Customer Due Diligence (CDD)

Customer Due Diligence (CDD) is integral to the Know Your Customer (KYC) process. In compliance with regulatory requirements, companies must periodically run several risk checks on both new and existing customers throughout the business relationship to ensure customers are vetted and to detect any suspicious fraudulent behaviors.

Solaris CDD process

Solaris conducts Customer Due Diligence on new customers before establishing a business relationship and existing customers as long as Solaris' business relationship with the customer still stands. These checks include three different areas:

  • Customer screening
  • Risk classification
  • Customer vetting

1. Customer screening

During the screening process, Solaris checks the customer's data against a variety of data sources, such as sanction lists, watch lists, and PEP lists.

2. Risk classification

During this process, Solaris runs granular risk models and scores each customer based on several risk factors, such as the customer type (B2C, B2B), the customer's personal and financial data, and the branch in which they're opening an account.

3. Customer vetting

During this process, Solaris checks the customer for fraud patterns. The customer vetting rules include checking for data discrepancies, multiple identities, or missing required information.

Solaris stores the results of these checks in various properties of the person resource.

attention
  • Solaris conducts customer due diligence on both new and existing customers. The customer's risk status can change over time as Solaris runs periodic screenings in compliance with Anti-Money Laundering (AML) regulations.
  • You must always monitor the status of the CDD process for all of your customers and take the necessary actions accordingly as described in this guide.

CDD statuses

The CDD process results are stored in three different properties in the person resource. These properties are:

  • Customer screening > screening_progress
  • Risk classification > risk_classification_status
  • Customer vetting > customer_vetting_status

Each one of these properties has its own set of statuses, and each status is assigned a particular color (green, yellow, red). The color signifies the severity of the status and the actions and measures you must take in each case.

List of green/yellow/red statuses

The following table includes the color-coded statuses for each property:

Property "Green" status "Yellow" status "Red" status
screening_progress SCREENED_ACCEPTED
  • POTENTIAL_MATCH
  • NOT_SCREENED
SCREENED_DECLINED
risk_classification_status
  • NORMAL_RISK
  • RISK_ACCEPTED
  • SCORING_NOT_REQUIRED
  • POTENTIAL_RISK
  • INFORMATION_REQUESTED
  • INFORMATION_RECEIVED
  • RISK_REJECTED
  • CUSTOMER_UNRESPONSIVE
customer_vetting_status
  • NO_MATCH
  • RISK_ACCEPTED
  • VETTING_NOT_REQUIRED
  • POTENTIAL_MATCH
  • INFORMATION_REQUESTED
  • INFORMATION_RECEIVED
  • RISK_REJECTED
  • CUSTOMER_UNRESPONSIVE

Check the descriptions of these values below.


How to validate CDD for your customers?

You must monitor the status of the CDD process performed on your customers regularly by following these steps:

  1. You must ensure that you have subscribed to the PERSON_CHANGED webhook event.
  2. When you receive a notification on this webhook event, that means that the screening and risk-related attributes have changed.
  3. Call the GET Retrieve a person method to retrieve the full details of the changed properties.
  4. Validate each status of the CDD-related properties as described in the following sections.
  5. Complete any instructions or actions you receive from Solaris.
warning

The status of all three CDD-related properties MUST be green before you can:

  • onboard new customers,
  • provision additional banking products (e.g., account opening, loan provisioning), and/or
  • continue your business relationship with an existing customer (i.e., the customer must have no red statuses).

Validate green/red statuses

Below is a list of definitions for each type of status:

For new customers in onboarding:

  • "Green" status: The customer can proceed with onboarding.
  • "Red" status: The customer cannot proceed with onboarding.

For existing customers:

  • "Green" status: The customer's risk status has not changed. Therefore, you can continue with the business relationship with the customer.
  • "Red" status: Solaris found a risk factor for the customer. Solaris team will contact you with instructions and actions to take.

Enhanced due diligence process of yellow statuses

Yellow statuses trigger the manual Enhanced Due Diligence process (EDD), in which the customer's profile will undergo a manual review process. Based on the outcome of the enhanced due diligence process, Solaris will reclassify the customer to either a green or red status.

You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.

note

In some cases, Solaris might require additional information from the customer. In this case, you'll receive a support ticket with the information needed. You must collect these answers from the customer through your customer support and pass the info to Solaris.

