The KYC onboarding process is carried out to scrutinize and finalize the activation of the merchant account.
In order to fulfill the obligatory requirements and as the preventive measures against the risks involved in the approval of the payments services this verification process is carried out. This merchant onboarding process is called Know Your Customer (KYC) and/or Due Diligence (CDD).
KYC onboarding process
To further elaborate on the Know-Your-Customer process. It is different for the different types of legal forms of the merchants or businesses such as partnership, proprietorship, individual, trust, etc.
It varies according to the business model too. For example, eCommerce, freelancers, EdTech, Financial Services, Insurance, Entertainment, SaaS, etc.
Certain regulated entities such as financial institutes, payment service providers, payment aggregators, etc have to carry out the customer identification procedures in the form of the Know-Your-Customer.
The merchant onboarding process team & stages
KYC Onboarding Process of the merchants would be undertaken by the below-mentioned teams by coordinating and cooperating with each other, and also performing individually:
- Verification Team checks the KYC document check also known as the Customer Due Diligence Check (‘CDD’) process
- Operations Team takes followups for Documentation and activation
- The legal Team carries out the critical analysis for account approval
- Risk Team checks the line of business, Transaction verification, etc
After the team exchanges the data and scrutinizes it the merchant account services would be activated and the unsupported merchant would be rejected. The rejected applicants could be the merchants who are Illegal, prohibited, risky (possible fraud), grey past records, etc.
The merchant onboarding process needs to have the below stages as per the Know Your Customer (KYC) / Anti-Money Laundering (AML) guidelines issued by the Department of Regulation, RBI, in their “Master Direction – Know Your Customer (KYC) Directions”.
1. KYC Document Check or CDD
- KYC documentation would depend on the type of registrations explained below:
For an ‘Individual’ or ‘Sole Proprietor’, Individual KYC/CDD is carried out.
The ‘Officially Valid Document’ (OVD) is verified. OVD includes Aadhar Card/Driving License/Passport/etc, Individual PAN, and Current Address Proof (Electricity Bills, Water Bill, etc.).
As per the line of business or to know the financial status.
For a Business Entity, Business KYC/CDD is carried out.
The ‘Entity-Proof’ check is done for the Business verification.
For a ‘Company’, the Certificate of Incorporation, Memorandum of Association, Article of Association, etc is verified.
For a Partnership firm, Partnership deed. And Trust Deed, NGO Darpan, etc for a Trust.
In short, the verification of Licenses and Registration Certificates is done for respective entities.
Also, the person who registers to represent the business entity is verified. This is done to check if the entity has authorized him/her to register the merchant account on behalf of the company. For this verification, an Authorisation Letter, Power of Attorney, etc would be requested.
- Other documents required are the Business PAN and Address Proof (GST) (if the provided Licenses and Registration Certificates do not have the address).
If required, the KYC/CDD process for individual owners would be done.
- Some other documents can be requested for verification purposes for CDD.
Bank verification of the provided bank details for settlements can be done to determine the bank account authenticity. It can be done with a verification tool or soft-copy of the bank document.
Your sub-merchants under your merchant account need to carry out the KYC process as additional diligence along with their bank verification as part of the KYC onboarding process.
- Verification methods could be physical checks and digital checks.
2. Check various lists for risk and fraud prevention
Verification of the checklists is done to prevent risk imposing acts such as terrorism, money laundering, etc.
Checklists include the Politically Exposed Persons (PEP) list, lists of sanction lists of the individuals and entities, suspected of having terrorist links, etc.
If the registrant matches any record in the list then he/she would be reported to the Financial Intelligence Unit of India (‘FIU-IND’).
Other lists to be checked are from the Securities and Exchange Board of India, the bank, the Enforcement Directorate, the Ministry of Corporate Affairs, etc. for the defaulters, blacklisted, or greylisted members.
3. Scrutinize the business
Merchant and business model is evaluated to decide if it should be approved or rejected.
Verification is done for the website or mobile application, products, site owners, shareholders, the legality of the business/products, online presence, and impression, reviews, email address, mobile number, customer care details, address, match with previously rejected merchant list, etc.
The operations team would contact the merchant on the registered details if any further requirements or modifications are to be done.
The business may need to be PCI DSS compliant depending on the business model.
In short, the background screening is done at this stage for the purpose of verification of the authenticity of the merchant’s intentions, business model, and purpose of registration or getting the payment gateway account.
4. Merchant Analysis and Categorising
The merchant would be categorized according to the risk level determined from the verification till now and the further steps would be carried out accordingly. Actions would include:
Enhanced due diligence for PEPs.
Further Due Diligence and monitoring of the account for High-Risk businesses like gaming.
Illegal businesses would be prohibited.
5. Due diligence after merchant onboarding
The due diligence shall continue after the merchant onboarding.
The team would track his merchant account for any changes or deviations from the approved details and documents.
For example, changes on the website, product listing, etc. This may also require re-analyzing and categorizing the merchant.
6. Verification of the transactions
The merchant cannot accept the payments for any other activities or the business model for which the merchant account is approved.
The transaction monitoring, customer complaints, unusual activities, etc. would give an idea if any other activities are carried out.
Necessary actions need to be taken in case of any deviation from the approved business model.
Merchant records are to be maintained in a proper system such as transactions and identity documents for at least 5 years. This is with reference to provisions of the Prevention of Money-Laundering (PML) Act and Rules.
On request, these identification records and transaction data need to be provided to the competent authorities.
Transactions records would include nature, amount of the transaction, and the currency in which it was denominated, the date on which the transaction was conducted; and the parties to the transaction.
8. Updating records
Periodic update of the KYC and Categorizing as per the risk level needs to be done.
It is every 10 years for low risk, 8 years for medium, and every 2 years for high risk. The same applies to the Ongoing due diligence.
This way it is necessary for the payment service providers to carry out the KYC and merchant onboarding process carefully.
Due to the prevailing fraud and other risky activities, a thorough verification is highly essential while onboarding the merchant. This is to make sure that the wrong person is not vested in the facility to accept the online payments.
Our team carries out fast and efficient KYC. Get onboard now!