Customer Due Diligence (CDD)

Customer Due Diligence (CDD) is integral to the Know Your Customer (KYC) process. In compliance with regulatory requirements, companies must periodically run several risk checks on both new and existing customers throughout the business relationship to ensure customers are vetted and to detect any suspicious fraudulent behaviors.

Solaris CDD process

Solaris conducts Customer Due Diligence on new customers before establishing a business relationship and existing customers as long as Solaris' business relationship with the customer still stands. These checks include three different areas:

  • Customer screening
  • Risk classification
  • Customer vetting

1. Customer screening

During the screening process, Solaris checks the customer's data against a variety of data sources, such as sanction lists, watch lists, and PEP lists.

2. Risk classification

During this process, Solaris runs granular risk models and scores each customer based on several risk factors, such as the customer type (B2C, B2B), the customer's personal and financial data, and the branch in which they're opening an account.

3. Customer vetting

During this process, Solaris checks the customer for fraud patterns. The customer vetting rules include checking for data discrepancies, multiple identities, or missing required information.

For B2C and freelancer customers, Solaris stores the results of these checks in various properties of the person resource or the business resource for B2B customers.

attention
  • Solaris conducts customer due diligence on both new and existing customers. The customer's risk status can change over time as Solaris runs periodic screenings in compliance with Anti-Money Laundering (AML) regulations.
  • You must always monitor the status of the CDD process for all of your customers and take the necessary actions accordingly as described in this guide.

CDD statuses

The CDD process results are stored in three different properties in the person resource for B2C and freelancer customers or the business resource for B2B customers. These properties are:

  • Customer screening > screening_progress
  • Risk classification > risk_classification_status
  • Customer vetting > customer_vetting_status

Each one of these properties has its own set of statuses, and each status is assigned a particular color (green, yellow, red). The color signifies the severity of the status and the actions and measures you must take in each case.

List of green/yellow/red statuses

The following diagram includes the color-coded statuses for each property:

CDD statuses

Check the descriptions of these values below.


How to validate CDD for your customers?

You must monitor the status of the CDD process performed on your customers regularly by following these steps:

CDD process flow

B2C customers

  1. Subscribe to the PERSON_CHANGED webhook event.
  2. When you receive a notification on this webhook event, that means that the screening and risk-related attributes have changed.
  3. Call the GET Retrieve a person method to retrieve the full details of the changed properties.
  4. Validate each status of the CDD-related properties as described in the following sections.
  5. Complete any instructions or actions you receive from Solaris.

Freelancer customers

  1. Subscribe to the PERSON_CHANGED webhook event.
  2. When you receive a notification on this webhook event, that means that the screening and risk-related attributes have changed.
  3. Call the GET Retrieve a person method to retrieve the full details of the changed properties.
  4. Validate each status of the CDD-related properties as described in the following sections.
  5. Complete any instructions or actions you receive from Solaris.

B2B customers

  1. Subscribe to the BUSINESS_CHANGED webhook event.
  2. When you receive a notification on this webhook event, that means that the screening and risk-related attributes for the business' legal entity have changed. Please note that only the field screening_progress is relevant for businesses.
  3. Call the GET Retrieve a business method to retrieve the full details of the changed properties.
  4. Subscribe to the PERSON_CHANGED webhook event.
  5. When you receive a notification on this webhook event, that means that the screening and risk-related attributes have changed for the natural persons associated with the business, such as legal representatives, authorized persons or beneficial owners. Please note that only the field screening_progress is relevant for natural persons associated with a business.
  6. Call the GET Retrieve a person method to retrieve the full details of the changed properties.
  7. Validate each status of the CDD-related properties for both the business resource and each person resource as described in the following sections.
  8. Complete any instructions or actions you receive from Solaris.
warning

The status of all three CDD-related properties MUST be green before you can:

  • onboard new customers,
  • provision additional banking products (e.g., account opening, loan provisioning), and/or
  • continue your business relationship with an existing customer (i.e., the customer must have no red statuses).
Only for B2B customers

If the business resource or any of the person resources of the natural persons associated with the business only have a "green" value for the screening_progress property and no value for the risk_classification_status or the customer_vetting_status properties, then your implementation should treat it as a "green" status.

Validate green/red statuses

Below is a list of definitions for each type of status:

For new customers in onboarding:

  • "Green" status: The customer can proceed with onboarding.
  • "Red" status: The customer cannot proceed with onboarding.

For existing customers:

  • "Green" status: The customer's risk status has not changed. Therefore, you can continue with the business relationship with the customer.
  • "Red" status: Solaris found a risk factor for the customer. Solaris team will contact you with instructions and actions to take.

Enhanced due diligence process of yellow statuses

Yellow statuses trigger the manual Enhanced Due Diligence process (EDD), in which the customer's profile will undergo a manual review process. Based on the outcome of the enhanced due diligence process, Solaris will reclassify the customer to either a green or red status.

You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.

Questions & answers API

Solaris might require additional information from the customer. In this case, you'll receive a notification on the webhook event QUESTIONS\_REQUIRE\_ANSWERS, which includes a question set.

