Customer Identification Program

Last Updated: 5/11/2026 | Version 2.0

1. Overview

Kashu, Inc. ("Kashu," "we," "us," or "our"), a Wyoming corporation, operates a software platform that provides business financial-operations tooling, Platform Access, Transaction Intelligence, and Program Administration, on top of regulated payment and banking rails operated by Kashu's partners.

As part of the Program Administration pillar of the Services, Kashu maintains a Customer Identification Program ("CIP") to verify the identity of the business entities that use Kashu and the individuals associated with those entities. The CIP supports the customer-identification, customer-due-diligence, and anti-money-laundering obligations of Kashu's partners under the Bank Secrecy Act (BSA), the USA PATRIOT Act, the FinCEN Customer Due Diligence Rule (31 CFR 1010.230), the Corporate Transparency Act and its Beneficial Ownership Information rule, OFAC sanctions programs, and applicable state law.

This CIP is a customer-facing summary of how Kashu collects and verifies identity information. It does not modify, replace, or limit Kashu's internal compliance procedures or the regulatory obligations of Kashu's partners.

2. Definitions
  • "Services" — the Kashu platform, software, mobile and web applications, APIs, and related technology, data, and program-administration offerings.
  • "User," "you," or "Customer" — the U.S.-organized business entity that uses the Services, together with its Authorized Individuals.
  • "Authorized Individual" — a natural person authorized to act on behalf of the User, including a beneficial owner, control person, authorized signatory, or authorized employee.
  • "Beneficial Owner" — each natural person who, directly or indirectly, owns twenty-five percent (25%) or more of the equity interests of the User.
  • "Control Person" — a single natural person with significant managerial control or authority over the User, such as a Chief Executive Officer, Chief Financial Officer, Managing Member, General Partner, President, Vice President, or Treasurer.
  • "Program Account" — the account established for a business User to access the Services.

3. Who Must Be Identified

The Services are available exclusively to businesses organized under the laws of the United States. Before a Program Account can be opened or used, Kashu must identify and verify:

  • The business entity itself;
  • Each Beneficial Owner;
  • The Control Person; and
  • Each Authorized Individual who will access or transact on the Services.

All Authorized Individuals must be at least twenty-one (21) years of age and must be authorized to act on behalf of the User.

4. Information We Collect

4.1 Business Information

  • Legal entity name, jurisdiction of formation, and date of formation;
  • Employer Identification Number (EIN) and other applicable tax identifiers;
  • Registered, operating, and mailing addresses (no P.O. boxes for primary addresses);
  • Primary business activity, industry classification, and merchant category;
  • Formation documents (e.g., articles of incorporation or organization, operating agreement, certificate of good standing);
  • Linked bank account information and financial-institution identifiers;
  • FinCEN Beneficial Ownership Information (BOI) report identifiers, where applicable.

4.2 Beneficial Owner and Control Person Information

  • Full legal name;
  • Date of birth;
  • Residential address (no P.O. boxes);
  • Social Security Number, Individual Taxpayer Identification Number (ITIN), or, for non-U.S. persons, passport number and country of issuance;
  • Government-issued photo identification (e.g., U.S. driver's license, state ID, or passport);
  • Beneficial-ownership percentage, role, title, and authority within the User.

4.3 Authorized Individual Information

  • Full legal name;
  • Date of birth;
  • Email address and telephone number;
  • Government-issued photo identification;
  • Role, title, and authority within the User.

4.4 Biometric Information

In connection with identity verification, Kashu's identity-verification partner may collect biometric identifiers and biometric information, including facial geometry derived from a selfie image matched against a government-issued identification document. Collection and use of biometric information is subject to the Biometric Data Notice in the Kashu Privacy Policy.

5. How We Verify

Kashu uses a combination of automated and manual methods to verify the information collected under Section 4, including:

  • Verification of formation, registration, and good-standing status through Secretary of State records and other authoritative business registries;
  • Cross-checking identifying information against government, credit-bureau, and third-party data sources;
  • Document authenticity review of government-issued identification, including security-feature analysis;
  • Biometric and liveness verification of natural persons through Kashu's identity-verification partner;
  • Validation of linked bank account ownership;
  • Verification of beneficial-ownership disclosures against the FinCEN BOI database, where applicable;
  • Manual review and enhanced due diligence by Kashu's Compliance team for higher-risk profiles or transactions.

If verification cannot be completed, Kashu may request additional information or documentation, restrict or delay access to the Services, or decline to open the Program Account, as described in Section 8.

6. Sanctions and Watchlist Screening

Kashu screens the User, each Beneficial Owner, the Control Person, each Authorized Individual, and linked counterparties against U.S. and international sanctions and watchlists, including:

  • The U.S. Department of the Treasury Office of Foreign Assets Control (OFAC) Specially Designated Nationals (SDN) list and Consolidated Sanctions list;
  • U.S. Department of Commerce Bureau of Industry and Security (BIS) Denied Persons, Entity, and Unverified lists;
  • U.S. Department of State debarred-parties lists;
  • Politically Exposed Persons (PEP) and adverse-media screening;
  • Card-network and partner-institution screening requirements.

Screening occurs at onboarding and on an ongoing basis. A match or potential match may result in account hold, restriction, declination, or termination, and may be reported to regulators and Kashu's partners as required by applicable law.

7. Risk-Based Approach and Enhanced Due Diligence

Kashu applies a risk-based approach to identity verification and ongoing monitoring. Risk factors considered include, without limitation:

  • Industry, NAICS, and business activity;
  • Geographic factors, including the location of the business, its owners, and counterparties;
  • Ownership structure, including the presence of foreign ownership, layered entities, or politically exposed persons;
  • Transaction volume, size, frequency, and counterparty patterns;
  • Funding sources and program-account activity patterns;
  • Public-records, regulatory, and adverse-media findings.

