United States of America

Identity Verification & KYC for the United States of America

Q: What is required under U.S. Customer Identification Program (CIP) rules?

Under the USA PATRIOT Act and BSA regulations, institutions must collect name, date of birth, address, and identification number (e.g., SSN or EIN) and verify identity using documentary or non-documentary methods.

Q: Is SSN mandatory for all onboarding?

For most regulated financial institutions, yes. However, alternative identifiers may apply in limited contexts consistent with BSA regulations.

Q: How does the Corporate Transparency Act affect KYB?

Reporting companies must file Beneficial Ownership Information with FinCEN. Institutions must still independently verify ownership for CDD purposes.

Q: How long must records be retained?

BSA regulations typically require five-year retention for many records, including CIP and SAR-related documentation.

Q: What sanctions lists must U.S. firms screen against?

At minimum, OFAC sanctions lists. Additional screening may include domestic law enforcement and global sanctions lists based on risk appetite.

Q: What causes onboarding drop-off in the U.S.?

Mismatched SSN/name combinations, state-specific ID capture issues, and manual beneficial ownership remediation are common friction points.

Built for organisations operating under the Bank Secrecy Act (BSA), USA PATRIOT Act, FinCEN AML regulations, SEC/FINRA rules, and state-level compliance frameworks, covering KYC, KYB, CIP, CDD, Beneficial Ownership and AML screening in one unified Shufti workflow, aligned to the United States regulatory ecosystem.

Operational performance for United States of America KYC

Our Numbers Speak Volumes

98.68%

Pass Rate

<5s

Verification Time

99%

EIDV Coverage

Evidence-Ready Checks Across People & Businesses

Individual Documents we Verify

Shufti Verifies 520+ Individual US Documents.

View All Supported Documents

U.S. State Driver’s Licence

Primary identity document for most U.S. residents; issued at state level with security features varying by state, including REAL ID-compliant versions.

U.S. State Identification Card

Non-driver alternative issued by state DMVs; commonly used in financial onboarding where no driving licence exists.

U.S. Passport (ePassport)

ICAO-compliant biometric passport; widely accepted as primary ID and required for cross-border onboarding.

U.S. Permanent Resident Card (Green Card)

Primary identity document for lawful permanent residents; includes USCIS security features and machine-readable zone.

Employment Authorisation Document (EAD)

Issued by USCIS to certain non-citizens; used to verify identity and legal presence in specific onboarding contexts.

Social Security Number (SSN) / ITIN (data point)

Not a standalone photo ID, but required for CIP compliance under BSA/USA PATRIOT Act for most financial institutions.

Entity Identity

Articles of Incorporation / Formation

Confirms legal existence; filed with state Secretary of State.

Certificate of Good Standing (State-level)

Confirms active status and compliance with state filing obligations.

Business Tax Identity

Employer Identification Number (EIN)

Issued by the IRS; required for tax and banking purposes.

State Sales Tax Permit (where applicable)

Confirms sales tax registration at state level.

Ownership & Control (UBO)

FinCEN Beneficial Ownership Information (BOI) Filing (Corporate Transparency Act)

Required for reporting companies under the Corporate Transparency Act (CTA) from 2024 onwards.

Operating Agreement / Shareholder Register

Used to evidence ownership percentages and control structure.

Director/Officer Listings (State Registry)

Used to identify controlling persons.

Languages We Cover

English-first document handling

U.S. identity documents are issued in English; Shufti captures and stores structured data fields directly for audit use.

Name matching across variants

Controls handle middle names, initials, suffixes (Jr., Sr., III), and hyphenated surnames to reduce false positives in sanctions and PEP screening.

Evidence consistency across CIP/CDD

Identity data is reconciled across SSN/EIN inputs, document data, beneficial ownership disclosures and screening outputs in one case file.

GOVERNANCE & CONTROLS

Audit-Ready Decisions, Lower Operational Drag

Fewer avoidable re-submissions

State-aware document capture reduces failure rates across 50 state ID formats.

Cleaner audit trails

Structured CIP/CDD case files retrievable for regulatory examinations.

Better name matching outcomes

Handles U.S. naming conventions, initials, suffixes and hyphenation.

One workflow, one back office

KYC, KYB, sanctions screening and case management consolidated in one system.

