[5] B/KYC

All customers must be successfully identified using a suitable KYC method to be onboarded on any of Solaris' products. Solaris offers different identification methods based on the product's risk, branch, and customer type.

Depending on your banking use case, Solaris will inform you of the suitable KYC method. However, this section covers some of the standard requirements for KYC.

Customer/Business identification (B/KYC)

All B2C and freelancer customers must be identified using a KYC method suitable for your banking use case.

B2B customers undergo a BKYC flow, consisting of two different streams of identification running in parallel:

• Business identification: Conducted internally by Solaris to identify the business' legal entity.
• Person identification: Done via a suitable KYC method to identify the natural persons associated with the business.

During the identification process, the person's identity will be confirmed and the personal data collected in your sign-up flow will be validated using an identity document provided by the customer.

Additionally, depending on the product you're integrating, the customer may be required to sign relevant contracts via a Qualified Electronic Signature (QES), which is done during the KYC flow.

Overview of KYC methods

Choosing the suitable identification method for your customer depends on several factors, such as regulatory requirements, product risk, customer type, and branch.

Digital Banking & Cards

For Digital Banking & Cards products, Solaris offers different KYC methods tailored to your banking use case. However, there are different factors you must consider for the KYC flow, including the product risk, customer type, and the specific regulations for the country in which you're offering the product.

The following table gives an overview of suitable KYC methods per product, customer type, and branch. Please note that this is just an overview of some of the standard possible combinations.

• Germany
• France
• Italy
• Spain

Lending

For lending products, video identification via IDnow is the predominant KYC method along with a QES to sign any loan contract.

Validity of identification documents (Only Italy & Spain)

To comply with regulatory requirements, Solaris must keep copies of valid identification documents for active customers in its Italy and Spain branches. This requirement applies to the following customer segments:

• Retail customers
• Freelancers & Sole proprietors
• Businesses' legal representatives
• Authorized persons on a business or a retail account

How will you be notified of the expiry of ID documents?

In Italy and Spain, Solaris stores the expiry date of a customer's identification document and calculates a follow-up date to notify you before it expires. You'll receive a webhook notification on the event POTENTIAL_ACCOUNT_BLOCKING 30 days before the expiry date, and then every 30 days until 90 days after the expiry.

The webhook payload includes the blocking_date, which is the date by which the account will be blocked if the customer has not identified again with a valid ID document, and the reason for the account blocking is set to IDENTIFICATION_DOCUMENT_EXPIRED.

What should you do?

After receiving a notification on the POTENTIAL_ACCOUNT_BLOCKING webhook event, you should take the following steps:

1. Create a new identification resource for the customer and specify the identification method using the POST Create an identification.
2. Request the identification for the customer by calling PATCH Request an identification.
3. Notify the customer that they must complete the KYC flow with their new valid ID document.
4. After successful KYC, Solaris will store the expiry date of the new ID document and calculates a new follow-up date.

If the customer did not identify with a valid ID document within 90 days after the expiry date, the customer's account will be blocked with the reason IDENTIFICATION_DOCUMENT_EXPIRED. If a new ID document is submitted, the account will be unblocked.

Which KYC method to use?

For the re-identification due to expired ID documents, you can choose between the following methods:

• Fourthline
• IDnow AutoIdent

Customer Due Diligence (CDD)

Customer Due Diligence (CDD) is part of the KYC process. Solaris runs several risk and vetting checks on new and existing customers on a regular basis.

This is a mandatory requirement for all customer types in all branches for all Digital Banking & Cards products. Your customers must pass the screening process before you can provision any banking solution to them.

CDD, however, is currently not mandatory for lending products.

For more information about the process, check the CDD guide.

FATCA relevance

In compliance with the Foreign Account Tax Compliance Act (FATCA), Solaris cannot onboard customers who are liable to pay taxes in the United States.

This is a mandatory requirement for all customer types in all branches for all Digital Banking & Cards products. You must verify that your customers are NOT FATCA-relevant before you can offer any banking solution to them. Additionally, customers' FATCA status must NOT change throughout the business relationship with Solaris.

For lending or KYC standalone products (e.g., a product without an associated bank account), the FATCA requirement is NOT mandatory.