eIDV & document verification
|
|
| ID |
MOD-009 |
| System |
SD02 |
| Repo |
bank-kyc |
| Build status |
Deployed |
| Deployed |
Yes |
| Last commit |
5e9b3e8 |
What it does
Calls government document verification services (DVS AU / DIA NZ), performs biometric liveness detection, and confirms identity via credit bureau. Produces a composite identity confidence score (0.0–1.0). This is the front gate of the KYC pipeline — no account can be activated without this module returning kyc_status = Verified.
Why it exists
Compliance: Satisfies AML-003 (KYC & Identity Verification Policy), derived from AML/CFT Act 2009 s15 (NZ) and AML/CTF Act 2006 Part 2 (AU). Customer identification is mandatory before any account is opened or product provided. The GATE satisfaction mode means this obligation is enforced structurally — it cannot be bypassed.
Commercial: Delivers BG-001 (Frictionless digital onboarding) and FR-001 (eIDV in real time without manual review). Removing manual identity review from the onboarding path is the primary conversion rate driver. Target: 90th percentile customer completes in under 5 minutes including this step (NFR-002).
Satisfaction mode: GATE
This module is a hard gate. The account state machine (MOD-007) checks kyc_status before any Pending → Active transition. If kyc_status is not Verified, the transition is refused. There is no agent override path, no exception process, and no bypass flag. A customer who cannot be verified is routed to EDD review.
| Input |
Source |
Notes |
| Full name, date of birth, address |
Onboarding form |
Stored in customers table |
| Document type and image |
Mobile app upload |
Passport / driver licence / national ID |
| Selfie / liveness capture |
Mobile app |
Anti-spoofing required |
| Jurisdiction |
Account application |
Determines which DVS service to call |
Outputs
| Output |
Destination |
Notes |
kyc_status |
customers.kyc_status |
Verified / Failed / Pending_EDD |
identity_confidence_score |
kyc_records.confidence_score |
0.0–1.0 |
cdd_tier (triggers MOD-010) |
kyc_records.cdd_tier |
Standard / Simplified / Enhanced |
provider_reference |
kyc_records.provider_ref |
For audit trail and dispute resolution |
kyc.verified or kyc.failed event |
Kafka bank.kyc.events |
Triggers downstream processing |
External dependencies
| Service |
Provider |
Jurisdiction |
Purpose |
| Document verification |
DVS gateway (Home Affairs) |
AU |
Passport, driver licence, Medicare check |
| Document verification |
DIA API |
NZ |
Passport, NZTA driver licence check |
| Biometric liveness |
Onfido |
Both |
Selfie match, liveness, anti-spoof |
| Identity confirmation |
Equifax AU |
AU |
Credit bureau name/DOB confirmation |
| Identity confirmation |
Centrix |
NZ |
Credit bureau name/DOB confirmation |
Data schema
-- kyc_records (Postgres — bank-kyc schema)
CREATE TABLE kyc_records (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
customer_id uuid NOT NULL REFERENCES customers(id),
kyc_status text NOT NULL CHECK (kyc_status IN ('Pending','Verified','Failed','Pending_EDD')),
confidence_score numeric(4,3) CHECK (confidence_score BETWEEN 0 AND 1),
cdd_tier text CHECK (cdd_tier IN ('Simplified','Standard','Enhanced')),
provider text, -- 'onfido' | 'dva' | 'dia'
provider_reference text,
jurisdiction text NOT NULL CHECK (jurisdiction IN ('NZ','AU')),
created_at timestamptz NOT NULL DEFAULT now()
-- append-only enforced by trigger: no UPDATE or DELETE
);
-- customers.kyc_status is a denormalised fast-read field
-- updated by trigger on kyc_records INSERT
Confidence score routing
| Score |
Outcome |
CDD tier assigned |
| ≥ 0.90 |
Verified — Standard CDD |
Standard |
| 0.70–0.89 |
Verified — proceed, flag for periodic review |
Standard |
| 0.50–0.69 |
Pending_EDD — route to EDD manual review |
Enhanced |
| < 0.50 |