Identity-first flow design

Driver’s licence or passport-first flows aligned with how identity is actually verified in the U.S.

Enterprise-grade compliance infrastructure

United States IDV/KYC Challenges

State-level ID fragmentation

Driver’s licences vary by state in format and security features, increasing manual review risk.

SSN misuse risk

SSNs are required for CIP, but identity theft and synthetic identity fraud remain persistent threats.

Beneficial Ownership shift

CTA BOI reporting introduces new UBO verification friction across millions of entities.

Sanctions enforcement intensity

OFAC penalties are high. False negatives in screening create material regulatory exposure.

Shufti’s IDV/KYC Solutions for United States of America

KYC Solutions

Face Verification

Reduces impersonation and synthetic identity risk. In the U.S., where SSN misuse and account takeover fraud remain prevalent, biometric corroboration strengthens CIP evidence.

Age Verification

Selfie-based age estimation with document verification fallback where required (e.g., regulated products such as gambling, alcohol or financial services).

Address Verification

Verifies address-bearing documents including major U.S. utility providers (e.g., Con Edison, PG&E, Duke Energy), telecom providers (AT&T, Verizon), and U.S. bank statements (e.g., JPMorgan Chase, Bank of America, Wells Fargo). Why this matters in the U.S.: CIP requires residential or business address capture and validation.

Document Verification

Supports all 50 state driver’s licences and ID cards, U.S. passports, Green Cards, and other USCIS identity documents with MRZ and barcode extraction where applicable.

KYB Solutions

Business Verification

Validates entity status through state registry data, corroborates EIN evidence, and captures beneficial ownership disclosures consistent with Corporate Transparency Act obligations.

Enhanced Due Diligence (EDD)

Structured escalation workflows for high-risk entities, politically exposed persons (PEPs), or cross-border exposure. Produces reconstructable audit trails aligned with BSA expectations.

AML Screening

Business AML Screening

Screens entities and controlling persons against OFAC sanctions lists, domestic watchlists and global PEP datasets.

Transaction Screening

Supports ongoing monitoring aligned to BSA suspicious activity monitoring obligations and SAR escalation processes.

REGULATORY ALIGNMENT

Built To Fit United States Compliance Landscape

Financial Crimes Enforcement Network (FinCEN)

Administers and enforces the Bank Secrecy Act (BSA); issues regulations covering Customer Identification Program (CIP), Customer Due Diligence (CDD), Beneficial Ownership reporting, SAR filing and recordkeeping obligations.

Board of Governors of the Federal Reserve System

Supervises bank holding companies, state member banks and certain financial institutions; examines institutions for BSA/AML compliance under federal banking laws.

Office of the Comptroller of the Currency (OCC)

Charters, regulates and supervises national banks and federal savings associations; enforces BSA/AML compliance through examinations and guidance.

Federal Deposit Insurance Corporation (FDIC)

Supervises state-chartered banks that are not Federal Reserve members; enforces BSA/AML compliance and safety and soundness standards.

Securities and Exchange Commission (SEC)

Regulates broker-dealers, investment advisers and securities markets; enforces AML programme requirements and recordkeeping obligations, including SEC Rule 17a-4.

Financial Industry Regulatory Authority (FINRA)

Self-regulatory organisation overseeing U.S. broker-dealers; enforces AML compliance under FINRA Rule 3310 and supervises suspicious activity monitoring obligations.

Internal Revenue Service (IRS)

Administers federal tax laws and issues Employer Identification Numbers (EINs); EIN validation is commonly used in U.S. KYB processes.

National Association of Secretaries of State (NASS)

Represents U.S. state Secretaries of State, who maintain corporate registries and entity status databases at the state level.

U.S. Department of the Treasury – Office of Foreign Assets Control (OFAC)

Administers and enforces U.S. economic and trade sanctions programmes; maintains the Specially Designated Nationals (SDN) list and other sanctions lists used in AML screening.

Deployment Choice

US-based cloud regions or on-premise deployment support federal examination access, data governance and supervisory control expectations.

Regulatory Alignment

Aligned to Bank Secrecy Act (BSA) CIP, CDD and SAR obligations, alongside applicable federal and state privacy laws.

Retention Control

BSA regulations generally require customer identification and transaction records to be retained for at least five years.

