Ongoing due diligence (further – ODD) refers to the continuous process of monitoring and evaluating a customer’s profile and activities after the initial onboarding. This is crucial to ensure compliance with Anti-Money Laundering (AML) laws, Counter-Terrorism Financing (CTF) regulations, and Know Your Customer (KYC) requirements. Goals of ongoing due diligence are :
- To mitigate risks: Continuously monitor customer transactions for signs of suspicious activity, fraud, or illegal behavior, ensuring that any potential threats are identified and addressed early.
- Compliance Assurance: Ensure that we stay in compliance with evolving regulatory frameworks and legal requirements, including AML, KYC, and CTF regulations.
- Maintain Customer Profile Accuracy: Update customer data and profiles as necessary, based on new information or changes in their business or financial activity, to ensure ongoing risk assessment is based on the most current and accurate information.
- Implement Enhanced Due Diligence (EDD): For higher-risk customers or transactions, perform more in-depth scrutiny and reporting to ensure compliance with the financial institution’s risk management protocols.
- Maintain a Trustworthy Relationship: Build and sustain trust with customers and regulators by demonstrating proactive efforts to prevent financial crimes and ensure transparency in financial activities.
By leveraging APIs to manage this ongoing due diligence process, BaaS partners help streamline compliance and risk management activities, providing robust and scalable solutions for their customers.
Prerequisites
To perform ODD, a personal customer should be already onboarded via our onboarding API.
ID status for such customer should be approved. There is no need to re-do IDV if it’s still valid, but if a document is expired, then this will be requested during ODD process as well.
Monitoring
In order to receive information about incoming ODD date, at phase 1 ConnectPay will share a list of customers that ODD time is coming this year.
At phase 2, there will be separate webhook event to subscribe and track.
Data collection
Based on separate risk scores, ConnectPay maintains 3 different timelines for customers:
- Each 1 year for higher risk customers;
- Each 2 years for medium risk customers;
- Each 3 years for low risk customers.
There are cases when ODD can be triggered by risk-related events as well.
Notification about ODD is prepared 60 days until ODD date – to properly prepare communication for customers and start data collection.
Data is collected via new endpoint POST /baas/onboarding/applications/odd/personal
In the table below we provide API header and descriptions:
| Name | Description | Value/Example |
|---|---|---|
Authorization | Access token with required scope | Bearer 8e36ce9d-6f51-479d-8ade-dff2952b4acb |
Accept | application/json;version=1 | |
Content-Type | application/json | |
x-connectpay-requestid | ID of the request, unique to the call. | 4d662590-731f-42f9-926f-aae0cec66a06 |
In a table below we provide parameter descriptions and constraints:
| Parameter Name | Is mandatory? | Description | Type | Constraint | Additional comment |
|---|---|---|---|---|---|
baasClientId | Yes | Client ID mapped to BaaS contract | String <UUID> | [1…36 characters] | |
person.isUbo | Yes | Confirmation that the client is the beneficial owner of the funds in the bank account | Boolean | True False | |
person.pep.isPep | Yes | Declaration regarding whether the person is PEP | Boolean | YesNo | |
person.pep.position | No | PEP position name is a client is a PEP | String | Min length 1 Max length 100 Not null Not digits Not characters: ~!@#$%^*()_+={}[]\|:;",<>/? | Conditional Mandatory when isPep is true |
person.address.countryCode | Yes | Address country of the client | String | Min length 2 Max length 2 Not null Not digits Not characters: ~!@#$%^*()_+={}[]\|:;",<>/? | Country Codes Alpha-2 |
