Yes – Yoti is a great tool for helping you with KYC and AML compliance obligations. We can provide you with verified data and activity receipts. These receipts are automatically added to your Yoti Dashboard and are sufficient for your record keeping requirements. The verified attributes a person using Yoti can share with you include name, date of birth, address, photo, gender, nationality, passport details and driving licence details.
You shouldn't think of Yoti as a fully outsourced solution. You will still need to take a risk based approach to KYC. If the sector or territory you operate in is considered high risk, or there is a lot of money involved, you might need to obtain more data than Yoti can provide. Some jurisdictions or territories may also require additional information. You’ll need to check.
Under UK AML (anti-money laundering) regulations and the EU 4th AML Directive (and the upcoming EU 5th AML Directive) (1):
- Businesses do not need to see ID documents in their entirety, but rather the verified data Yoti can provide with the person’s consent is sufficient – you don’t need to see the original document.
- The Yoti ‘receipt’ is sufficient for your records of the KYC you have performed. Our receipts contain metadata giving timestamped details of the document the attributes were obtained from (2). You do not need to store images of the ID documents.
The Joint Money Laundering Steering Group’s guidance (3) on KYC/AML also makes clear that identity data is sufficient for KYC and AML obligations and that there is no requirement to see actual identity documents.
One of Yoti’s strengths is that it allows you to fulfil your KYC and AML needs whilst respecting the data minimisation principle under GDPR – meaning you receive only the data you need and therefore reduce the impact of a data breach if you were to fall victim to one.
1 - DISCLAIMER - This is Yoti’s opinion and is not to be taken as legal advice. There may be sector specific rules or guidance which applies to you. Further, this is a general headline review of the law and your situation may be different.
2 - Three of our SDKs allow this as of 6 July 2018. The others are to be finalised in the next month or so.
3 - Part 1 - see paragraph 5.3.2 onwards