You must forward these questions to your customer and collect their answers in your frontend. After the customer has answered all questions in the set, submit the answers to Solaris using the questions and answer API.

Visit the following links for more information about the questions & answers feature:

EDD process flow

The following diagram describes the EDD process flow:

EDD process flow

For new customers in onboarding:

  • "Yellow" status: The customer cannot proceed with onboarding. Solaris will begin the manual Enhanced Due Diligence process for the customer. You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.

For existing customers:

  • "Yellow" status: Solaris found a potential risk factor for the customer. Solaris will begin the manual Enhanced Due Diligence process for the customer. You must monitor the status of the outcome of the EDD process and take actions accordingly, as described in the previous section.

CDD for B2B lending features

CDD is mandatory for some B2B lending features, such as B2B Fronting Loans, B2B Fronting Factoring, and Trade Finance. However, the CDD flow for lending features is different from the standard flow for Digital Banking products. The process goes as follows:

  1. Subscribe to the BUSINESS_CHANGED webhook event.
  2. When you receive a notification on this webhook event, that means that the screening and risk-related attributes for the business' legal entity have changed.
  3. Call the GET Retrieve a business method to retrieve the full details of the changed properties.
  4. Validate the status of the CDD-related properties for the business resource as described in the previous section.
  5. All CDD-related properties must have a green value. In case of any red or yellow status value, the related lending product application will be rejected and no business relationship can be established with the customer.

Lending CDD process flow


Testing

This section includes instructions on how to test the CDD process.

Unhappy path: Customer triggers a hit

Complete the following steps to simulate an unhappy path of a person triggering hits on the CDD process:

  1. Create a person resource using the following properties:

Request example

Copy
Copied
// POST /v1/persons
{
  "first_name": "X-MANUALTEST-HAPPYPATH",
  "last_name": "BADGUY"
}

Response example

Copy
Copied
{
    "id": "ec23da1d10f9ba5782ddc74c442387a7cper",
    "salutation": null,
    "title": null,
    "first_name": "X-MANUALTEST-HAPPYPATH",
    "last_name": "BADGUY",
    "address": {
        "line_1": null,
        "line_2": null,
        "postal_code": null,
        "city": null,
        "country": null,
        "state": null
    },
    "contact_address": {
        "line_1": null,
        "line_2": null,
        "postal_code": null,
        "city": null,
        "country": null,
        "state": null
    },
    "email": null,
    "mobile_number": null,
    "birth_name": null,
    "birth_date": null,
    "birth_city": null,
    "birth_country": null,
    "nationality": null,
    "employment_status": null,
    "job_title": null,
    "tax_information": {
        "tax_assessment": null,
        "marital_status": null
    },
    "fatca_relevant": null,
    "fatca_crs_confirmed_at": null,
    "business_purpose": null,
    "industry": null,
    "industry_key": null,
    "terms_conditions_signed_at": null,
    "own_economic_interest_signed_at": null,
    "aml_follow_up_date": "2027-07-28",
    "aml_confirmed_on": "2022-07-28",
    "flagged_by_compliance": false,
    "expected_monthly_revenue_cents": null,
    "vat_number": null,
    "website_social_media": null,
    "business_trading_name": null,
    "nace_code": null,
    "business_address_line_1": null,
    "business_address_line_2": null,
    "business_postal_code": null,
    "business_city": null,
    "business_country": null,
    "business_state": null,
    "screening_progress": "NOT_SCREENED",
    "risk_classification_status": "NOT_SCORED",
    "customer_vetting_status": "NOT_VETTED",
    "annual_income_range": null,
    "data_terms_signed_at": null,
    "branch": null,
    "birth_province": null,
    "birth_post_code": null,
    "socioprofessional_category": null,
    "purpose_of_account_opening": null,
    "main_income_source": null,
    "work_country": null,
    "work_province": null,
    "self_declared_as_pep": null,
    "international_operativity_expectation": [],
    "registration_number": null,
    "legitimation_valid_until": null
}
  1. Create an identification with IDnow and simulate a happy path scenario as described here. Complete Step 2, 3, and 4 with the person resource you created in Step 1 above.
  2. After a successful video identification, call the GET Retrieve a person resource and and the value of screening_progress should be set to POTENTIAL_MATCH.