For new customers in onboarding:

  • "Yellow" status: The customer cannot proceed with onboarding. Solaris will begin the manual Enhanced Due Diligence process for the customer. You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.

For existing customers:

  • "Yellow" status: Solaris found a potential risk factor for the customer. Solaris will begin the manual Enhanced Due Diligence process for the customer. You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.

Risk review process


Testing

This section includes instructions on how to test the CDD process. Complete the following steps to simulate an unhappy path of a person triggering hits on the CDD process:

  1. Create a person resource using the following properties:

Request example

Copy
Copied
// POST /v1/persons
{
  "first_name": "X-MANUALTEST-HAPPYPATH",
  "last_name": "BADGUY"
}

Response example

Copy
Copied
{
    "id": "ec23da1d10f9ba5782ddc74c442387a7cper",
    "salutation": null,
    "title": null,
    "first_name": "X-MANUALTEST-HAPPYPATH",
    "last_name": "BADGUY",
    "address": {
        "line_1": null,
        "line_2": null,
        "postal_code": null,
        "city": null,
        "country": null,
        "state": null
    },
    "contact_address": {
        "line_1": null,
        "line_2": null,
        "postal_code": null,
        "city": null,
        "country": null,
        "state": null
    },
    "email": null,
    "mobile_number": null,
    "birth_name": null,
    "birth_date": null,
    "birth_city": null,
    "birth_country": null,
    "nationality": null,
    "employment_status": null,
    "job_title": null,
    "tax_information": {
        "tax_assessment": null,
        "marital_status": null
    },
    "fatca_relevant": null,
    "fatca_crs_confirmed_at": null,
    "business_purpose": null,
    "industry": null,
    "industry_key": null,
    "terms_conditions_signed_at": null,
    "own_economic_interest_signed_at": null,
    "aml_follow_up_date": "2027-07-28",
    "aml_confirmed_on": "2022-07-28",
    "flagged_by_compliance": false,
    "expected_monthly_revenue_cents": null,
    "vat_number": null,
    "website_social_media": null,
    "business_trading_name": null,
    "nace_code": null,
    "business_address_line_1": null,
    "business_address_line_2": null,
    "business_postal_code": null,
    "business_city": null,
    "business_country": null,
    "business_state": null,
    "screening_progress": "NOT_SCREENED",
    "risk_classification_status": "NOT_SCORED",
    "customer_vetting_status": "NOT_VETTED",
    "annual_income_range": null,
    "data_terms_signed_at": null,
    "branch": null,
    "birth_province": null,
    "birth_post_code": null,
    "socioprofessional_category": null,
    "purpose_of_account_opening": null,
    "main_income_source": null,
    "work_country": null,
    "work_province": null,
    "self_declared_as_pep": null,
    "international_operativity_expectation": [],
    "registration_number": null,
    "legitimation_valid_until": null
}
  1. Create an identification with IDnow and simulate a happy path scenario as described here. Complete Step 2, 3, and 4 with the person resource you created in Step 1 above.
  2. After a successful video identification, call the GET Retrieve a person resource and and the value of screening_progress should be set to POTENTIAL_MATCH.

