KYC procedures for merchant onboarding

What are the KYC Procedures for Merchant Onboarding?

The merchant onboarding process is at the core of the payments industry, its effectiveness either enabling or inhibiting growth for businesses in this soon-to-be $2-trillion market. The global payments sector is rapidly evolving, with legislative changes, macroeconomic developments, and fintech’s push into the payments industry that is posing problems and opportunities. 

As payments companies negotiate the industry’s challenges, they are all affected by the digital change that is sweeping financial services. Customers and merchants have grown accustomed to faster, more convenient service, prompting payment providers to invest in digital infrastructure upgrades to gain speed and flexibility. Meanwhile, new businesses are emerging onto the market with unprecedented speed. 

When onboarding merchants, certain risks must be addressed, such as fraud, excess chargebacks, money laundering, tax evasion, and so on. Regulatory guidelines and applicable regulations compel us to take a number of preventive measures, including Know-Your-Customer (‘KYC’) and merchant due diligence procedures, in order to achieve this. As a result, we conduct a series of checks for merchants that begin before onboarding and last until the conclusion of their engagement with us. Financial service institutions or any other businesses who want to onboard merchants onto their platform can use the techniques described here to comply with guidelines and mitigate risk. 

Table of Contents

What is KYC?

When a client attempts to open an account or on board with a regulated financial institution, such as a bank, a private bank, or an investment company, KYC is conducted (e.g.: the KYC process you undertake when opening a bank account). An individual or a legal entity can be a client. The goal is to verify the client’s identity, address, and legitimacy through crucial document verification. When combined with due diligence and other mandatory tests, these allow us to identify possible fraudsters, and shell corporations and detect money laundering, among other things. Non-regulated enterprises, such as an online marketplace, are frequently required to conduct a full or partial KYC as a precaution. These enable us to secure ourselves and our end customers and the financial system as a whole. 

The Complete KYC Procedure

The KYC document check, also known as the Customer Due Diligence Check, is in the initial stage. Individual KYC and Business KYC are two types of KYC that can be used: 

Step 1: The KYC document check or CDD process

  • Individual KYC: We do a ‘KYC’ process, or CDD for an individual, when you are a merchant who is an individual (e.g., a sole proprietor). In general, we check your identity using an OVD check (identity documents such as Aadhaar, passports, driving licenses, and so on), individual PAN verification, and, if applicable, current address proof check (utility bills, etc.). We can also request additional documents to confirm your financial or company position, such as your business registration documents. 
  • Business KYC: When we are on-boarding a business partner, we perform a Business KYC procedure, also known as a CDD for a business. The OVD check is replaced by an ‘entity-proof’ check in this case. This, too, varies depending on the type of legal company you are. If you’re a company, for example, we’ll need to verify your certificate of incorporation, memorandum and articles of organization, and other documents. If you’re a trust or partnership, we’ll need your trust/partnership deed, registration certificates, and other documents. 

Step 2: Check for sanctions and PEPs on the sanction and PEP lists.

The names of our clients and their beneficial owners must then be checked against specified lists, such as national and international terrorism lists, or lists of “Politically Exposed Persons.” We must also notify the Financial Intelligence Unit of India (‘FIU-IND’) if a name appears on a sanctions list. We also check blacklists, greylists, and defaulter lists for firms, directors, and other individuals issued by banks, the Ministry of Corporate Affairs, the Securities and Exchange Board of India, the Enforcement Directorate, the Office of Foreign Assets Control (US), and others (for a detailed list please see Appendix II below). These checks help us combat terrorism and money laundering, as well as determine risk thresholds for individual clients. 

Step 3: Merchant screening and onboarding policies

Following that, we do a background and antecedent check in the form of an initial screening, for which we establish an internal merchant Onboarding Policy. The purpose of this step is to confirm the nature, purpose, and legitimacy of a potential client’s business. To determine business legitimacy, we conduct a variety of checks, including licensing/registration checks, credit checks, profit and loss statement checks, balance sheet reviews, and so on, based on information we obtain directly from the prospective client, as well as publicly available information such as the merchant’s websites, product listings, end-customer reviews, social media activity, and so on. We must additionally check for PCI-DSS compliance because it is mandated by law.  

Step 4: Merchant profiling and levels of diligence

Following these preliminary assessments, we must categorize merchants as low, medium, or high risk. Based on this, we determine the levels of due diligence and post-onboarding monitoring we do; for example, we need to conduct enhanced due diligence for PEPs but simpler due diligence for self-help organizations. We’re also barred from doing business with some industries (tobacco, hacking, gambling, weapons, and so on), while others are considered high-risk (pharmaceuticals, matrimony, gaming, security brokers, jewelry, and so on), necessitating more scrutiny and caution. 

Step 5: Continuous due diligence

Following onboarding, our due diligence procedures will continue to monitor any suspicious changes in merchant behavior. A change in the merchant’s website details, for example, or an unexpected display of high-risk products, could suggest fraud. These circumstances may necessitate a review of merchant risk profiles and due diligence levels. 

Step 6: Keep track of your transactions

We monitor merchant transactions as part of our onboarding process to look for any potential red flags, such as differences in expected transaction characteristics. Expected total transaction volume, average order value, chargeback frequency, and so forth are examples. For instance, if a merchant exceeds the maximum transaction limitations, exhibits a strange refund pattern, or receives frequent end-customer complaints, these are all red flags. Regulated entities must report any suspicious transactions (such as those that raise money laundering concerns) as well as transactions above specific thresholds (e.g., cash transactions over Rs.10 lakh, cross-border wire transfers surpassing Rs.5 lakh) to the FIU-IND. 

Step 7: Requirements for record-keeping and internal governance

Then, for at least 5 years, we preserve records of all merchant transactions and identity documents. These must be made available to the authorities upon request, such as in the case of an investigation. Internal governance demands such as dedicated internal committees, internal audits, periodic risk assessments, and proper employee training are also in place to ensure effective implementation of requirements. A Designated Director and a Principal Officer must also be selected, as they have specific reporting responsibilities under the PMLA. 

Step 8: Updates on a Regular Basis

Finally, both merchant risk profiles and KYC must be updated on a regular basis. It is required by law to update merchant KYC every 10 years for low risk, 8 years for medium risk, and 2 years for high risk. This is also aided by the continuous due diligence checks. 

Final thoughts:

Merchant onboarding is beset by the same age-old regulatory, trend, and competition issues that hamper the payments industry as a whole. Where once the industry dynamic was split between large retailer’s competitive margins and smaller merchant’s regulatory issues, the spectrum has now expanded to embrace the rising marketplace economy. Because everyone is a merchant in today’s environment, merchant onboarding volume, and transactional volume are both lucrative and hard. The marketplace economy has created a risk and regulatory gap, which is being navigated by a subset of creative payments organizations. 

Like this article?

Share on facebook
Share on twitter
Share on linkedin

More To Explore

All

How Do Criminal Record Checks Work in India?

Not everyone carries a criminal record. However, an organization must have a complete background check, especially for criminal record checks before hiring an applicant.

All

How Does Cash Collection Work for Microfinance Institutions (MFI)?

Post-pandemic banks and non-bank lenders active in microfinance have begun implementing hybrid collection strategies from borrowers. To minimize process disturbances, they are attempting to combine physical and digital collection modalities. As a result, cash collections work differently for MFIs depending on the type of loan undertaken.