KYC, KYB and the Fleet Reality Check: Why Open-Loop Needs a Rethink
- Duncan Kennett
- Oct 29
- 4 min read
When it comes to open-loop fleet cards, one question keeps resurfacing: how do you balance compliance with practicality?
There’s a lot of discussion in the industry right now about what “best practice” should look like for open-loop fleet programmes. Yet, too often, the conversation focuses on technical design questions, and not enough on how these systems actually work in the day-to-day reality of fleet operations.
As PHC Mobility’s Duncan Kennett puts it:
“The reality of running a fleet doesn’t always fit neatly into the way the payment schemes imagine things should work. A conventional consumer or commercial card has been designed to be used by one person, and one PIN. Fleets don’t always work like this, particularly in Commercial Road Transport (CRT)."
The ‘Driver Card’ Dilemma
The global payment schemes include a concept in their rules called the Driver Card. It’s designed to show the registration number or another identifier for the vehicle, but not necessarily link to a specific person.
“The problem is the PIN. In theory, every driver should have their own PIN, so that it’s clear to the Fleet Manager who is accountable for each transaction,” explains Duncan. “An Open Loop card can only have one PIN to achieve this direct accountability. A driver who has used the vehicle before needs to remember their PIN, if it’s a new driver, they need a new PIN."
And that’s the crux of the issue.
Many fleets operate shared vehicles, rotating drivers through shifts. This means each time a new driver takes over who will need to fuel the vehicle, they will need a new PIN. Usually this is done via an app.
This is where open-loop programmes need to move from theory to practice. The question isn’t “Can we enforce a one-PIN-per-person rule?” but “How do we maintain accountability without creating unnecessary friction?”
At PHC Mobility, we see solutions emerging in a few directions:
Moving to a fully mobile solution for employees, where every employee has a Mobile App, and the fuel card can be enabled or disabled in a driver’s wallet when they are booked to drive a vehicle, or;
Tokenisation or biometric pairing between driver and vehicle at the time of use (like in-car payments, as trialled by some European OEMs), or pairing between the vehicle and terminal, so the vehicle becomes the payment credential (which has been evaluated by the mobile networks). These solutions are only part solutions, however, as they don’t work where payment is needed outside the vehicle. Parking and tolls are examples of this.
In short, there are ways to make the rules work for fleets, but they require flexibility from both issuers and schemes.
KYC vs KYB: It’s Not One or the Other
Another grey area in the debate is compliance, specifically, how Know Your Customer (KYC) and Know Your Business (KYB) apply in the fleet ecosystem.
“KYC isn’t actually payments law,” Duncan notes. “It’s national law and it varies by country. The global schemes require KYB and KYC policy, and the issuer of the cards warrants that such a policy is in place for all cards that are issued by Fleet Managers.This is in addition to the processes needed to comply with local law"
The problem is that automated KYB and KYC solutions are both a setup and an ongoing cost, every time a new cardholder is added to a Fleet program. This seems less logical in an environment where a Fleet card can only be used in a limited number of locations for limited transaction amounts — it's very unlikely a money laundering tool.
When you add to this that all employers should be carrying out background checks before they onboard an employee or contractor, one may wonder: is card-based KYC repeating the same employee onboarding process?
“Issuers have been working on their KYC policies with individual regulators for some time. What’s needed now is clarity; a common-sense framework that reflects how fleets actually operate that is common across Europe.”
A Common-Sense Framework
So what might that framework look like?
At PHC Mobility, we believe in designing compliance and usability together, not in opposition. That means:
Risks related to use of the card
Recognising that a restricted fuel card has a different risk profile to a full ‘on-the-road’ card, and that a company needs to manage the card in this way (e.g. no personal use).
Adaptive driver authentication
Use app-based activation, biometrics, or temporary PINs to handle rotating drivers.
Current KYC policy
Ensuring that all employees and contractors have been KYC-ed as required by local law.
Smart transaction controls
Limit spend by category, time, fuel volume or merchant type, with anomaly detection and alerts, or blocking for open-loop transactions.
Local flexibility
Recognise that application of AML and KYC laws differ across Europe; tailor the compliance layer to each jurisdiction.
The outcome is a model that satisfies the spirit of scheme rules and regulatory requirements, while fitting the operational reality of fleets.
Where the Industry Goes Next
The open-loop future will depend on collaboration between schemes, issuers and fleet experts to define what “good” looks like, and how to make it work without losing sight of the end user: the fleet operator.
“The regulators and schemes need to recognise that a limited use card creates a lower threat level, and the expectations of KYC (and AML checking) only needs to reflect that risk.”
At PHC Mobility, we see our role as exactly that bridge: translating between regulatory intent and real-world use, helping mobility and payments providers design programmes that are both compliant and practical.
Because open-loop isn’t just about enabling wider acceptance but about creating systems that make sense; for drivers, for fleet managers, and for the businesses that power mobility.
Comments