Know Your Customer (KYC) FAQs

What is a KYC process?

A due diligence process which requires obligated entities within the meaning of anti-money laundering laws and regulations to verify the identities of their clients and assess potential risks associated with financial crimes such as money laundering and terrorist financing. This process is mandated by regulatory bodies and serves as a critical component of a robust compliance framework.

Why do I have to undergo a KYC process when selling on the AboutYou marketplace?

Selling your products on the AboutYou marketplace prerequisites entering a payment services framework agreement with SCAYLE Payments GmbH which sets out the terms for the accounting and payment of revenues. SCAYLE Payments GmbH is a licensed payments service provider pursuant to Section 1 (1) sentence 2 no. 5, 2nd alternative of the German Payment Services Supervision Act (Zahlungsdiensteaufsichtsgesetz - ZAG). As such SCAYLE Payments GmbH is an obligated entity according to Sec. 2 Para. 1 no. 3 of the Money Laundering Act (Geldwäschegesetz - GwG) and thus obligated to adhere to Customer Due Diligence (CDD) requirements set therein.

How long does the KYC process take?

The onboarding timeframe depends on the partner's responsiveness in providing requested information and evidence. Prompt submission of complete documentation allows SCAYLE Payments to expedite the process, often concluding the review within a few business days. Incomplete submissions or documents that do not meet the outlined requirements (e.g., regarding recency or certification) necessitate follow-up communication, which can significantly extend the processing time. Therefore, timely and accurate completion of the KYC questionnaire and follow-up requests is strongly encouraged.

What is the general KYC process flow from a partner perspective?

Upon receiving an email notification requesting submission of the KYC questionnaire and supporting documentation, the designated KYC contact person is required to complete and submit the questionnaire to SCAYLE Payments within 10 business days. The SCAYLE Payments KYC team will review the submitted documentation and contact the designated KYC contact person if any further clarification or additional supporting evidence is required.

Individuals listed in the questionnaire as acting on behalf of the contracting party will subsequently undergo a verification process, such as video identification. A seperate email including the link required to start the verification will be sent directly to the designated individuals. Completion of this verification is a prerequisite for KYC approval.

Upon completion of the review and verification process, the finalized KYC questionnaire will be sent via DocuSign to the designated individual(s) acting on behalf of the contracting party for signature. This step confirms the accuracy and completeness of the provided information and serves as an agreement to notify SCAYLE Payments of any subsequent changes to the data. Once the KYC process is completed, the KYC contact person receives a written confirmation on the completion.

Which occasions trigger a KYC process?

At SCAYLE Payments GmbH, KYC process are triggered upon three instances:

• Prior to entering the business relationship

• On regular basis (regular reviews)

• On an event driven basis (in cases where KYC data changes, e.g. change of company address, change of ownership situation, change of bank account, etc.)

Whom should I appoint as a contact person for KYC?

The KYC contact person is responsible for completing and submitting the KYC questionnaire, and serves as the primary point of contact for any subsequent information requests. Given the sensitive nature of the required information regarding the contracting party's ownership and beneficial owners, this individual should possess comprehensive knowledge and access to all necessary documentation.

Which individuals are subject to identification?

The beneficial owner(s) (BO)

A beneficial owner is an individual who ultimately owns or controls (directly or indirectly exercises significant control) a legal entity, other company or legal arrangement or at whose instigation a transaction is ultimately carried out or a business relationship is ultimately established.

Types of significant control (non exhaustive):

• Direct or indirect ownership of more than 25.00% of capital shares or voting rights (cf. Sec. 3, Para. 2 GwG)

• Exercise of control in a manner comparable to the above by other means such as the right to appoint or dismiss a majority of members of the board of directors or ownership of veto rights (cf. Sec. 3, Para. 2 GwG)

• Control of any legal entity or legal arrangement by other means or above that in return exercises more than 50% control on the previous legal entity or legal arrangement in the ownership structure of the contractual merchant (cf. Interpretation and Application Guidance of the Money Laundering Act (Auslegungs- und Anwendungshinweise zum Geldwäschegesetz - AuA, Nr. 5.2.2.1.)

• Position as legal representative or beneficiary of a foundation (cf. Sec. 3, Para. 3 GwG)

• Position as settlor, trustee, protector or beneficiary of a trust (cf. Sec. 3, Para. 3 GwG)

• Owner of a sole proprietorship

Who is identified if there is no beneficial owner?

Legal representatives or managing directors of the contracting party are considered notional beneficial owners (NBO) if thorough examination by the obligated entity have revealed that a beneficial owner as per Sec. 3 GwG does not exist.

Are there circumstances where identification of a BO or NBO is not required?

Yes. Beneficial owner (or notional beneficial owner) identification is not required if the contracting party, or a legal owner with at least a 75% interest in the contracting party, is listed on a public stock exchange within the EU, Iceland, Norway, Australia, Canada, Japan, Singapore, or the United States of America.

The person acting on behalf of the contracting party (PAOB)

The Person Acting on Behalf (PAOB) reviews and signs-off the final KYC investigation results. Their signature confirms the accuracy and completeness of the KYC information gathered and signifies their responsibility for addressing any discrepancies as well as future changes to said information. The PAOB must be authorized to act on behalf of the merchant, either as a legal representative or through a power of attorney (general or limited).

With regards to the PAOB, Section 13 of the German Money Laundering Act mandates data verification, which SCAYLE Payments conducts via video identification per internal policy.

Which documentation will I have to provide?

This section details typical documentation requirements for the KYC process. Please note that this list is not exhaustive, and the specific documents requested may vary based on factors such as your entity's legal structure and ownership. Additional documentation may be required.

Identification documents

• For legal entities: Current commercial register excerpt (not older than three months)

• For sole proprietorships: Certificate of business registration (not older than three months)

• For civil partnerships: The most recent version of the partnership agreement

• For natural persons: Valid e-ID or passport

What is a register excerpt?

A current commercial register excerpt provides up-to-date information on a registered entity. The excerpt originates from the registration court or office where the entity was initially incorporated or is currently registered (if different from the initial location). It normally contains the following:

• Registration court/office

• Commercial registration number

• Entity name

• Legal Form

• Registered head office/principle place of business address

• Nature of business

• Names of the legal represnetative(s)

• Total amount of share capital

Proof of address

A proof of address is required for (notional) beneficial owners and persons acting on behalf of the contracting party when the respective individual has a fixed abode within the EU. Accepted documents are, for example, electricity or landline bills. The date of issue of either document must not exceed six months at the date of submission of the KYC questionnaire.

Bank account confirmation

For all designated payout bank accounts, we require verification in the form of a recent bank statement or a written confirmation from the account-holding bank. This documentation must include the account holder's name (matching the contracting party), the bank's name, the IBAN, the BIC, and the issue date. The document must be dated within the last three months at the time of KYC submission.

Why must the payout bank account holder match the contracting party?

In accordance with Section 10 (1) No. 3 of the German Money Laundering Act (GWG), we are legally obligated to ascertain and verify the purpose of the business relationship. Given our business model, this necessitates confirming that marketplace sales proceeds are disbursed solely to the identified and verified contracting party, preventing payments to unauthorized third parties.

Evidence concerning the ownership situation

The determination of a contractual partner’s ownership situation in accordance with the requirement set out in Sec. 10 GwG requires the provision of additional supporting evidence in cases where the ownership interest and respective holders are not evident from the register excerpt or partnership agreement. Examples of such evidence are:

Shareholder list or shareholder’s register

A shareholder register (or list) is a document disclosing all legal and natural person shareholders of the contracting party or its legal owners (where applicable), including their ownership type and degree of control. It (or supporting documentation) must identify any share classes and, where distribution between capital shares and voting rights is not 1:1, respectively allocated voting rights. The register/list requires certification by an independent third party (e.g., notary, (syndic) lawyer, auditor) and must be less than two years old at the time of KYC questionnaire submission. If the aforementioned information is disclosed in the company’s statutes, submission of these is equally sufficient. Where the date of issue or certification of the statutes exceeds two years, a separate confirmation of continued validity is required.

Ownership and control structure

An ownership and control structure diagrammatically represents the control relationships between the contracting entity, its legal owners, and beneficial owners. This document may replace shareholder lists if accompanied by certification from an independent and reliable source, such as a notary, lawyer, or auditor. The certification date must be within six months of the KYC questionnaire submission date.

VAT-ID registration certificate

A VAT-ID registration certificate (also known as a VAT certificate or certificate of VAT registration) is an official document issued by a tax authority confirming that a business is registered for Value Added Tax (VAT) purposes. It typically includes the business's name, address, and VAT identification number. This certificate serves as proof of VAT registration and may be required for various business transactions, particularly those involving cross-border trade within the European Union. The specific format and information included on the certificate can vary slightly between countries.

Why are there restrictions concerning document issue dates?

Our internal AML policies and procedures mandate obtaining and maintaining up-to-date information at all times.

Can exceptions be made with regards to the regular requirements?

This is not possible. SCAYLE Payments GmbH, just as banks and further obligated institutions under GwG, is bound by the minimum requirements of the Money Laundering Act (GwG) and its Interpretation and Application Guidance (AuA), which form the foundation of our internal Anti-Money Laundering policies and procedures. Furthermore, the Federal Financial Supervisory Authority (BaFin) mandates external audits to assess not only legal and regulatory compliance but also adherence to our internal policies and processes. This rigorous approach ensures robust AML practices.

What happens if I can not meet a provision deadline?

We might be able to grant an extension to the applicable deadline. This decision is made on a case by case basis and prerequisites provision of the expected date of provision and the reason for the delay.

What happens if I refuse to provide requested information or evidence?

Adherence to the GwG, specifically Section 10 Paragraph 9, prohibits entering or maintenance of business relationships where Due Diligence Requirements, including KYC, are not fulfilled. Therefore, activation on the AboutYou marketplace is contingent upon successful KYC review. For existing partners, failure to conclude recurring KYCs will result in deactivation on the AboutYou marketplace.

Who is my contact person for questions throughout the KYC process?

Please direct all KYC process-related inquiries to the KYC department directly by addressing them in the corresponding email thread. This will expedite the handling of your questions and submissions.

How can I report changes concerning KYC data?

Should I report upcoming changes?

Please refrain from notifying us about changes to KYC relevant information prior to said changes coming into force as this prevents us from obtaining and verifying corresponding evidence which thus hinders proceeding your case. Please make sure to notify us about changes after implementation, only, however, without due delay.

How do you ensure confidentiality and privacy of data?

SCAYLE Payments GmbH's Anti-Money Laundering (AML) program complies with the requirements of the German Anti-Money Laundering Act (GwG) by restricting information access to the AML team as well as internal and external auditors.

To expedite KYC request processing, SCAYLE payments GmbH engages with a third-party provider. We will ensure that the provider complies with all applicable laws, regulations, and our internal data privacy and protection standards. In accordance with legal requirements, provided information may be disclosed to federal authorities upon request.

How long is KYC data stored?

The retention period is five years, unless other legal provisions regarding recording and retention obligations provide for a longer period.