KYC & KYB Policy
Last Updated: November 20, 2025
1. Purpose
This Know Your Customer (KYC) Policy sets out Nexa Pay Inc.’s approach to customer identification, verification, screening, and due diligence in compliance with the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and FINTRAC guidance. It is designed to prevent the use of Nexa Pay’s services for money laundering, terrorist financing, or other illicit activities.
2. Scope
This policy applies to all customer types (individuals and businesses), including clients, beneficial owners, and authorized representatives, during onboarding and throughout the business relationship.
3. Identification & Verification Methods
3.1 Individual Customers
- Information Collected:
- Full legal name
- Date of birth
- Residential address
- Occupation
- Nationality
- Identification document (e.g., Passport, Driver’s License, National ID)
- Verification Method:
- Using Sumsub, Nexa Pay captures and validates government-issued photo ID via:
- Biometric checks (face match / liveness)
- Document authenticity (holograms, fonts, MRZ)
- Cross-referenced with authoritative databases (credit bureau, government registries)
- Using Sumsub, Nexa Pay captures and validates government-issued photo ID via:
3.2 Business/Corporate Customers
- Information Collected:
- Legal name, incorporation number, business address
- Nature of business
- Ownership structure and control (including 25%+ beneficial owners)
- Authorizing individuals (directors/signatories)
- Verification Method:
- Use of Sumsub’s Business Verification module to:
- Retrieve registration documents
- Identify and verify beneficial owners and authorized representatives
- Conduct screening on company and individuals
- Documentation Required:
- Articles of Incorporation
- Corporate registry extract
- Government-issued ID of signatories/UBOs
- Use of Sumsub’s Business Verification module to:
4. Screening Controls
All customers (individuals and entities) are screened during onboarding and continuously against:
- Sanctions Lists:
- OFAC, UN, EU, UK, Canadian Consolidated Sanctions List
- PEP Lists:
- Domestic and foreign politically exposed persons (PEPs)
- Adverse Media:
- Negative news, criminal allegations, financial crimes
Screening is powered by Sumsub’s global compliance engine, updated in real-time. Alerts are reviewed by compliance analysts before onboarding is approved.
5. Ongoing Due Diligence
Nexa Pay applies ongoing due diligence to ensure that customer information remains accurate and up to date:
- Transaction Monitoring: All customer transactions are monitored for unusual or suspicious activity.
- Periodic Verification: Updates to KYC/KYB documentation are requested periodically or when significant changes occur (e.g., change of address, business ownership, or operational profile).
- Risk-Based Approach: Enhanced due diligence (EDD) is conducted for high-risk customers, such as high-volume accounts, cross-border transactions, or crypto-related accounts.
6. Monitoring Frequency
- Monitoring is conducted at multiple levels based on risk assessment:
- High-Risk Customers: Continuous monitoring with real-time transaction alerts and quarterly reviews.
- Medium-Risk Customers: Monthly or quarterly reviews depending on transaction volume and activity patterns.
- Low-Risk Customers: Annual review or on occurrence of a material event affecting customer profile.
- Suspicious transactions are reported internally and escalated to the compliance team for potential reporting to FINTRAC.
7. Data Retention Requirements
- All identification, verification, and screening records are retained:
- For 5 years after account closure
- In encrypted form with controlled access
- Audit logs are maintained for all onboarding decisions.
- Data Security: All data is stored securely, with access limited to authorized personnel and protected using encryption and other safeguards.
