comment

1 files changed, 43 insertions, 13 deletions

diff --git a/template/kyc.html.j2 b/template/kyc.html.j2
index 9004b0ea..b24fdbf4 100644
--- a/template/kyc.html.j2
+++ b/template/kyc.html.j2
@@ -5,9 +5,37 @@
     <h1>KYC providers</h1>
   </header>
   <main id="maincontent">
-      <h3>Criteria</h3>
+    <p>
+      GNU Taler operators need to satisfy regulatory requirements in terms
+      of Know-your-customer (KYC) regulation and risk assessment (which
+      usually starts with checking for politically exposed people (PEPs)).
+      KYC usually requires at the minimum for the customer to upload some
+      identity documents, which then must be verified. KYC often also
+      requires some kind of lifeness checks to ensure tha the owner of the
+      documents it the one passing the documentation along.
+      To this end, we have tried to find KYC "solutions" that would
+      help us address this.
+    </p>
+    <p>
+      Naturally, the goal is to do this with Free Software.  However, all
+      of the solutions we found so far are proprietary
+      <a href="https://www.gnu.org/philosophy/who-does-that-server-really-serve.html">SaaSS</a>.
+      If you know of a solution that is actually Free Software, we would be
+      eager to hear from you.
+    </p>
+    <p>
+      In the absence of a proper FLOSS solution, we have looked at other
+      important criteria, such as the solution offering at least FLOSS
+      integration on the client-side, having an open API specification
+      (no NDA!), or even supporting a standard API.  Technically, we
+      also need the KYC provider to work nicely over the
+      Web (not just with a smart phone), and from a business perspective
+      we like transparent pricing (alas, this is the least important
+      point).
+    </p>
+      <h3>Criteria Summary</h3>
       <p>
-        These are the key evaluation criteria we have:
+        Thus, these are the key evaluation criteria we have:
         <ul>
           <li>Supports collecting and validating KYC information, including PEP lists and ID documents from Europe
           </li>
@@ -31,7 +59,8 @@
       </p>
       <h3>Providers</h3>
       <p>
-        Here is a list of KYC solutions we have evaluated against the criteria above.
+        Here is a list of KYC solutions we have found and evaluated against the
+        criteria above.
         <table>
           <tr><td></td>
              <th>KYC?</th><th>Open API?</th><th>Web?</th>
@@ -110,10 +139,10 @@
              <td>&#10060;</td><td>some</td><td>some</td>
              <td>&#10060;</td></tr>
         </table>
-        Note that not offering Web support is a hard
-        criteria against a solution: we cannot use them
-        for the WebExtension, which is the most
-        FLOSS-friendly wallet.
+        Of these, we have for now selected KYCAID and WithPersona for our
+        first implementations as they seem closest to our objectives.
+        That said, the room for improvement for both towards respecting
+        their user's freedoms is huge.
       </p>
       <h3>&#10060;t quite KYC Providers</h3>
       <p>
@@ -121,6 +150,13 @@
         searching for KYC providers that don't actually do the kind
         of KYC (with identity document verification and PEP list checks)
         that would be needed.
+        Note that not offering KYC support with document validation
+        and PEP lists is a absolutely hard
+        criteria against the solution: we believe such providers
+        would not usually satisfy the legal requirements.
+        These providers
+        are only listed so that they do not get re-evaluated as they
+        came up in a search.
         <table>
           <tr><td></td>
              <th>KYC?</th><th>Open API?</th><th>Web?</th>
@@ -169,12 +205,6 @@
              <td>&#9989;</td><td>?</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
         </table>
-        Note that not offering KYC support with document validation
-        and PEP lists is a absolutely hard
-        criteria against the solution: we believe such providers
-        would not satisfy the legal requirements. These providers
-        are only listed so that they do not get re-evaluated as they
-        came up in a search.
       </p>
   </main>
 </article>