Customer Due Diligence (CDD)
Customer Due Diligence (CDD) is integral to the Know Your Customer (KYC) process. In compliance with regulatory requirements, companies must periodically run several risk checks on both new and existing customers throughout the business relationship to ensure customers are vetted and to detect any suspicious fraudulent behaviors.
Solaris CDD process
Solaris conducts Customer Due Diligence on new customers before establishing a business relationship and existing customers as long as Solaris' business relationship with the customer still stands. These checks include three different areas:
- Customer screening
- Risk classification
- Customer vetting
1. Customer screening
During the screening process, Solaris checks the customer's data against a variety of data sources, such as sanction lists, watch lists, and PEP lists.
2. Risk classification
During this process, Solaris runs granular risk models and scores each customer based on several risk factors, such as the customer type (B2C, B2B), the customer's personal and financial data, and the branch in which they're opening an account.
3. Customer vetting
During this process, Solaris checks the customer for fraud patterns. The customer vetting rules include checking for data discrepancies, multiple identities, or missing required information.
For B2C and freelancer customers, Solaris stores the results of these checks in various properties of the person resource or the business resource for B2B customers.
attention
- Solaris conducts customer due diligence on both new and existing customers. The customer's risk status can change over time as Solaris runs periodic screenings in compliance with Anti-Money Laundering (AML) regulations.
- You must always monitor the status of the CDD process for all of your customers and take the necessary actions accordingly as described in this guide.
CDD statuses
The CDD process results are stored in three different properties in the person resource for B2C and freelancer customers or the business resource for B2B customers. These properties are:
- Customer screening >
screening_progress - Risk classification >
risk_classification_status - Customer vetting >
customer_vetting_status
Each one of these properties has its own set of statuses, and each status is assigned a particular color (green, yellow, red). The color signifies the severity of the status and the actions and measures you must take in each case.
List of green/yellow/red statuses
The following diagram includes the color-coded statuses for each property:
Check the descriptions of these values below.
How to validate CDD for your customers?
You must monitor the status of the CDD process performed on your customers regularly by following these steps:
B2C customers
- Subscribe to the PERSON_CHANGED webhook event.
- When you receive a notification on this webhook event, that means that the screening and risk-related attributes have changed.
- Call the GET Retrieve a person method to retrieve the full details of the changed properties.
- Validate each status of the CDD-related properties as described in the following sections.
- Complete any instructions or actions you receive from Solaris.
Freelancer customers
- Subscribe to the PERSON_CHANGED webhook event.
- When you receive a notification on this webhook event, that means that the screening and risk-related attributes have changed.
- Call the GET Retrieve a person method to retrieve the full details of the changed properties.
- Validate each status of the CDD-related properties as described in the following sections.
- Complete any instructions or actions you receive from Solaris.
B2B customers
- Subscribe to the BUSINESS_CHANGED webhook event.
- When you receive a notification on this webhook event, that means that the screening and risk-related attributes for the business' legal entity have changed. Please note that only the field
screening_progressis relevant for businesses. - Call the GET Retrieve a business method to retrieve the full details of the changed properties.
- Subscribe to the PERSON_CHANGED webhook event.
- When you receive a notification on this webhook event, that means that the screening and risk-related attributes have changed for the natural persons associated with the business, such as legal representatives, authorized persons or beneficial owners. Please note that only the field
screening_progressis relevant for natural persons associated with a business. - Call the GET Retrieve a person method to retrieve the full details of the changed properties.
- Validate each status of the CDD-related properties for both the business resource and each person resource as described in the following sections.
- Complete any instructions or actions you receive from Solaris.
warning
The status of all three CDD-related properties MUST be green before you can:
- onboard new customers,
- provision additional banking products (e.g., account opening, loan provisioning), and/or
- continue your business relationship with an existing customer (i.e., the customer must have no red statuses).
Only for B2B customers
If the business resource or any of the person resources of the natural persons associated with the business only have a "green" value for the screening_progress property and no value for the risk_classification_status or the customer_vetting_status properties, then your implementation
should treat it as a "green" status.
Validate green/red statuses
Below is a list of definitions for each type of status:
For new customers in onboarding:
- "Green" status: The customer can proceed with onboarding.
- "Red" status: The customer cannot proceed with onboarding.
For existing customers:
- "Green" status: The customer's risk status has not changed. Therefore, you can continue with the business relationship with the customer.
- "Red" status: Solaris found a risk factor for the customer. Solaris team will contact you with instructions and actions to take.
Enhanced due diligence process of yellow statuses
Yellow statuses trigger the Enhanced Due Diligence process (EDD), in which the customer's profile will undergo a silent review process. Based on the outcome of the enhanced due diligence process, Solaris will reclassify the customer to either a green or red status.
You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.
