Disclosure enforcement module¶
| ID | MOD-050 |
| System | SD08 |
| Repo | bank-app |
| Build status | Deployed |
| Deployed | Yes |
| Last commit | bc8ae27c9ecc660c7eb59e321a9936d2a0c54463 |
Purpose¶
Enforce all regulated pre-acceptance disclosure obligations as hard gates that the customer must pass before a product activates, a payment is submitted, or a fee-generating action completes. Each disclosure event is logged with content version and acknowledgement timestamp for regulatory examination. The module also generates the NZ DTA Key Information Summary (KIS) for deposit products, satisfying the disclosure obligations of the NZ Deposit Takers Act 2023 Disclosure Standard.
What it does¶
Pre-acceptance disclosure gate¶
Every product acceptance, payment confirmation, or fee-generating action is blocked at the platform layer until the customer acknowledges the required disclosure. The gate is enforced at the service layer, not the UI — it cannot be bypassed by a client application, API caller, or back-office operator.
Disclosure types handled:
- Product terms and conditions — full product agreement presented and acknowledged before account or loan activation (CON-004)
- Responsible lending disclosure — total repayment amount, total cost of credit, and effective annual rate shown before any loan product is accepted (CRE-002)
- Foreign exchange rate and spread — live rate and spread shown and acknowledged before any cross-border transfer is submitted; rate is locked for 30 seconds after acknowledgement (PAY-004)
- Fee disclosure — itemised fee shown before any fee-generating action; the action cannot proceed until the customer acknowledges the fee (CON-005)
Each disclosure event is recorded in the system decision log (MOD-048) with: disclosure type, content version hash, presenting channel, customer session ID, and acknowledgement timestamp. Content versions are immutable once published — if disclosure content changes, a new version is created and all new disclosures use the new version.
NZ DTA Key Information Summary (KIS)¶
For deposit products opened by customers of NZ-licensed deposit takers, the module generates a Key Information Summary in the format prescribed by the RBNZ DTA Disclosure Standard. The KIS is a standardised one-page document in plain language covering:
- Product name and type
- Interest rate (or rate range for variable products), rate type (fixed/variable/tiered), and interest calculation method
- Key fees — account keeping fee, transaction fees, early exit fee (if applicable)
- Minimum and maximum balance requirements
- Access restrictions (notice period for notice accounts, term for term deposits)
- DCS coverage eligibility statement (linked to MOD-142 data)
- Contact details and complaints pathway
The KIS is generated from the product's configuration record in MOD-127 using a templated renderer. The template is maintained by the platform and updated when the RBNZ finalises or amends the Disclosure Standard.
KIS gate: the KIS is presented to the customer during account opening via MOD-050's standard disclosure gate. The deposit product cannot activate until the customer has acknowledged the KIS. Acknowledgement is recorded with the KIS version hash in app.dcs_fcs_disclosures.
Persistent access: after opening, the current KIS for each of the customer's deposit products is accessible at any time from the account detail screen. When a KIS is updated (product terms or fee change), the customer receives a notification via MOD-063 and must acknowledge the updated KIS within 30 days; failure to acknowledge does not block account access but is flagged for follow-up.
Version control: each KIS version is a content-addressed record — kis_version_id is derived from a hash of the KIS content fields. Any change to a product's configuration that affects KIS content triggers a new version. Old versions are retained for audit purposes; no version is ever deleted.
The DTA Disclosure Standard is currently in Draft. The platform builds to the known consultation paper requirements. When the standard is finalised, the KIS template may require updates; these are delivered as a platform update without requiring a schema migration.
Compliance reason¶
NZ CCCFA and AU NCCP both require responsible lending disclosure before credit is extended — MOD-050 enforces this with no bypass path. The DTA Disclosure Standard will require every NZ deposit taker to deliver a KIS in prescribed format before any deposit account is opened; banks are building to the Draft now to avoid last-minute compliance delivery. The hard gate model — enforcement at the service layer, not the UI — means disclosure compliance is guaranteed regardless of which channel or client application a customer uses to open an account.
Commercial reason¶
Pre-acceptance disclosure done well reduces post-sale complaints and hardship applications by ensuring customers genuinely understand what they are agreeing to. Automated KIS generation from product configuration eliminates manual document production for each product launch or fee change — the compliance document is always in sync with the actual product terms.
Module dependencies¶
Depends on¶
| Module | Title | Required? | Contract | Reason |
|---|---|---|---|---|
| MOD-068 | Authentication & session management | Required | — | Disclosure acknowledgements are tied to an authenticated customer session for legal attribution. |
| MOD-048 | System decision log | Required | — | Each disclosure event is recorded as a system decision log entry for audit and regulatory evidence. |
| MOD-104 | AWS shared infrastructure bootstrap | Required | — | AWS shared infrastructure provisioned by MOD-104 (EventBridge buses, S3, KMS, Kinesis, Cognito) is required before this module can be deployed. |
| MOD-103 | Neon database platform bootstrap | Required | — | Neon database and schema provisioned by MOD-103 must exist before this module can read or write Postgres. |
Required by¶
| Module | Title | As | Contract |
|---|---|---|---|
| MOD-071 | Payment initiation | Hard dependency | — |
| MOD-117 | Overdraft management engine | Optional enhancement | — |
| MOD-127 | Product configuration panel | Hard dependency | — |
| MOD-132 | Loan restructure and variation workflow | Hard dependency | — |
| MOD-139 | Financial hardship formal variation workflow | Hard dependency | — |
| MOD-142 | Deposit guarantee scheme disclosure | Hard dependency | — |
| MOD-163 | Break-cost calculator | Hard dependency | — |
| MOD-164 | Facility component self-service | Hard dependency | — |
Policies satisfied¶
| Policy | Title | Mode | How |
|---|---|---|---|
| CON-004 | Product Disclosure & Sales Practice Policy | GATE |
Disclosure obligation met before every product acceptance — system enforces, no agent required |
| CRE-002 | Responsible Lending Policy | GATE |
Responsible lending disclosure — repayment amount and total cost shown before loan acceptance |
| PAY-004 | Cross-Border Payments & FX Policy | GATE |
FX rate and spread shown and acknowledged before cross-border transfer executed |
| CON-005 | Fee & Pricing Transparency Policy | GATE |
Fee disclosure shown before any fee-generating action — no surprise fees |
| CON-009 | NZ DTA Key Information Summary Disclosure Policy | GATE |
NZ DTA Key Information Summary generated in RBNZ-prescribed format and acknowledged by the customer before any deposit product activates — NZ deployments only; KIS version and acknowledgement timestamp logged. |
Capabilities satisfied¶
| Capability | Title | Mode | How |
|---|---|---|---|
| CAP-128 | Regulated disclosure management | GATE |
Presents the required regulated disclosure and blocks the product acceptance, payment, or fee-generating action until the customer has acknowledged it — each disclosure event is logged with timestamp and content version. |
Part of SD08 — Customer App & Back Office Platform
Compiled 2026-05-22 from source/entities/modules/MOD-050.yaml