Sumsub KYC Best Practices
Industry-leading approach to Know Your Customer verification.
Risk-Based Approach
Sumsub recommends a three-tier risk classification system:
| Risk Level | Due Diligence | Review Frequency |
|---|---|---|
| High | Enhanced Due Diligence (EDD) | Quarterly |
| Medium | Standard Due Diligence (SDD) | Annually |
| Low | Simplified Due Diligence | Every 2 years |
Customer Identification Program (CIP)
Required Documents
-
Government-Issued ID
- Passport, HKID, National ID card
- Must be valid and unexpired
- Both front and back required
-
Proof of Address
- Utility bill, bank statement, government correspondence
- Must be dated within last 3 months
- Must show full name and address
-
UBO Declaration (for corporate entities)
- Organizational chart showing ownership structure
- Identification of all UBOs (>25% ownership)
- Source of wealth documentation
Technical Implementation
Recommended Workflow
1. Document Upload → 2. Automated Verification → 3. Sanctions Screening → 4. Liveness Check → 5. Manual Review (if needed)
Key Technologies
- OCR: Automatic data extraction from documents
- Face Matching: Selfie vs. ID photo comparison
- Liveness Detection: Prevent spoofing attacks
- Sanctions Screening: PEP, sanctions, adverse media checks
- Geolocation: Verify user location matches declared address
Jurisdiction-Specific Considerations
Hong Kong (AMLO Cap.615)
- Licensed corporations must maintain KYC records for 5 years
- Enhanced due diligence required for high-risk customers
- Ongoing monitoring mandatory
Singapore (MAS Notice 626)
- Risk assessment required before establishing business relationship
- Enhanced measures for high-risk jurisdictions
- Regular independent audits required
Last updated: May 2026 Source: Sumsub KYC Framework Documentation