Request example

Copy
Copied
GET /v1/persons/{id}

Response example

Copy
Copied
{
    "id": "ec23da1d10f9ba5782ddc74c442387a7cper",
    "salutation": null,
    "title": null,
    "first_name": "X-MANUALTEST-HAPPYPATH",
    "last_name": "BADGUY",
    "address": {
        "line_1": "STREET",
        "line_2": "1",
        "postal_code": "12345",
        "city": "CITY",
        "country": "DE",
        "state": null
    },
    "contact_address": {
        "line_1": null,
        "line_2": null,
        "postal_code": null,
        "city": null,
        "country": null,
        "state": null
    },
    "email": null,
    "mobile_number": "+1555010",
    "birth_name": null,
    "birth_date": "2002-02-02",
    "birth_city": "BIRTHPLACE",
    "birth_country": null,
    "nationality": "DE",
    "employment_status": null,
    "job_title": null,
    "tax_information": {
        "tax_assessment": null,
        "marital_status": "UNKNOWN"
    },
    "fatca_relevant": null,
    "fatca_crs_confirmed_at": null,
    "business_purpose": null,
    "industry": null,
    "industry_key": null,
    "terms_conditions_signed_at": null,
    "own_economic_interest_signed_at": null,
    "aml_follow_up_date": "2027-07-28",
    "aml_confirmed_on": "2022-07-28",
    "flagged_by_compliance": false,
    "expected_monthly_revenue_cents": null,
    "vat_number": null,
    "website_social_media": null,
    "business_trading_name": null,
    "nace_code": null,
    "business_address_line_1": null,
    "business_address_line_2": null,
    "business_postal_code": null,
    "business_city": null,
    "business_country": null,
    "business_state": null,
    "screening_progress": "POTENTIAL_MATCH",
    "risk_classification_status": "NORMAL_RISK",
    "customer_vetting_status": "NOT_VETTED",
    "annual_income_range": null,
    "data_terms_signed_at": null,
    "branch": null,
    "birth_province": null,
    "birth_post_code": null,
    "socioprofessional_category": null,
    "purpose_of_account_opening": null,
    "main_income_source": null,
    "work_country": null,
    "work_province": null,
    "self_declared_as_pep": null,
    "international_operativity_expectation": [],
    "registration_number": null,
    "legitimation_valid_until": "2030-10-31"
}

Appendix I: Customer Due Diligence statuses

Customer screening statuses

The following table includes the different statuses for the field screening_progress and their descriptions:

Value Description Associated color
NOT_SCREENED Default status. It means Solaris has not started screening the customer. red
POTENTIAL_MATCH The manual Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You can NOT onboard the customer at this stage and must wait until the final screening score. yellow
SCREENED_ACCEPTED No match was found for the customer and an account can be opened. green
SCREENED_DECLINED The risk screening process has failed and the customer cannot be onboarded. red

Risk classification statuses

The following table includes the different statuses for the field risk_classification_status and their descriptions:

Value Description Associated color
NOT_SCORED Default status. It means Solaris has not started scoring the customer. You CANNOT onboard the customer with this status. red
POTENTIAL_RISK The manual Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final risk classification score. yellow
NORMAL_RISK The customer risk group has been classified as low or medium. You can onboard the customer with this status. green
INFORMATION_REQUESTED The AML team requests additional information from the customer. Based on the provided information, the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final risk classification score. yellow
INFORMATION_RECEIVED The customer sent the requested information to the AML team and it's currently under investigation. Based on the provided information, the customer will be reclassified to either red or green. You can NOT onboard the customer at this stage and must wait until the final risk classification score. yellow
RISK_ACCEPTED The customer passed the risk classification process and you can onboard the customer with this status. green
RISK_REJECTED The customer is rejected due to identified risks. You CANNOT onboard the customer with this status. red
CUSTOMER_UNRESPONSIVE The customer did not provide the requested information. You CANNOT onboard the customer with this status. red
SCORING_NOT_REQUIRED In certain cases, the risk classification process is not required for a customer (e.g., the beneficial owner of a business). You can onboard the customer with this status. green

Customer vetting statuses

The following table includes the different statuses for the field customer_vetting_status and their descriptions:

Value Description Associated color
NOT_VETTED Default status. It means Solaris has not started vetting the customer. You CANNOT onboard the customer with this status. yellow
NO_MATCH The customer passed the vetting process and no fraud patterns were detected. You can onboard the customer with this status. green
POTENTIAL_MATCH The manual Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final customer vetting score. yellow
INFORMATION_REQUESTED The AML team requests additional information from the customer. Based on the provided information, the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final customer vetting score. yellow
INFORMATION_RECEIVED The customer sent the requested information to the AML team and it's currently under investigation. Based on the provided information, the customer will be reclassified to either red or green. You can NOT onboard the customer at this stage and must wait until the final customer vetting score. yellow
RISK_ACCEPTED The customer passed the customer vetting process and you can onboard the customer with this status. green
RISK_REJECTED The customer is rejected due to identified fraud patterns. You CANNOT onboard the customer with this status. red
CUSTOMER_UNRESPONSIVE The customer did not provide the requested information. You CANNOT onboard the customer with this status. red
VETTING_NOT_REQUIRED In certain cases, the customer vetting process is not required for a customer (e.g., authorized person of an account). You can onboard the customer with this status. green