Guide
KYC verification guide
A practical blueprint for onboarding flows: identity verification, document checks, and the controls that make your process regulator-ready.
Step 1: Collect identity attributes
Start with the minimum attributes you need for your risk model. Common fields include legal name, date of birth (for individuals), address, country, and for businesses: registration number and beneficial ownership details.
Step 2: Verify identity (data-based or document-based)
Verification can be data-based (trusted data sources) or document-based (ID scan + selfie/liveness). Use a risk-based approach and define a clear policy for when you require documents.
Step 3: Screen against sanctions and PEP sources
KYC verification is not complete without screening. Even a perfectly verified identity can still be a sanctions or PEP hit. For business onboarding, screen controlling persons and beneficial owners as well.
Step 4: Assign risk and define monitoring
Document how risk is assigned and what controls follow: enhanced due diligence (EDD), re-screening cadence, and transaction monitoring thresholds.
What to document for audits
- Verification method used and evidence captured
- Screening results and disposition reasons
- Any escalations, overrides, and approvals
- Retention policy for artifacts and logs
Fast path for developers
If you are API-first, start with sanctions + PEP screening at onboarding, then add periodic re-screening and alerts once you have stable tuning.