🛡️
KYC

Sumsub KYC/AML Integration

Complete identity verification and AML compliance with Sumsub's AI-powered verification platform across 220+ countries.

Quick Setup
Enterprise Secure
24/7 Support

Sumsub KYC/AML Integration Overview

Sumsub is a leading identity verification and compliance platform trusted by major crypto exchanges, fintech companies, and financial institutions. Our integration provides turnkey KYC/AML compliance with automated verification, global regulatory coverage, and AI-powered fraud detection. Essential for fiat payment integrations like Stripe and Banxa which require customer verification.

KYC Process Flow

Individual Verification Steps

The typical user verification journey takes 3-5 minutes:

  1. Applicant creation: User clicks “Verify Identity” triggering Sumsub SDK initialization
  2. Document upload: User photographs government ID (passport, driver’s license, national ID)
  3. Selfie capture: User takes selfie for face matching against ID photo
  4. Liveness detection: Active (user performs actions) or passive (algorithmic analysis) liveness check
  5. Automated review: AI processes documents and biometrics in real-time
  6. Manual review (if needed): Flagged cases escalate to Sumsub’s verification team
  7. Result notification: User and admin notified of approval/rejection via webhook

Document Requirements by Country

Sumsub maintains country-specific document matrices:

  • Tier 1 countries (US, UK, EU): Passport or national ID + proof of address
  • Tier 2 countries (Asia, Latin America): Passport or national ID (address proof optional)
  • Tier 3 countries (emerging markets): Passport typically required due to ID standardization
  • Special jurisdictions: Some countries require additional tax ID or local registration documents

Biometric Liveness Detection

Two liveness approaches prevent fraud:

Active Liveness:

  • User performs actions (turn head left/right, smile, blink)
  • Proves real person present during capture
  • Higher security, slightly longer process (15-20 seconds)

Passive Liveness:

  • No user action required beyond selfie capture
  • ML algorithms detect spoofing attempts
  • Faster UX (5 seconds), slightly lower fraud detection than active

Exchanges can configure active vs passive based on risk appetite.

Video Verification Workflow

For high-risk applicants or large transaction amounts:

  • Live video call with Sumsub verification specialist
  • Real-time document inspection under varying angles
  • Verbal confirmation of user details
  • Recording stored for audit trail and compliance

Average Completion Time

  • Automated approvals: 1-2 minutes (80% of cases)
  • Automated rejections: 1-2 minutes (poor photo quality, obvious fraud)
  • Manual review: 15-30 minutes (15% of cases)
  • Complex cases: 24-48 hours (5% requiring additional documentation)

AML/Sanctions Screening

Watchlist Coverage

Sumsub screens applicants against comprehensive global databases through KYC/AML compliance:

  • OFAC (US Office of Foreign Assets Control) - sanctioned individuals and entities
  • UN Security Council - international sanctions lists
  • EU Consolidated List - European Union sanctions
  • INTERPOL - wanted persons and criminal databases
  • National lists: FBI, HM Treasury, AUSTRAC, MAS, and 100+ country-specific lists
  • Total coverage: 1,400+ watchlists with daily updates

Ongoing Monitoring Capabilities

Verification isn’t one-time - continuous monitoring catches changes:

  • Daily watchlist updates re-screen all verified users
  • New sanctions matches trigger immediate alerts
  • PEP status changes flagged when users become politically exposed
  • Adverse media monitoring detects criminal investigations or negative news

Risk Scoring Methodology

Sumsub assigns risk scores (0-100 scale) using ML models:

  • Low risk (0-30): Standard approval with automated processing
  • Medium risk (31-70): Additional checks or manual review
  • High risk (71-100): Enhanced due diligence required, admin approval

Factors include:

  • Country risk tier
  • Document anomalies
  • Behavioral biometrics
  • Transaction patterns (if integrated)
  • Adverse media mentions

Real-Time Database Updates

Watchlist databases refresh continuously:

  • Critical updates: Pushed within minutes (major sanctions events)
  • Standard updates: Daily batch processing
  • Historical data: 5+ years of watchlist changes for audit trails

Compliance Reporting Dashboard

Sumsub provides compliance officers with:

  • Approval/rejection rates by country, document type, date range
  • Manual review queue prioritized by risk score
  • Sanctions hit reports with details on matched entries
  • Audit logs showing all verification decisions and who made them
  • Regulatory reports formatted for FinCEN, FCA, MAS, etc.

