[1] Legal and compliance screens
Introduction
As a bank, Solaris must perform certain legal and compliance checks on all prospective account holders. Therefore, as part of your customer onboarding process, you must build a series of screens in your sign-up flow to collect customers' consent to the necessary legal and compliance requirements described in this guide. Solaris recommends collecting these agreements through the use of checkboxes in your interface.
You must display these checkboxes in the order listed in this guide. Additionally, your customers must check all the boxes before the customer identification process begins.
Please note that you cannot modify the legal texts provided in this guide without the prior approval of Solaris. Contact your Partner Manager for any inquiries.
warning
- It is strictly prohibited to store any personal data from customers until they have agreed to the Solaris Terms & Conditions.
- Your customers must check the box next to each statement described in the following sections before moving on to the next screen.
Solaris Terms & Conditions
note
This screen is mandatory for:
- All Solaris products.
- All customers types (B2C, B2B, and Freelancers).
- Customers in Italy & France must additionally sign the Terms and Conditions with a Qualified Electronic Signature (QES) during the KYC flow.
Your customer sign-up flow must begin by collecting the customer's consent to our contractual requirements.
Display the following statement with a checkbox:
I accept the General Terms & Conditions, the List of Prices and Services and all other conditions of Solaris SE.
Hiermit akzeptiere ich die Allgemeinen Geschäftsbedingungen, das Preis- und Leistungsverzeichnis, und alle andere Bedingungen der Solaris SE.
In addition to this screen, please note the following requirements you must implement in your frontend flow:
- The text all other conditions of Solaris SE must be hyperlinked to a webpage or a document that lists all the applicable documents and agreements with permalinks. Your Partner Manager will share the agreements and permalinks relevant to your banking use case.
- You must send the Terms and Conditions document to the customer via email before you collect their consent.
- Record the timestamp (UTC format) when the customer ticks this box. Your solution should pass this information as the value for the
terms_and_conditions_signed_at
field in either the POST Create person endpoint or POST Create business endpoint, as described in the onboarding guides.
attention
Whenever Solaris updates its Terms & Conditions, Solaris will communicate this to partners and provide a link to the new Terms & Conditions document. You must send the new document to your customers via email. Afterward, your solution must then display another Terms & Conditions screen to your customers upon their next login and collect their consent to the new document by a deadline specified by Solaris. See the Terms & Conditions Consent Log guide for more information.
Customer information
note
This screen is mandatory for:
- All Solaris products.
- All customers types (B2C, B2B, and Freelancers).
Next, create a screen with links to a series of customer information documents, which the customer can check.
Please check Solaris' Customer Information on Data Processing, Depositor Information Sheet, and other customer information.
Hier finden Sie die Kundeninformationen zur Datenverarbeitung, die Informationen zur Einlagensicherung und anderen Kundeninformation der Solaris SE.
Economic interest
note
This screen is mandatory for:
- All Solaris products.
- Only B2C customers.
Prompt your customers to declare that they are opening an account strictly on their behalf and not on behalf of a third party. Record the UTC timestamp of the tick of this box as the value of the own_economic_interest_signed_at
property in the POST Create person endpoint.
I act only in my own economic interest and not on the initiative of a third party.
Ich handele nur im eigenen wirtschaftlichen Interesse und nicht auf Veranlassung eines anderen.
Tax information
note
These screens are mandatory for:
- Digital Banking & Cards products for all customers types (B2C, B2B, and Freelancers) in all countries.
- Lending products (Fronting/Fronting factoring) for B2B customers in all countries. Only collecting the personal tax information of the business' legal representatives and beneficial owners is required.
Solaris must collect the tax information from each account holder in compliance with the Common Reporting Standard (CRS).
You must collect the tax information from your customers in your sign-up flow while considering the following requirements:
Person tax information
Collect the personal tax information from the following customer segments:
- Retail customers (B2C)
- Freelancers
- Business' legal representatives
- Business' beneficial owners
- Business' authorized persons
Only for customers in Germany (DE branch), customers can either provide the tax information during the sign-up flow or within 90 days from account opening. If you choose to collect this information after signup, then you must provide the following checkbox during their onboarding to collect their agreement to provide this tax data within 90 days:
I agree to provide my tax residency and tax identification number within 90 days of opening my account.
Ich bestätige, dass ich meinen Steuerwohnsitz und meine Steueridentifikationsnummer innerhalb von 90 Tagen nach der Eröffnung meines Kontos angeben werde.
