners of a business that is opening a business bank account including the individual opening the bank account on behalf of the business

Identification requirements in the US can be further broken down by the citizenship and residency of the customer.

US Persons - Individuals and Businesses

US Individuals that open a bank account must provide the following information:

• Name
• Date of birth
• Address
• Residential or business street address;
• For an individual without a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual
• Identification number
• Social Security Number (Individual Tax Identification Number (ITIN) may be permitted subject to bank approval)
• Additional information may be required as part of customer due diligence

US Businesses must provide the following information:

• Legal name
• Legal address (no PO Box)
• Employer Identification Number (EIN), if applicable
• The Sponsor Bank will require proof of legal formation such as:
  • Corporation: Articles of Incorporation, Certificate of Incorporation
  • Partnership: Partnership Agreement
  • LLC: Articles of Organization
• Additional information is required as part of customer due diligence - see CDD section

Non-US Persons - Individuals and Businesses

Non-US Individuals that open a bank account must provide the following information:

• Name
• Date of birth
• Address
• Residential or business street address;
• Identification number
  • Tax Identification Number (or evidence of an application for one); or
  • Passport number and country of issuance; or
  • Alien identification card number; or
  • Number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.
• The Sponsor Bank will require a copy of an unexpired passport or similar government ID and a "selfie check" via an approved process
  • Acceptable alternative forms of identification such as a National ID must be approved by the Sponsor Bank
• Additional information is required as part of customer due diligence - see CDD section

Non-US Businesses must provide the following information:

• Legal name
• Legal address (no PO Box)
• Employer Identification Number (EIN), if applicable
• The Sponsor Bank will require proof of legal formation such as Articles of Incorporation of Partnership documents
• Additional information is required as part of customer due diligence - see CDD section

Documentary and Non-Documentary Verification

It is required to verify each customer so that there is a reasonable belief that you and bank know the customer's true identity. This typically incorporates a combination of documentary and non-documentary verification. Examples of verification are provided below. Synctera's KYC and KYB module provide non-documentary verification methods and can provide documentary verification under certain circumstances. In general, additional verification may be required when initial verification methods fail or are inconclusive. Additional verification can also be required when the customer changes their identification information e.g. name or address.

• Documentary Verification
  • Government-issued IDs such as passport, driver's license, or national ID
  • Financial documents, where applicable, such as financial statements or bank statements used to verify financial status of a customer
  • Legal documents such as articles of incorporation, DBA or name change documents, tax documents or business licenses
  • Utility bills to verify a customer's address
• Non-Documentary Verification
  • Database checks including cross-verification of the customer's information against independent and public data sources such as consumer reporting agency data
  • Biometric verification such as facial scan
  • Contacting the customer directly

Customer Due Diligence (CDD)

As part of meeting bank regulations, it is required that you know your customers to help banks combat financial crime such as money laundering, terrorist financing, and drug trafficking. This is known as customer due diligence or CDD and can be summarized as the following:

• Identify and verify the identity of customers
• Identify and verify the identity of the beneficial owners of companies opening accounts
• Understand the nature and purpose of customer relationships to develop customer risk profiles
• Conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information

CDD for Consumers

As part of CDD requirements, it may be required to ask additional questions of your customers during the onboarding process. This allows the bank to risk profile the customer and can require enhanced due diligence depending on the customer attributes, which are driven by factors such as geographical location, expected activity, and nature of the account. Examples of customer bases that may require additional questions include:

• Non-US citizens or non-US residents
• High net worth individuals
• Politically Exposed Persons (Synctera's KYC module assists in identifying these individuals)
• Individuals identified on a watchlist (Synctera's KYC module assists with identifying these individuals)

Below are examples of CDD-related questions during onboarding. Questions will be dependent on the nature of your use case and customer base - these will be covered during implementation:

CDD for Business and Legal Entity Customers

Business and legal entity customers generally require additional CDD due to the additional complexity and higher transaction amounts associated with businesses and the prohibitions your Sponsor Bank may have on certain business or industry types.

Below are examples of CDD-related questions during onboarding. The number and range of questions required will be dependent on the nature of your use case and customer base - these will be reviewed during implementation and require bank approval. At a minimum, certain information such as Company Type, Website, and Industry are required. In general, you should have a clear understanding of what types of customers you are onboarding and why they are using your product. This will also be a critical part of investigating potential fraud and money laundering / terrorist financing when alerts are generated.

Prohibited or High-Risk Businesses or Industries
Your Sponsor Bank will generally have prohibited businesses or businesses considered high risk for money laundering due to the nature of their industry. Prohibited businesses are not permitted for onboarding while higher risk businesses may require additional CDD or enhanced diligence. **It is your duty to gather sufficient information and documentation on your customers to meet these requirements and to evidence them via the Synctera platform for the bank's audit trail.
**
Typical businesses that are considered high-risk or prohibited may be the following:

• Money Services Business: Currency exchanges, crypto exchanges, check cashers, money transmitters (domestic or cross-border), which have high inherent risk for money laundering
• Crypto Businesses: These platforms can sometimes be used to launder money due to the potential for anonymity.
• Online Gambling and Gaming Businesses: These sectors may be targeted for fraud and money laundering due to the volume of transactions and potential for anonymity.
• Precious Metals and Jewelry Dealers: Transactions involving precious metals and jewels can sometimes be used to move and launder illicit funds.
• Cash-Intensive Businesses: Any business dealing primarily in cash can be a potential risk for money laundering, including retail businesses with high volumes of cash transactions.
• Real Estate: This sector can be used for money laundering, where purchases are made to hide assets or launder money through property transactions.
• Arms and Ammunition Dealers: This sector is scrutinized due to the potential for facilitating illegal activities.
• Pawn Shops: These establishments can be used for fraudulent activities or to launder money through the sale of stolen goods.
• Adult Entertainment Industry: Businesses in this sector can sometimes be involved in illegal activities and might be used for money laundering.
• Offshore Corporations and Shell Companies: Entities that are used to obscure the true ownership can be high-risk from an AML standpoint.
• Antique Dealers and Art Galleries: High-value transactions with art and antiques can sometimes be used to launder money.
• Cannabis-related companies: Most banks will generally prohibit cannabis companies due to conflicting federal and state laws surrounding legality of the sale of cannabis.

