- 16 Sep 2024
- Print
- PDF
Use of External KYC Vendors
- Updated on 16 Sep 2024
- Print
- PDF
Use of External KYC Vendors
Synctera is connected with specific KYC vendors to conduct identity verification, watchlist monitoring, and OFAC screening. However, using external KYC vendors might be necessary for several reasons, such as utilizing data sources that better fit your target customer, having a better understanding of the vendor, or having existing contractual arrangements or integrations.
Generally, the use of an external KYC vendor requires the following:
Approval from your Sponsor Bank
Completed third-party vendor risk assessment, subject to bank approval, with ongoing assessments after launch
Sending KYC verification data to the Synctera Console via API
List of verifications performed by the KYC vendor for each customer account opening or for ongoing monitoring - this includes fraud checks, document screening, or selfie checks
Detailed results of the verifications completed including pass / fail / risk scoring
Notes or evidence of additional manual reviews performed for verifications that have failed
Documentation collected during onboarding including passport, driver's license or business formation documents such as incorporation docs - these should be sent via the Documents API
Ability to complete KYC reviews with qualified staff or compliance operations - see requirements to opt-out of Ground Control
Clear procedures for how the staff will conduct and document manual KYC reviews that have failed automated checks
Types of ID that are accepted and examples of permissible IDs such as government IDs
List of the settings and configurations of the KYC provider - shared with Synctera Compliance Operations team and the Sponsor Bank
OFAC and PEP Screening
The Sponsor Bank must continually screen customers for various checks, such as OFAC sanctions lists and Politically Exposed Persons (PEP) screening. These checks cannot be outsourced to an external vendor unless the Sponsor Bank approves. Otherwise, they must be performed using the approved Synctera integrated vendor.
Verification Process
To create a customer and send your vendor's identity verification results, you must first call the Verification API and provide the data outlined here.
Encoded Data
Send the encoded verification information from the KYC vendor to Synctera using the vendor_info object in the Verification API. The data should be in JSON or TEXT/XML format and must include the vendor's encoded response object, along with the vendor name.
{
"details": [
{
"description": "Address can be resolved to the individual",
"category": "ADDRESS",
"result": "PASS",
"vendor_code": "I708",
"url": "https://kyc_vendor.com/resultsid123"
},
{
"description": "SSN/ITIN cannot be resolved to the individual",
"category": "CIP",
"result": "FAIL",
"vendor_code": "R901",
"url": "https://kyc_vendor.com/resultsid123"
}
"referenceId": "cd36685a-8407-4645-b138-d7ff07dbf45e"
},
"vendor": "SOCURE"
},
"verification_type": "IDENTITY"
}
Verification Details
Send a list of completed verification results from your KYC vendor. These details should be grouped into verification types and sent to Synctera via the details array of objects within the category object in the Verification API. This will ensure that the data is properly displayed on our system, is aligned with the procedure, and that CIP reports are available within our console for the Sponsor Bank.
KYC
Category | Description |
CIP | Checks include verifying name, ID number, and date of birth. |
ADDRESS | Address check done either through a bureau or document verification |
PHONE | Phone check, including verifying number and other correlation methods |
Email check, including verifying email address and other correlation methods | |
FRAUD | Check for any fraud elements |
SYNTHETIC | Check for any synthetic elements |
WATCHLIST | Outcome from Watchlist screening |
DEVICE | Device check either through SDK or IP screen |
DOC_VERIFICATION | Document authenticity check |
SELFIE_CAPTURE | Selfie capture check, including liveness test, or other anti-fake verification |
SELFIE_DOCUMENT | Check if selfie matches with photo on document |
DOC_DETAILS | Check if details on ID documents matches with supplied information |
OTHER | A category for miscellaneous or uncategorized verifications |
KYB
Category | Description |
---|---|
BUSINESS_NAME | Business name check done against a bureau |
OFFICE_ADDRESS | Address check done either through a bureau or document |
SOS_FILINGS | Outcome from a SOS filings check |
WEBSITE | Business website check |
TIN_MATCH | TIN check from tax bureau |
BANKRUPTCIES | Check for any bankruptcy filings |
WATCHLIST | Watchlist screening |
SOS_DOMESTIC | Domestic SOS filings check |
LICENSE | License Check |
OTHER | A category for miscellaneous or uncategorized verifications |
Documents
Upload all customer verification documents to the Synctera Console using the Document Storage API. Reference the resource ID to link each document to the customer. Ensure that all documents containing Personally Identifiable Information (PII) are encrypted by setting the object as 'Required' in the encryption string of the Document Storage API.