Introduction

The payout stage of the payments workflow is highly regulated. Mangopay has stringent legal obligations not only to verify the identity of users initially, but also to conduct ongoing monitoring of its users and re-verify their identities after a certain period of time to ensure they remain legitimate. This is in line with our Terms & Conditions and is necessary to comply with European Union anti-money laundering (AML) obligations. These obligations placed on payment companies like Mangopay are designed to prevent the misuse of the financial system for illicit activities, such as money laundering and terrorist financing (CFT). The ongoing monitoring and periodic re-verification requirements are crucial to detect and report any suspicious activity or changes in user circumstances that might arise after the initial identity verification. Non-compliance can result in penalties from regulators that may impact your ability to provide services. Read more in our FAQs →

Types of users affected

This renewal applies to all types of users:
  • Natural
  • Legal
    • Business
    • Partnership
    • Organization
    • Soletrader
For more information about the verification requirements for each type, see the requirements guides.
Note - Users are already verifiedThe Natural and Legal users concerned by renewal are already KYC_REGULAR and their KYCLevel won’t change. There is no notification of a successful verification renewal.You will need to check that new KYC Documents and UBO Declarations have been successfully validated. For Business users, you should also check that the company number is correctly formatted.You can use webhook notifications to help you, as described below.

How to verify a Natural user

1

Ask the user to prepare their ID document

Natural users need to provide one of the accepted ID documents as per the document’s issuing country.
2

Ask the user to check that their details are correct

The details registered in the Natural User object must match the document that the user will provide.If the user changes their FirstName, LastName, Birthday, or Nationality, then they will be downgraded at this stage.
3

Submit the ID document

Submit the ID document as a KYC Document object containing the file or files in 1 or more KYC Document Pages. See the submission guide and how-to for details.Ensure the user respects these best practices for a successful ID proof submission.
4

Await outcome of verification

If a KYC Document is refused, you can see more details in the Flags, RefusedReasonType, and RefusedReasonMessage.For more details and guidance in each case, see the dealing with refusals guide.
1

Ask the user to prepare the required documents and information

These are the mandatory document types required for the renewal process:
Legal - Business
  • Identity proof of the legal representative
  • Registration proof dated within the last 3 months
  • Articles of association – the latest version, signed and up to date
Note – Declaring beneficial owners in renewalThe UBO Declaration and Shareholder Declaration may be requested if there has been a change in the shareholding structure since the previous identity verification.For the identity verification renewal, these elements are not mandatory by default.
Legal - Organization
  • Identity proof of the legal representative
  • Registration proof dated within the last 3 months
  • Articles of association – the latest version, signed and up to date
Legal - Soletrader
  • Identity proof of the legal representative
  • Registration proof dated within the last 3 months
See the accepted ID documents for the accepted identity proof documents (as per country of issue) for the legal representative.See the accepted local KYB reference for details on exactly which document is expected per KYC Document Type, depending on the country of registration and legal structure.
2

Ask the user to check that their account details are correct

The data in the Legal User object (for the entity and the declared legal representative) is checked against the documents and information submitted for them, so incorrect information will prevent a successful verification.For Businesses, the CompanyNumber must be in the correct format. An incorrect format can prevent successful verification. You can verify the format is correct via the dedicated API endpoint. See the guide for details.The user also needs to be registered as the correct LegalPersonType as per the local structures listed per type. It may be relevant to check this if the user’s legal structure has changed.If there is a change in the LegalRepresentativeFirstName, LegalRepresentativeLastName, LegalRepresentativeBirthday, LegalRepresentativeNationality, or LegalPersonType, then they will be downgraded at this stage.
3

Submit the required documents

For each document type required, submit a KYC Document object containing the files in KYC Document Pages. See the submission guide and how-to for more details.Ensure that the legal representative’s Identity Proof respects these best practices.
4

Complete the UBO declaration, if needed

If there has been a change in shareholding structure since the user was initially verified, then submit a UBO Declaration for them listing the necessary UBOs.The beneficial owners (UBOs) submitted in the UBO Declaration must match the KYC Documents provided for the user (in the Registration Proof and/or Articles of Association). See the UBO Declaration guide and how-to for details.The Shareholder Declaration may be requested if the other KYB documents don’t give sufficient information about the new shareholding structure. You will be notified via the Reason and Message of the UBO Declaration.
5

Await outcome of verification

If a KYC Document is refused, you can see more details in the Flags (for Identity Proof) and the RefusedReasonType and RefusedReasonMessage (for all types). See the refusals guide for details.For the UBO Declaration, you can see more details in the Reason and Message.To resolve issues, submit the necessary evidence in the same way as before.
Note – Manage verification via the DashboardYou can manage Users, KYC Documents, and UBO Declarations in the Dashboard.

Outcome

You should use the following webhook event types to help you during the verification renewal process. A successful notification for the required elements indicates that the renewal was successful. Because the user’s KYCLevel is already regular, there is no USER_KYC_REGULAR notification sent.

Successful cases

Natural users:
  • A KYC_SUCCEEDED notification for the ID document submitted for them
Legal users
  • A KYC_SUCCEEDED notification for each KYC Document submitted for them
  • For Businesses, a LEGAL_COMPANY_NUMBER_VALIDATION_SUCCEEDED for their CompanyNumber if you updated their data (with the PUT Update a Legal User otherwise you can use POST Validate the format of User data)
  • A UBO_DECLARATION_VALIDATED notification if the UBO Declaration was required

Unsuccessful cases

You should also set up the corresponding event types for unsuccessful outcomes:
  • KYC_FAILED
  • LEGAL_COMPANY_NUMBER_VALIDATION_FAILED
  • UBO_DECLARATION_REFUSED
  • UBO_DECLARATION_INCOMPLETE

Downgrade

If you do not complete the verification process for the user before the communicated deadline, they will lose their verified status and be unable to request a payout. In this case, the user’s KYCLevel changes from REGULAR to LIGHT and the webhook USER_KYC_LIGHT is sent. The documents previously submitted for the user are outdated with a KYC_OUTDATED webhook notification. If a user is downgraded, you will need to verify them again as to restore their capabilities. For more information about the downgrade mechanism, see the guide.

Transaction blocking

In addition to the suspension of payouts because of the user has been downgraded, Mangopay will be applying a secondary measure to refuse pay-ins and transfers involving the user. This restriction will be implemented on the timelines communicated by email. When the restriction is implemented, for these users, any pay-ins or transfers attempted will fail with the result code 008500. The users affected will not have inflows and outflows blocked as per the regulatory status feature, and so no webhooks will be emitted when the block takes place. It will also not be possible to distinguish transactions blocked as part of this mechanism from other fraud-related refusals with the same result code.