We are also subject to laws and regulations that apply to businesses in general, such as those relating to employment, consumer protection, data protection and privacy, worker confidentiality obligations and taxation. As an online business, we are also subject to laws and regulations governing the internet, such as those relating to intellectual property ownership and infringement, trade secrets, the distribution of electronic communications, search engines and internet tracking technologies, and could be affected by potential changes to laws and regulations that affect the growth, popularity or use of the internet, including with respect to net neutrality and taxation on the use of the internet or e-commerce transactions.
Compliance with KYC Requirements. The licensed entities of Payoneer are subject to regulations related to customer identification in the jurisdictions in which they onboard customers. We are committed to preventing the use of our financial products by persons who seek to launder the proceeds of criminal activity, finance terrorism, or conduct other criminal acts. Payoneer makes reasonable efforts appropriate to the circumstances to know and verify its customers and to monitor customer activity.
The KYC program is a critical component of the AML/CTF Program. KYC embodies the concept that, in order to identify what is unusual activity for a customer, one must have established a sufficient understanding of what is usual and expected activity, consistent with the purpose and intended usage of the account relationship. Activity that is outside the norm or inconsistent with an institution’s understanding may be suspicious and require reporting to the appropriate authorities.
Payoneer’s KYC program includes: (i) policies and procedures for collecting and verifying information on the identity of customers; (ii) policies and procedures for gathering further information about customers to gain a better understanding of the relationship and anticipated transaction activity, including a periodic review of the customer’s account information; and (iii) policies and procedures for monitoring customer activity throughout the lifecycle of the relationship.
Our Customer Approval Policy is informed by our AML/CTF Risk Assessment, which determines the level of AML/CTF risk posed to Payoneer by its product offerings, customer base, business geographies, distribution channels, and technologies, as well as the effectiveness of Payoneer’s compliance-related controls, policies, and procedures in mitigating these risks. Such risks stem from applicable legal/regulatory requirements, the nature of Payoneer products/services (including features, customers and geographic reach) and the record of actual performance of the Payoneer AML/CTF compliance program. These risks are mitigated, among other controls, by the KYC controls and requirements outlined in this document.
The Customer Approval Policy constitutes an integral part of Payoneer’s AML/CTF program and outlines our responsibilities with respect to applicable KYC requirements as detailed in pertinent US laws, regulations, and statutes, including the Bank Secrecy Act (“BSA”), the USA PATRIOT Act, and in the relevant laws, regulations, and statutes of jurisdictions where Payoneer holds a local license.
Data Protection & Privacy Regulations. We collect, process, store, share, disclose, transfer, retain and/or use personal information and other data in connection with conducting our business, including for purposes of marketing our services and products via phone, email and text messages and pursuant to applicable requirements we are subject to, to verify the identity of our customers. Consequently, our business is subject globally to a number of complex laws and regulations governing data privacy and security, including with respect to such collection, processing, storage, sharing, disclosure, transfer, retention and use of personal information and other data.
The data privacy and protection laws and regulations to which our business is subject may apply to personal information and data concerning our customers, employees or other third parties who interact with us, and include the California Consumer Privacy Act of 2018 (as amended, including by the California Privacy Rights Act of 2020 and the California Consumer Privacy Act Regulations), the Personal Information Protection and Electronic Documents Act, the CAN-SPAM Act, Canada Anti-Spam Law, the Telephone Consumer Protection Act, Section 5(c) of the Federal Trade Commission Act, the European Union’s General Data Protection Regulation (GDPR), and other laws, enactments, regulations or orders transposing, implementing, adopting, supplementing or derogating from, the GDPR in each European Economic Area Member State, including the Irish Data Protection Act 2018, the UK retained EU law version of GDPR as defined in the Data Protection Act 2018, and as amended from time to time (UK GDPR), the European e-Privacy Directive currently implemented through national European laws, the Data Security Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD), the Australian Privacy Act of 1988, Singapore Personal Data Protection Act 2012, Hong Kong Personal Data (Privacy) Ordinance, Japan’s Act on the Protection of Personal Information, and other data protection or privacy legislation in force from time to time. These laws and their implementing regulations generally restrict certain collection, processing, storage, use and disclosure of personal information, require notice to individuals of privacy practices, and provide individuals with certain rights to
