3.9 KiB
3.9 KiB
Identity & Compliance Specification
Overview
This document specifies the identity verification (KYC/KYB) and compliance orchestration system for banking features.
KYC/KYB Workflow Orchestration
Workflow Stages
1. Initial Registration:
- User registration
- Basic information collection
- Terms acceptance
2. Identity Verification:
- Document upload (ID, proof of address)
- Biometric verification (if required)
- Liveness check
3. Risk Assessment:
- Sanctions screening
- PEP screening
- Risk scoring
4. Approval/Rejection:
- Automated approval (low risk)
- Manual review (medium/high risk)
- Rejection with reasons
Workflow State Machine
[Registered] → [Identity Verification] → [Risk Assessment] → [Approved/Rejected]
↓
[Manual Review]
Sanctions/PEP Screening Integration
Screening Providers
Options:
- WorldCheck
- Dow Jones Risk & Compliance
- Chainalysis
- Others
Screening Process
1. Data Collection:
- Name, date of birth, nationality
- Address information
- Associated addresses (blockchain addresses)
2. Screening Check:
- Sanctions lists (OFAC, UN, EU, etc.)
- PEP lists (politically exposed persons)
- Adverse media screening
3. Match Resolution:
- Automated false positive filtering
- Manual review for potential matches
- Risk scoring based on match confidence
Screening Result
{
"user_id": "uuid",
"screening_status": "cleared",
"matches": [],
"risk_score": 0.1,
"screened_at": "2024-01-01T00:00:00Z",
"next_screening": "2025-01-01T00:00:00Z"
}
Risk Tier Assignment
Risk Tiers
Tier 1 - Low Risk:
- Verified identity
- No sanctions/PEP matches
- Low transaction volume
- Limits: Standard limits
Tier 2 - Medium Risk:
- Verified identity
- Minor concerns (e.g., high-risk country)
- Medium transaction volume
- Limits: Reduced limits, additional monitoring
Tier 3 - High Risk:
- Unverified or incomplete verification
- Sanctions/PEP matches
- High transaction volume
- Limits: Very restricted or blocked
Risk Scoring
Factors:
- Identity verification status
- Sanctions/PEP screening results
- Transaction patterns
- Geographic risk
- Source of funds
Score Range: 0.0 (low risk) to 1.0 (high risk)
Limit Management
Limit Types
Transaction Limits:
- Daily transaction limit
- Monthly transaction limit
- Single transaction limit
Account Limits:
- Maximum balance
- Withdrawal limits
Limit Enforcement
Real-time Checks:
- Check limits before transaction
- Reject if limit exceeded
- Provide limit status to user
Dynamic Limits:
- Adjust limits based on risk tier
- Increase limits with step-up verification
- Temporary limit increases (pending approval)
Step-Up Verification
Trigger Conditions
Triggers:
- Transaction exceeds current tier limits
- Suspicious activity detected
- User request
- Regulatory requirement
Verification Levels
Level 1: Basic KYC (standard) Level 2: Enhanced due diligence (EDD) Level 3: Institutional/KYB verification
Step-Up Process
- Notify user of requirement
- Collect additional documentation
- Enhanced screening
- Review and approval
- Update risk tier and limits
Integration Points
Identity Provider Integration
Providers:
- Jumio
- Onfido
- Sumsub
- Others
Integration Pattern:
- API integration
- Webhook callbacks for status updates
- Document storage
Compliance System Integration
Systems:
- Transaction monitoring
- Reporting systems
- Audit systems
Data Privacy
PII Handling
Storage: Encrypted storage Access: Role-based access control Retention: Per regulatory requirements Deletion: Right to deletion support
References
- Account & Ledger: See
account-ledger.md - Compliance Dashboards: See
compliance-dashboards.md - Security: See
../security/privacy-controls.md