Supported Countries & Regulations

Geographic Coverage

Sumsub verifies identities from 220+ countries and territories:

  • Full coverage: All G20 countries with high-quality document recognition
  • Emerging markets: Africa, Asia, Latin America with localized requirements
  • Cryptocurrency hubs: Malta, Singapore, UAE, Switzerland with specialized flows
  • Remote jurisdictions: Island nations and territories often used by crypto traders

Regional Compliance Standards

The platform adapts to regional requirements:

MiCA (Markets in Crypto-Assets) - European Union:

  • Enhanced due diligence for transactions >€1,000
  • Travel rule compliance for crypto transfers
  • Periodic customer review requirements

FCA (Financial Conduct Authority) - United Kingdom:

  • Risk-based approach to customer verification
  • Enhanced monitoring for high-risk customers
  • Sanctions screening against UK Treasury lists

FinCEN - United States:

  • Customer Identification Program (CIP) compliance
  • Beneficial ownership verification for entities
  • Suspicious Activity Report (SAR) support

MAS - Singapore:

  • Digital Payment Token (DPT) service requirements
  • Risk-based customer due diligence
  • Transaction monitoring thresholds

AUSTRAC - Australia:

  • AML/CTF program compliance
  • Ongoing customer due diligence
  • Threshold transaction reporting

Document Type Support by Region

Different regions require different document combinations:

  • North America: Driver’s license + SSN (US), driver’s license + utility bill (Canada)
  • Europe: National ID card (EU), passport + proof of address (UK)
  • Asia: National ID + bank statement (common), passport preferred in some countries
  • Middle East: Emirates ID (UAE), National ID (Saudi Arabia)
  • Latin America: National ID (Brazil RG, Argentina DNI), passport for international users

Local Language Support

Sumsub UI available in 40+ languages:

  • Automatic language detection based on user location
  • Admin dashboard multi-language support
  • Verification team fluent in major languages for manual review
  • Document recognition supports non-Latin scripts (Arabic, Cyrillic, Asian characters)

Risk Assessment Features

Behavioral Biometrics Analysis

Sumsub analyzes user behavior patterns during verification:

  • Typing speed and rhythm (copy-paste vs manual entry indicates automation)
  • Mouse movement patterns (bots have different movement signatures)
  • Time spent on each step (unusually fast completion suggests pre-prepared fraud)
  • Browser/device consistency (switching devices mid-verification is suspicious)

Device Fingerprinting

Every verification session captures device information:

  • Device ID (hardware fingerprint)
  • IP address and geolocation
  • Browser and OS versions
  • VPN/proxy detection (flags anonymization attempts)
  • Device velocity (same device used for multiple accounts)

ML-Based Fraud Detection

Machine learning models trained on millions of verifications:

  • Document forgery detection (altered expiry dates, photo replacements)
  • Face morphing detection (composite faces blending multiple people)
  • Deepfake detection (AI-generated faces)
  • Cross-referencing (same person submitting multiple identities)

Configurable Risk Thresholds

Admins customize when to escalate for manual review:

  • Document quality score < X triggers rejection or manual review
  • Face match confidence < Y requires human verification
  • Risk score > Z blocks approval automatically
  • Country-based rules (higher scrutiny for high-risk jurisdictions)

Manual Review Escalation Triggers

Cases automatically sent to human reviewers:

  • Low document quality scores
  • Face match confidence below threshold
  • Sanctions screening hits (including partial name matches)
  • High-risk countries or PEP status
  • Unusual behavioral biometrics
  • Admin-defined custom rules

Integration Architecture

SDK Implementation

Sumsub provides native SDKs for seamless integration:

Web SDK (JavaScript):

  • Embedded iframe or modal workflow
  • Responsive design for desktop and mobile browsers
  • Customizable styling to match brand
  • Event callbacks for verification status

iOS SDK (Swift):

  • Native iOS component for mobile apps
  • Camera optimization for document/selfie capture
  • Offline mode for poor connectivity regions

Android SDK (Kotlin/Java):

  • Native Android integration
  • Supports wide range of device cameras
  • Low-data mode for bandwidth-constrained users

REST API Endpoints Overview

Core API operations for applicant management:

  • POST /resources/applicants - Create new applicant
  • GET /resources/applicants/:applicantId - Fetch applicant status
  • GET /resources/applicants/:applicantId/requiredIdDocsStatus - Check verification progress
  • POST /resources/applicants/:applicantId/info/idDoc - Submit additional documents
  • POST /resources/applicants/:applicantId/status/testCompleted - Trigger final review

Webhook Notifications

Real-time events pushed to your server:

applicantCreated - New verification started applicantPending - Under review applicantOnHold - Requires additional documents applicantReviewed - Completed (approved/rejected) applicantActionReviewed - Re-verification completed (for periodic reviews)

Webhooks include full applicant data, verification results, rejection reasons, and risk scores.

Session Management

Verification sessions can be:

  • One-time use (single verification attempt)
  • Reusable (user can retry failed attempts)
  • Time-limited (expiration after 24/48 hours)
  • Linked to user ID (map to your internal user database)

Custom Workflow Builder

Sumsub’s visual workflow builder allows:

  • Verification levels (basic, standard, enhanced due diligence)
  • Conditional logic (if country = X, require document Y)
  • Custom form fields (tax ID, occupation, source of funds)
  • Multi-step flows (basic KYC first, enhanced KYC for large deposits)

User Experience

Mobile-Optimized Flow

The verification experience is designed for smartphones:

  • Camera integration with auto-capture when document detected
  • Real-time feedback (“move closer”, “reduce glare”, “hold steady”)
  • Progress indicators showing steps remaining
  • Retry mechanism if photo quality is poor

Average mobile completion rate: 85-90% (vs 60-70% for poorly optimized flows).

