Submitting documents to payment systems: key requirements and tips
Opening an account with a payment system is a critical step for any online business. However, even with a legitimate corporate structure and a transparent business model, companies may face rejection or sudden account freezes if their documents contain errors. In an environment of heightened regulatory scrutiny and automated verification algorithms, even minor data inconsistencies or incomplete information can result in frozen funds or service denial. This is especially true for high-risk industries, which are subject to stricter requirements. In this article, we’ll explain which documents are most commonly required by payment systems, outline steps that can help speed up the onboarding process, provide guidance on preparing your submission, and offer key considerations to ensure compliance checks are passed on the first attempt.
Why payment systems request documents: legal basis
In recent years, payment systems have evolved from simple tools for accepting online transactions into fully regulated financial entities. Under strict AML/CFT requirements, electronic payment providers are now obligated not only to identify their customers but also to assess the risks associated with their business activities. This applies equally to major international players, such as Stripe, PayPal, and Revolut, as well as niche providers operating in high-risk sectors, including crypto, gambling, betting, and dating, among others.
AML/CFT standards and the provider’s obligation to verify clients
The rules governing payment systems are largely shaped by the international standards established by the Financial Action Task Force (FATF). These standards explicitly require all financial service providers to conduct comprehensive customer due diligence (KYC), identify ultimate beneficial owners (UBOs), assess business risks, and monitor suspicious transactions.
The European legal framework implements FATF recommendations through a series of Anti-Money Laundering Directives (AMLD). In particular, AMLD5 obliges payment providers to maintain beneficial ownership registers, verify submitted documents, and periodically update KYC profiles.
Moreover, most payment service providers (PSPs) must comply with the national regulations of the countries in which they are registered and licensed. For example, PayPal (UK) operates under the supervision of the Financial Conduct Authority (FCA) and complies with the UK AML Regulations 2017. Stripe is regulated within the EU by the Central Bank of Ireland, following the provisions of the AMLDs and the EBA Guidelines on ML/TF risk factors. Revolut is licensed in Lithuania and falls under the supervision of the Bank of Lithuania, complying with both local and EU legislation.
What documents are usually required: a basic list
Payment systems apply standardized, though not identical, requirements for document submission. While the list of required documents may vary depending on the jurisdiction, industry, and business risk profile, most providers request four core categories: company legal documents, identity verification, ownership structure information, and a detailed business model description.
Company legal information
The first and most obvious category includes documents confirming the legal existence of the company:
- Certificate of Incorporation (or equivalent);
- Articles of Association / Operating Agreement / Charter;
- Shareholder and director registry, especially if there are multiple individuals involved;
- Certificate of Good Standing or a recent company extract from the relevant commercial register (e.g., Companies House in the UK).
Identity verification of directors and beneficial owners
The second category includes documents that verify the identity of key individuals:
- Valid passport or national ID card (with at least 6 months before expiration);
- Proof of residential address: utility bill, bank statement, or official residency registration.
Most payment systems rely on automated identity verification solutions such as Jumio, Onfido, or SumSub. This means that the quality of scans, the absence of glare, and exact data matching (including checks against international PEP lists) are essential.
For high-risk businesses such as crypto or forex, additional items may be required, including video interviews with beneficial owners, Proof of Funds, criminal background checks, or tax clearance certificates.
Business model and commercial activity description
One of the most underestimated but critical components of the submission process is the business activity overview. Providers do not limit themselves to document review — they also assess the business model for compliance with their Acceptable Use Policy (AUP).
Typically required elements include:
- Description of services/products offered, target markets, and marketing channels;
- Website URL (for online businesses);
- Refund, delivery, and customer complaint policies;
- Expected transaction volumes, countries of operation, and payment flow mechanisms;
- Information about banking partners (if already known);
- Licenses or permits if the business is regulated (e.g., crypto exchange license, EMI license).
Ownership structure and UBO declarations
Payment systems require understanding who ultimately controls the company. This involves:
- UBO (Ultimate Beneficial Owner) declaration;
- Ownership structure diagram (in case of a holding or multi-tiered structure);
- Supporting documentation confirming the ownership chain (e.g., charters of parent companies, shareholder registries).
The beneficial ownership threshold in the EU is 25% or more, in the UK 25%+ (under the UK AML Regs), and in the US 25%+ under the FinCEN Beneficial Ownership Rule.
What does an incomplete or incorrect application package lead to?
Any inconsistency, data error, or incomplete document set can lead to consequences serious enough to halt — or even derail — a company’s operations. This is especially critical for startups, e-commerce platforms, SaaS providers, and businesses in high-risk industries, where delays in onboarding to a payment service provider (PSP) directly affect cash flow.
Freezing of funds and account suspension
One of the most common scenarios is the automatic restriction of account access due to suspicion of inaccurate or incomplete data. The algorithms used by most payment systems are designed to flag specific risk triggers, such as:
- Mismatched addresses between the ID and the bank statement;
- Discrepancies between the declared business model and the actual website content;
- Unusual early-stage activity (e.g., high transaction volumes, purchases from irregular geographies);
- Unrecognized documents during automated verification (poor scan quality, unsupported languages, missing apostille/legalization).
When such triggers are detected, funds are frozen, and the account is moved to “under review” status. During this period, payouts may be delayed, internal transfers halted, and payment buttons disabled on the website.
