Following the acquisition, Onfido is now known as Entrust.Read more
Onfido LogoOnfido Logo

Developers

Market ready solutions for the United States

Introduction

Financial institutions operating in the United States must adhere to a range of stringent compliance regulations, particularly when it comes to know your customer (KYC) and anti-money laundering (AML) requirements. Achieving and maintaining compliance in the United States can be a complex undertaking, as businesses must navigate numerous federal and state laws and adapt to regulations that are continually evolving in response to new threats.

Central to the patchwork of US compliance legislation are the Bank Secrecy Act (BSA), the Anti-Money Laundering Act and the Patriot Act, which together provide the framework for detecting and preventing money laundering and financing of terrorism. These laws set out a range of reporting and record keeping requirements that regulated entities must adhere to, including verifying the name, date of birth, address and social security number of applicants during onboarding .

Entrust offers a range of identity verification solutions and fraud detection signals that when combined, enable customers to meet these regulatory requirements. These solutions include:

  • Identity database verification
  • Mastercard Identity Account Opening
  • Watchlist queries and ongoing monitoring
  • Document and biometric verification
  • Device Intelligence reports

Available for integration through Workflow Studio, tailoring these verification solutions together provides a high level of assurance for secure and compliant onboarding.

Identity database verification

A foundational layer of AML and KYC compliance in the United States is the Customer Identification Program (CIP) - a legal requirement of the Patriot Act requiring financial institutions to verify the identity of every customer opening an account as well as to have a documented KYC process in place.

Under US law, the CIP requires financial institutions to collect and verify the identity information of all onboarding customers - including name, date of birth, address and social security number – as well as to verify identity using reliable, independent sources such as identity documents or authoritative database validation.

Through Workflow Studio, Entrust supports compliance with CIP requirements through the integration of a Query Country Databases task in a Studio workflow. By configuring the task in the Workflow Builder and selecting the USA Full CIP tenant, you can define the authoritative databases that are sourced (such as credit bureaus, telecommunications records and postal records) to verify the identity of a user. The tenant takes as inputs the user's first name, last name and at least one of address, date of birth or social security number.

CIP tenant selection

The USA full CIP tenant is configured through the Studio Workflow Builder

Mastercard Identity Account Opening

An additional verification signal to assess risk during customer onboarding is Mastercard Identity Account Opening. Available for integration as a Workflow Studio task, the solution helps assess fraud risk by providing predictive data insights and risk analysis through the evaluation of five key customer attributes – name, email address, phone number, physical address and IP address.

Based on the evaluated risk, customers can be funnelled down the appropriate verification path; a lower friction route for low-risk users, or a higher friction route with additional identity verification checks for those who pose a potential risk or are suspected fraud.

More detailed documentation around the Mastercard Identity Account Opening can be found in our dedicated product guide.

Watchlist queries and monitoring

Watchlist queries and monitors offer an additional layer of anti-money laundering (AML) screening.

Entrust provides four Watchlist report variants, available for integration in Workflow Studio, verify an applicant's records against a range of global watchlists, including:

  • Sanctions - government and international organisations' sanctions lists
  • Politically Exposed Persons (PEPs) - proprietary database of PEPs sourced from government lists, websites and other media sources
  • Monitored Lists - law enforcement and regulatory bodies monitored lists (including terrorism, money laundering and most wanted lists)
  • Adverse Media - negative events reported by publicly and generally available media sources

These four report variants include Watchlist Standard, Watchlist AML, Watchlist Sanctions only and Watchlist PEPs only.

When necessary, ongoing watchlist monitoring can also be configured to continuously screen customers after onboarding to detect any changes in their risk status, such as appearing on new sanctions lists, being linked to adverse media, or becoming politically exposed. As with Entrust's range of Watchlist reports, Ongoing monitoring is available in Workflow Studio by configuring a Watchlist Ongoing Monitoring task.

Document and biometric verification

Identity document and biometric verification are foundational when it comes to establishing trust during user onboarding. Entrust's range of document solutions (including Document report, Document Video report, Document report with NFC and Document report instant) and biometric verification solutions (including Facial similarity report, Known Faces report and liveness verification) together not only securely verify the identity of onboarding users, but ensure they are the genuine and rightful owners of identity documents.

Device intelligence analysis

Working alongside document and biometric verification is Entrust's Device Intelligence report, which passively assesses a range of digital signals during onboarding to detect and prevent sophisticated fraud, without adding user friction during onboarding. These include device integrity signals (operating system, browser, presence of an emulator), IP address and geolocation data.

When combined with document and biometric verification, Device Intelligence helps detect sophisticated fraud patterns - such as emulator use, network manipulation, or links to known fraudulent activity - ultimately improving both security and confidence in the overall identity verification process.

Example Studio workflow

Below you will find an illustrated example of a Studio workflow combining a range of the identity verification solutions detailed in this guide:

USA workflow example