Last updated · April 25, 2026

Compliance & KYC

1. Overview

Leasum operates in regulated areas — company formation, banking introductions, residency programs, tax filings — and is bound by anti-money laundering (AML), counter-terrorism financing (CTF), and know-your-customer (KYC) obligations. This page explains who we onboard, what we collect, how we verify it, and how long we keep it.

2. Why KYC is required

We are legally required, under the laws of the jurisdictions in which we operate (United States, Paraguay, United Arab Emirates, and the European Union via our partners), to identify every client before delivering services that touch:

  • Incorporation of legal entities (LLC, LTD, free-zone, and equivalents)
  • Tax identifier issuance (EIN, ITIN, RUC, etc.)
  • Bank account introductions and corporate card applications
  • Residency, visa, and immigration filings
  • Any service involving third-party regulated providers

Skipping KYC isn't an option for us, our partners, or our regulators.

3. What we collect

The exact set depends on the service, but the baseline is:

Individuals

  • Full legal name, date of birth, nationality
  • Government-issued photo ID (passport preferred; national ID accepted in some flows)
  • Proof of residential address dated within the last 3 months (utility bill, bank statement, lease agreement)
  • A live selfie or short video for biometric matching against the ID
  • Source of funds declaration for transactions above defined thresholds

Legal entities (when you use us as an existing company)

  • Certificate of incorporation, articles, and good-standing certificate
  • Register of beneficial owners (UBO) for everyone holding 25% or more
  • Director and officer information
  • Tax identification numbers
  • KYC on each UBO and signatory using the individual checklist above

Higher-risk profiles

If you are a politically exposed person (PEP), a citizen or resident of a sanctioned jurisdiction, or active in a high-risk industry (crypto, gambling, adult, weapons, dual-use goods), expect enhanced due diligence: additional source-of-wealth documentation, structured questions about your business activity, and a longer review timeline.

4. How we verify

  • Identity documents are checked through certified providers (e.g. Onfido, Sumsub) for authenticity, expiry, and tamper signals.
  • Biometric match compares your live capture to your ID photo.
  • Address proof must be addressed to you, dated within the last 3 months, and from a recognized issuer.
  • Sanctions and PEP screening runs against international watchlists (OFAC, UN, EU, HMT) at onboarding and continuously thereafter.
  • Adverse media checks flag publicly reported reputation issues.
  • Manual review by a Leasum compliance officer for any non-clear automated result.

We may request additional documents or clarifications at any point during the lifecycle of the engagement, not only at onboarding.

5. Outcomes

After review, one of three things happens:

  • Approved — services proceed.
  • Pending — we ask for more documents or clarifications. Your file is paused until we receive them.
  • Declined — we cannot onboard you. We do not always disclose the specific reason, in line with regulatory guidance, but you may request a reconsideration with new evidence.

A decline from Leasum does not necessarily mean a decline elsewhere; conversely, an approval here does not bind any third-party bank, government agency, or partner who runs their own checks.

6. Ongoing monitoring

KYC is not a one-shot. While you remain a client, we periodically:

  • Re-verify expired documents (typically every 12–24 months depending on risk)
  • Re-screen against sanctions and PEP lists
  • Review unusual activity patterns reported by partner banks or government counterparts
  • Request updated source-of-funds information for new high-value transactions

If you change name, residency, or beneficial ownership structure, you must inform us within 30 days.

7. Data storage and retention

  • KYC data is stored encrypted at rest and in transit, in jurisdictions covered by GDPR-equivalent frameworks.
  • Access is limited to authorized compliance and operations personnel, on a need-to-know basis, with full audit logging.
  • Retention period: a minimum of 5 years after the end of our business relationship, or longer where local law requires (up to 10 years in some jurisdictions).

For a full description of how we process personal data, see the Privacy Policy.

8. Information requests from authorities

When a competent authority (court, tax authority, financial regulator, or law enforcement acting under a valid order) requests information about a client, we comply within the limits set by applicable law. Where legally permitted, we notify the client.

9. Reporting suspicious activity

If we form a reasonable suspicion that a transaction or instruction is linked to money laundering, terrorism financing, fraud, or sanctions evasion, we are required to file a report with the competent financial intelligence unit and may not disclose that report to the client (anti-tipping-off rules).

10. Your rights

You retain the rights granted under applicable data-protection law — access, rectification, restriction, portability, and erasure — subject to the legal obligations described above. Erasure cannot override mandatory retention periods.

11. Contact

For any compliance-related question, document upload, or to request a re-review, write to compliance@leasum.com.