Encryption Posture

Encryption, strict access controls and audit logging support GLBA Safeguards Rule and federal cybersecurity requirements.

Data And Privacy
Controls in USA

Built for compliance teams

United States of America

House of Representatives of the United States

Federal Communications Commission (FCC)

U.S. Department of Homeland Security (DHS)

Puerto Rico Department of Treasury (Departamento de Hacienda)

Government Accountability Office (GAO)

Delaware Department of State

State of Utah (Official Government Portal)

U.S. Department of State — Directorate of Defense Trade Controls (DDTC)

U.S. Department of State – Cuba Restricted List (sanctions listing page)

House of Representatives of the United States

Federal Communications Commission (FCC)

U.S. Department of Homeland Security (DHS)

Puerto Rico Department of Treasury (Departamento de Hacienda)

Government Accountability Office (GAO)

Delaware Department of State

State of Utah (Official Government Portal)

U.S. Department of State — Directorate of Defense Trade Controls (DDTC)

U.S. Department of State – Cuba Restricted List (sanctions listing page)

House of Representatives of the United States

Federal Communications Commission (FCC)

U.S. Department of Homeland Security (DHS)

Puerto Rico Department of Treasury (Departamento de Hacienda)

Government Accountability Office (GAO)

Delaware Department of State

State of Utah (Official Government Portal)

U.S. Department of State — Directorate of Defense Trade Controls (DDTC)

U.S. Department of State – Cuba Restricted List (sanctions listing page)

Frequently Asked Questions

What is required under U.S. Customer Identification Program (CIP) rules?

Under the USA PATRIOT Act and BSA regulations, institutions must collect name, date of birth, address, and identification number (e.g., SSN or EIN) and verify identity using documentary or non-documentary methods.

Is SSN mandatory for all onboarding?

For most regulated financial institutions, yes. However, alternative identifiers may apply in limited contexts consistent with BSA regulations.

How does the Corporate Transparency Act affect KYB?

Reporting companies must file Beneficial Ownership Information with FinCEN. Institutions must still independently verify ownership for CDD purposes.

How long must records be retained?

BSA regulations typically require five-year retention for many records, including CIP and SAR-related documentation.

What sanctions lists must U.S. firms screen against?

At minimum, OFAC sanctions lists. Additional screening may include domestic law enforcement and global sanctions lists based on risk appetite.

What causes onboarding drop-off in the U.S.?

Mismatched SSN/name combinations, state-specific ID capture issues, and manual beneficial ownership remediation are common friction points.

Build a USA-ready KYC, KYB & AML programme with Shufti

Check Pricing Request Demo

INDEPENDENTLY AUDITED. GLOBALLY CERTIFIED.

Certified to Global Standards

PROVEN WORKFLOWS

Use Cases for Regulated Growth in US

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Fintech

Forex

Banking

Gaming

Gig Economy

Crypto

Marketplace

Accelerate Growth, Eliminate Friction

Onboard users in seconds, not days. Deploy tiered address verification flows that maximise completion rates for genuine users while filtering out synthetic fraud.

Learn More Try Now

Onboard Global Traders in Real-Time

Verify investors across 250+ countries & territories. Ensure compliance with international financial regulations while preventing identity theft and high-risk chargebacks.

Learn More Try Now

Secure Trust at Every Transaction

Automate KYC and AML workflows to reduce manual onboarding costs. Strengthen residency checks while delivering the frictionless digital experience modern customers expect.

Learn More Try Now

Power a Fair & Secure Player Experience

Reduce bonus abuse and multi-accounting rings at the door. Enforce location rules and trigger step-up checks without disrupting the player journey.

Learn More Try Now

Build a Trusted, Verified Workforce

Screen freelancers and drivers at scale. Verify residency and reduce onboarding friction while maintaining trust between users.

Learn More Try Now

Scale Your Exchange with Confidence

Balance anonymity with compliance. Instantly verify user jurisdiction to meet Travel Rule obligations and help stop abuse without slowing down legitimate trading volume.

Learn More Try Now

Reduce fraud without blocking growth

Shufti supports marketplace integrity by verifying seller and buyer identities, enabling age-gated journeys where needed, and preserving evidence to support investigations, disputes and risk-led enforcement actions.

Learn More Try Now