Introduction to Passfort's terms

This topic introduces key terminology used in Passfort. For a more comprehensive list of Passfort's terms, view our glossary.

Checks

The automated processes that can be used to complete or assist in passing tasks.

Checks replace manual work that would otherwise be needed to get information from data providers, such as gathering all company filings from a corporate registry, or performing actions using data providers, such as running an electronic identity check. In addition to saving the time it would take to perform these actions manually, checks ensure information is displayed in a clear and consistent way that’s easy for users to read.

Multiple data providers can be assigned to one check, so if one data provider fails, another is tried. Checks can also be specific to a profile’s country. For example, you can specify that Companies House is always used as the data provider when a company filings check is performed on a company incorporated in the UK. See the list of check types by data provider.

A permanent record is kept of every automated check performed on a profile, which means that a user can visit any profile to see a snapshot of every check run and the information used to run it. For example, a snapshot of an eKYC check displays the name originally used to run the check, even if the profile’s name has since changed.

Learn more about checks.

Customer requests

Customer requests are used to ask customers to complete one or more forms. These forms can be used to gather information or collect a document to run a check.

All customer requests are added to tasks. When a task is configured with a customer request, a button is displayed that enables users to send an email to the customer with a link to the request forms.

Learn more about customer requests.

Custom fields

Passfort has a defined data structure that captures the majority of compliance use cases, but if there is additional data you'd like to capture for a profile, you can use custom fields.

Configure them for individual profiles and/or company profiles, and choose from a wide range of information types, such as text, number, currency, multiple-choice, and more.

Custom fields can be used in Smart policies and Risk models.

You can also map them to form questions, allowing you to send customer requests asking them to complete their own details.

Learn more about custom fields.

Data providers

Your data providers are the services you use to run checks, for example, Moody's Analytics Orbis, Companies House, or Onfido.

When you run a check from Passfort, the profile details are sent to the data provider, which performs the check and returns the result.

Each data provider has its own way of performing checks, which means the available configuration options depend on your chosen data provider.

Learn more about configuring data providers.

Product applications

The process of onboarding profiles to products. A profile may be going through multiple product applications at the same time.

Every product application has the following process:

The product application begins when a product is assigned to a profile.
If the product has an assigned risk model for the profile's type, it is applied and a risk level is attributed to the product application.
The product’s smart policy is applied. If the product has one smart policy for individual profiles and another for company profiles, the relevant smart policy is selected for the profile’s type.
The smart policy rules are applied to create a list of onboarding tasks for the profile. If your smart policy is configured to automatically reject profiles based on their risk level, the smart policy rejects the profile if the risk level matches your specifications. For more information, see the definition for Smart policies.
Any checks that have been configured to run automatically for new product applications are performed, and their results are displayed in the profile’s tasks.
The onboarding status for all other tasks is displayed, indicating what action should be taken next; for example, users may be required to pass tasks manually, or customers may be required to complete forms.
Once all tasks are passed, the status of the product application is determined by the smart policy. If automatic approvals are configured, the product application is approved automatically. If not, the onboarding status of the product application is displayed as Ready for decision, indicating that a user will need to approve or reject it manually.

Learn more about new product applications.

Products

The products or services that profiles can apply for, such as a current account or credit card.

Every product has at least one smart policy that defines the rules dermining the due diligence measures required to onboard profiles. If both individuals and companies can apply for the product, it has one smart policy for individual profiles and one smart policy for company profiles.

A product can also have at least one assigned risk model. The risk model assigns risk levels to profiles' product applications. If both individuals and companies can apply for the product, it has one risk model for individual profiles and one risk model for company profiles.

Profiles

The applicants or customers currently going through your onboarding processes. One profile is created per applicant or customer.

There are two profile types: individual profiles, which are used for people, and company profiles, which are used for companies.

The profile’s type determines the kind of details stored about the customer/applicant. For example, individual profiles have a date of birth, while company profiles have an incorporation date. The profile type also determines the tasks the profile's product applications can have, and the type of checks that can be run on the applications.

All profiles, regardless of type, go through the same product application onboarding and monitoring processes.

Learn more about profiles.

Risk models

The rules used to evaluate the risk level of a profile's product application.

Risk models are specific to the profile type, meaning that a risk model is always applied to either individual profiles or company profiles.

