KYC and User Overview

User Creation and KYC Submission

The user creation process can lead to a negative user experience if implemented incorrectly. For example, a platform’s flow may communicate to a user that on-boarding completed successfully, and then afterwards prevent the user's ability to transact until further required documentation is submitted (e.g. due to a potential match within a sanctions list). Our team will work with you to develop your Customer Identification Program (CIP) and specific KYC needed for your platform's user types. If these requirements have been fulfilled (and the user does not appear in a sanctions list), then the user will be able to transact.

Recommended Flow

  1. Create a User with KYC (Highly Recommend to Add All KYC)

    We recommend to add all KYC when creating the user. If the user has already been created you have the option to perform single submit with a KYC call for all documents (to avoid a race condition, please look at KYC Best Practices for more information on this point), but, as KYC is processed asynchronously, we recommend submitting all KYC in one call as a more efficient process.

  2. Subscribe to Webhooks (If You Haven’t Done So Already).

    These webhooks will inform you when the user has been created and if KYC has been added in our system, as well as any change, transfers, or similar occurring with your gateway credentials.

  3. Issue OAuth Key

    If you created a user and receive a webhook confirming the user has been created successfully, the next step will be to issue an OAuth key for the user so that user actions can be performed.
    We will generally process and verify the submitted KYC within a couple of seconds. However, this can vary, depending on traffic and how much information/how many documents are on the payload. If all documentation was successfully processed we will give the user SEND-AND-RECEIVE permissions (that is, the ability to open nodes, and originate and receive transactions).

  4. View User

    • If the user has SEND-AND-RECEIVE permissions, all documents were processed successfully.
    • If the user does not have SEND-AND-RECEIVE permissions, all documents may not have processed successfully or the user may be a potential match in a sanctions list.
      • To check for the former, look at the status of each submitted document and re-submit relevant documents
      • For the latter, check the user's watchlists flag to determine if the user was flagged as a possible match by Synapse's KYC verification system.
        • If the flag's value is SOFT_MATCH|PENDING_UPLOAD, you will need to upload a government ID (GOVT_ID) to allow either for our KYC verification system or for our compliance team to recheck the user.
        • If the flag's value is SOFT_MATCH you will need to wait for the results of a compliance check.
        • For more details about this process, please refer to Sanctions Tiers and Watchlists Explained.

We recommend this process as the preferred method for submitting KYC because it provides the platform with the greatest insight into whether all KYC was submitted successfully or not. Remember to re-submit or provide any additional KYC in one Add KYC API call.

  1. Final Steps

    • Success

      • If user creation and KYC submission were a success, you can now inform the user that on-boarding is complete.
    • Failure

      • However, if there was an issue with KYC submission (e.g. we can’t process a document) we provide notification via a webhook (if subscribed), and the platform will need to submit the KYC again.
      • If (Assumed Valid) Documents Cannot Be Processed
        • If a document still cannot be processed, and you have reason to believe the document is valid and the picture follows our guidelinesADD LINK, submit a ticket to Synapse and our Customer Success team will either resolve the issue or escalate to our Compliance team.

Further SSN Verification Lag

Because we verify SSNs by making an immediate initial verification and a more in-depth verification with the IRS up to 24 hours later (learn more here). It could be the case that we require submission of a Social Security card up to 24 hours after the user’s SSN was approved by our initial verification.

  • If this occurs the user would not be able to transact until the Social Security card is submitted and verified. Users will have two resubmission opportunities.

Updating KYC

Use our Add/Update KYC API to update the KYC of the user. Except for addresses, all types of KYC will update to the submitted KYC. If the new KYC cannot be verified or the user is a match in a sanctions list it will not be able to transact until valid KYC is re-submitted.

Address, on the other hand, will not update if invalid. Consequently, please use our Verify Address API to check if the new address is valid before submission. Addresses do not update if the submitted address is invalid because we will always need a valid address to send a check to, in case an account has a positive balance at account closure.

The Importance of KYC

The collection of KYC documentation from end users and platforms is an important step in the on-boarding process. This not only helps facilitate compliance with the Bank Secrecy Act, but also helps prevent account takeovers and fraudulent user activity. The identifying documents collected for both platforms and individuals helps us understand who our customers are, the nature of their relationship with us, and their expected activity. Different products and limits will have different KYC requirements because the underlying risks can vary greatly. We encourage platforms to collect more KYC than our minimum requirements.

This page (and its related sub-pages) are not intended to outline a Customer Identification Program (CIP), or set forth minimal KYC requirements (which will be detailed in your spec sheet), but rather to explain what we do with the information we collect.

Please note, although we continually strive to prevent fraud at any level, we do not and cannot guarantee a fraud-free product. We actively encourage our platforms to take the necessary steps to mitigate fraud, as the platforms will still be liable for user fraud and negative balances incurred as a result of fraudulent activity.

KYC and User Overview


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.