Skip to main content
This page describes minimum expectations for collecting, verifying, and retaining KYC information. All clients are required to perform customer identification in compliance with applicable AML/CFT regulations (including EU AMLD5/6 and MiCA, where applicable) using a reputable third-party KYC provider such as Sumsub, Veriff, Onfido, or equivalent. We may request access to the KYC data and supporting evidence at any time for compliance monitoring, audit, or reporting purposes.

General Requirements

  1. Each business client must implement a robust KYC procedure covering both natural persons and, where applicable, legal entities (KYB).
  2. The KYC process must be performed before granting access to services involving financial or virtual asset transactions.
  3. All user data and verification results must be securely stored and readily retrievable upon request for a minimum of five (5) years after the end of the business relationship.
  4. Only regulated and reputable KYC providers may be used to conduct verification (e.g., Sumsub, Veriff, Onfido, IDnow, etc.).

Minimum Information to Collect from Individual Users

CategoryRequired DataVerification Evidence
Personal InformationFirst Name, Last Name, Date of Birth, NationalitySystem record / metadata
Identity DocumentGovernment-issued ID (Passport, National ID Card, Residence Card, or Driver’s License)Clear color photo or scan of both sides (if applicable)
Proof of Address (POA)Residential address verified through a document issued within the last 3 monthsUtility bill, bank statement, or government-issued letter
Employment / Source of IncomeOccupation, employer name, and/or source of fundsShort questionnaire response
Liveness / Face VerificationFacial recognition or short video for identity matchCaptured via KYC provider interface
ConsentExplicit user consent to data processingProvider record / timestamp

Verification Standards

  • All documents must be valid, uncropped, and legible.
  • The document photo and liveness video must correspond to the same person.
  • Proof of address must be no older than 3 months and clearly display the customer’s full name and address.
  • The verification system must check for:
    • Document authenticity
    • Face match
    • Data consistency (e.g., date of birth, document expiry date)
    • Use of watchlists, PEP lists, or sanctions screening, where applicable

Record Keeping

Clients must retain the following records in a secure digital format:
  • Full KYC dataset (personal details, ID document scans, proof of address, questionnaire results)
  • Verification logs and timestamps
  • Provider confirmation of KYC completion (verification status, unique ID, date/time)
  • Liveness check metadata or video capture
  • Any notes or flags generated during the verification process
Data must be accessible on request within 5 business days and provided in PDF, JSON, or CSV format as required.

Data Protection and Security

  • All personal data must be stored in compliance with GDPR and applicable local privacy laws.
  • KYC data should be encrypted both at rest and in transit.
  • Access to KYC information should be limited to authorized compliance personnel only.
  • Users must be informed of the purpose and duration of data processing before verification begins.