To help our clients maximize the security of their transactions, Sumsub has created a verification process based on the best market practices described as the VASP Due Diligence procedure.

This procedure establishes the set of measures that Sumsub undertakes in relation to its clients and their counterparties within the Travel Rule framework.

The purpose of the VASP Due Diligence is to ensure the target VASP’s credibility and help Sumsub Travel Rule Ecosystem participants assess the prospects and risks of potential cooperation with this VASP.

Why pass VASP Due Diligence

VASP Due Diligence is not a prerequisite for joining the Sumsub Travel Rule Ecosystem. However, for certain businesses, it may be mandatory under the applicable laws and regulations to obtain information identical or similar to that collected by Sumsub as part of VASP Due Diligence before executing a transaction with a counterparty VASP.

Moreover, Ecosystem participants may elect not to transact with a VASP that has not undergone VASP Due Diligence or if they have determined, in their sole discretion, that the results of such VASP Due Diligence are unsatisfactory.

VASP Due Diligence may also be required under a commercial agreement between Sumsub and its partner protocols, like GTR or CODE.

In this case, a participant may be denied access to such solutions/integrations if they has not undergone VASP Due Diligence or if Sumsub has determined, in its sole discretion, the results of such VASP due diligence to be unsatisfactory.

How VASP Due Diligence works

VASP Due Diligence procedure includes the following steps:

1. Collection and verification of the VASP's documents and the information via the Due Diligence Questionnaire and through data partners.
2. Assessment of the documents and information obtained from the VASP.
3. Monitoring and updating profiles of VASPs that passed Due Diligence.

Data and documents collection

Sumsub asks the clients and/or their counterparties to pass the VASP Due Diligence by completing the VASP Due Diligence Questionnaire and submitting the following documents:

• Certificate of incorporation or registration.
• Certificate of incumbency or extract from the trade register (issued within the last six months).
• Ownership chart signed by the legal representative of the entity (issued within the last six months).
• Copy of the licence/regulatory approval and the link to the register to verify it (if applicable).
• AML policy and other related policies and procedures.
• Privacy Notice, the document describing technical and organizational measures of PII protection, and other related policies and procedures.
• Security certificates (if any).

Sumsub may also request additional documents, such as a registration form detailing the virtual assets business, a legal opinion, a power of attorney, a PEP self-declaration form, and so on.

Data assessment

Sumsub performs the following checks:

• Provided corporate documents and information check.
• Entity existence check.
• Verification of the legal representatives (Director, CEO, and so on.) of the counterparty.
• AML and sanctions screening.
• Beneficial ownership check.
• Regulated status check.
• AML/CFT compliance check.
• Scam checks.
• Website check.
• Trustworthy and adverse media check.

Upon the completion of the procedure, the VASP receives the Due Diligence status and is added to the Sumsub VASPs list.

Possible statuses include the following:

Sumsub also generates a report containing all information collected through the VASP Due Diligence Questionnaire, along with specific data received from data partners and other sources, as well as Sumsub's conclusion. This report is available only upon request and not via the Sumsub dashboard.

The report may include the following data:

• Legal names and trademarks.
• Website URL.
• Country of incorporation.
• Company number.
• Information about protocols and other technical features used for compliance with the Travel Rule.
• Regulatory status.
• Verification status.
• Transaction actions.
• Email address, provided as a contact address for the issues.
• Information regarding PII protection (provided/not provided).
• Information about the AML/CFT controls framework (provided/not provided).

Each Ecosystem participant may request the VASP Due Diligence report regarding their counterparty's verification to conduct their own assessment and implement additional measures (such as obtaining senior management approval for transactions).

📘

Note

Notwithstanding the results of VASP Due Diligence conducted by Sumsub, each participant remains solely responsible for their decisions regarding the execution of the Travel Rule transactions and virtual asset transactions with any other participant.

Monitoring

Sumsub rechecks all ecosystem participants at least once a year or with shorter intervals at the request of any of the clients or if there are reasonable concerns about the VASP's information provided.

However, we recommend our clients monitor their counterparties internally, depending on the assigned risk level.

How to pass VASP Due Diligence with Sumsub

All checks are conducted via the Dashboard. To pass the VASP Due Diligence, you must be a member of the Sumsub Ecosystem and already have access to the Sumsub Dashboard:

1. Ensure you have filled out and submitted the registration form.
2. Once you access the Dashboard, you will see a tab on your Transactions page with the Start VASP Due Diligence button.
3. Click the button and add all the information required.

Sumsub may contact you with requests for clarification or more documents based on the details provided.

Once passed, your VASP status in the directory will change to Due Diligence Completed.