Business tax information
For businesses, you must collect the tax information of the business's legal entity and the natural persons associated with the business, such as legal representatives, beneficial owners, and authorized persons.
Your UI should prompt the legal representative (i.e., the person opening the bank account) to accept and sign the tax declaration:
- Display the tax declaration text in your frontend to the customer.
- Add a checkbox that the customer can tick to confirm reading and understanding the tax declaration.
- Record the timestamp of the customer's signature of the tax declaration and pass it to our API in the attribute
fatca_crs_confirmed_at
(A property in the create business resource).
You must prompt one of the business' legal representatives to sign our Tax Declaration. Your interface must display the following sentence along with the Tax Declaration:
By ticking this box, I confirm that I have read and understood the information below, and I confirm that I am authorized to sign on behalf of the legal entity referred to under 'Account Holder' in this form in respect of all accounts to which this form relates.
Durch das Klicken dieser Box bestätige ich, dass ich die untenstehenden Informationen gelesen und verstanden habe. Außerdem bestätige ich, dass ich autorisiert bin im Namen des Unternehmens, aufgeführt unter "Kontoinhaber", diese Erklärung für alle Konten, auf die sich dieses Formular bezieht, abzugeben.
Tax declaration text:
This self-disclosure replaces all previous self-disclosures of the account holder and/ or his controlling entities concerning the FATCA agreement and the CRS. The company hereby confirms that, for the duration of the contractual relationship with Solaris, it is obliged to notify the latter within 30 days, on its own initiative, should the information contained in this form have changed.
The company agrees to submit a new form and/or to provide the required forms and documents within 90 days, should the declarations contained in this form no longer be correct.
I confirm that all statements in this form are correct and complete to the best of my knowledge and belief.
Diese Selbstauskunft ersetzt alle vorausgegangenen Selbstauskünfte des Kontoinhabers bzw. dessen beherrschender Personen bezüglich des FATCA-Abkommens und des CRS. Die Gesellschaft bestätigt hiermit, dass sie sich für die Dauer der Vertragsbeziehung mit der Solaris verpflichtet, dieser innerhalb von 30 Tagen aus eigener Initiative mitzuteilen, wenn sich eine in diesem Formular eingegebene Angabe ändert.
Die Gesellschaft erklärt sich damit einverstanden, innerhalb von 90 Tagen ein neues Formular und/oder die erforderlichen Formulare und Dokumente einzureichen, wenn eine in diesem Formular enthaltene Bestätigung nicht mehr korrekt ist.
Ich bestätige, dass alle Erklärungen in diesem Formular nach bestem Wissen und Gewissen richtig und vollständig sind.
Example screen for business tax declaration
The following screen is an example of how you can build the business tax declaration screen in your sign-up flow:
FATCA indication
note
This screen is mandatory for:
- Digital Banking & Cards products for all customer types (B2C, B2B, and Freelancers) in all countries.
You must now determine whether the customer wishing to open a bank account with Solaris is subject to US tax law. Solaris is required to perform this check to comply with the Foreign Account Tax Compliance Act (FATCA).
At this stage, you must ask for a self-declaration of FATCA relevance. You must ask the following question to the potential account holder and provide an accompanying yes/no input field.
- If the customer answers "yes," set the value of
fatca_relevant
totrue
. In this case, the customer cannot be onboarded. - If the customer answers "no," set the value of
fatca_relevant
tofalse
and store this in your solution. - Record the timestamp of the customer's confirmation of the FATCA relevance and pass it to our API in the attribute
fatca_crs_confirmed_at
(A property in the create person resource).
warning
- Only customers with a
fatca_relevant
value offalse
can proceed with onboarding. - For business customers, you must also collect the FATCA self-declaration from all natural persons associated with the business, such as legal representatives, beneficial owners, and any authorized person on the business account.
Retail customers
Are you a U.S. citizen (incl. dual citizenship), do you have a residence or a permanent residence permit in the USA, or do you reside in the USA; for more than 180 days a year?
* Includes the US Minor Outlying Islands and the US Virgin Islands
Sind Sie US-Staatsbürger (auch doppelte Staatsbürgerschaft), haben Sie einen Wohnsitz bzw. eine ständige Aufenthaltsbewilligung in den USA* oder halten Sie sich in den USA* für mehr als 180 Tage im Jahr auf?
* einschließlich der kleineren abgelegenen Inseln der Vereinigten Staaten und der Amerikanischen Jungferninseln
Business customers
Is the account holder and/or any of its beneficial owners established in the USA* or has it been established under the laws of the USA*, and does the account holder and/or any of its beneficial owners have a tax residency in the USA*?