Where elevated risk is identified, Kashu may apply Enhanced Due Diligence ("EDD"), including additional documentation requests, source-of-funds review, in-depth ownership-structure analysis, additional sanctions and adverse-media screening, and senior-Compliance approval prior to account activation or specific transactions.

8. If We Cannot Verify

If Kashu cannot reasonably verify the identity of the User or any required individual, Kashu may:

  • Decline to open the Program Account;
  • Restrict, suspend, or terminate access to the Services;
  • Instruct Kashu's partners to hold or freeze funds pending resolution;
  • Refer the matter to internal review for potential filing of a Suspicious Activity Report (SAR) by Kashu's partners; and
  • Notify regulators and partner institutions as required by applicable law.

Kashu does not provide reasons for adverse identification decisions in cases where doing so could compromise an ongoing investigation or violate confidentiality obligations imposed by law.

9. Notice to Customers

Important information about procedures for opening a new Program Account: To help the government fight the funding of terrorism and money-laundering activities, federal law requires financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: when you open a Program Account, we will ask for the business's name, address, taxpayer identification number, and other information that will allow us to identify the business. We will also ask for the name, address, date of birth, taxpayer identification or passport number, and other information that will allow us to identify each Beneficial Owner, the Control Person, and each Authorized Individual. We may also ask to see identifying documents.

10. Ongoing Monitoring and Refresh

Identity verification does not end at account opening. Kashu conducts ongoing monitoring of identifying information, account activity, and partner-institution feedback. Kashu may request that the User update or re-verify information, in whole or in part, when:

  • A government-issued identification document expires or appears invalid;
  • Ownership, control-person, or material business information changes (which must be reported within ten (10) business days under the Acceptable Use Policy);
  • Activity patterns or risk factors trigger Enhanced Due Diligence;
  • Sanctions, watchlist, or adverse-media findings warrant additional review;
  • Kashu's partners or applicable regulators require refreshed information.

11. Recordkeeping

Kashu retains identifying information, descriptions of documents reviewed, and records of verification methods and outcomes for a minimum of five (5) years following closure of the Program Account, or for such longer period as required by applicable law, regulator direction, or partner-institution requirements. Records are stored using encryption in transit and at rest, role-based access controls, and other safeguards as further described in the Kashu Privacy Policy.

12. Data Security and Privacy

Information collected under this CIP is used solely for identity verification, ongoing monitoring, regulatory compliance, and the operation of the Services. Kashu does not sell or share customer identification data for marketing purposes. Handling of personal information, biometric data, and Sensitive Personal Information is further described in the Kashu Privacy Policy.

13. Reliance and Partner Coordination

Kashu performs the procedures described in this CIP in support of the customer-identification, customer-due-diligence, and anti-money-laundering obligations of Kashu's partners. Kashu's partners include the licensed money transmitter and custodial bank that hold customer funds, the acquirers and card payment providers that authorize and settle card transactions, the identity-verification provider, and other compliance vendors. Kashu shares verification information with these partners as necessary to satisfy regulatory and contractual obligations.

14. Compliance and Oversight

Kashu's CIP is administered by the Compliance Department, under the oversight of a designated BSA Compliance Officer. The CIP is reviewed at least annually for consistency with applicable law, partner-institution requirements, and industry best practices. Kashu personnel with CIP responsibilities receive periodic training, and Kashu's compliance program is subject to independent testing in accordance with applicable BSA/AML requirements.

15. Relationship to Other Policies

This CIP is incorporated by reference into the Kashu Terms of Service and is read together with the Kashu Software & Technology Services Agreement ("STSA"), the Acceptable Use Policy, the Privacy Policy, and the Refund Policy. In the event of any conflict between these documents, the order of precedence is: (1) STSA → (2) Terms of Service → (3) Acceptable Use Policy → (4) this CIP and the Refund Policy. All other policies and disclosures are subordinate to the above.

16. Modifications

Kashu reserves the right to modify or update this CIP at any time to reflect changes in regulations, partner requirements, or internal processes. Non-material changes are effective upon posting. Material changes will be communicated through the Services or by email at least thirty (30) days before they take effect, unless a shorter period is required by law, regulator direction, or partner-institution requirements. Your continued use of the Services after the effective date constitutes acceptance of the modified CIP.

17. Contact Information

For questions about this CIP, identity-verification status, or assistance completing verification, you may contact us as follows:

Kashu, Inc

Attn: Customer Support

1603 Capitol Ave, Ste 415 #674380

Cheyenne, WY 82001

Email: help@kashupay.com

Product
Capabilities
Features
Transfers
How It Works
White Label Us
Product
Merchant Processing
Company
Book a Demo
About Us
Why Kashu
Our Fees
Careers
Company
Resources
Affiliate Program
Refer Merchants
MRP Dashboard Login
Affilate Dashboard Login
Fraud Shield
Brand Kit
Merch Shop
Accessibility
Share Feedback
Resources
Contact Us
By using this site, you agree to our Terms of Service and Privacy Policy, including the use of cookies for analytics, personalization, and marketing. Kashu is an independent financial technology platform and is not a bank. Money transmission services are provided by Monarch Technologies, Inc., a licensed Money Services Business (MSB: 31000186536125) and NMLS registered provider (NMLS ID: 1908316). Customer funds are held in custodial accounts at Fresno First Bank, Member FDIC, for the benefit of users.

All trademarks, service marks, and logos used are the property of their respective owners. Use of these marks does not imply endorsement or partnership.

For more information, please contact our offices at 1603 Capitol Ave, Ste #415, Cheyenne, WY 82001.

© 2026 Kashu, Inc. All rights reserved.