Knowing your customer begins when a user account is created. Businesses working with financial institutions, like Dwolla, are required to have a Customer Identification Program (CIP) in place describing the relevant steps within their processes to manage an effective KYC framework that can verify the identities of individuals conducting financial transactions.

Why is it important for businesses to have effective CIP and KYC processes? To limit money laundering, funding for terrorism, corruption and other illegal activities. A 2009 report by the United Nations Office on Drugs and Crime (UNODC) estimated that criminal proceeds amounted to 3.6 percent of global GDP ($1.6 trillion) being laundered. On top of that, corporate losses from fraudulent online transactions are expected to reach $25 billion this year.

In addition to the fiscal impacts, the USA PATRIOT Act that went into law in 2001 required appropriate steps to manage an effective Customer Identification Program. This mandate expanded the requirements of all financial institutions and information sharing between the government and financial institutions.

With more businesses offering an online payment option to their customers, the Dwolla Compliance team put together this guide to help with the understanding of what a Customer Identification Program is, how CIP impacts KYC processes and to share a few best practices for understanding risk mitigation with online payments.

We cannot advise businesses on how to build their specific CIP/KYC framework, but can provide best practices and requirements for understanding risk mitigation.

It’s important to remember when integrating any payment API that your business will begin operating in a heavily regulated financial space. This is why collecting and monitoring the right information is essential to mitigating risk.

Managing a KYC framework ensures appropriate due diligence is performed when verifying the identities of individuals seeking to open and an account to conduct financial transactions on your platform.

Before initiating a transfer on Dwolla’s payment platform, the business will need to require newly onboarded customers to provide personal information (and banking information). This information is then passed to Dwolla and verified through an API call.

For an individual customer needing verification and validation, the following information is needed:

  • Name
  • Date of Birth
  • Email Address
  • Physical Address
  • Identification or Social Security Number

If a business entity needs to undergo verification, the business will need to provide:

  • Business Name
  • Business EIN
  • Physical Business Address
  • Controller and/or Authorized Representative Information
    • Name
    • Email Address
    • Date of Birth
    • Identification or Social Security Number

Depending on the use case, some customers may not need to go through full verification. For example, if the customer is onboarded to only receiving funds, they will have different verification requirements compared to a customer who is attempting to initiate a transaction.

Dwolla Customer Types

The exact policies depend on the risk-based approach of each business but must be robust enough to verify the identity of each customer to a reasonable and practicable extent.

Dwolla carries out CIP verification of its clients and has its own KYC frameworks in place; both are specific to Dwolla and are done to meet Dwolla’s own obligations. As a business, you can choose to have all your users undergo CIP verification as an additional way of mitigating risk—something the Dwolla team fully supports.

Best practice for risk mitigation calls for one user to be verified within a transaction between two parties. Verification can be done in a variety of ways, for example:

  • A fully verified business (e.g. hospital) sending payments from a business bank account to a user’s bank account (e.g. employees).
    • The business as the sender will need to undergo verification and follow your CIP procedures.
  • A rental platform facilitating payments from tenant to landlord.
    • The landlord would undergo full identity verification (assuming the tenant is sending less than $5,000 per week).
  • A crowdfunding platform facilitating payments for investment projects.
    • All parties within this transaction would need to undergo full CIP verification.

Dwolla’s Customer Onboarding Requirements

Simply carrying out one-time CIP verification is not enough to protect your ecosystem. Risks such as transaction fraud, identity theft, spamming and account takeover can happen even with air-tight CIP verification processes. Having a program in place to continuously monitor your customers and their activity on an ongoing basis will help maintain a healthy business ecosystem.

Such best practices for ongoing fraud monitoring include:

  • Active oversight of the business platform
    • Monitor for any material changes in activity
      • Transactions (Amounts, Volumes)
      • Account level information changes
        • Address, Phone, Email
  • Monitor ACH return rates
  • Refresh due diligence on customer information
  • Monitor login footprints to protect your users from risks like account takeovers

When it comes to compliance requirements, taking ownership in your processes is key to meeting any obligations you have—whether you’re a startup, small business or enterprise-level company.

Watch Dwolla’s Fraud Webinar

A CIP must include procedures to handle various edge cases—scenarios that may occasionally occur. What happens if a customer does not have an identity document or if a document type is of a different language?

For a solution to these edge cases, partnering with Dwolla for payments means having access to the Dwolla Partner Ecosystem—a network of service providers that offer specific solutions to our clients. Among these providers are companies offering verification solutions for businesses and individuals.

Explore the Partnership Ecosystem

Whether that’s for identity verification or a new business account, our partners provide dedicated software services to help businesses like yours mitigate risk.

Learn more about the risks and considerations with ACH Payments in our recent webinar.

The Programmable Payments Infrastructure