Watchlist Monitoring and OFAC Screening

Customers must generally be screened on an ongoing basis against lists published by the Office of Foreign Assets Control (OFAC), a division of the U.S. Department of the Treasury, responsible for implementing economic and trade sanctions against targeted foreign countries, entities, and individuals. One such list is the Specially Designated Nationals (SDN) List. US banks and companies are prohibited from doing business with entities on the SDN list.

There are other watchlists that are important to screen for to identify potential money launderers, fraudsters, and human / drug trafficking. These lists include:

• Law enforcement
• Governmental agency
• Other country sanctions lists

In addition, a Politically Exposed Person (PEP) must be identified. A PEP is an individual who holds or has held a significant public position, either domestically or internationally. This designation can also extend to their immediate family members and close associates. Because of their position, they may be at higher risk for involvement in bribery or corruption. PEPs will generally require enhanced due diligene if onboarded.

Enhanced Due Diligence (EDD)

EDD is a more comprehensive and detailed scrutiny process that financial institutions undertake for high-risk customers to prevent fraud and comply with regulatory requirements. It goes beyond the standard due diligence processes to include deeper investigation into a customer’s background, source of funds, transaction behaviors, and the purpose of the account or relationship.

EDD requirements may be driven from initial CDD and customer risk ratings. A customer's risk profile may also change overtime as their behavior and transactional activity evolves such that they may be initially lower risk and then transition to higher risk, requiring EDD. Below are examples of typical EDD procedures:

EDD for Consumer Customers

• Re-verifying customer information including CDD questions or asking additional CDD questions
• More frequent monitoring of the customer's transactions (e.g. quarterly, bi-annually, annually)
• Conducting a negative news screen

EDD for Business Customers and Legal Entities

• Re-verifying customer information including CDD questions or asking additional CDD questions
• More frequent monitoring of the customer's transactions (e.g. quarterly, bi-annually, annually)
• Conducting a negative news screen
• Conducting financial analysis of the company to verify revenue such as requesting financial statements or bank statements
• Reviewing and investigating any other business relationships the company has

Beneficial Ownership & Control/Managing Person

Gathering and confirming beneficial ownership information for legal entity customers is required. This includes the following:

• Identify individuals directly or indirectly owning at least 25% of the equity of the business - up to four individuals per business
• Identify one Control / Managing Person with significant management responsibility.
• A Control / Managing Person may also own 25% or more equity - they should be identified as both a Control / Managing Person and an Owner (Synctera contains APIs that allow you to pass that information into our platform for required record keeping).

Your onboarding process should include identification of those individuals prior to account opening. Each individual should provide CIP information. In addition, they should include:

• Entity ownership percentage
• Business title

Additional verification may be required if the beneficial owner or Control Person fails KYC checks.

Indirect Ownership

Beneficial owners with at least 25% indirect ownership should be identified. Indirect ownership occurs when a business is owned in part by another entity that is owned in part by an individual.

The following is an example provided by FinCEN:

Under this example:

• Allan is a beneficial owner of Customer because he indirectly owns 30 percent of its equity interests through his direct ownership of Company A.
• Betty is a beneficial owner of Customer because she indirectly owns 20 percent of its equity interests through her direct ownership of Company A plus 16⅔ percent through Company B for a total of indirect ownership interest of 36⅔ percent.
• Neither Carl nor Diane is a beneficial owner because each indirectly owns only 16⅔ percent of Customer’s equity interests through their direct ownership of Company B.

Exclusions and Exemptions to Beneficial Ownership Identification

Certain entities are excluded from the definition of legal entity customers and do not require beneficial ownership identification. The most common exclusion are sole proprietorships.

Certain entities may be exempt from providing beneficial ownership information. The more common entity types include the following and are fully listed here:

• Publicly traded companies on NYSE or NASDAQ
• US banks and bank-holding companies
• Companies registered with the SEC
• State regulated insurance company
• Public accounting firm
• Non-profit companies - Control / Managing Person must still be identified, but 25% or more owners are not required

In addition, legal entity customers are defined as

Beneficial Ownership Certification and Re-Certification

Beneficial Ownership Certification

The account owner responsible for identifying beneficial owners (typically a Control / Managing Person) must electronically confirm identification of owners and the Control / Managing Person with the following language.

There are several instances when recertification (along with re-KYB) is required and the account owner must re-confirm that beneficial owner information is up-to-date:

• When changes are identified to the list of beneficial owners
• When additional accounts are opened after the date of the initial account opening

If requested, you must be able to provide the bank evidence of the certification including the name of the account owner, account owner e-signature, and date of certification. This is can be passed through to the Synctera platform via API.

Beneficial Ownership Instructions

• When gathering beneficial ownership information, instructions must be provided to the customer to ensure they understand what and how to identify beneficial owners and the Control/Managing person. This is usually accompanied with disclosures that explain why the information is gathered. Below is an example of language that can be used for instructions.