* Includes the US Minor Outlying Islands and the US Virgin Islands
Ist Ihr Unternehmen steuerlich ansässig in den USA*? Für den Fall, dass Ihr Unternehmen keine steuerliche Ansässigkeit hat, befindet sich Ihre Geschäftsleitung in den USA*?
* einschließlich der kleineren abgelegenen Inseln der Vereinigten Staaten und der Amerikanischen Jungferninseln
Example screen for business FATCA indication
The following screen is an example of how you can build the business FATCA self-declaration screen in your sign-up flow:
FATCA screening checks
To comply with the Foreign Account Tax Compliance Act (FATCA), Solaris is required to perform checks to determine whether the customer is subject to US tax law. These checks are in addition to the self-declaration during the Legal and Compliance screen.
To perform the FATCA checks, parse the person
and identification
resources using the following endpoints:
Hard criteria
To determine the customer's FATCA relevance, you must screen for the following hard criteria:
- Has the customer provided a US passport as their identification document? Check the
legitimation_country
attribute on the identification resource. - Is the customer a citizen of the US? Check the
nationality
attribute. - Has the customer provided a residential address in the US, the US Minor Outlying Islands, or the US Virgin Islands? Check the
country
attribute. - Was the customer born in the US, the US Minor Outlying Islands, or the US Virgin Islands? Check the
birth_country
attribute.
When to reject the customer
If any of these hard criteria attributes have the value of US
or USA
, you must deny banking services to the customer and stop the onboarding process. Failure to screen for these hard FATCA criteria may cause ongoing operational burdens for Solaris customer support.
Soft criteria
To further determine the customer's FATCA relevance, screen for the following soft criteria:
- Has the customer provided a US mobile number? Check the
mobile_number
attribute. US mobile numbers have a country code of +1. - Is the customer's only address a PO box or a c/o address? Check the
address_line_1
andaddress_line_2
attributes.
When to reject the customer
- If the answer is "Yes" to any of the soft criteria, ask the customer to clarify their phone number and/or address.
- If the customer provides a non-US phone number and a physical address, you may onboard them.
- If the customer does not provide a non-US phone number and a physical address, you may not onboard them.
Failure to screen for soft FATCA criteria may cause ongoing operational burdens for Solaris customer support.
attention
Note that Solaris periodically checks FATCA relevance for existing customers. If a customer's FATCA relevance changes to true
, Solaris's Customer Support team will provide further instructions.
Self-declaration as a politically exposed person (PEP) screen
note
This screen is mandatory for:
- Digital Banking & card products for all customer types (B2C, B2B, and Freelancers) in France, Italy, and Spain.
For customers in France, Italy, and Spain, you must check if the customer is a politically exposed person (PEP).
Implement the following screen with a yes/no checkbox and include the [PEP definition] as a link or a pop-up to your page.
"Are you, a member of your family or a close associate, in charge or assigned with, or have been in the last year, a prominent public or political office, including:
- national or local political representation,
- public management or auditing (including State owned companies),
- public health management,
- High judicial courts,
- International organizations management or auditing"
PEP definition
Politically exposed persons (PEPs) are natural persons who hold, or have held for less than one year, important public office, as well as members of their families and those known to have close links with such persons, as listed below:
- natural persons who hold or have held important public office are those who hold or have held the office of:
- President of the Republic, President of the Council, Minister, Vice-Minister and Undersecretary, President of the Region, Regional Councillor, Mayor of a provincial capital or metropolitan city, Mayor of a municipality with a population of not less than 15,000 inhabitants, as well as similar offices in foreign States;
- member of parliament, senator, member of the European Parliament, regional councillor, and similar offices in foreign states;
- member of the central governing bodies of political parties;
- judge of the Constitutional Court, magistrate of the Court of Cassation or of the Court of Auditors, State councillor and other members of the Council of Administrative Justice for the Region of Sicily, as well as similar offices in foreign States;
- member of the governing bodies of central banks and independent authorities;
- ambassador, chargé d'affaires or equivalent posts in foreign States, senior officer of the armed forces or similar posts in foreign States;
- member of the administrative, management or control bodies of companies controlled, even indirectly, by the Italian State or a foreign State, or companies in which the Regions, provincial capitals, metropolitan cities and municipalities with a total population of at least 15,000 inhabitants hold a majority or total interest;
- general manager of ASLs and hospital companies, university hospital companies and other bodies of the national health service;
- director, deputy director and member of the management body or person performing equivalent functions in international organizations;
- family members of politically exposed persons are: the parents, the spouse or the person bound in a civil union or de facto cohabitation or similar institutions to the politically exposed person, the children and their spouses as well as the persons bound to the children in a civil union or de facto cohabitation or similar institutions;
- persons with whom the politically exposed person is known to have close ties:
- natural persons who, within the meaning of this decree, jointly hold beneficial ownership of legal entities, trusts and similar legal arrangements with the politically exposed person, or who have close business relations with the politically exposed person;
- natural persons who only formally hold 100% control of an entity known to have been set up, in fact, in the interest of and for the benefit of a politically exposed person.