Request example

Copy
Copied
GET /v1/persons/{id}

Response example

Copy
Copied
{
    "id": "ec23da1d10f9ba5782ddc74c442387a7cper",
    "salutation": null,
    "title": null,
    "first_name": "X-MANUALTEST-HAPPYPATH",
    "last_name": "BADGUY",
    "address": {
        "line_1": "STREET",
        "line_2": "1",
        "postal_code": "12345",
        "city": "CITY",
        "country": "DE",
        "state": null
    },
    "contact_address": {
        "line_1": null,
        "line_2": null,
        "postal_code": null,
        "city": null,
        "country": null,
        "state": null
    },
    "email": null,
    "mobile_number": "+1555010",
    "birth_name": null,
    "birth_date": "2002-02-02",
    "birth_city": "BIRTHPLACE",
    "birth_country": null,
    "nationality": "DE",
    "employment_status": null,
    "job_title": null,
    "tax_information": {
        "tax_assessment": null,
        "marital_status": "UNKNOWN"
    },
    "fatca_relevant": null,
    "fatca_crs_confirmed_at": null,
    "business_purpose": null,
    "industry": null,
    "industry_key": null,
    "terms_conditions_signed_at": null,
    "own_economic_interest_signed_at": null,
    "aml_follow_up_date": "2027-07-28",
    "aml_confirmed_on": "2022-07-28",
    "flagged_by_compliance": false,
    "expected_monthly_revenue_cents": null,
    "vat_number": null,
    "website_social_media": null,
    "business_trading_name": null,
    "nace_code": null,
    "business_address_line_1": null,
    "business_address_line_2": null,
    "business_postal_code": null,
    "business_city": null,
    "business_country": null,
    "business_state": null,
    "screening_progress": "POTENTIAL_MATCH",
    "risk_classification_status": "NORMAL_RISK",
    "customer_vetting_status": "NOT_VETTED",
    "annual_income_range": null,
    "data_terms_signed_at": null,
    "branch": null,
    "birth_province": null,
    "birth_post_code": null,
    "socioprofessional_category": null,
    "purpose_of_account_opening": null,
    "main_income_source": null,
    "work_country": null,
    "work_province": null,
    "self_declared_as_pep": null,
    "international_operativity_expectation": [],
    "registration_number": null,
    "legitimation_valid_until": "2030-10-31"
}

Simulate customer hit using device monitoring

You can also trigger the CDD process by creating a suspicious device activity using the suspicious test ID. This will also result in Solaris auto-generating a question set for the customer.


Appendix I: Customer Due Diligence statuses

Customer screening statuses

The following table includes the different statuses for the field screening_progress and their descriptions:

Value Description Associated color
NOT_SCREENED Default status. It means Solaris has not started screening the customer. red
POTENTIAL_MATCH The manual Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You can NOT onboard the customer at this stage and must wait until the final screening score. yellow
SCREENED_ACCEPTED No match was found for the customer and an account can be opened. green
SCREENED_DECLINED The risk screening process has failed and the customer cannot be onboarded. red

Risk classification statuses

The following table includes the different statuses for the field risk_classification_status and their descriptions:

Value Description Associated color
NOT_SCORED Default status. It means Solaris has not started scoring the customer. You CANNOT onboard the customer with this status. red
POTENTIAL_RISK The manual Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final risk classification score. yellow
NORMAL_RISK The customer risk group has been classified as low or medium. You can onboard the customer with this status. green
INFORMATION_REQUESTED The AML team requests additional information from the customer. Based on the provided information, the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final risk classification score. yellow
INFORMATION_RECEIVED The customer sent the requested information to the AML team and it's currently under investigation. Based on the provided information, the customer will be reclassified to either red or green. You can NOT onboard the customer at this stage and must wait until the final risk classification score. yellow
RISK_ACCEPTED The customer passed the risk classification process and you can onboard the customer with this status. green
RISK_REJECTED The customer is rejected due to identified risks. You CANNOT onboard the customer with this status. red
CUSTOMER_UNRESPONSIVE The customer did not provide the requested information. You CANNOT onboard the customer with this status. red
SCORING_NOT_REQUIRED In certain cases, the risk classification process is not required for a customer (e.g., the beneficial owner of a business). You can onboard the customer with this status. green

Customer vetting statuses

The following table includes the different statuses for the field customer_vetting_status and their descriptions:

Value Description Associated color
NOT_VETTED Default status. It means Solaris has not started vetting the customer. You CANNOT onboard the customer with this status. yellow
NO_MATCH The customer passed the vetting process and no fraud patterns were detected. You can onboard the customer with this status. green
POTENTIAL_MATCH The manual Enhanced Due Diligence process has been triggered for the customer. In this case, additional information may be requested and eventually the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final customer vetting score. yellow
INFORMATION_REQUESTED The AML team requests additional information from the customer. Based on the provided information, the customer will be reclassified to either red or green. You CANNOT onboard the customer with this status and must wait until the final customer vetting score. yellow
INFORMATION_RECEIVED The customer sent the requested information to the AML team and it's currently under investigation. Based on the provided information, the customer will be reclassified to either red or green. You can NOT onboard the customer at this stage and must wait until the final customer vetting score. yellow
RISK_ACCEPTED The customer passed the customer vetting process and you can onboard the customer with this status. green
RISK_REJECTED The customer is rejected due to identified fraud patterns. You CANNOT onboard the customer with this status. red
CUSTOMER_UNRESPONSIVE The customer did not provide the requested information. You CANNOT onboard the customer with this status. red
VETTING_NOT_REQUIRED In certain cases, the customer vetting process is not required for a customer (e.g., authorized person of an account). You can onboard the customer with this status. green