Failed — customer cannot proceed |
N/A |
Error handling
| Failure |
Behaviour |
Customer impact |
| DVS / DIA API unavailable |
Retry 3× with backoff, then queue for retry in 15 min |
Customer notified of delay |
| Onfido timeout |
Single retry, then treat as confidence 0 for liveness component |
May route to EDD |
| Confidence < 0.50 |
Hard fail — audit trail entry written |
Customer contacts support |
| Suspected fraud signal from Onfido |
Hard fail, flag to compliance |
Account not opened |
NFRs that apply
- NFR-002: End-to-end onboarding ≤ 5 minutes p90 — this module must complete in ≤ 30 seconds in normal conditions
- NFR-001: Onboarding completion rate ≥ 80% — failure rate here directly affects this metric
Related pages
Module dependencies
Depends on
| Module |
Title |
Required? |
Contract |
Reason |
| MOD-104 |
AWS shared infrastructure bootstrap |
Required |
— |
AWS shared infrastructure provisioned by MOD-104 (EventBridge buses, S3, KMS, Kinesis, Cognito) is required before this module can be deployed. |
| MOD-103 |
Neon database platform bootstrap |
Required |
— |
Neon database and schema provisioned by MOD-103 must exist before this module can read or write Postgres. |
Required by
| Module |
Title |
As |
Contract |
| MOD-007 |
Account state machine |
Hard dependency |
contract/api/ |
| MOD-010 |
CDD tier assignment engine |
Hard dependency |
— |
| MOD-011 |
KYC periodic review scheduler |
Hard dependency |
— |
| MOD-012 |
KYC audit trail store |
Hard dependency |
— |
| MOD-013 |
Real-time sanctions screener |
Hard dependency |
— |
| MOD-055 |
Onboarding fraud scoring engine |
Hard dependency |
contract/api/ |
| MOD-063 |
Notification orchestration |
Optional enhancement |
contract/api/ |
| MOD-096 |
Multi-entity party graph manager |
Hard dependency |
contract/api/ |
| MOD-100 |
External asset connector |
Hard dependency |
contract/api/ |
| MOD-125 |
Joint account management |
Hard dependency |
— |
| MOD-126 |
Power of attorney and third-party authority |
Hard dependency |
— |
| MOD-128 |
Credit bureau enquiry and CCR integration |
Hard dependency |
contract/api/ |
| MOD-129 |
Teller operations and branch cash management |
Optional enhancement |
— |
| MOD-133 |
Trust account management |
Hard dependency |
— |
| MOD-134 |
Community account management |
Hard dependency |
— |
| MOD-138 |
Deceased customer and estate management |
Hard dependency |
— |
| MOD-153 |
Customer acceptance engine |
Hard dependency |
— |
| MOD-160 |
Cross-module acceptance suite |
Optional enhancement |
— |
Policies satisfied
| Policy |
Title |
Mode |
How |
| AML-003 |
Know Your Customer (KYC) & Identity Verification Policy |
GATE |
Account cannot be activated without verified KYC — no bypass path exists |
| AML-002 |
Customer Due Diligence (CDD) Policy |
AUTO |
CDD tier determined automatically from eIDV confidence score — not agent discretion |
| PRI-001 |
Privacy Policy |
AUTO |
Identity data collected only for verification purpose — purpose limitation enforced at collection |
| CON-001 |
Customer Fairness & Conduct Policy |
AUTO |
Same verification checks applied consistently to all customers — no discriminatory variation |
Capabilities satisfied
| Capability |
Title |
Mode |
How |
| CAP-045 |
Digital KYC — document + selfie verification |
GATE |
Document and selfie checks must pass before the account is created — no bypass path. |
| CAP-046 |
Real-time account opening (sub-10 minutes) |
AUTO |
Triggers account creation immediately on a successful eIDV result, enabling sub-10-minute onboarding. |
| CAP-047 |
NZ/AU resident onboarding |
GATE |
Verifies NZ and AU resident identity documents as a prerequisite for account opening in either jurisdiction. |
Part of SD02 — Customer Identity & KYC Platform
Compiled 2026-05-22 from source/entities/modules/MOD-009.yaml