Questions & answers API
Solaris might require additional information from the customer. In this case, you'll receive a notification on the webhook event QUESTIONS\_REQUIRE\_ANSWERS, which includes a question set.
You must forward these questions to your customer and collect their answers in your frontend. After the customer has answered all questions in the set, submit the answers to Solaris using the questions and answer API.
Visit the following links for more information about the questions & answers feature:
EDD process flow
The following diagram describes the EDD process flow:
For new customers in onboarding:
- "Yellow" status: The customer cannot proceed with onboarding. Solaris will begin the Enhanced Due Diligence process initially as a silent review of the customer. You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.
For existing customers:
- "Yellow" status: Solaris found a potential risk factor for the customer. Solaris will begin the Enhanced Due Diligence process initially as a silent review of the customer. You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.
CDD for B2B lending features
CDD is mandatory for some B2B lending features, such as B2B Fronting Loans, B2B Fronting Factoring, and Trade Finance. However, the CDD flow for lending features is different from the standard flow for Digital Banking products. The process goes as follows:
- Subscribe to the BUSINESS_CHANGED webhook event.
- When you receive a notification on this webhook event, that means that the screening and risk-related attributes for the business' legal entity have changed.
- Call the GET Retrieve a business method to retrieve the full details of the changed properties.
- Validate the status of the CDD-related properties for the business resource as described in the previous section.
- All CDD-related properties must have a
greenvalue. In case of anyredoryellowstatus value, the related lending product application will be rejected and no business relationship can be established with the customer.
Testing
This section includes instructions on how to test the CDD process.
Unhappy path: Customer triggers a hit
Complete the following steps to simulate an unhappy path of a person triggering hits on the CDD process:
- Create a person resource using the following properties:
Request example
// POST /v1/persons
{
"first_name": "X-MANUALTEST-HAPPYPATH",
"last_name": "BADGUY"
}Response example
{
"id": "ec23da1d10f9ba5782ddc74c442387a7cper",
"salutation": null,
"title": null,
"first_name": "X-MANUALTEST-HAPPYPATH",
"last_name": "BADGUY",
"address": {
"line_1": null,
"line_2": null,
"postal_code": null,
"city": null,
"country": null,
"state": null
},
"contact_address": {
"line_1": null,
"line_2": null,
"postal_code": null,
"city": null,
"country": null,
"state": null
},
"email": null,
"mobile_number": null,
"birth_name": null,
"birth_date": null,
"birth_city": null,
"birth_country": null,
"nationality": null,
"employment_status": null,
"job_title": null,
"tax_information": {
"tax_assessment": null,
"marital_status": null
},
"fatca_relevant": null,
"fatca_crs_confirmed_at": null,
"business_purpose": null,
"industry": null,
"industry_key": null,
"terms_conditions_signed_at": null,
"own_economic_interest_signed_at": null,
"aml_follow_up_date": "2027-07-28",
"aml_confirmed_on": "2022-07-28",
"flagged_by_compliance": false,
"expected_monthly_revenue_cents": null,
"vat_number": null,
"website_social_media": null,
"business_trading_name": null,
"nace_code": null,
"business_address_line_1": null,
"business_address_line_2": null,
"business_postal_code": null,
"business_city": null,
"business_country": null,
"business_state": null,
"screening_progress": "NOT_SCREENED",
"risk_classification_status": "NOT_SCORED",
"customer_vetting_status": "NOT_VETTED",
"annual_income_range": null,
"data_terms_signed_at": null,
"branch": null,
"birth_province": null,
"birth_post_code": null,
"socioprofessional_category": null,
"purpose_of_account_opening": null,
"main_income_source": null,
"work_country": null,
"work_province": null,
"self_declared_as_pep": null,
"international_operativity_expectation": [],
"registration_number": null,
"legitimation_valid_until": null
}- Create an identification with IDnow and simulate a happy path scenario as described here. Complete Step 2, 3, and 4 with the person resource you created in Step 1 above.
- After a successful video identification, call the GET Retrieve a person resource and and the value of
screening_progressshould be set toPOTENTIAL_MATCH.