Every risk model has its own risk factors, which you choose. These factors are evaluated against the profile. Examples of risk factors include age, nationality, and PEP status. See the full list of risk factors.

When you add a risk factor, you also control whether it’s required, meaning it must be used to calculate a risk level, or non-required, meaning the factor will only be used in the calculation if the relevant information is available.

You assign a risk score to each risk factor. This is a numerical value used to determine the significance of the risk. A higher risk score indicates that the risk factor is considered to be of greater risk.

When a profile applies for a product, the application's risk score is calculated using all required risk factors and any available non-required risk factors.

For example:

If an individual is between 0-18, add 999 to the application's total risk score.
If an individual is between 19-60, add 0 to the application's total risk score.
If an individual is aged 60+, add 50 to the application's total risk score.

A risk level is a label that’s assigned to the product application based on the total risk score. You choose which risk levels are assigned for the risk scores.

For example:

A Low risk level is assigned to product applications from individual profiles when the total risk score is between 0-50.
A Medium risk level is assigned to product applications from individual profiles when the total risk score is between 51-100.
A High risk level is assigned to product applications from individual profiles when the total risk score is 101+.

If a profile does not have the information needed to calculate a required risk factor, for example, if the profile’s age has been left blank and Age is a required risk factor, the application's status is set to Requires risk score and a user must manually add the missing data to the profile before the product application can progress.

Smart policies use risk levels to determine whether to assign specific onboarding tasks or reject applications automatically. If profile data changes, for example, an individual ages from 60 to 61, the risk score is recalculated, and the policy is reapplied automatically. To learn more about how and when risk scores are recalculated, see Monitored product applications.

Once a task is assigned, it cannot be removed, even if the application's risk level changes. For example, if an application's risk level is High risk and it changes to Low risk when the risk score is recalculated, the High risk tasks still need to be completed for the application to be approved.

Learn more about risk factors.

Smart policies

The rules that determine which onboarding tasks are required for a profile during a product application, for example, verify an individual’s identity.

Smart policies can be configured to approve profiles that have passed all onboarding tasks automatically. If you have assigned a risk model to a product, smart policies can also automatically reject applications at or above a specified risk level.

Smart policies are specific to profile type, either individual or company, meaning that a smart policy is always applied to either individual profiles or company profiles.

If no risk model is assigned to a product, the smart policy provides a set of tasks that are applied to every profile making a product application.

If a risk model is assigned to the product, the smart policy first checks the application's risk level before taking further action. You can configure the smart policy to:

Automatically reject applications based on risk level: If the profile matches a risk level you’ve specified, the application is rejected automatically.
Assign tasks based on risk level: The profile is assigned the tasks you’ve specified for that application risk level.

Smart policies for company profiles can have tasks with associate smart policies. These are the rules that determine which onboarding tasks are required for company associates, such as officers, shareholders, or trustees, as part of the tasks required for the company’s onboarding process.

Associate smart policies, like regular smart policies, are applied to either individual profiles or company profiles. You can specify which tasks are assigned based on an application's risk level, and whether applications with certain risk levels are rejected automatically.

Additionally, associate smart policies can have tasks based on the associate’s role. For example, an associate smart policy might specify one set of tasks for officers and another set for shareholders.

Smart policies and associate smart policies can be configured to automatically approve applications when all tasks are passed successfully.

Learn more about smart policies.

Tasks

The due diligence measures that must be taken to onboard a profile successfully. Tasks are displayed on the profile’s product application.

Tasks are specific to profile type, meaning that every task is associated with either individual profiles or company profiles.

Tasks can be passed manually or with the assistance of automated checks.

Users can use the Task notes area on the task to upload relevant documents, such as supporting evidence, and add notes, for example, recording which conversations or events took place outside of Passfort.

When configuring a smart policy, you can use any of the out-of-the-box tasks that Passfort provides or create your own custom tasks. See the full list of out-of-the-box tasks for individual profiles and company profiles.

Multiple checks can be assigned to one task. The smart policy can be configured to pass the task as soon as one automated check is successful. Learn more about automated checks.

If you require multiple automated checks for onboarding, create a separate task for each check.

Learn more about tasks.

Users

Learn more about user roles.

In this section: