Customize User Onboarding Checks

Customize Compliance user onboarding checks (e.g. KYC / KYB and bank risk)

You can customize what checks are run when onboarding users. The fields that you need to collect depend on your choices. Go to the Onboarding Flows page to create a new flow or edit an existing one. To use your customized user onboarding flow, pass in the flow alias when creating a user onboarding.

KYC Checks

You can perform KYC checks on individuals. As part of KYC, there are Identity, SSN, and Watchlist checks.

Identity checks determine if the phone and email match a given identity and are safe. You can flag email accounts from new domains, accounts not linked to social media, programatic patterns, and invalid syntax or domains. You can flag phone numbers with high or low activity, VOIP or pre-paid or toll-free phones, traffic to risky countries, and mismatches between phone records and user submitted information. Modern Treasury can detect if many users onboarding using the same phone number or email address.

SSN verifications can determine if a provided social security number is valid, and if it matches other information about the user (e..g name, date of birth, address). Modern Treasury can detect if there is a high risk of a synthetic or stolen identity being used.

Watchlist checks can detect users who are on sanctions, politically exposed person, or adverse media watchlists internationally. You can tweak fuzzy matching thresholds to balance the trade-off between true positive and false positive alerts.

The table below describes what information is required for KYC checks.

CheckRequired Fields
Identity (e.g. Phone and Email)Name, address, phone, and email.
SSNName, date of birth, address, and taxpayer identifier.
Watchlist (e.g. Sanctions, Politically Exposed Person, and Adverse Media)Name, date of birth, and address.

KYB Checks

You can perform KYB checks on businesses.

The Identity checks include verifying the submitted name and TIN / EIN, performing sanctions watchlist screening on the business and beneficial owners, verifying the businesses submitted address, checking whether the business has active Secretary of State filings, reviewing web presence, and flagging businesses in high-risk industries.

The Beneficial Owner checks can determine if Beneficial Owners of the business are on Sanctions watchlists. In the future, we will add support for full KYC of beneficial owners.

The below table shows what information is required for KYB checks. If the various optional fields are collected, Modern Treasury can use this information for additional verifications (e.g. phone validation, taxpayer identifier matching, risky industry classification, etc.).

CheckRequired FieldsOptional Fields
IdentityBusiness name, address.Phone, website, taxpayer identifier.
Beneficial OwnersName, date of birth, address.Phone, email.

Bank Risk Checks

You can verify bank accounts for both individuals and businesses using bank consortium data. The checks verify account status (e.g. is the account open and valid) and ownership (e.g. does the owner match the user).

The benefit of this type of verification method is that it is instant, unlike microdeposits. Additionally, users are not required to provide their bank account credentials, just their name, account number, and routing number.

The data covers over two thirds of bank accounts in the United States, with particularly strong coverage at large financial institutions.

Go to the External Account Verification Guide for more information on alternative bank account verification methods like microdeposits and Plaid.

The below table describes what information is required. The optional fields help with matching.

Required FieldsOptional Fields
Name (first name and last name for individuals, business name for businesses), bank account details (account number and routing number).Address, taxpayer identifier.

Device and Behavior Checks

You can perform device and behavior checks for both individuals and businesses. Device and behavior checks are helpful tools to fight fraud. You can, for example, flag when many users are onboarding with the same IP address or device, if a user is onboarding from a risky location, if it looks like a VPN or proxy is being used, if a fraudster is copying and pasting stolen information, and more.

Currently, these checks are only available when using the embedded integration for onboarding users. In the future, there will be a standalone SDK that you can put in your application. This will enable you to detect session risk during onboarding if using your own forms, during time of transactions, and for other events (e.g. logins, bank account changes, password changes).