Overview
KYC Requirement (Individual)
Risk-Based KYC Requirements
| Risk Level | Verification Requirements | KYC Data Collected |
|---|---|---|
| Low | Government-issued ID + Liveness check + Proof of address | firstName + lastName + DateOfBirth + Nationality + taxID + AddressStreet + AddressCity + AddressPostCode + AddressState + ProofOfAddress |
| Medium | Government-issued ID + Proof of address + Liveness check + KYC questionnaire | All from Low Risk + EmploymentStatus + Occupation + MonthlyNetIncome + IntendedUse + ExpectedMonthlyVolume + SourceOfFunds |
| High | Government-issued ID + Liveness check + Proof of address + KYC questionnaire + Source of Funds documentation | All from Medium Risk + SoFProoF |
Spending Limits
Each risk level is subject to the initial spending limit. The limit can be increased to the next level if additional due diligence steps are completed (KYC questionnaire and Source of Funds proof).| Risk Category | Tier (Access Level) | Annual Limit | Required Verification |
|---|---|---|---|
| Low risk | Tier 1 | 27,000 EUR | Government-issued ID + Liveness check + Proof of address |
| Tier 2 | Unlimited | Government-issued ID + Liveness check + Proof of address + KYC Questionnaire + SoF proof | |
| Medium risk | Tier 1 | 27,000 EUR | Government-issued ID + Liveness check + Proof of address + KYC Questionnaire |
| Tier 2 | Unlimited | Government-issued ID + Liveness check + Proof of address + KYC Questionnaire + SoF proof | |
| High risk | N/A | Unlimited | Government-issued ID + Liveness check + Proof of address + KYC Questionnaire + SoF proof |
Individual Identity Verification
Iron only accepts the following:- Passports (globally accepted)
- National ID cards (EU issued only)
- Drivers license (EU, UK and US issued only)
- Passports (globally accepted)
- National ID cards (EU issued only)
- Drivers license (EU, UK and US issued only)
- ID documents must be government-issued, valid, and clearly readable
- Proof of address must be recent and match the provided residential address
- Selfie and liveness checks must align with the submitted ID
- Missing or inconsistent information may trigger additional compliance checks or result in rejection.
KYB Requirement (Business)
Required information for KYB
Iron verifies a business’s existence and legal status using official registries and supporting documents. This includes details on the company, its directors, and key personnel. Businesses must disclose their ultimate beneficial owners (UBOs) and provide documentation like shareholder structures and registry extracts until UBOs are fully identified and verified. To complete the KYB onboarding, businesses must provide the following information and documentation clearly outlined below:| BUSINESS | DIRECTOR | UBO |
|---|---|---|
| BusinessName | firstName | firstName |
| BusinessID | lastName | lastName |
| BusinessWebsite | dateOfBirth | dateOfBirth |
| BusinessTaxID | nationality | nationality |
| BusinessIndustry | taxID (US Citiz only) | taxID (US Citiz only) |
| BusinessSendsCustomerFunds | OwnershipPercentage | |
| BusinessSourceOfFunds | ||
| BusinessPrimaryPurpose | ||
| BusinessExpectedMonthlyVolume | ||
| Phone | Phone | Phone |
| AddressStreet | AddressStreet | AddressStreet |
| AddressCity | AddressCity | AddressCity |
| AddressPostcode | AddressPostcode | AddressPostcode |
| AddressState | AddressState | AddressState |
| AddressCountry | AddressCountry | AddressCountry |
| CompanyRegistration | govIDType | govIDType |
| ArticlesOfAssociation | govIDNumber | govIDNumber |
| OwnershipProof | govIDissuanceDate | govIDissuanceDate |
| OwnershipChart | govIDexpiryDate | govIDexpiryDa |
Prohibited Industries
To ensure alignment with regulatory expectations and Iron’s risk appetite, the following business activities are prohibited from using Iron’s services:- Activities violating laws, such as hacking, drug trafficking, human trafficking, or counterfeit goods.
- Trading, producing, or facilitating firearms, explosives, or military-grade materials.
- Unregulated crypto exchanges, payment services, peer-to-peer platforms, and trust or company service providers.