Request example
GET /v1/persons/{id}Response example
{
"id": "ec23da1d10f9ba5782ddc74c442387a7cper",
"salutation": null,
"title": null,
"first_name": "X-MANUALTEST-HAPPYPATH",
"last_name": "BADGUY",
"address": {
"line_1": "STREET",
"line_2": "1",
"postal_code": "12345",
"city": "CITY",
"country": "DE",
"state": null
},
"contact_address": {
"line_1": null,
"line_2": null,
"postal_code": null,
"city": null,
"country": null,
"state": null
},
"email": null,
"mobile_number": "+1555010",
"birth_name": null,
"birth_date": "2002-02-02",
"birth_city": "BIRTHPLACE",
"birth_country": null,
"nationality": "DE",
"employment_status": null,
"job_title": null,
"tax_information": {
"tax_assessment": null,
"marital_status": "UNKNOWN"
},
"fatca_relevant": null,
"fatca_crs_confirmed_at": null,
"business_purpose": null,
"industry": null,
"industry_key": null,
"terms_conditions_signed_at": null,
"own_economic_interest_signed_at": null,
"aml_follow_up_date": "2027-07-28",
"aml_confirmed_on": "2022-07-28",
"flagged_by_compliance": false,
"expected_monthly_revenue_cents": null,
"vat_number": null,
"website_social_media": null,
"business_trading_name": null,
"nace_code": null,
"business_address_line_1": null,
"business_address_line_2": null,
"business_postal_code": null,
"business_city": null,
"business_country": null,
"business_state": null,
"screening_progress": "POTENTIAL_MATCH",
"risk_classification_status": "NORMAL_RISK",
"customer_vetting_status": "NOT_VETTED",
"annual_income_range": null,
"data_terms_signed_at": null,
"branch": null,
"birth_province": null,
"birth_post_code": null,
"socioprofessional_category": null,
"purpose_of_account_opening": null,
"main_income_source": null,
"work_country": null,
"work_province": null,
"self_declared_as_pep": null,
"international_operativity_expectation": [],
"registration_number": null,
"legitimation_valid_until": "2030-10-31"
}Simulate customer hit using device monitoring
You can also trigger the CDD process by creating a suspicious device activity using the suspicious test ID. This will also result in Solaris auto-generating a question set for the customer.
Appendix I: Customer Due Diligence statuses
Customer screening statuses
The following table includes the different statuses for the field screening_progress and their descriptions:
| Value | Description | Associated color |
|---|---|---|
NOT_SCREENED |
Default status. It means Solaris has not started screening the customer. | yellow |
POTENTIAL_MATCH |
The Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You CANNOT onboard the customer at this stage and must wait until the final screening score. |
yellow |
SCREENED_ACCEPTED |
No match was found for the customer and an account can be opened. | green |
SCREENED_DECLINED |
The risk screening process has failed and the customer cannot be onboarded. | red |
Risk classification statuses
The following table includes the different statuses for the field risk_classification_status and their descriptions:
| Value | Description | Associated color |
|---|---|---|
NOT_SCORED |
Default status. It means Solaris has not started scoring the customer. You CANNOT onboard the customer with this status. | yellow |
POTENTIAL_RISK |
The Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final risk classification score. |
yellow |
NORMAL_RISK |
The customer risk group has been classified as low or medium. You can onboard the customer with this status. | green |
INFORMATION_REQUESTED |
The AML team requests additional information from the customer. Based on the provided information, the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final risk classification score. |
yellow |
INFORMATION_RECEIVED |
The customer sent the requested information to the AML team and it's currently under investigation. Based on the provided information, the customer will be reclassified to either red or green. You can NOT onboard the customer at this stage and must wait until the final risk classification score. |
yellow |
RISK_ACCEPTED |
The customer passed the risk classification process and you can onboard the customer with this status. | green |
RISK_REJECTED |
The customer is rejected due to identified risks. You CANNOT onboard the customer with this status. | red |
CUSTOMER_UNRESPONSIVE |
The customer did not provide the requested information. You CANNOT onboard the customer with this status. | red |
SCORING_NOT_REQUIRED |
In certain cases, the risk classification process is not required for a customer (e.g., the beneficial owner of a business). You can onboard the customer with this status. | green |
Customer vetting statuses
The following table includes the different statuses for the field customer_vetting_status and their descriptions:
| Value | Description | Associated color |
|---|---|---|
NOT_VETTED |
Default status. It means Solaris has not started vetting the customer. You CANNOT onboard the customer with this status. | yellow |
NO_MATCH |
The customer passed the vetting process and no fraud patterns were detected. You can onboard the customer with this status. | green |
POTENTIAL_MATCH |
The Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final customer vetting score. |
yellow |
INFORMATION_REQUESTED |
The AML team requests additional information from the customer. Based on the provided information, the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final customer vetting score. |
yellow |
INFORMATION_RECEIVED |
The customer sent the requested information to the AML team and it's currently under investigation. Based on the provided information, the customer will be reclassified to either red or green. You can NOT onboard the customer at this stage and must wait until the final customer vetting score. |
yellow |
RISK_ACCEPTED |
The customer passed the customer vetting process and you can onboard the customer with this status. | green |
RISK_REJECTED |
The customer is rejected due to identified fraud patterns. You CANNOT onboard the customer with this status. | red |
CUSTOMER_UNRESPONSIVE |
The customer did not provide the requested information. You CANNOT onboard the customer with this status. | red |
VETTING_NOT_REQUIRED |
In certain cases, the customer vetting process is not required for a customer (e.g., authorized person of an account). You can onboard the customer with this status. | green |
