.png){kind=logo}
Compliance & Security
KYC / AML Procedures
How KryptoX onboards customers, screens risk, and keeps finance & compliance in sync.
Purpose
KryptoX performs KYC/KYB and AML checks before enabling crypto-to-bank settlement. Controls include identity verification, PEP/sanctions screening, KYT monitoring, and periodic reviews.
- Compliance-by-design (KYC/KYB/KYT)
- White-label flows & audit evidence
- Risk-based approach aligned to policy
Roles
- Operations: initiates verification & collects docs.
- Compliance: reviews alerts & decisions.
- Finance: validates settlement eligibility.
- Security: data protection & access controls.
Verification Workflow
01
Intake & Consent
Collect identity data, consent, and basic contact validation.
02
Document & Liveness
Government ID + selfie/liveness; OCR/MRZ & tamper checks.
03
PEP / Sanctions
Screen against global lists at onboarding & periodically.
04
Risk Scoring
Low / Medium / High based on profile & expected activity.
05
Decision & Activation
Approve / Reject / Review; dual control for high-risk.
06
Ongoing Monitoring (KYT)
Screen transactions; hold settlements on alerts until cleared.
KYC / KYB Requirements
Individuals (KYC)
- Government ID + selfie/liveness
- Proof of address (where required)
- Basic profile: name, DOB, nationality, tax ID (if applicable)
Businesses (KYB)
- Registration docs (certificate/incorporation extract)
- Directors & UBOs identification
- Company address & activity description
- Sanctions/PEP screening for company, directors & UBOs
PEP / Sanctions Screening
Screening runs at onboarding, on profile changes, and on a periodic schedule according to risk.
- Global consolidated lists & watchlists
- Name matching with fuzziness & transliteration
- Case management with disposition notes
- Rescreen cadence: 6–12 months; high-risk: 3 months
Risk Scoring (RBA)
| Factor | Low | Medium | High |
|---|---|---|---|
| Identity | Verified + strong liveness | Verified; minor friction | Unclear/failed checks |
| Geography | Low-risk jurisdictions | Mixed exposure | Sanctioned or high-risk |
| Occupation/Business | Standard employment | Cash-intensive | High-risk sectors |
| Expected Activity | <$100k/mo | $100k–$1M/mo | >$1M/mo or complex flows |
Records, Retention & Privacy
Recordkeeping
- Immutable decision log (reviewer, timestamp, evidence)
- Webhook receipts & ledger refs for settlements
- Exportable audit bundles (PDF/CSV + attachments)
Retention & Minimization
- Retention: 5–10 years post-relationship (jurisdiction dependent)
- Data minimization & purpose limitation
- Access via RBAC; encryption in transit & at rest
KYC / AML — FAQ
Government ID and selfie/liveness are mandatory. Proof of address may be required based on jurisdiction and risk.
On profile changes and periodically—every 6–12 months, or every 3 months for high-risk profiles.
When a screening alert or KYT signal requires review; funds are released after clearance per policy.