- Gambling or betting platforms without proper licensing, including TOR-based or land-based operations.
- Darknet marketplace transactions, crypto mixers, and privacy coin transactions.
- Sale or distribution of banned CBD products, marijuana (where prohibited), and drug-related equipment.
- Escort services, pornography, and adult entertainment products.
- Fraudulent investment schemes, get-rich-quick schemes, and unauthorized MLM programs.
- Sale, trade, or facilitation of human organs or body parts.
- Items related to criminal activities or promoting illegal acts.
- Distribution or sale of explosives, toxic substances, or dangerous chemicals.
- Trade in counterfeit brands, piracy, or intellectual property infringements.
- Unregulated sales of liquor, legal counsel, or pharmaceuticals.
- Hacking tools or software developed for unlawful activities.
- Unauthorized cold-call marketing activities violating local privacy laws.
- Facilitating trading of in-game items for real-world currencies or crypto.
- Unauthorized crypto ATMs or mining operations issuing their own digital assets.
- Unauthorized physical or digital currency exchanges.
- Activities intended to bypass international sanctions.
- Facilitating ransomware transactions or ransomware-as-a-service operations.
- Donations involving charities that are unregistered or unverifiable
Business Ownership and Constitutional Documents
To comply with Iron’s KYB requirements, all businesses must provide clear, official documentation that reliably verifies their complete ownership structure, ultimate beneficial owners (UBOs), controlling individuals, and confirms the existence and ongoing operations of the legal entity. This information is essential to meet regulatory obligations. If the entity does not have individual beneficial shareholders, we will need to confirm the individuals who significantly control the entity instead, such as its directors and officers.Required Documentation per Entity Type
-
Sole Proprietorships
- Official sole proprietorship license or registration document clearly naming the sole proprietor and confirming active operation.
- Recent tax filings or official government-issued documents linking the proprietor to business operations.
-
Partnerships (General, Limited, LLP)
- Partnership agreements officially certified or notarized, detailing partners and ownership shares.
- Officially issued partnership registration certificates clearly listing partners and their shares.
-
Limited Liability Companies (LLCs) and Corporations
- Articles of Incorporation or Articles of Organization issued by the official business registry, clearly listing shareholders/members.
- Official shareholder/membership register or certified extracts from commercial registries clearly indicating owners and ownership percentages.
- Share certificates officially verified or notarized.
- Recent audited financial statements (for publicly traded or regulated entities), confirming the company’s operations and ownership.
-
Trusts
- Official trust deed or certificate clearly identifying trustees, settlors, protectors (if applicable), and beneficiaries.
- Notarized trustee affidavit clearly verifying trustee identity, roles, and authorities.
-
Nonprofit Organizations
- Official formation documents (e.g., Articles of Incorporation) clearly listing controlling individuals (e.g., directors or board members).
- Government-issued or officially filed annual reports or governance documents confirming ongoing operations and key individuals.
-
Decentralized Autonomous Organizations (DAOs)
- Official governance documents or independently audited membership agreements clearly outlining membership, control mechanisms, and operational status.
-
Cooperatives
- Official formation documents clearly identifying cooperative members.
- Independently certified membership ledgers or agreements clearly indicating members and voting rights.
Acceptable Document Formats & Verification Standards
All provided documents must be issued by an official governmental authority and where applicable certified by a notary public, lawyer, auditor, or similar independent professional, with Apostille certification where applicable.-
General Documentation Standards:
- All provided documents must be officially issued by governmental authorities and must be verifiable online through an official registry or database. If online verification is not possible, the documents must be independently certified by a notary public, licensed attorney, auditor, or certified public accountant. If applicable, Apostille certification or equivalent legalization is required.
- Self-generated or internally-produced documents are NOT acceptable.
- Documents must clearly display the full legal name and registration code of the business entity.
- If the entity’s ownership structure involves more than two layers (entities owning other entities), a clear organizational chart indicating ownership percentages for each level must be provided.
- Documents must be recent (issued within the past three months).
- Documents not originally in English must include certified translations.
-
The documents must clearly confirm:
- The legal existence of the entity.
- Its current operational status.
- Clear identification of ultimate beneficial owners, controlling individuals, and precise ownership percentages.
