Customer Identity & KYC Platform¶
| System ID | SD02 |
| Repo | bank-kyc |
| Business domain | BD01 |
| Tech owner | Identity & Compliance Engineering |
| Build status | Not started |
End-to-end identity verification, KYC/CDD lifecycle management, PEP/sanctions screening at onboarding, and ongoing monitoring.
Modules¶
| ID | Name | Status |
|---|---|---|
| MOD-009 | eIDV & document verification | Not started |
| MOD-010 | CDD tier assignment engine | Not started |
| MOD-011 | KYC periodic review scheduler | Not started |
| MOD-012 | KYC audit trail store | Not started |
| MOD-013 | Real-time sanctions screener | Not started |
| MOD-014 | List change propagation | Not started |
| MOD-015 | False positive management | Not started |
For full module specifications and acceptance criteria, see module specifications.
Risk score mirror table¶
MOD-039 (customer risk score model, SD06) publishes bank.risk-platform/customer_risk_score_updated events whenever a customer's risk tier changes. bank-kyc maintains a local mirror table populated by MOD-010 (CDD tier assignment engine) from this event stream:
bank_kyc.party.risk_scores_mirror
| Column | Type | Notes |
|---|---|---|
party_id |
UUID | PK; FK → party.parties.party_id |
composite_risk_score |
FLOAT NOT NULL | 0–100 |
risk_tier |
VARCHAR NOT NULL | LOW | MEDIUM | HIGH | CRITICAL |
score_version |
VARCHAR NOT NULL | Model version from MOD-039 |
scored_at |
TIMESTAMPTZ NOT NULL | Timestamp from the event |
mirror_updated_at |
TIMESTAMPTZ NOT NULL DEFAULT now() | When the mirror row was written |
Idempotency key: (party_id, scored_at). MOD-010 upserts on receipt; no duplicate rows per scored moment. The mirror is read-only from KYC's perspective — SD06 owns the source of truth.
Critical constraints¶
- MOD-009 is a hard GATE — account state machine (MOD-007) will not activate any account without
kyc_status = Verified. - MOD-013 is a hard GATE — no payment can proceed for a confirmed sanctions match under any circumstances.
- All KYC decisions must be written to the immutable audit trail (MOD-012) before the decision takes effect.
- Sanctions list re-screening must run automatically within 1 hour of any list update.
- No Snowflake calls inline — customer risk score is read from the
risk_scores_mirrorPostgres write-back table (populated by MOD-010 from SD06 EventBridge events).
Modules¶
| Module | Name | Status | Policies |
|---|---|---|---|
| MOD-009 | eIDV & document verification | Deployed | AML-003 · AML-002 · PRI-001 · CON-001 |
| MOD-010 | CDD tier assignment engine | Deployed | AML-002 · AML-004 · GOV-002 |
| MOD-011 | KYC periodic review scheduler | Deployed | AML-002 · AML-003 · CON-001 |
| MOD-012 | KYC audit trail store | Deployed | AML-001 · AML-002 · GOV-006 · PRI-005 |
| MOD-013 | Real-time sanctions screener | Deployed | AML-007 · PAY-001 · AML-006 · GOV-002 |
| MOD-014 | List change propagation | Deployed | AML-007 · AML-006 |
| MOD-015 | False positive management | Deployed | AML-007 · GOV-006 |
| MOD-096 | Multi-entity party graph manager | Deployed | AML-002 · AML-004 |
| MOD-153 | Customer acceptance engine | Deployed | AML-011 · AML-002 · AML-012 · AML-004 · CON-006 |
Compiled 2026-05-22 from source/entities/system-domains/SD02.yaml