This repository has been archived on 2026-07-08. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
identity-canon/research/commercial-identity/kyc-aml-commercial-identity-binding.md
tegwick 08361f6fb7 Settle commercial identity nuances with consolidated enums and linking rules
Add commercial-identity-nuance-settlement.md resolving control_basis,
binding_trigger, cross-registry Synonymity strengths, OPI branch modeling,
escrow commitment type, reputation portability, payment edge cases, CRM renewal
rules, Person Account adapters, and eIDAS wallet scope. Update canon, OpenQuestions,
and all commercial-identity source notes.
2026-06-21 23:21:21 +02:00

105 lines
4.8 KiB
Markdown

# KYC AML and Commercial Identity Binding
## Source Type
Regulatory framework synthesis. USA PATRIOT Act CIP, FinCEN KYC/AML, FATF digital
identity guidance.
## Domain
Financial regulation, customer identification, beneficial ownership, and ongoing
commercial relationship monitoring.
## Why This Source Matters
KYC/AML is where governments **mandate** commercial identity binding: institutions
must verify who they transact with, retain evidence, and monitor behavior. This is
the strongest practical force turning fluid identities into **regulated,
high-stakes counterparty records**.
## Key Concepts
- **KYC (Know Your Customer)**: policies ensuring institutions know customers and risks.
- **AML (Anti-Money Laundering)**: broader program preventing illicit finance.
- **CIP (Customer Identification Program)**: US mandate to verify identity before account opening.
- **CDD (Customer Due Diligence)**: risk assessment of customer relationship.
- **EDD (Enhanced Due Diligence)**: heightened review for high-risk customers.
- **Beneficial owner (BO)**: natural persons owning/controlling legal entity customers
(historically 25% threshold; may be lowered for high risk).
- **Ongoing monitoring**: transaction surveillance after onboarding.
- **Record retention**: CIP records kept years after relationship ends.
- **Sanctions / PEP screening**: compare identities against government lists.
- **Digital identity (FATF)**: guidance on digital ID assurance for KYC.
## Relevant Terminology
| Term | Source meaning |
| --- | --- |
| KYC | Know-your-customer compliance program. |
| CIP | Customer identification at onboarding. |
| Beneficial owner | Natural person behind legal entity customer. |
| PEP | Politically exposed person (elevated risk). |
| Due diligence | Risk-based identity and activity review. |
| Ongoing monitoring | Continued scrutiny of customer activity. |
| Risk profile | Customer risk classification. |
| FinCEN | US Financial Crimes Enforcement Network. |
## Modeling Assumptions
- **Commercial relationship triggers identity rigor** proportional to risk.
- **Legal entity customers require beneficial owner identification** — natural
persons bound to organization customers.
- **Identity verification is not one-time**; monitoring continues across lifecycle.
- **Evidence must be retained** even after account closure.
- **False identity has regulatory and criminal consequences** — binding is external,
not user preference.
- **Friction is accepted** where commercial stakes require it.
## Identity-Canon Implications
- KYC onboarding creates **Commercial Record** + **Commercial Commitment** (regulated
relationship) bound to **Natural Person** and/or **Organization/Legal Entity**.
- **Beneficial owner** maps to **Natural Person** linked via **Beneficial
Ownership Relationship** to Organization/Legal Entity customer (see
`beneficial-ownership-kyc-boi.md`).
- CIP evidence maps to **Evidence Source** with **Assurance Level**.
- Ongoing monitoring produces **Evidence Source** events affecting **Lifecycle State**
and **Trust Relationship**.
- Supports fluid-to-bound transition: anonymous lead → verified customer with retained proof.
- **Account** (bank/login) is insufficient alone; KYC binds the **counterparty**.
## Terminology Conflicts
- **Customer (KYC)** vs. **Customer (Stripe)** vs. **Customer (role)**: regulated
counterparty vs. billing object vs. commercial role.
- **CIP customer** vs. **Account holder**: verified party vs. access credential.
- **Digital identity** vs. **login identity**: assurance-ranked ID vs. session user.
## Candidate Canonical Mappings
| KYC/AML concept | Candidate canonical concept |
| --- | --- |
| Verified customer | Commercial Record + Actor binding |
| CIP evidence | Evidence Source |
| Beneficial owner | Natural Person + Beneficial Ownership Relationship |
| Risk profile | Assurance Level + metadata on Commercial Relationship |
| EDD review | Evidence Source (enhanced) |
| Sanctions hit | Lifecycle State / Trust Relationship revocation |
| Transaction alert | Evidence Source event |
| Record retention | Lifecycle/archival policy on Commercial Record |
## Open Questions
*(none — settled in `commercial-identity-nuance-settlement.md`)*
## Settled
- Beneficial Owner → **Beneficial Ownership Relationship**; `control_basis` enum;
CDD vs. BOI filing layered separately.
## References
- Thomson Reuters, Customer Identification Program overview — https://legal.thomsonreuters.com/blog/overview-customer-identification-program-cip/
- Okta KYC definition — https://www.okta.com/identity-101/kyc/
- FinCEN, USA PATRIOT Act Section 326 — https://www.fincen.gov/resources/statutes-regulations/usa-patriot-act
- FATF Guidance on Digital Identity — https://www.fatf-gafi.org/en/publications/Fatfrecommendations/Guidance-on-Digital-Identity.html