person.address.addressLine1 | Yes | Freeform Address of a client, line 1 | String | Min length 3 Max length 100 Not null | |
person.address.addressLine2 | No | Freeform Address of a client, line 2 | String | Min length 3 Max length 100 | |
person.address.city | Yes | Address city of a client | String | Min length 3 Max length 100 Not null | |
person.address.postcode | Yes | Address postal code of a client | String | Min length 3 Max length 15 Not null | |
person.taxIdentification.taxCountry.countryCode | Yes | Country where customer is a taxpayer | String | Not null | |
person.taxIdentification.taxCountry.tin | Yes | Taxpayer identification number of a client | String | Not null | Conditional Mandatory Parameter, optional when residenceCountry.countryCode is LT |
person.taxIdentification.additionalCountries[countryCode] | No | Country where customer is a taxpayer (additional) | String | Not null | |
person.taxIdentification.additionalCountries[tin] | No | Taxpayer identification number of a client (additional) | String | Not null | |
account.connectionToLithuania | Yes | Defines connection to Lithuania | Array of strings | WorkOwnRealEstateHaveCompanyInLtStudyingInLtResidencePermitSpouseIsLtCitizenTaxRefundsStateBenefitsHaveCounterpartiesLocatedInLtEuroAccount | values changed to PascalCase |
account.purposesOfAccount.[] | Yes | Defines the purposes of the accountMultiselect | String | SalaryIndividualOrSoleTraderIncomePersonalOrHouseholdExpensesForeignTransactionsVirtualCurrencyOrGamblingRelatedTransactionsInvestmentTransactionsOrLoanPaymentsOther | if value is not from the defined list, it should be added as Other values changed to PascalCase |
account.purposesOfAccountAdditionalInformation.businessActivityRegistrationNo | No | Text | String | Conditional Mandatory when purposesOfAccount has IndividualOrSoleTraderIncome | |
account.purposesOfAccountAdditionalInformation.businessActivityIndustry | No | Text | String | Conditional Mandatory when purposesOfAccount has IndividualOrSoleTraderIncome | |
account.purposesOfAccountOther | No | Text | String | [ 1 .. 30 ] characters | When purposesOfAccount has Other |
account.sourceOfIncome | Yes | Select | String | EmploymentOrIndividualBusinessIncome | if value is not from the defined list, it should be added as Other values changed to PascalCase |
account.sourceOfIncomeOther | No | Text | String | [ 1 .. 30 ] characters | When sourceOfIncome has Other |
account.requestedProducts[] | No | List of defined CP products | String | RailsSwift | values changed to PascalCase |
account.monthlyGrossTurnover | Yes | Expected account turnover of a client | String | 0_1000 | values changed to PascalCase |
account.intendedCountriesToTransactWith | Yes | Country list from where and to where funds will be sent | Array of string | Min length 2 Max length 2 Not null Not digits Not characters: ~!@#$%^*()_+={}[]\|:;",<>/? | Enum: "LT" "AF" "AL" "DZ" "AS" "AD" "AO" "AI" "AQ" "AG" "AR" "AM" "AW" "AU" "AT" "AZ" "BS" "BH" "BD" "BB" "BY" "BE" "BZ" "BJ" "BM" "BT" "BO" "BA" "BW" "BV" "BR" "IO" "BN" "BG" "BF" "BI" "KH" "CM" "CA" "CV" "KY" "CF" "TD" "CL" "CN" "CX" "CC" "CO" "KM" "CK" "CR" "CI" "HR" "CU" "CY" "CZ" "DK" "DJ" "DM" "DO" "TL" "EC" "EG" "SV" "GQ" "ER" "EE" "ET" "FK" "FO" "FJ" "FI" "FR" "GF" "PF" "TF" "GA" "GM" "GE" "DE" "GH" "GI" "GR" "GL" "GD" "GP" "GU" "GT" "GN" "GW" "GY" "HT" "HM" "HN" "HK" "HU" "IS" "IN" "ID" "IR" "IQ" "IE" "IL" "IT" "JM" "JP" "JO" "KZ" "KE" "KI" "KW" "KG" "LA" "LV" "LB" "LS" "LR" "LY" "LI" "LU" "MO" "MG" "MW" "MY" "MV" "ML" "MT" "MH" "MQ" "MR" "MU" "YT" "MX" "MC" "MN" "MS" "MA" "MZ" "MM" "NA" "NR" "NP" "NL" "AN" "NC" "NZ" "NI" "NE" "NG" "NU" "NF" "MP" "NO" "OM" "PK" "PW" "PA" "PG" "PY" "PE" "PH" "PN" "PL" "PT" "PR" "QA" "RE" "RO" "RU" "RW" "KN" "LC" "VC" "WS" "SM" "ST" "SA" "SN" "SC" "SL" "SG" "SK" "SI" "SB" "SO" "ZA" "GS" "ES" "LK" "SH" "PM" "SD" "SR" "SJ" "SZ" "SE" "CH" "SY" "TW" "TJ" "TH" "TG" "TK" "TO" "TT" "TN" "TR" "TM" "TC" "TV" "UG" "UA" "AE" "GB" "US" "UM" "UY" "UZ" "VU" "VA" "VE" "VN" "VG" "VI" "WF" "EH" "YE" "YU" "ZM" "ZW" "AX" "BQ" "CG" "CD" "CW" "GG" "IM" "KP" "KR" "MK" "FM" "MD" "ME" "PS" "BL" "MF" "RS" "SX" "SS" "TZ" "KS" "JE" "FX" |
