Mela · የእኛ banking
Get the app
← all posts
April 11, 2026 #product · #trust

What KYC actually looks like at Mela — two minutes, plain English

You have downloaded apps that asked for too much, given up halfway through, and assumed the worst. That instinct is correct often enough that we want to spend a post being explicit about what Mela asks for, in what order, and why each piece is there.

This is not the marketing version. This is the actual procedural version.

The four things we actually ask

In the order they appear in onboarding:

  1. Phone number and email. To reach you. To send you a transaction receipt. To let you recover access if you lose your phone. The phone number gets a one-time code to confirm it’s you.
  2. Government ID and a selfie. To verify that the person opening this account is the person on the ID. The ID can be a US driver’s license, US state ID, or US passport. The selfie is matched against the ID photo by an identity-verification provider.
  3. Address and date of birth. To uniquely identify you against the records that federal regulators expect us to check.
  4. Plaid bank link. To move USD from your existing US bank into your Mela USD wallet without typing routing and account numbers. Plaid handles the connection — your username and password go to your bank, not to us.

That is the full ask at sign-up. It is four screens, not forty. It takes approximately two minutes if you have your ID handy.

Why each one — in plain English

The reasons are federal law, and we’d rather name them than gesture at “compliance reasons.”

Phone and email. Practical, not regulatory. Recovery, support, receipts.

Government ID and selfie. This is the Customer Identification Program, or CIP. CIP is a US federal regulation under the USA PATRIOT Act that requires every US financial institution — and every product working with a US partner bank, like Mela — to obtain, verify, and record information sufficient to identify the human opening an account. ID + selfie is how that’s done in 2026. The same regulation applies whether you’re opening an account at Chase, at a credit union, or at Mela.

Address and date of birth. Same regulatory layer. The CIP rule requires us to capture enough identifying information that two different people with the same name don’t get conflated.

Plaid. Not a regulation — a product choice. Plaid lets you link a US bank in fifteen seconds without typing routing numbers. Your bank credentials never touch our servers. Plaid issues us a token, and we use the token to initiate ACH pulls when you fund the wallet.

There is a separate question of what we monitor on an ongoing basis after onboarding — that’s the Bank Secrecy Act, or BSA. We will say more about that below.

What we share with whom

Onboarding sends data to four kinds of recipients. All are bound by data-processing agreements:

  • Identity verification providers. They check the ID and the selfie. They confirm liveness (so a printed photo doesn’t pass).
  • Plaid. Sees your bank credentials, not us. Issues us a token to move money on your authorization.
  • Our regulated banking and payment partners. US-based, regulated, and bound by their own KYC and BSA rules. The structure of who-does-what is governed by formal agreements; the names of the partners get disclosed inside the app and in the partner-bank section of our agreements.
  • Anti-fraud services. Help us catch synthetic identities, stolen-card funding attempts, and similar.

We do not sell your personal information. We do not share it with marketers. We do not let other apps query whether you’re a Mela customer.

What “approval” actually takes

Most users: minutes. ID matches. Selfie matches. Address resolves cleanly. Plaid links. You’re in.

Some users: a few hours. Edge cases — older driver’s license photos, lighting issues with the selfie, address records that lag updates. These usually clear automatically once the system has another look.

A small percentage: manual review. The system pulls a small number of cases for a human to look at. The most common reasons are name mismatches (your ID has your full legal name, but the address record has a nickname), or document quality issues. Manual review usually clears within a business day. Sometimes we ask for an additional document.

We tell you which path you’re on. We tell you when manual review starts and finishes. If you’re rejected, we tell you we can’t approve and what to do next — but federal regulation limits how specific we can be about why, and that’s a real constraint we can’t write around.

What we do not ask

A few things that diaspora-banking copy has historically overstated, that we want to be specific about:

  • No SSN to sign up. You can open a Mela account without a Social Security Number using a passport.
  • An SSN or ITIN is required for some higher-tier features. US tax law requires it for tax reporting on certain account types. We will ask for it when those features apply, and only then.
  • No work history, employer, or income documentation at sign-up. Some financial products require those; the Mela MVP does not.
  • No US address requirement that’s stricter than federal CIP requires. A real US address is required, but Mela does not impose extra requirements beyond what the regulation does.

If you’ve read older diaspora-banking copy that claimed “no SSN ever” or “open from anywhere in the world with no US ties,” some of that overstated the truth. The current Mela posture: US-based product, US-incorporated, designed for the US Ethiopian community, with the actual federal requirements named honestly.

What happens after onboarding

Onboarding gets you in. The Bank Secrecy Act governs what happens next.

In plain English: every US-regulated bank, payment company, and bank-adjacent product is required to monitor activity for indicators of money laundering, terrorist financing, and sanctions violations. That monitoring is mostly invisible to legitimate customers. It mostly affects you not at all.

A small number of transactions trigger a review — unusual amounts, unusual destinations, unusual patterns. Most reviews clear automatically. Some lead to a request for additional information. A very small number lead to filings with regulators that we are not allowed to discuss with the customer. That last constraint is set by federal law, not by us.

If you are a normal Mela user — sending USD to family, paying at Habesha businesses — you will likely never see any of this in your day-to-day. The infrastructure runs in the background.

What we don’t claim

A few things this post is deliberately not saying:

  • Not “Member FDIC” or “FDIC insured.” Pass-through deposit insurance lives at the partner bank, has conditions, and must be cited correctly. We will write that sentence once it’s done with the partner-bank’s compliance team.
  • Not “we are a bank.” Mela is a US-incorporated company offering banking services in partnership with regulated banks. We say “banking” or “banking experience,” not “bank.” That is a careful distinction, and we keep it.
  • Not “your money is 100% safe.” No financial product can claim that, and any product that does is wrong.

The trust signal here is the absence of the marketing voice — not its volume.

Where to go from here

The full Privacy Policy and the USA PATRIOT Act notice live as PDFs in the footer. Both are counsel-reviewed; both are the operative documents:

Two minutes to start. The trust gets earned over time.