KYC explained
KYC stands for Know Your Customer and is a form of due diligence that various financial services (including crypto-related services such as mobile apps or exchanges) are obliged to execute prior to allowing full, or partial access to their services.
What makes them do so, are anti-money laundering (AML) and counter-terrorism financing (CFT) regulations. These are quite strict at the moment tending to become stricter every year.
Generally, KYC is a procedure, or a series of procedures aimed at verifying the following information provided by clients, declaratively or with supporting documents:
- Contact information, including e-mail and address;
- Identity, based on government-issued IDs;
- Residence, based on utility bills, bank statements, or voters' cards;
- Other relevant information.
These verifications are typically split into a number of individual steps, where more steps completed make user account more functional.
As a European company, operating under respective legislation, including EU AMLD5 Directive, Exscudo OU makes no exception. Accounts held in both Fintap and Exscudo Exchange are only fully functional when certain number of individual KYC verifications is completed.
This article does not contain detailed walkthroughs for specific KYC procedures, providing a quick review of the big picture with references to dedicated Knowledge Base articles.
Legal framework
KYC procedures are regulated by their respective policy legally binding for users of Exscudo products and services.
Summary
AML/CFT is the process that in order to comply with respective regulations has to be started with no delay, and so KYC procedures start as soon as an account is registered.
Below is a table that provides a brief summary of KYC verifications.
VERIFICATION | COMMENT |
|---|---|
Completed on sign up. It serves as a prerequisite for completing further KYC verifications. You can explore the Exscudo Exchange and chat in Fintap upon completion. To complete, you will need an active mailbox | |
Personal information: name, country or residence, and address | No supporting documents required. Fill in trustworthy personal information, as you will need to prove it by supporting documents during further verifications |
Performed by a dedicated GDPR-compliant provider. Personal data is protected under GDPR when transferred, processed and stored. You will need a quality camera built- or plugged in to your device to complete this verification | |
Utility bills, bank statements, or other suitable supporting documents to be manually checked by security officers in-house | |
A form to be filled out and signed. Manually approved by in-house security officers. This is the ultimate KYC verification |
Data protection
Multiple types of KYC verification result in collection of plethora of sensitive customer information, which means implemented protection of such personal data shall meet the highest security standards for data-in-motion (when collected), data-in-use (when processed), or data-at-rest (when stored).
SIDE EFFECT
These personal data can be used to restore access to account under almost any circumstances: one can lose credentials or access to 2FA codes, access to associated mailbox, and still be able to recover access to their account provided that their identity has previously been verified
As we use a combination of in-house and contractor-based approach when collecting, processing and storing personal data, we have implemented industry leading standards via a set of security measures to ensure the highest level of protection. These include:
- A sophisticated security policy, including data loss prevention policy;
- In-house security officers;
- DLP tools;
- Monitoring;
- Risk management;
- Regular penetration tests.
Plus,
- Platform’s security is constantly monitored, regularly tested, and audited.
- Identity verification contractors (see Tier 2 Step 2 of the above table) are GDPR-compliant.
- Server network’s software is always up-to-date.