account.occupation | Yes | Job or profession, referring to the work they do to receive funds for a living | string | Employee | if value is not from the defined list, it should be added as Other |
account.occupationAdditionalDetails.company | No | Customer’s workplace name | string | Min length 3 Max length 100 Not null | Conditional mandatory if Employee selected in account.occupation |
account.occupationAdditionalDetails.position | No | Customer’s position at their workplace | string | Min length 3 Max length 100 Not null | Conditional mandatory if Employee selected in account.occupation |
account.occupation.AdditionalDetails.Other | No | Customer’s occupation | string | Min length 3 Max length 100 Not null | Conditional mandatory if Other selected in account.occupation |
merchant.paymentMethod | No | How the payments are made:CardPIS | array of String | Card Pis | values changed to PascalCase |
merchant.targets.countries | No | Countries where the payments will come from | array of String | Min length 2 Max length 2 Not null Not digits Not characters: ~!@#$%^*()_+={}[]\|:;",<>/? | Country Codes Alpha-2 |
merchant.targets.monthlyGrossTurnover.amount & .currency | No | Planned monthly payment volume in Eur | String | Not null numeric entry Currently supported – EUR only |
Request sample:
{
"baasClientId":"6e0ab99b-f0f7-4ca9-b6d9-35670f5e4bf5",
"person": {
"isUbo": true,
"pep": {
"isPep": true,
"position": "string"
},
"address": {
"addressLine1": "string",
"addressLine2": "string",
"postcode": "string",
"city": "string",
"countryCode": "LT"
},
"taxIdentification": {
"taxCountry": {
"countryCode": "LT",
"tin": 123123
},
"additionalTaxCountries": [
{
"countryCode": "LT",
"tin": 1231232
}
]
}
},
"account": {
"connectionToLithuania": [
"WorkOwnRealEstateHaveCompanyInLt"
],
"requestedProducts": [
"RailsSwift"
],
"purposesOfAccount": [
"Salary"
],
"purposesOfAccountAdditionalInformation": {
"businessActivityRegistrationNo": 123123,
"businessActivityIndustry": "Test Industry"
},
"purposesOfAccountOther": "string",
"sourceOfIncome": "Other",
"sourceOfIncomeOther": "Alternate source of income",
"monthlyGrossTurnover": "1001_3000",
"intendedCountriesToTransactWith": "LT",
"occupation": "Employee",
"occupationAdditionalDetails":{
"company": "UAB Test123",
"position": "Midle management"
}
},
"merchant": {
"paymentMethod": [
"Card"
],
"targets": {
"countries": [
"LT"
],
"monthlyGrossTurnover": {
"amount": 0,
"currency": "EUR"
}
}
}
}Response structure is same as with Onboarding application:
json body with http response code 201
{
"application": {
"applicationId": "1bafb8d2-cc0e-4b94-9225-ac9d001a7837",
"status": "APPLICATION_CAPTURED"
}
}Note! Same as personal application v2, ODD application will have x-connectpay-requestid as Response header instead of X-Request-ID.
To receive status of ODD application, same GET Application Status API can be used.
To receive webhook notification, also same Events are used – Application Webhooks.
Possible personal application statuses
| Status | Description |
|---|---|
| APPLICATION_CAPTURED | This message informs you that your application is in compliance review and that additional checks are required. Not all applications receive this status, and it stays in this status until a live person evaluates it. |
| COMPLIANCE_REVIEW | Informs that the application is in manual check. |
| APPLICATION_APPROVED | Informs that the application was approved and next ODD date calculated. |
| APPLICATION_DECLINED | Informs that application was declined. This status is always initiated manually from ConnectPay side. Before declining an application, a live person evaluates it, contacts partner if any additional supporting documents are required and only if further services cannot be provided, such case leads to customer termination. |