KYB and KYC Workflow
Onboard individual customers and business counterparties through a regulated KYC and KYB pipeline — identity capture, sanctions and PEP screening, reviewer audit trail, and a dynamic form builder for jurisdiction-specific data — all inside the Studio console or via API.
Who this is for
| Persona | Typical inbound |
|---|---|
| Regulated VASP merchant | ”What KYC vendor do you use? Can we get an audit log of every reviewer action?” |
| Payment service provider or fintech | ”Do you handle business KYB and ultimate-beneficial-owner collection, or do we plug in our own?” |
| Enterprise evaluating white-label | ”We need to onboard our own customers — can your form builder handle our jurisdiction’s required fields?” |
| Compliance reviewer | ”Where is the dashboard to approve or reject pending cases, with a full case-history audit trail?” |
Not a fit if you need to replace your existing KYC vendor with a build-your-own provider (we operate the IDV stack ourselves), require per-jurisdiction custom regulatory logic that goes beyond configurable forms (case-by-case scoping needed), or need real-time AML transaction monitoring as a standalone product (transaction-level AML scoring is delivered alongside Accept Crypto Payments, not as a separate module).
What you can ship today
Two parallel compliance surfaces, sharing one audit trail and one reviewer console:
| Surface | What it covers | Best for |
|---|---|---|
| Individual KYC | Identity-document capture, biometric liveness, sanctions and PEP screening, negative-news search, reviewer decision routing, full audit log per case | Onboarding end customers — your users, not your business partners |
| Business KYB | Beneficial-owner identification, ultimate-beneficial-owner (UBO) KYC, business-document capture, corporate sanctions screening, internal compliance review | Onboarding business counterparties — partner organisations, suppliers, corporate customers |
Both surfaces are powered by leading IDV providers behind the scenes; you do not procure or operate the underlying vendors yourself.
A separate dynamic form-builder application handles the actual data collection. Every form is a JSON schema describing fields, validation rules, conditional logic, and translations — so jurisdiction-specific fields can be added without a frontend release. Form translations are generated automatically across our supported locales.
How it works
1. Your customer hits a KYC checkpoint in your app or website.
You redirect them to a KryptoGO-hosted form, or embed it via the
form-builder application.
2. The customer uploads identity documents, completes biometric
liveness checks, and (for business KYB) submits beneficial-owner
information and corporate documents.
3. The IDV provider returns identity-verification results.
Sanctions and PEP screening (entity-level, against major
sanctions lists and Dow Jones-curated PEP data) runs inline.
Negative-news web search produces an additional result set
for reviewer judgement.
4. The case lands in your Studio compliance dashboard with status
pending. Filter by IDV status, screening status, review status,
and free-text search.
5. A reviewer with the right permission opens the case, reviews
identity and screening evidence, and records an accept / reject
decision with internal notes. The decision is one-shot — once
recorded, the case state is fixed.
6. Every reviewer action — comment edits, decision recording, status
changes — is appended to the per-case audit log, retained for
compliance review.For embedded use, the platform issues a server-side compliance token your application can exchange for an authenticated session against the form-builder and case APIs.
Custody model
KYC and KYB are identity workflows, not custody workflows. Captured identity documents and personally-identifiable information are encrypted at the application layer in a dedicated compliance database. Wallet addresses associated with verified customers can flow into any of the four custody models — see Custody Options — depending on which wallet surface you operate.
Compliance posture
KYB and KYC inherit the full platform posture: Taiwan VASP, ISO 27001, ISO 27701, SOC 2 Type II, and Cure53 audit. Sanctions and PEP screening covers OFAC, Dow Jones-curated PEP and sanctions data, and other major lists. PII lives in encrypted columns, not plaintext. Reviewer audit trails are retained per ISO 27001 records-management standards. See Compliance and Certifications for the full posture.
Typical integration timeline
| Path | Bucket |
|---|---|
| Use the standard KYC and KYB form templates and Studio reviewer console | Under one month — typically two to three weeks once your organisation is provisioned |
| Use the form builder to add jurisdiction-specific fields | One to two months — depends on the depth of customisation |
| Embed the KYC flow into your own application via compliance token | One to two months — depends on your frontend stack |
Current scope
- Individual KYC, business KYB, and UBO collection are in production.
- Sanctions and PEP screening (entity-level), negative-news search, and address-level AML risk scoring (when paired with payment acceptance) are in production.
- The dynamic form builder, with multi-language translation, is in production.
- The reviewer console — case list, filters, decision recording, audit-log view — is in production inside Studio.
- Per-case reviewer notifications (email or webhook) and an external partner-facing audit-log API are roadmap items.
- Cross-border Travel Rule support is expanding alongside regulator guidance in partner jurisdictions.
Talk to us
If you want to onboard regulated customers without building or operating an IDV vendor stack yourself, reach our partnerships team via the address on www.kryptogo.tw .
Where to go next
- Team, roles, API keys, and risk limits — for the role model that gates who can review compliance cases.
- Customer Data Platform — for how KYC status feeds into customer segmentation.
- Blockchain forensics and data — for address-level AML and forensics data sources.
- Compliance and Certifications — for the full regulatory posture.