Obligations to KYC your customers

[Meta]

Hi,

Imagine a company using a payment agent to accept credit cards / crypto. E.g. Stripe or Bitpay. Are there any obligations to check who are the customers? I mean it probably depends much on the country of incorporation / your bank, but am I right that usually the payment agent would be expected to do that?

As the most obvious example: OCT selling premium subscription. No obligations for the forum to check who the customers are, and only the payment agent may do it in some exceptional circumstances, is that right?

Were you ever asked by authorities / banks regarding this. Please share your experience.

 

[Simon4466]

You only need to KYC when legally obligated (financial / corporates services etc.), you dont need to KYC if you're just selling normal stuff (some extremely minor exceptions obv.)

 

[Compliance Circle]

There's, generally, no such burden on standard payment agent structure (i.e. Cyprus company processing for Curacao casino business "isles sandwich") to conduct AML/KYC checks on paying customers. However, it should be noted that it's HIGHLY recommended that payment agent company acts as such for a single principal and shares more or less common ownership/controlling structure.

If we speak about more sophisticated options, such as "proprietary" crypto on-ramp with "agent" company being a VASP licensee, then you're bound by the legalities and conditions of such authorization and local AML/CTF laws and regulations, possibly meaning you would have to conduct AML checks once client exceeds certain thresholds.

Hope that helps.

 

[Martin Everson]

Imagine a company using a payment agent to accept credit cards / crypto. E.g. Stripe or Bitpay. Are there any obligations to check who are the customers? I mean it probably depends much on the country of incorporation / your bank, but am I right that usually the payment agent would be expected to do that?

Yes. You need to comply with laws where you operate and secondly the rules of the payment provider if you use one. By the time the payment agent has done their check and finds i.e sanctioned persons you missed your relationship with them is toast already .

Transactions have to be check across all industries in a lot of developed countries i.e not just financial and corporate services but in real estate etc in some countries.

 

[Compliance Circle]

Yes. You need to comply with laws where you operate and secondly the rules of the payment provider if you use one. By the time the payment agent has done their check and finds i.e sanctioned persons you missed your relationship with them is toast already .

Transactions have to be check across all industries in a lot of developed countries i.e not just financial and corporate services but in real estate etc in some countries.

I find your reply to be a bit misleading.

If we speak about standard agent-principal arrangement (likes of Curacao-Cyprus island sandwich) which is not multi-faceted, and unless principal company is doing regulated business (which, again, may not concern agent company at all, as principal would most likely end up the only person being liable for doing KYC/AML checks itself) there's GENERALLY no legal obligation on the agent company to be a person subject to AML regulations and having to do AML checks and transaction on the paying customers.

Stripe and Bitpay would have much more own regulatory requirements, appropriate policies and resources for monitoring of merchant transactions and sanctions screening.

 

[Meta]

Just to be clear, I was asking regarding obligations of the company selling staff, not obligations of the payment agent.

Out of curiosity: if one sells, say, Wordpress templates for $99 accepting payments via Stripe, and Mr. Kim Jong Un (or somebody else from SDN) buys one for his homepage, whose problem is that? The seller? Stripe?

 

[diatessaron]

Just to be clear, I was asking regarding obligations of the company selling staff, not obligations of the payment agent.

Out of curiosity: if one sells, say, Wordpress templates for $99 accepting payments via Stripe, and Mr. Kim Jong Un (or somebody else from SDN) buys one for his homepage, whose problem is that? The seller? Stripe?

That's Stripes problem.

 

[Compliance Circle]

Just to be clear, I was asking regarding obligations of the company selling staff, not obligations of the payment agent.

Out of curiosity: if one sells, say, Wordpress templates for $99 accepting payments via Stripe, and Mr. Kim Jong Un (or somebody else from SDN) buys one for his homepage, whose problem is that? The seller? Stripe?

If the company selling stuff is under legal obligation where it's incorporated or where it does business to collect KYC, perform AML checks, or, for example, verify customer's age before the transaction occurs ideally you just follow those obligations.

If we speak about what you've provided as an example, that's obviously payment processors obligation.

We do of course live in grossly absurd times of global trade-based overcompliance, but not as absurd as going so far.

 

[ImKing]

Today you need to do KYC on almost anything. You can't even accept 10K or 40K euro without getting passport and details about the company you sell to with background check.

 

[Martin Everson]

Out of curiosity: if one sells, say, Wordpress templates for $99 accepting payments via Stripe, and Mr. Kim Jong Un (or somebody else from SDN) buys one for his homepage, whose problem is that? The seller? Stripe?

You need to look at the sanctions that are in place for North Korea (from country you operate from) i.e does Wordpress templates fall under any category of sanctions on North Korea?

Only then you can work out if there is an actual problem