Compliance disclaimer screen
note
This screen is mandatory for:
- Digital Banking & Cards products for all customer types (B2C, B2B, and Freelancers) in all countries.
Before beginning the identification process, your solution must display Solaris' compliance disclaimer and collect the customer's agreement. Please note the UI requirements below that explain how to display this text to your customers.
attention
Partners may not change the compliance disclaimer text without the prior approval of Solaris' Compliance department. However, you may adapt the highlighted portions of the text to your particular case.
Retail customers
I am hereby opening a bank account in my own name and I confirm the following:
- I am fully legally responsible for all account activity.
- I will use the account exclusively for private/business purposes.
- I do not act on behalf of, or instructed by, a third person.
Beware of tricksters that try to mislead persons into opening bank accounts under false premises (e.g., app testing, job offers, credit brokering, identification for apartment offers) and misuse your account for criminal purposes.
Hiermit eröffne ich ein Konto in eigenem Namen und bestätige folgendes:
- Ich allein trage die rechtliche Verantwortung für alle Kontobewegungen.
- Ich nutze das Konto ausschließlich für private/geschäftliche Zwecke.
- Ich handele nicht im Auftrag oder auf Veranlassung eines Dritten.
Vorsicht vor Trickbetrügern, die zur Kontoeröffnung unter falschem Vorwand verleiten (z.B. App-Testing, Job-Angebote, Kreditvermittlung, Identifikation für Wohnungssuche) und Ihr Konto für kriminelle Zwecke missbrauchen.
Business customers
The bank account is opened on behalf of the indicated company. The following is confirmed:
- The company is responsible for all account activity and the persons accessing the account have relevant rights of access and disposal.
- The account is exclusively used for business purposes.
- The account is not opened on behalf of, or by instruction of, a third person.
Beware of tricksters that try to mislead persons into opening bank accounts under false premises (e.g., app testing, job offers, credit brokering, identification for apartment offers) and misuse your account for criminal purposes.
Das Bankkonto wird im Namen des angegebenen Unternehmens eröffnet. Das Folgende wird bestätigt:
- Das Unternehmen ist für alle Kontobewegungen verantwortlich und die Personen, die auf das Konto zugreifen, haben entsprechende Zugriffs- und Verfügungsrechte.
- Das Konto wird ausschließlich für geschäftliche Zwecke genutzt.
- Das Konto wird nicht im Namen oder auf Anweisung einer dritten Person eröffnet.
Vorsicht vor Trickbetrügern, die zur Kontoeröffnung unter falschem Vorwand verleiten (z.B. App-Testing, Job-Angebote, Kreditvermittlung, Identifikation für Wohnungssuche) und Ihr Konto für kriminelle Zwecke missbrauchen.
Compliance screen UI requirements
- It must use the exact text provided above.
- It must draw the customer's undivided attention—i.e., it cannot be hidden in the fine print.
- It must be displayed as the only content on the screen, i.e., not combined with other information or something else.
- It must be easily readable in a large font that fills the screen.
- It must be displayed immediately before the customer is forwarded to the identification SDK flow.
- The customer must confirm their understanding of and consent to the content of the screen, ideally for each paragraph individually.
- The giving of consent must be performed by the user independently of any other interactions—i.e., it cannot coincide with the closing of the screen or the "next button".
- You must store the customer's consent in a way that allows auditors to prove that the consent was given. Relying on the argument that the customer cannot proceed without consent is not sufficient.
Solaris recommends the following best practices:
- When the compliance screen is displayed, there should be a short delay (e.g., one to three seconds) before the customer can click the consent button and continue (thereby incentivizing the customer to actually read the content).
- Use a switch or checkbox design to give the customer the impression of a conscious consent, as opposed to just "clicking away" another screen.
Example screen for compliance screen
The following screen is an example of how you can build the compliance screen in your sign-up flow: