EQUINITI KYC Solutions

EQ KYCnet

EQ KYC Solutions is a specialist KYC business offering cost effective KYC automation, remediation, and outsourcing. Our unique brand of highly experienced people, flexible automated SaaS solutions and industry expertise allows us to deliver fast and effective KYC solutions to our customers in regulated and non-regulated markets.

Features

• Combines modern AML technology with an expert-led managed KYC service
• Award winning platform tailored to client unique requirements
• Automated risk calculation, configured in line with client risk appetite
• Highly configurable custom workflows to accommodate multiple user journeys
• Robotic data gathering for greater automation of KYC analysis
• Universal API capability providing access to 150+ global data sources
• Industry-leading services team addressing hit-handling and enhanced due diligence investigations
• Advanced MI reporting and custom dashboards
• Full and robust auditing, including document archiving
• Operations delivered at scale including large, time-sensitive remediation projects

Benefits

• Secure SaaS environment provides easy-of-access without compromising customer data
• Universal API function futureproofs access to data and additional tooling
• Assures quality via team experienced in AML and financial crime
• Saves time and effort through automation and expert KYC teams
• Streamlined onboarding improves time to revenue
• Save money through reduced regulatory fines and process efficiencies
• Faster processing leading to greater volumes of customers onboarded
• Consistency across all cases for greater visibility of risk
• Service desk support with custom SLA providing on-hand expertise
• Flexible even at scale, providing quick design and implementation

£1 to £12 a unit

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.holdstock@equiniti.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

591720612946940

Contact

Darren Holdstock
+447825668637
darren.holdstock@equiniti.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
• Service constraints: None
• System requirements:
  • Internet access
  • Web browser

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: A range of SLAs and support can be offered. Dedicated incident, service request, change and problem management during normal office hours are offered.; ; System monitoring provided : 24 x 7 ; ; Critical: under 2 hours, Severe: under 4 hours, Disruptive: under 48 hours; ; Response times are based on normal office hours and may differ at weekends
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: First line support for technical issues is routed into our service desk via either a dedicated online support portal, phone or email. The service desk will attempt a first time fix if possible, otherwise they will assign the incident or service request to second and or third line resolver teams. We offer additional custom support packages of various sizes with buyer agreed SLAs. Support outside of agreed SLAs is charged on a time basis, at an agreed rate. We also provide buyers with a published escalation route.; ; Daily, weekly and monthly Support MI is available
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: EQ KYC works proactively with our clients to form a personalised bespoke training and implementation programme which suits individual requirements. This ranges from workflow design workshops through to system implementation testing and user training. User training is typically delivered remotely as the user interface is highly user friendly with no specialist technical knowledge required.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Data is stored in the clients' dedicated environment by design for security and audit purposes for an agreed number of years. Bespoke data export services can also be discussed and provided at additional cost.
• End-of-contract process: We work with our clients to define and validate their offboarding requirements to determine the exact configuration of the process. The off-boarding process is dependent on the specific requirements of the solution and will be charged on the basis of EQ KYCs day rate. We will provide a detailed estimate of effort required upon refinement of the final configuration requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• Description of service interface: All KYCnet application communications MUST utilize secure protocols for both internal and external interactions. This requirement exists at all zones and tiers of the network and is specifically mandated for external communications. HTTPS via TLS1.2 as a minimum.
• Accessibility standards: None or don’t know
• Description of accessibility: The service is accessed through web browsers. All users and staff users use a web browser to access this interface.
• Accessibility testing: Deployed services have been tested by an independent accessibility SME; ; Annual penetration tests are performed
• API: Yes
• What users can and can't do using the API: EQ KYC uses REST API and may be configured to allow interaction between KYCnet and screens, processes and workflows from other services. Users can import client data to the workflow, to gather data from third-party data sources, and to progress cases through their defined workflow. We will work with clients during onboarding to ensure that APIs are configured correctly.
• API documentation: Yes
• API documentation formats:
  • ODF
  • PDF
• API sandbox or test environment: Yes
• Customisation available: Yes
• Description of customisation: KYCnet is an entirely customizable workflow tool with configuration available of (multiple) workflows, due diligence questions, risk drivers, and defined user rights. Risk ratings are adjustable to align with users' risk appetite, as well as being able to accomodate any preferred data source or vendor.

Scaling

• Independence of resources: We segregate environments so they do not impact on each other. We scale environments appropriately when designing and keep them under constant review by monitoring hardware metrics. In addition, a dedicated 'Network Operations Centre' (NOC) team monitors the overall hosting solution using specialist technology to ensure the overall system and individual solutions always run with a significant amount of spare capacity at all times - which means that end users are not adversely affected during peak demands.; ; Additionally, full 'Non-functional' (NFR) testing is performed prior to client implementations

Analytics

• Service usage metrics: Yes
• Metrics types: Tailored metrics can be provided as per request
• Reporting types:
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can download data to .csv files. Custom csv formats can be created by users. Users can also download data via API.
• Data export formats: CSV
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We target an SLA for overall system availability of 99.5% minimum and regularly exceed this. If we fail to meet 99.5% in a given month, the period of downtime is refunded in line with the contracted SLA terms.
• Approach to resilience: Available on request.
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: We offer a variety offer of role-based user access and responsibilities, including differing levels of user licences (i.e. read-only or full access), which are configurable during implementation. The are no restrictions which user levels can access first line support.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: IT-Ernity B.V.
• ISO/IEC 27001 accreditation date: 5/2/2019
• What the ISO/IEC 27001 doesn’t cover: Available on request
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: The Organisational Governance framework is implemented and includes risk assessment, management and reporting to Executive and Non-Executive Boards. The corporate Enterprise Wide Risk Management (EWRM) process is used by EQ to identify and help manage risks. This includes Information Security and Business Continuity risks. ; ; All risks are assessed and reported through business stream management to Group Risk, a quarterly Executive Risk & Compliance Committee and ultimately the Group Board Risk Committee. ; ; Equiniti Group IT is certified to ISO 27001 and the Group Information Security Policy and Requirements (GISPR) is fully aligned to that. ; ; Type 2 AAF 01/06 and SOC2 reports are produced for particular business streams and hosting arrangements.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: IT Change must be approved by Change Management Approval Board (CAB) which has representatives from various IT departments including Information Security. All IT change is tracked in a ticketing system.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A central EQ function manages vulnerability management and details of the process can be obtained on request.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: 24 x 7 IT system monitoring is provided by a central 'Network Operations Centre' (NOC) function, details of the process can be obtained on request.; ; Proactive review of system vulnerabilities is performed by the EQ Information Security function and the EQ 'Service Management' function manages the process of vulnerability patching deployment (once approved by the EQ CAB); ; Critical incident response times are < 2 hours
• Incident management type: Supplier-defined controls
• Incident management approach: EQ has pre-defined process for all standard ITIL processes and has a dedicated 'IT Service Management' function that is responsible for major incident management and reporting.; ; The EQ Major Incident Management process defines the process for communicating and escalating incidents - which includes the use of TEAM channels and SMS; ; The EQ Compliance team oversees the Incident and Complaint process. This process is predefined. Incidents are raised by email or phone and reports are provide by email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £1 to £12 a unit
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.holdstock@equiniti.com. Tell them what format you need. It will help if you say what assistive technology you use.