Skip to content

KYC & Identity Verification

Document Metadata
Category: Compliance & Security
Audience: New Customers, Account Holders, Compliance Teams
Difficulty: Beginner
Related Topics: Data Protection & GDPR, Customer Documents
Next Steps: Submit your KYC documents via the Customer Portal

Overview

ConnexCS implements Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures to verify the identity of customers, prevent fraud, protect platform integrity, and support compliance with applicable legal and regulatory requirements.

As a UK-based technology provider serving customers globally, ConnexCS processes all personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Verification procedures align with KYC good-practice guidance published by Ofcom and international standards set by the Financial Action Task Force (FATF).

KYC verification may be required before certain services are activated or account privileges are granted.

Data Minimisation

ConnexCS collects only the information strictly necessary for a defined purpose. Under UK GDPR Article 5(1)(c), personal data must be adequate, relevant, and limited to what is necessary for the purposes for which it is processed.


Lawful Bases for Processing

Basis UK GDPR Article Application
Contractual necessity 6(1)(b) Required to perform the contract with you or your organisation
Legitimate interests 6(1)(f) Platform fraud prevention and misuse detection
Legal obligation 6(1)(c) Applicable regulatory and sanctions-screening requirements

Biometric data collected during identity verification is special-category data under UK GDPR Article 9. ConnexCS processes this data under Article 9(2)(g) (substantial public interest — fraud prevention), read with Schedule 1, Part 2 of the Data Protection Act 2018.


Personal Contact Information

The following fields are collected for the individual acting as the primary account contact.

Full Name

The account holder's full legal name is collected to:

  • Identify the authorised representative on the account
  • Verify identity during onboarding
  • Maintain contractual and billing records
  • Facilitate account-related communications

Phone Number

A valid telephone number is collected to:

  • Contact the account holder regarding urgent operational or compliance matters that cannot be resolved by email
  • Verify account ownership when required
  • Communicate service-impacting incidents or security concerns
  • Conduct periodic service reviews

Email Address

A valid email address is required for:

  • Account notifications and service announcements
  • Security alerts
  • Billing and administrative communications
  • Support correspondence
  • Policy updates and formal communications

Identity Verification

All customers must pass identity verification before account activation. Verification consists of two stages.

Document Verification

A government-issued identity document must be submitted. Accepted documents include:

  • Passport
  • National identity card
  • Driving licence

Document verification is used to:

  • Confirm the identity of the account holder
  • Prevent impersonation and fraudulent account creation
  • Support customer due diligence requirements

This requirement aligns with:

  • JMLSG Guidance (Part I) — Customer Due Diligence standards
  • FATF Recommendation 10 — Customer identification and verification using reliable, independent documentary sources
  • Ofcom KYC good-practice guidance, adopted as an industry benchmark

Liveness and Facial Match

Where required, an automated liveness-detection and facial-match check is performed by ConnexCS's accredited KYC processing partner. These checks are used to:

  • Confirm that a real individual is present during verification
  • Validate that the individual matches the submitted identity document
  • Reduce the risk of identity fraud

Biometric Data

Liveness and facial-match verification processes biometric data. This data is used solely to confirm identity at onboarding. It is not retained on ConnexCS systems and is not used for any secondary purpose.


Following individual identity verification, the legal entity associated with the account must be established. Requirements differ depending on whether the account is registered as a company or as an individual.


Company Accounts

Company Verification

ConnexCS verifies that the company is a legitimate, legally trading entity. Verification is performed using publicly available corporate registries (such as Companies House for UK entities) and trusted third-party verification services.

Checks confirm:

  • The company exists as a registered legal entity
  • There are no legal impediments to doing business (dissolution, insolvency, regulatory prohibition)
  • The company does not appear on sanctions lists maintained by HM Treasury (OFSI), the UN Security Council, or other applicable authorities

This is consistent with UK MLR 2017, FATF Recommendation 10, and applicable international sanctions obligations.

Registered Address

The company's registered or trading address is collected to:

  • Confirm its place of incorporation
  • Establish the jurisdiction in which the business operates
  • Maintain accurate records for correspondence and legal purposes

Authorised Representatives and Key People

ConnexCS verifies that the individual creating or managing the account has authority to act on behalf of the organisation. Authorised representatives may include:

  • Directors
  • Owners or partners
  • Officers or administrators
  • Other individuals holding written authority to act on the company's behalf

ConnexCS also identifies beneficial owners — persons holding 25% or more of shares or voting rights — who are subject to separate KYC verification. Where the account contact is not a beneficial owner or key decision-maker, a KYC check against a key decision-maker may be required separately.

This approach is consistent with JMLSG Guidance Part I, Chapter 5 and FATF Recommendation 24 (beneficial ownership transparency).


Individual Accounts and Sole Traders

Residential or Business Address

Where an account is held by an individual or sole trader operating without a registered company, a residential or business address is required. This is used to:

  • Corroborate identity against address records as part of standard individual CDD
  • Establish the jurisdiction in which the individual operates
  • Provide a contact address for formal correspondence
  • Support contractual and legal obligations

Database Screening

Individual account holders are screened against external databases as part of Customer Due Diligence (CDD). Verification results may be used to assess account eligibility and identify potentially fraudulent activity.

Check Purpose Reference
Sanctions screening Confirms the individual does not appear on HM Treasury (OFSI), UN Security Council, or other applicable sanctions lists UK MLR 2017; OFSI
Politically Exposed Persons (PEPs) Identifies individuals holding or having held a prominent public function; triggers enhanced due diligence where applicable UK MLR 2017 Reg. 35; FATF Rec. 12
Adverse media Open-source screening for credible information indicating financial crime risk FATF Rec. 13
Fraud prevention databases Cross-references identity against known fraud indicators Industry standard

These checks are applied consistently to all individual account holders and are not indicative of any assumption of wrongdoing. They are a standard component of CDD under UK MLR 2017 Regulations 27–28 and FATF Recommendations 12 and 13.


Data Storage and Access

ConnexCS does not store identity verification documents directly within its operational platform. All KYC documentation and personal data submitted during verification is processed and retained by ConnexCS's approved KYC processing partner, operating under appropriate security and privacy controls.

Access to verification data is restricted and occurs only when required for:

  • Initial verification and onboarding
  • Periodic re-verification where required by applicable KYC standards or following a material change to the account
  • Fraud, compliance, or security investigations
  • Legal or regulatory requests — for example, in response to a lawful request from a regulatory authority, law enforcement agency, or court order

All processing is performed in accordance with applicable data protection requirements and contractual obligations.

International Data Transfers

ConnexCS serves an international customer base. Where personal data is transferred to systems located outside the UK, appropriate safeguards under UK GDPR Chapter V are in place — including Standard Contractual Clauses or adequacy decisions — to ensure equivalent levels of protection.

Retention

KYC records are retained for the period necessary to fulfil the purposes described in this document and to comply with applicable legal obligations, including statutory retention periods prescribed by financial crime legislation.


Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to obtain a copy of the personal data held about you
  • Right to rectification — to have inaccurate data corrected
  • Right to erasure — to request deletion of data where no longer necessary (subject to legal retention obligations)
  • Right to restriction — to restrict processing in certain circumstances
  • Right to object — to object to processing based on legitimate interests
  • Right to data portability — to receive your data in a structured, machine-readable format

To exercise any of these rights, contact: [INSERT PRIVACY CONTACT EMAIL]

To raise a complaint about how ConnexCS handles your personal data, contact the Information Commissioner's Office (ICO) at ico.org.uk.

For full details of data processing activities, refer to the ConnexCS Privacy Notice.

For any other assistance contact our Support team at [email protected].


Applicable Standards

Standard Body Relevance
UK GDPR & Data Protection Act 2018 ICO (UK) Lawful basis for processing personal data
Money Laundering Regulations 2017 (MLR 2017) HM Treasury Customer due diligence and beneficial ownership
FATF Recommendations 10, 12, 13, 24 FATF International CDD, PEP, and beneficial ownership standards
JMLSG Guidance (Parts I & II) JMLSG UK industry CDD guidance for individuals and corporate customers
Ofcom KYC Guidance Ofcom Good-practice framework for the communications sector
OFSI Consolidated List HM Treasury UK financial sanctions targets
UN Security Council Consolidated List United Nations International sanctions screening