Whether you are an e-merchant or a software provider, in either the B2B or B2C world, “customer knowledge” should be at the heart of your business concerns. For several months now, the term ” KYC”, an acronym for ” Know Your Customer”, has been appearing in Fintech or customer relations media. Much more than a new buzz word, this term refers to a legal process that has been in place for several years and is mandatory for payment institutions in order to guarantee the legitimacy of their activities. It is also and above all a guarantee for companies using these financial services, in terms of financial transparency and growth. Marie Nicolas, SlimPay’s Compliance and Financial Security Officer is here to tell us more about the subject.
What is KYC?
The KYC process goes much further than just fighting against money laundering and financing terrorism, the legal framework that institutions in the banking sector, such as SlimPay, must adhere to. In practice I would define KYC as the process of completely understanding your customers. This definition illustrated by the purely regulatory aspect of the process (collection of all official documents such as proof of identity, bank statement …) that is necessary to understand the merchant’s business, business model,payment scheme, and to confirm that our solution meets their needs. Our goal is to interfere as little as possible in the business of our customers. Thus, the further in advance and more efficiently this information is collected, the better our long-term collaboration with the merchant and the better we can meet their future needs and demands. The KYC has a dual mission: regulation and business!
KYC is therefore an official procedure and not an internal process for each company?
Yes and no. For SlimPay, as a payment institution operating within the PSD2 (Payment Services Directive) framework, we must meet European regulations transposed into French law (in the Monetary and Financial Code), which require us to retrieve certain documents from our clients before allowing them to use our solution. We also have an internal process in place, including our “Risk Committee”, consisting of the CEO, CTO, CFO and Compliance and Financial Security Officer, to decide the level of risk for merchants with mixed results for the KYC process. It is interesting to note that many companies that are not required to set up a KYC process as a regulatory requirement do it anyway, as it is very useful to know everything regarding merchants (news, change in governance, changes in supply …) in order to better support them in the use of the product/ service.
Could you give us more details on SlimPay’s KYC process?
We can break it down into two steps:
- The “Paper KYC”, which refers to the collection of all official documents from the company: proof of identity, bank account, company registration certificate… The goal is to make sure everything is in order, valid and in date, and to identify the beneficiary of the transactions, in addition to the decision makers within the company (shareholders, CEO, etc).
- The “Internet KYC” that complements the paper KYC refers to news concerning the company, its reputation, ensuring that the website and email addresses are functional, and that we are not facing a case of identity theft aiming to take payments without providing the end user with the service or product purchased. We are required to take an interest in the activity of our merchants to ensure their reliability and credibility. For this, we establish a risk profile that we adjust over time based on the evolution of the company (new activities, new shareholders …). The “riskier” the company, the more frequent the risk reviews (updated profile, legal documents, confirmation that the company is still active …).
How long does the KYC process take on average?
The KYC process must be completed before the customer starts using our solution. Thus we do our maximum to ensure that it is done as quickly as possible. If we receive all necessary documents quickly, everything can be completed in half a day . However, in some cases (complex organisations, diluted legal liability in a corporate chain, many stakeholders…) we can take up to 4 weeks to complete the process. The more transparent and cooperative the company, the faster the KYC process.
Is it a universal process ?
No and it will never be. The control points differ depending on the type of service offered (a payment service based on direct debit in the case of SlimPay). For example, some institutions instead focus on the solvency of a company. The KYC depends on the activity of the provider but also the levels of risk (financial and regulatory) decided by the company.
Why is it important to implement these processes? For SlimPay, merchants using SlimPay? For customers of merchants?
For authorised payment institutions such as SlimPay, KYC is compulsory and we are required to implement these processes. However, we do not do it simply because we are obliged. KYC minimises our own risk-taking with regards to which clients we process payments for, as we are regularly monitored.
For our merchants, it is necessary for them to understand that using our services is the same as working with any other financial institution with regards to the regulations imposed. We are a FinTech but we are subject to the same regulations as any other payment institution in order to guarantee the validity and credibility of our business. Finally, for our merchants’ customers, it is reassuring for them to know that the companies they use rely on trusted third party providers, especially when it comes to issues as sensitive as payment.
Do merchants perceive the KYC as a constraint or as a guarantee ?
This is where the role of our sales teams is very important. As they have direct contact with with the merchant they play a key educational role in explaining the importance of KYC and its benefits. Merchants need to understand the value of the KYC process and cooperate (by submitting the necessary documents for example) in order to start using our solution as quickly as possible. Our goal is to enforce regulations to protect all stakeholders without imposing a cumbersome and intrusive process, and especially without interfering in the activities of our merchants.
What happens if a merchant is classified as risky?
If we identify a “risky merchant” during the KYC process, we first conduct a second review of the components internally. We also contact our sales team, who is able to give us further information necessary to understand the merchant’s business, and consult our Risk Committee to discuss the merchant in question. If there is still a risk after all this, we end the relationship with the merchant. If suspicious transactions are detected for an existing merchant (abnormal amounts, abnormal frequencies), the first step is to check if there is an explanation in connection with the business (merchant changed business model, activity is seasonal …). Again, we appeal to our sales team for further information on the subject. Following this we contact the merchant directly to confirm our hypothesis or request additional information. This direct relationship with the merchant is very important: for example, with one particular merchant it allowed us to help them review their use of our solution, as it was no longer appropriate. However, as previously stated, our goal is to interfere as little as possible, so in the case that we have to contact a merchant, we do so with the utmost sensitivity and care.
Finally, if despite all our efforts we fail to explain a merchant’s activity, or the origin or destination of funds related to a transaction, we are obliged we are obliged to terminate the business relationship and to inform appropriate authorities .
How do you become responsible for KYC?
I opted for a Masters Degree in Law of Electronic Commerce and Digital Economy, as I am particular interested in legal issues surrounding online payment. One question always intrigued me: how do you divide the responsibility of payment? This is a very complex legal issue given the number of intermediaries and stakeholders involved. During my first professional experience, which was in the online payment world, I participated in the establishment of a process of KYC. Today at SlimPay I pay special attention to customer satisfaction and informing people of our approach to (and the importance of) KYC.
What is THE key word that you associate with KYC?
I have to select two because for me they are inseparable: TRUST and BALANCE.
