Know Your Customer (KYC) Policy — FulusFlow
This policy describes how FulusFlow satisfies customer identification obligations and risk-based identity controls consistent with 31 C.F.R. § 1022.220. The policy is designed for a non-custodial money services business that must verify users without taking custody of their funds.
Policy purpose
The purpose of this policy is to identify customers at appropriate thresholds, reduce fraud and sanctions exposure, and support transaction monitoring and reporting readiness under FinCEN requirements.
Customer identification tiers
| Tier | Threshold | Requirements |
|---|---|---|
| Tier 1 | Transactions under $500 | Email address, phone number, IP address, and device fingerprint. |
| Tier 2 | $500 to $3,000 | Government-issued photo ID, selfie verification, address confirmation, and processing by an independent identity verification partner. |
| Tier 3 | Above $3,000 | All Tier 2 requirements plus source-of-funds declaration and enhanced due diligence review by the compliance officer. |
Supported document types
Supported identity documents include passports of all nationalities, national identity cards, UAE residence permits, driver’s licenses, and Bangladesh national identity cards.
Verification process
Verification is performed through a real-time automated identity verification partner. Outcomes are recorded as approved, declined, or manual review. Manual review cases are escalated to enhanced_review status until compliance review is complete.
Data handling
Identity documents are processed by the verification partner. FulusFlow retains the verification session identifier, verification status, and compliance notes necessary to operate the service. Full identity documents are retained by the verification partner under that provider’s retention policy. FulusFlow retains KYC status records for a minimum of 5 years.
Re-verification
Re-verification is required when a user changes identity information, when risk indicators require a fresh review, and at least annually for users whose transaction volume exceeds $50,000.
Adverse action
Users declined for KYC receive written notification and may appeal within 30 days. Appeals are reviewed by the compliance officer using the case record and any supplemental materials provided by the applicant.
OFAC integration
Identity verification results are cross-referenced against the OFAC SDN list, the UN Security Council sanctions list, and the EU consolidated sanctions list before transaction processing proceeds.
Record keeping
FulusFlow retains KYC records for at least 5 years in accordance with 31 C.F.R. § 1022.410 and related BSA recordkeeping obligations.
Contact
KYC and compliance inquiries may be directed to [email protected].