Answers to common questions about the KYC process from our very own expert – Director of Compliance Lara Barbuto
‘Comply or die’ is the unwritten rule of finance. Or, if it’s not, it should be. Whenever we’re talking about financial services like embedded finance, compliance is a key part of the process; that’s why it’s something we look at closely when onboarding our clients.
But what does this process actually look like? Our Director of Compliance Lara is the expert, so we asked her to answer some of the most frequently asked questions.
Onboarding a new client is a bit like going on a blind date - both sides will have lots of questions, because you want to get to know each other quickly and work out if it’s a good match. Our clients will obviously have lots of questions about our service and how they can make it work for them. It’s my job to ask the questions we need to ask to get to know our clients.
That’s why we perform Due Diligence and Know Your Customer information gathering - we want to know exactly what their needs are and how we can support them. We collect certain documentation and information about what your business currently does and what it plans to do, so that we know what to expect.
As well as high-level information, we'll also collect specifics related to the embedded banking and payments services we will be offering. This information will include your expected payment flows, the controls you have in place to prevent fraud or money laundering, how these controls work in practice and more. All of this helps us to build that overall picture of who we’re working with and how we can work together.
Yes and no. The application is standard and certain documentation is required for all businesses that we partner with - organisation structures, KYC on directors, source of funds and so on.
But every case is different. Payment flows that a remittance service has will be different to those of a crypto exchange. Therefore, what we need to know will also be different. Sometimes it’s about asking more questions, sometimes we just need to ask different questions.
Once we have had the initial conversation and gathered certain information we carry out a ‘customer risk assessment’; businesses that we consider high risk will then go through enhanced due diligence. This is where we ask more questions and request further documentation.
This isn’t because we think high-risk businesses are necessarily less desirable to work with, we just have to feel comfortable that we can support what the company is doing, which may be less commonplace than other businesses. Ultimately, we need to ensure that the risk in question falls within our risk appetite.
No, making evaluations about your business based on the size of your compliance team wouldn’t be a very good way to go about it. Besides, not all businesses are subject to the AML regime, and these businesses might not even have compliance teams at all. We’re looking at what controls you have and how you are performing checks to keep your customers safe, while also ensuring your company is not being used as a money laundering vehicle.
If you’re dealing with a very high volume of transactions and you only have one employee monitoring them, then this may raise questions. But again, those questions are being raised because we’re analysing your controls and monitoring. It’s not the case that <X number of compliance people is bad and >X number is good.
For OpenPayd, you will continue to work with a member of the Sales team for the onboarding, before a Customer Success Manager becomes your main point of contact. You won’t need to continuously meet new members of staff on our side.
Well, I’d definitely say all businesses we’d work with should have the necessary KYC controls in place. They should also be monitoring their transactions in some form or another and ensuring full compliance with sanctions obligations. This particularly applies to crypto businesses which in the past have had more of a focus on crypto-to-crypto transactions. It’s very important for us that transactions between fiat and crypto are being monitored.
Other than that, it really does depend on the business, so it’s easier to just start the conversation!
I’m afraid not, it’s very much an ongoing relationship. Compliance wouldn’t be very useful if it only checked a business was meeting regulatory standards once and never again!
However, this doesn’t mean we’ll constantly be over your shoulder. Once our clients are onboarded, a lot of our work will continue in the background, with transactions being monitored to check that payment flows are matching the expected flows. Ongoing monitoring is one of our regulatory obligations and this includes ensuring that the documentation provided is always up to date – this includes a review of your account on a periodic basis.
Compliance can sometimes be seen as something which prevents businesses from doing what they want, but we actually think of it as the opposite. Effective compliance is what enables you to build what you want to build - it’s what takes new developments from the idea phase through to the production phase, with the knowledge you’re meeting regulatory demands.
Most importantly for compliance, you’re not alone on the journey. Your embedded finance provider is there to work with you each step of the way. When you’re ready to make that first step - just go for it!
Last year, we launched a sabbatical policy for long-serving OpenPayders. Our Head of Talent Kinga took advantage earlier this year and shared her experience with us.
Our cheat sheet for applying to join the team.
QA is vital for building better embedded finance tech. In our first Tech Tale, Yusuf from the QA team shares how we do it.