In this milestone:
Process of investigating and verifying information about a company and users, defining the onboarding process and fields.
What is POI and POA?
When conducting Know Your Customer (KYC) verification, proving the identity and address is a crucial part of the process of complying with anti-money laundering (AML) regulations.
In the UK, the Financial Conduct Authority (FCA) enforces KYC regulations that require institutions to verify both identity and address for customer due diligence.
In the EEA, the EU Anti-Money Laundering Directives mandate KYC checks, including address verification, to prevent money laundering, terrorist financing, and fraud.
These regulations are implemented to uphold the security and integrity of financial transactions and services provided by our institution both within the UK and the EEA. By ensuring comprehensive customer verification, we aim to mitigate risks associated with illegal activities, including money laundering, terrorist financing, and identity theft.
In general Proof of Identity (POI) document contains address, on the other hand the Proof of address (POA), is a check if matches the address in the POI document. This requirement is to ensure independent verification of the individual’s current residential address and meet the regulatory standards.
The absence of an address on the POI requires two independent POAs to meet regulatory standards, ensuring the accuracy of the address information.
Also the requirement for two independent POA (Proof of Address) documents for KYC verification can be attributed to several factors:
Having two proofs of address allows better validation of the individual’s address and can act as a safeguard against identity fraud and money laundering as it helps cross-verify that the customer resides at the address they provided. This is particularly important in regions with a higher risk of identity fraud or if there are higher-risk customer factors involved.
It ensures that one document (e.g., a bank statement) is not tampered with or forged, as it is harder to forge two independent documents from different sources (e.g., a utility bill and a government letter).
The EEA comprises several different countries, each with its own regulations and standards for KYC. Many EEA countries have a higher risk profile when it comes to money laundering, terrorist financing, or identity fraud, which prompts a more cautious and comprehensive approach to verifying customer identities.
By requesting two POA documents, we can ensure consistency across borders and compliance with both UK and EEA regulations and verify the identity and residence of our customers thoroughly.
The proof of address (POA) documents required may vary depending on the jurisdiction but in general, the requirements are as follows:
The documents must clearly show the customer’s name and current address.
Outdated documents (older than 3 months) are usually not accepted.
Documents like mobile phone bills or insurance documents are typically not accepted as they do not prove the current address effectively.
Acceptable Documents as Proof of Address:
The geolocation feature can add an additional layer of address verification, making it easier for customers to confirm their location or address digitally. This process may help reduce the need for traditional physical document verification in some cases, though the secondary traditional POA would still be needed to meet the regulatory standards.
Bank statement with visible issue date and name of the individual issued within the last 3 months;
Utility bill for gas, electricity, water, internet, landline telephone, etc., with visible date and name of the individual, issued within the last 3 months;
Lease agreement that is current and contains the signatures of the landlord and the tenant;
Letter from a recognized public authority or public servant e.g. any government-issued correspondence with visible issue date and name of the individual, issued within the last 3 months;
Credit card statements
Alternative proof of address - the documents listed below would only be accepted if they contain and address:
Passport (if the Passport contains the residential address);
National Identity card;
Driving license (except provisional driving licenses).
Ex. A customer can provide us with a Passport as Proof of Identity together with an Identity card containing visible address as Proof of Address.
Unacceptable Documents as Proof of Address:
Old utility bill, bank statement, government-issued correspondence (issued more than 3 months ago);
Provisional driving license;
Mobile phone bills;
Non-Government Issued Pension statement;
Insurance policy;
Transfer receipt;
Invoice;
Bank reference - If such reference contains the residential address, it would be acceptable (the document must be official and issued by a recognized authority).
What is KYC/KYB or AML refresher?- criteria below is applicable for both Acquiring and Issuing projects
Refreshers are done on a regular basis. The partner is to conduct AML re-screening and KYC/KYB refreshers, depending on the risk score of the end user, which is sent by Paynetics via API. Also, the Partner has to provide the vendor’s configuration setup file, which is to be approved by the Underwriting Team.
AML Re-screening frequency
Risk Score | Client’s Risk Assessment | Sanctions Screening Frequency |
|---|---|---|
1 | Low risk | 6 months |
2 | Low to Medium risk | 1 month |
3 | Medium risk | 1 month |
4 | Medium to High risk | Constantly |
5 | High risk | Constantly |
KYC/KYB Refreshers frequency
Risk Score | Client’s Risk Assessment | Frequency of Period Review |
|---|---|---|
1 | Low Risk | 36 months |
2 | Low to Medium Risk | 24 months |
3 | Medium Risk | 24 months |
4 | Medium to High Risk | 12 months |
5 | High Risk | 12 months |
**Additional information on the KYC/KYB refreshers:
In order to assure accuracy of the data and merchants’ files, Underwriting team performs screening on the merchant folders applying Risk-based approach, keeping a record of the information, documents and checks performed.
Ongoing KYC Refresh of each business relationship is intended to:
∙ Keep merchant’s identification, the purpose and intended nature of the business relationship, and beneficial ownership information up to date.
∙ Re-assess the AML risk level, associated with the client's transactions and activities.
∙ Determine whether the transactions or activities are consistent with the information previously obtained about the client, including the Risk assessment.
∙ Understand a client’s activities over time so that any changes can be measured to detect high risk or negative deviations.
Merchant’s KYC Refresh include:
∙ Check in the Trade Register for verification of the company details OR in case there is no information available to request from the client to provide an Extract from the Trade register (issued during last 3 months, showing company details, directors, shareholders/UBOs, share capital)
∙ Review of the KYC documents for expired personal documents
∙ License validity review
*In case any changes in the company details and structure are detected during the KYC Refresh, an up-to-date documents and forms have to be collected from the merchant – XIII. CHANGES TO MERCHANT DETAILS.
**A KYC Refresh have to be performed just before merchant’s account closure and execution of the final payout.