-
Unacceptable Documents:
- Self-generated, internal, unsigned, or informal documents.
- Simple printouts, screenshots, or unofficial emails.
- Internally prepared capitalization tables unless provided by reputable equity management services
Requirements for entities which are under regulatory supervision
Entities that operate under regulatory supervision must provide additional documentation to confirm their licensing status and compliance with AML/CFT regulations. Regulated entities must submit the following:Regulatory Licenses and Authorizations
A valid license or authorization issued by the relevant financial regulator or supervisory authority permitting the entity to conduct its business activities. If the license or authorization is not publicly accessible online, it must be certified by the issuing authority or a notary public.AML/CTF Policy and Procedures
A copy of the entity’s internal AML/CTF policy, outlining its approach to:- Customer due diligence (CDD) and enhanced due diligence (EDD)
- Transaction monitoring processes
- Suspicious activity reporting procedures
- Sanctions screening and PEP checks
- The policy must be approved by senior management and aligned with the applicable jurisdiction’s AML laws and regulations.
- Licenses and authorizations must be verifiable online. If online verification is not possible, documents must be certified by the issuing authority, a notary public, or a licensed legal/audit professional.
- The submitted AML/CTF policy must be an officially approved internal document (not a draft or template).
Onboarding Frameworks
Onboarding a customer with Iron depends on the chosen onboarding model: KYC reliance, KYC outsourcing, or direct onboarding. Regardless of the model, the customer is always considered a direct customer of Iron. There are two primary technical steps in the onboarding process:- Share Legal Documents: Ensure the customer receives and accepts Iron’s legal documentation (e.g., Terms of Service and other applicable agreements).
- Initiate Customer Identification: Trigger the customer identification process through one of the approved onboarding models to collect and verify required information (e.g., KYC or KYB data, depending on the customer type). Customer onboarding can be initiated via the Iron API or the Partner Dashboard, depending on your integration setup.
KYC Reliance
- Under KYC Reliance model, Iron does not have to re-KYC end-customers of the partners and may onboard them on a KYC reliance basis, as long as the following conditions are met:
- Partners must be financial institutions or supervised entities registered in the EU or a non-EU country with equivalent AML requirements.
- They must comply with all applicable AML/CFT regulations and be supervised by the relevant local authorities.
- Partners are able to provide requested client information and supporting documents (e.g., identity documents, proof of address, information and documents on the end customer’s source of funds) without delay.
- Any updates or concerns related to end-customer’s KYC data must be reported to Iron. Partners must have a robust AML framework in place, which Iron will need to assess to ensure compliance with regulatory standards.
- Partners must not be incorporated in jurisdictions listed as high-risk by the EU Commission or FATF.
KYC Outsourcing
- If the partner does not fully meet the legal or regulatory requirements for a KYC Reliance setup but has sufficient capabilities to collect and verify customer KYC data, Iron is able to offer a KYC outsourcing model. In this framework, the partner collects KYC data on Iron’s behalf and pushes this data via API, but Iron retains full oversight and is responsible for the final verification, approval, and ongoing monitoring of the end customer.
- Iron would still need to evaluate the Partner’s internal AML/CFT framework to determine whether its KYC processes are aligned with applicable legal requirements and supported by effective compliance controls.
- Unlike KYC reliance - where Iron fully depends on the Partner’s onboarding process - KYC outsourcing ensures that Iron remains the responsible party for compliance decisions.
Direct onboarding
- If KYC reliance or KYC outsourcing models are not applicable due to regulatory, legal, or operational constraints, Partners can onboard end customers directly by generating verification links through the Iron Dashboard. These links redirect customers to Iron’s hosted onboarding flow (powered by KYB/C solution provider SDK), where they complete the full KYC process. Iron handles the verification and approval of each customer, along with ongoing compliance monitoring.
- In this model, the Partner generates a unique onboarding link via the Iron Dashboard (or api endpoint). This link is shared with Partner end customers, who complete the KYC process through Iron’s hosted interface. Once the customer completes onboarding, Iron reviews the submission, performs verification, and decides on approval. Iron is fully responsible for all compliance obligations, including final verification and ongoing monitoring.