[anon589]

Outsourcing KYC is a questionable decision though - I’m wondering how much of a black box that is or you get the same info as if you implemented it yourself.

There’s always false negatives for systems like this, and if Stripe wrongly tells you someone is good then are you liable for acting on that decision?

[weego]

Outsourcing KYC is essential if you want preventative measures. Having your own just allows you to learn from getting stung.

[_alex_]

So much this. I would have zero interest in building out kyc vs having stripe do it for me

[tempsy]

It’s a question of defensibility if some regulator came to you and asked why you allowed certain individuals through because a black box told you without any additional context.

And I don’t think anyone builds their own KYC from ground up - it’s more whether you have context for a decision with your own vendor implementation vs a black box yes or no.

[conductr]

Isn’t it Stripe’s partner bank that is ultimately underwriting all the KYC on a platform like this? I assume they’ve signed off on how Stripe has implemented it so as to be sufficiently defensible

[jdmichal]

Ding ding. Notice to open the Treasury account, you need to specify the bank. Stripe is not owning the accounts, the bank is, so KYC is pushed to them.

EDIT: For those that think that just opening the accounts as Stripe would be a workaround, the answer to that is "beneficial ownership" and is part of KYC.

[futhey]

Ah, this is illuminating. So the built an API to interface developers with existing bank infrastructure (likely to support their own operations).

They're not the treasury, they're the link that doesn't require me to be a huge entity with bargaining power to convince a bank to partner with me.

[gcblkjaidfj]

Corollary: Outsourcing KYC means they learn from you getting stung.

[derefr]

Which in turn means you benefit from everyone else who's already been stung. KYC solutions' risk:reward ratios start high, but asymptotically approach 0 as the provider learns from its customers' problems. If you're signing up for a well-established one, you're able to free-ride on all the learning that's already been done.

[giovannibonetti]

You can have your cake and eat it, too: - Start with a third-party KYC solution - Slowly develop your own and compare the results with the one from the provider - When your own solution provides something similar to the other one, you can abort the subscription

[enos_feedler]

Sort of like Apple cutting out Intel :P

[joshuakelly]

I can't speak specifically to the liability question since I don't want to provide any inaccurate information.

To the false negatives problem itself though, I think your implicit assumption is the correct one - that false negatives are a bigger potential problem than false positives. In my experience, the false positive rate on declines was immaterial to the business. The impact of a false negative is definitely a different question.

[schainks]

Outsourcing KYC is standard practice. There are expensive systems you can license that do this as correctly as possible, ensuring banned persons (due to sanctions, international most wanted lists, whatever) are not allowed to transact with your system.

Yes, they are black boxes, but they work pretty well considering banks all over the world use them.

[intricatedetail]

In my country relying on someone else's advice even if that is a qualified professional advice won't remove any liability from a person acting on such advice. It's just an information that one needs to decide for themselves and accept consequences.

[jacquesm]

Hello anon589, no, it is the only right thing to do. Proper KYC is a thing that only works at scale, just like fraud prevention. Without access to amounts of data much larger than what any single company (even a larger one) sees you are simply going to learn all of the available lessons the hard way. KYC and UBO tracing are specialist jobs that a smaller entity will not be able to do even remotely as good as a larger one, especially not if that larger one has access to many other parties just like yours.

[rkagerer]

Will Stripe indemnify you against inaccurate results?