EQUINITI KYC Solutions

EQ KYCnet

EQ KYC Solutions is a specialist KYC business offering cost effective KYC automation, remediation, and outsourcing. Our unique brand of highly experienced people, flexible automated SaaS solutions and industry expertise allows us to deliver fast and effective KYC solutions to our customers in regulated and non-regulated markets.

Features

  • Combines modern AML technology with an expert-led managed KYC service
  • Award winning platform tailored to client unique requirements
  • Automated risk calculation, configured in line with client risk appetite
  • Highly configurable custom workflows to accommodate multiple user journeys
  • Robotic data gathering for greater automation of KYC analysis
  • Universal API capability providing access to 150+ global data sources
  • Industry-leading services team addressing hit-handling and enhanced due diligence investigations
  • Advanced MI reporting and custom dashboards
  • Full and robust auditing, including document archiving
  • Operations delivered at scale including large, time-sensitive remediation projects

Benefits

  • Secure SaaS environment provides easy-of-access without compromising customer data
  • Universal API function futureproofs access to data and additional tooling
  • Assures quality via team experienced in AML and financial crime
  • Saves time and effort through automation and expert KYC teams
  • Streamlined onboarding improves time to revenue
  • Save money through reduced regulatory fines and process efficiencies
  • Faster processing leading to greater volumes of customers onboarded
  • Consistency across all cases for greater visibility of risk
  • Service desk support with custom SLA providing on-hand expertise
  • Flexible even at scale, providing quick design and implementation

Pricing

£1 to £12 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.holdstock@equiniti.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

5 9 1 7 2 0 6 1 2 9 4 6 9 4 0

Contact

EQUINITI KYC Solutions Darren Holdstock
Telephone: +447825668637
Email: darren.holdstock@equiniti.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
Service constraints
None
System requirements
  • Internet access
  • Web browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
A range of SLAs and support can be offered. Dedicated incident, service request, change and problem management during normal office hours are offered.

System monitoring provided : 24 x 7

Critical: under 2 hours, Severe: under 4 hours, Disruptive: under 48 hours

Response times are based on normal office hours and may differ at weekends
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
First line support for technical issues is routed into our service desk via either a dedicated online support portal, phone or email. The service desk will attempt a first time fix if possible, otherwise they will assign the incident or service request to second and or third line resolver teams. We offer additional custom support packages of various sizes with buyer agreed SLAs. Support outside of agreed SLAs is charged on a time basis, at an agreed rate. We also provide buyers with a published escalation route.

Daily, weekly and monthly Support MI is available
Support available to third parties
Yes

Onboarding and offboarding

Getting started
EQ KYC works proactively with our clients to form a personalised bespoke training and implementation programme which suits individual requirements. This ranges from workflow design workshops through to system implementation testing and user training. User training is typically delivered remotely as the user interface is highly user friendly with no specialist technical knowledge required.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data is stored in the clients' dedicated environment by design for security and audit purposes for an agreed number of years. Bespoke data export services can also be discussed and provided at additional cost.
End-of-contract process
We work with our clients to define and validate their offboarding requirements to determine the exact configuration of the process. The off-boarding process is dependent on the specific requirements of the solution and will be charged on the basis of EQ KYCs day rate. We will provide a detailed estimate of effort required upon refinement of the final configuration requirements.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
No
Designed for use on mobile devices
No
Service interface
Yes
Description of service interface
All KYCnet application communications MUST utilize secure protocols for both internal and external interactions. This requirement exists at all zones and tiers of the network and is specifically mandated for external communications. HTTPS via TLS1.2 as a minimum.
Accessibility standards
None or don’t know
Description of accessibility
The service is accessed through web browsers. All users and staff users use a web browser to access this interface.
Accessibility testing
Deployed services have been tested by an independent accessibility SME

Annual penetration tests are performed
API
Yes
What users can and can't do using the API
EQ KYC uses REST API and may be configured to allow interaction between KYCnet and screens, processes and workflows from other services. Users can import client data to the workflow, to gather data from third-party data sources, and to progress cases through their defined workflow. We will work with clients during onboarding to ensure that APIs are configured correctly.
API documentation
Yes
API documentation formats
  • ODF
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
KYCnet is an entirely customizable workflow tool with configuration available of (multiple) workflows, due diligence questions, risk drivers, and defined user rights. Risk ratings are adjustable to align with users' risk appetite, as well as being able to accomodate any preferred data source or vendor.

Scaling

Independence of resources
We segregate environments so they do not impact on each other. We scale environments appropriately when designing and keep them under constant review by monitoring hardware metrics. In addition, a dedicated 'Network Operations Centre' (NOC) team monitors the overall hosting solution using specialist technology to ensure the overall system and individual solutions always run with a significant amount of spare capacity at all times - which means that end users are not adversely affected during peak demands.

Additionally, full 'Non-functional' (NFR) testing is performed prior to client implementations

Analytics

Service usage metrics
Yes
Metrics types
Tailored metrics can be provided as per request
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can download data to .csv files. Custom csv formats can be created by users. Users can also download data via API.
Data export formats
CSV
Data import formats
  • CSV
  • Other
Other data import formats
XML

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We target an SLA for overall system availability of 99.5% minimum and regularly exceed this. If we fail to meet 99.5% in a given month, the period of downtime is refunded in line with the contracted SLA terms.
Approach to resilience
Available on request.
Outage reporting
Email alerts

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
We offer a variety offer of role-based user access and responsibilities, including differing levels of user licences (i.e. read-only or full access), which are configurable during implementation. The are no restrictions which user levels can access first line support.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
IT-Ernity B.V.
ISO/IEC 27001 accreditation date
5/2/2019
What the ISO/IEC 27001 doesn’t cover
Available on request
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
The Organisational Governance framework is implemented and includes risk assessment, management and reporting to Executive and Non-Executive Boards. The corporate Enterprise Wide Risk Management (EWRM) process is used by EQ to identify and help manage risks. This includes Information Security and Business Continuity risks.

All risks are assessed and reported through business stream management to Group Risk, a quarterly Executive Risk & Compliance Committee and ultimately the Group Board Risk Committee.

Equiniti Group IT is certified to ISO 27001 and the Group Information Security Policy and Requirements (GISPR) is fully aligned to that.

Type 2 AAF 01/06 and SOC2 reports are produced for particular business streams and hosting arrangements.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
IT Change must be approved by Change Management Approval Board (CAB) which has representatives from various IT departments including Information Security. All IT change is tracked in a ticketing system.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
A central EQ function manages vulnerability management and details of the process can be obtained on request.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
24 x 7 IT system monitoring is provided by a central 'Network Operations Centre' (NOC) function, details of the process can be obtained on request.

Proactive review of system vulnerabilities is performed by the EQ Information Security function and the EQ 'Service Management' function manages the process of vulnerability patching deployment (once approved by the EQ CAB)

Critical incident response times are < 2 hours
Incident management type
Supplier-defined controls
Incident management approach
EQ has pre-defined process for all standard ITIL processes and has a dedicated 'IT Service Management' function that is responsible for major incident management and reporting.

The EQ Major Incident Management process defines the process for communicating and escalating incidents - which includes the use of TEAM channels and SMS

The EQ Compliance team oversees the Incident and Complaint process. This process is predefined. Incidents are raised by email or phone and reports are provide by email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£1 to £12 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at darren.holdstock@equiniti.com. Tell them what format you need. It will help if you say what assistive technology you use.