Rejection with no option to reapply
Some payment systems enforce a strict “one-shot” policy — if the initial application is deemed misleading or invalid, resubmission is not allowed. This means that a company may be permanently barred from working with that provider, particularly in sensitive or regulated sectors.
Common reasons for rejection include:
- Submission of outdated or untranslated documents;
- Attempts to obscure the ownership structure;
- Use of a non-compliant or non-residential business address;
- Inclusion of the company in blacklists (such as World-Check, PEP, or AML databases).
In addition, a failed application may be logged in the provider’s internal records and could negatively impact relationships with other services in the same corporate group.
Jurisdictional risks and service denial
Certain countries or types of businesses are automatically classified as unacceptable by standard PSPs. If the application reveals that a company is incorporated in a high-risk offshore jurisdiction (e.g., BVI, Seychelles, Marshall Islands), or operates in a sector prohibited by the provider’s Acceptable Use Policy, the system may:
- Reject the application without explanation;
- Permanently deny access to its services;
- Escalate the case to a regulator or payment partner (e.g., acquiring banks or anti-fraud networks).
This is precisely why it is essential to conduct legal risk diagnostics in advance and obtain independent legal advice before submitting documents, particularly if your company operates across multiple jurisdictions.
How to properly prepare documents for filing
Each payment system uses its own set of criteria and submission format. A common mistake among companies is reusing the same document package for all providers without proper adaptation. Examples of differences include:
- Stripe requires mandatory website address verification, alignment with the beneficial owner, and a structured description of the business model;
- PayPal focuses on individuals and small businesses but, in case of suspicion, may request a detailed business description and supplier contact information;
- Revolut Business asks for in-depth answers regarding UBO structure, sources of funds, and anticipated counterparties;
- PayOp, Cardinity, and Connectum require sanctions-related declarations, lease agreements, and proof of offline business presence.
For high-risk industries (e.g., gambling, crypto, dating, CBD), early disclosure of ownership structure, team members, and the exact transaction flow is required. In many cases, providers also request a Legal Opinion.
Standardization and unified submission format
Even if the documents are legally valid, a PSP may still reject the application if internal contradictions or data inconsistencies are detected. Key recommendations include:
- Use a consistent format for all documents: one language, unified formatting, and no discrepancies;
- Translations must be notarized when submitted to a jurisdiction different from the country of registration;
- Dates, names, and legal identifiers must match across all documents — from the articles of association to the application form and the company website;
- Avoid outdated documentation — many systems accept extracts and certificates no older than 90 days;
- Ensure your website or platform is fully operational — the provider may review it at any time;
- If a holding structure exists, include an ownership diagram explaining the full chain of control.
It's important to understand that compliance officers treat your submission as a single unified file. Even small inconsistencies — such as mismatched addresses between the application and the company charter — can be interpreted as a sign of unreliability or an attempt to mislead.
Preparation for follow-up and supplementary inspections
Even if you have submitted a complete set of documents and passed the initial verification, this does not mean that the compliance process is over. Payment systems increasingly apply a multi-stage review, where additional information may be requested — either immediately after submission or during ongoing account usage. The ability to respond promptly and accurately to such follow-up requests can play a critical role in maintaining access to the service and protecting your business from disruptions.
What else may be requested?
Providers reserve the right to request additional documentation at any time, especially in cases of rapid growth in transaction volumes, jurisdictional changes, or customer complaints. Common follow-up requests include:
- Licenses confirming the right to operate in regulated industries (e.g., crypto exchanges, investment brokers, EMI);
- Lease agreement or proof of a physical office address;
- Supplier or service contracts, especially when trading in physical goods;
- Financial statements (P&L reports, bank statements for the past 6–12 months);
- Payment channel confirmations, such as agreements with acquirers, logistics providers, or API integrations;
- Test access to the platform or app to verify alignment with the declared business model.
Such requests are not the exception — they are becoming standard practice, especially for high-risk businesses. The faster you respond, the better your chances of keeping the account fully operational without interruption.
What to do in case of delays or a second review
If your application is subject to a second review, here’s what matters most:
- Don’t panic: this is a standard procedure, particularly for new companies or those processing cross-border transactions;
- Prepare additional documentation in advance: maintain a separate digital folder with translated and up-to-date files;
- Be transparent: attempts to hide inconvenient details (e.g., a UBO from a sanctioned jurisdiction) may result in a permanent ban;
- Communicate clearly: respond politely, concisely, and include the necessary attachments and brief explanations when needed;
In case of extended delays, follow up every 5–7 business days to check the status if no automated updates are provided.
How Key2Law can help you pass payment verification the first time around
Key2Law’s team helps businesses navigate payment system compliance with full attention to regulatory requirements and industry practices:
- Conduct a pre-submission audit of your documentation: identifying inconsistencies, mitigating risks, and preparing a complete and optimized package;
- Draft accurate business model descriptions in line with each provider’s Acceptable Use Policy;
- Assist in preparing UBO declarations, ownership diagrams, and cover letters, where required;
- Adapt your documents to meet the requirements of a specific jurisdiction or payment provider, whether it's Stripe, PayPal, Revolut, or a high-risk PSP;
- Provide full support during follow-ups and secondary reviews, including drafting responses to additional requests and representing your interests in compliance-related communication.
If you want to get approved on the first attempt without unnecessary risks or wasted time, contact Key2Law team today. We understand how payment systems assess business risks and know how to help you meet their expectations from the start.