Web SDK Integration

For desktop users:

  • Webcam support for selfie capture
  • File upload option as fallback if no camera
  • Drag-and-drop for document uploads
  • Cross-browser compatibility (Chrome, Firefox, Safari, Edge)

Accessibility Features

WCAG 2.1 AA compliance:

  • Screen reader support for visually impaired users
  • Keyboard navigation for users unable to use mouse
  • High contrast mode option
  • Font size adjustment for readability

Average Verification Time

By device type:

  • Mobile: 3-5 minutes (80% of users)
  • Desktop: 5-7 minutes (camera setup takes longer)
  • First-time users: 6-8 minutes (learning curve)
  • Repeat users: 2-3 minutes (familiar with process)

Admin Dashboard

Applicant Status Tracking

Admins have full visibility:

  • Real-time status (pending, approved, rejected, on hold)
  • Search and filters (by country, date, status, risk score)
  • Bulk operations (approve/reject multiple applicants)
  • User mapping (link to your internal user IDs)

Analytics and Reporting

Compliance metrics:

  • Conversion funnel (started → completed → approved)
  • Drop-off analysis (where users abandon verification)
  • Approval/rejection rates by country, document type
  • Time to verification metrics

Workflow Configuration

Customize verification requirements:

  • Document requirements per country or user tier
  • Liveness detection type (active vs passive)
  • Auto-approval thresholds vs manual review triggers
  • Re-verification schedules (annual KYC refresh)

Audit Trail Logging

Complete compliance audit trail:

  • All verification decisions with timestamps
  • Who approved/rejected (admin user IDs)
  • Document versions (if user resubmits)
  • Webhook delivery logs (track integration events)

Audit logs retained for 7 years for regulatory compliance.

Pricing & Getting Started

Sumsub pricing is volume-based with custom tiers. Typical costs:

  • Per-verification pricing: $0.50 - $3 depending on volume and regions
  • Monthly minimums: May apply for low-volume exchanges
  • Custom enterprise pricing: For exchanges processing 10K+ verifications monthly

Getting Started

  1. Sign up for Sumsub account at sumsub.com
  2. Configure your verification workflows
  3. Integrate SDK or API into your platform
  4. Connect webhooks to your backend
  5. Test verification flows in sandbox environment
  6. Launch to production with compliance support

Contact us for Sumsub integration assistance and crypto exchange compliance strategy.

Frequently Asked Questions

Common questions about Sumsub KYC Integration

Frequently Asked Questions

How long does the KYC verification process take?
Most users complete verification in 3-5 minutes. Automated checks process instantly, while manual review (if triggered) typically completes within 15-30 minutes. Complex cases requiring additional documentation may take 24-48 hours.
What documents are accepted for verification?
Sumsub accepts passports, national ID cards, driver's licenses, and residence permits from 220+ countries. Document requirements vary by jurisdiction - some regions require proof of address (utility bills, bank statements) in addition to government ID.
How does liveness detection prevent fake IDs?
Sumsub uses active and passive liveness detection. Active liveness requires users to perform actions (turn head, smile) while passive analyzes biometric patterns without user action. This prevents photo spoofing, video replay attacks, and deepfakes.
What AML watchlists does Sumsub screen against?
Sumsub checks 1,400+ sanctions lists including OFAC, UN, EU, INTERPOL, FBI Most Wanted, and country-specific lists. Screening covers PEPs (politically exposed persons), sanctioned entities, and criminal watchlists with daily database updates.
Can I customize the verification workflow?
Yes. Sumsub provides a workflow builder to customize verification levels (basic, standard, enhanced), required documents by user tier or country, risk thresholds for manual review, and integration with your user database.
How is user data stored and protected?
Sumsub is SOC 2 Type II certified with GDPR compliance. Data is encrypted at rest and in transit, stored in geo-redundant data centers, and retained per regulatory requirements (typically 5 years). Users can request data deletion post-retention period.
What happens if verification fails?
Failed verifications trigger specific rejection reasons (blurry document, face mismatch, sanctioned individual). Users can retry with better photos or different documents. Admins can manually review edge cases and override automated decisions.
Does Sumsub support corporate KYC?
Yes. Business verification (KYB) includes company registry checks, beneficial owner identification, corporate document verification, and business license validation. This is essential for exchanges serving institutional clients.
How are ongoing monitoring and risk scoring handled?
Sumsub continuously monitors verified users against updated watchlists. Risk scoring (0-100) uses ML models analyzing behavior patterns, transaction data, and external signals. High-risk users trigger alerts for admin review.
Can I integrate Sumsub with my existing user database?
Yes. Sumsub's REST API and webhooks integrate with any user management system. Applicant IDs can be mapped to your user IDs, and verification status syncs in real-time via webhooks for seamless integration.