🛡️ KYC Verification + AML Monitoring Flow

This flow illustrates the full lifecycle of a user's identity verification process on the Zyphe Platform — from vault creation and document validation to verifiable credential (VC) issuance and Anti-Money Laundering (AML) checks.

🖼️ Diagram

🧭 Overview

The process follows a two-pronged track:

  • User-side Flow (Left): User document verification, credential generation, and vault storage.

  • Business-side Flow (Right): Business rules validation, VC sharing, AML checks, and monitoring.

🧩 Flow Steps Breakdown

1. User Document Validation

  • Already owns a vault?

    • No → Create a personal vault.

  • Vault contains the required document?

    • Yes → Check if it's still valid.

  • Is document still valid?

    • Yes → Share relevant data with the business.

    • No / Missing → Start document verification:

      • Collect document pictures.

      • Run verification in the background.

      • Perform authenticity checks.

  • If invalid → Failure.

  • If valid → Create Verifiable Credential (VC) and store in encrypted vault.

2. Business Rules & Requirements

  • Assess if the document fits business-specific requirements.

    • Example: User may be underage or from a restricted region.

  • ❌ If not → Failure.

  • ✅ If yes → Proceed to data sharing.

3. VC Sharing & Document Update Logic

  • Share relevant data with the business.

  • If it's a replacement document (of same type):

    • Update previous KYC results for businesses using that type.

    • 💡 New revenue stream: Charge businesses for automatic updates.

4. AML Check Integration

  • Ongoing monitoring enabled?

    • Yes → Share minimal VC info with Zypher AML monitoring module.

    • No → Perform one-time AML check (background job).

  • Perform AML check

    • Match against PEPs, sanctions, etc.

  • Is the user already in the list for AML checks?

    • Yes → Update result without re-enrolling.

    • No → Enroll user in the ongoing module.

  • 📎 Attach AML result to the verification outcome.

💡 Notes

  • Flexibility in business rules: VCs may pass authenticity checks but still fail business-specific KYC/AML criteria.

  • Proxy-friendly AML checks: Your system shares only necessary information with external AML providers — ensuring user data minimization.

  • Smart update mechanism: Businesses get real-time updates when a document is replaced — reducing redundant verifications.

PreviousArchitecture and Identity FlowNextData deletion - Right to be forgotten

Last updated