Introduction to PassFort’s terms
We’re building out this list. If there’s another term you’d like to see here, please let us know.
The automated processes that can be used to complete or assist in passing tasks. See the full list of checks.
They replace manual work that would otherwise be needed to get information from data providers (e.g. gather all company filings from a corporate registry) or perform actions using data providers (e.g. run an electronic identity check). In addition to saving the time it would take to manually perform these actions, checks ensure information is displayed in a clear and consistent way that’s easy for users to read.
Multiple data providers can be assigned to one check so if one data provider fails, another is tried. Checks can also be specific to a profile’s country. For example, you can specify that Companies House is always used as the data provider when a company filings check is performed on a company incorporated in the UK.
A permanent record is kept of every automated check performed on a profile, which means that a user can visit any profile to see a ‘snapshot’ of every check that was run and the information that was used to run it. For example, a snapshot of an eKYC check displays the name originally used to run the check, even if the profile’s name has changed.
The people who have access to your PassFort account (typically the people you work with).
Every user is assigned one or more user roles which determine which actions they can perform in PassFort (e.g. add new applications, manage other users).
Roles can be assigned at product-level, meaning that a user can be given permission to perform actions on specific products only.
The products or services that profiles can apply for (e.g. current account, credit card).
Every product has at least one smart policy, which is the set of rules that determines which due diligence measures are required to onboard profiles. If both individuals and companies can apply for the product, the product has one smart policy for individual profiles and one smart policy for company profiles.
If you have Risk configured, a product also has at least one risk model. The risk model is used to assign risk levels to profiles' applications. If both individuals and companies can apply for the product, there is one risk model used for individual profiles making applications and one risk model used for company profiles making applications.
The process of onboarding profiles to products. A profile may be going through multiple product applications at the same time.
Every product application has the following process:
- The application begins when a product is assigned to a profile.
- If you have Risk configured, the product’s risk model is applied and a risk level is assigned to the application. If the product has one risk model for individual profiles and another for company profiles, the relevant risk model is selected for the profile’s type.
- The product’s smart policy is applied. If the product has one smart policy for individual profiles and another for company profiles, the relevant smart policy is selected for the profile’s type.
- The smart policy rules are applied to create a list of onboarding tasks for the profile. Alternatively, if you have Risk configured to automatically reject profiles based on risk level, the smart policy rejects the profile if the risk level matches your specifications. For more information, see the definition for Smart policies.
- Any checks that have been configured to run automatically for new applications are performed and their results are displayed in the profile’s tasks.
- The onboarding status for all other tasks is displayed, indicating what action should be taken next (e.g. users may be required to manually pass tasks or customers may be required to complete forms).
- Once all tasks are passed, the status of the application is determined by the smart policy. If automatic approvals are configured, the application is approved automatically. If not, the onboarding status of the application is displayed as Ready for decision, indicating that a user will need to manually approve/reject it.
The applicants and customers currently going through your onboarding processes. One profile is created per applicant/customer.
There are two profile types: individual profiles, which are used for people, and company profiles, which are used for companies.
The profile’s type determines the kind of details stored about the customer/applicant (e.g. individual profiles have a date of birth while company profiles have an incorporation date), the type of tasks the profile's product applications can have, and the type of checks that can be run on the applications. But all profiles, regardless of type, go through the same product application onboarding and monitoring processes.
The rules used to evaluate the risk level of a profile's application.
Risk models are specific to profile type (individual or company), meaning that a risk model is always applied to either individual profiles or company profiles.
Every risk model has its own risk factors, which are chosen by you. Risk factors are evaluated against the profile. Examples of risk factors include age, nationality and PEP status. See the full list of risk factors.
When you add a risk factor, you also control whether it’s required, meaning this factor must be used to calculate a risk level, or non-required, meaning the factor will only be used in the calculation if the relevant information is available.
You assign a risk score to each risk factor. This is a number value used to determine the significance of the risk. A higher risk score indicates that the risk factor is considered to be of greater risk.
- If an individual is aged between 0-18, add 999 to the application's total risk score.
- If an individual is aged between 19-60, add 0 to the application's total risk score.
- If an individual is aged 60+, add 50 to the application's total risk score.
When a profile applies for a product, the application's risk score is calculated using all required risk factors and any available non-required risk factors.
A risk level is a label that’s assigned to the application based on the total risk score. You choose which risk levels are assigned for the risk scores.
- A Low risk level is assigned to applications from individual profiles when the total risk score is between 0-50.
- A Medium risk level is assigned to applications from individual profiles when the total risk score is between 51-100.
- A High risk level is assigned to applications from individual profiles when the total risk score is 101+.
Smart policies use risk levels to determine whether to assign specific onboarding tasks or reject applications automatically. If profile data changes (e.g. an individual ages from 60 to 61) the risk score is recalculated and the policy is re-applied automatically. To learn more about how and when risk scores are recalculated, see Monitored product applications.
The rules that determine which onboarding tasks are required for a profile during a product application (e.g. verify an individual’s identity). Additionally, smart policies can be configured to automatically approve profiles that have passed all onboarding tasks. If you have Risk configured, smart policies can also automatically reject applications at or above a specified risk level.
Smart policies are specific to profile type (individual or company), meaning that a smart policy is always applied to either individual profiles or company profiles.
If you do not have Risk configured, a smart policy provides a set of tasks that’s applied to every profile.
If you do have Risk configured, the smart policy first checks the application's risk level before taking action. You can configure the smart policy to:
- Automatically reject applications based on risk level: If the profile matches a risk level you’ve specified, the application is rejected automatically.
- Assign tasks based on risk level: The profile is assigned the tasks you’ve specified for that application risk level.
Smart policies for company profiles can have tasks with associate smart policies. These are the rules that determine which onboarding tasks are required for company associates (e.g. officers, shareholders, and trustees) as part of the tasks required for the company’s onboarding process.
Associate smart policies (like regular smart policies) are applied to either individual profiles or company profiles. If you have Risk configured, you can specify which tasks are assigned based on an application's risk level and whether applications with certain risk levels are rejected automatically.
Additionally, associate smart policies can have tasks based on the associate’s role. For example, an associate smart policy might specify one set of tasks for officers and another set for shareholders.
Smart policies and associate smart policies can be configured to automatically approve applications when all tasks are passed successfully.
The due diligence measures that must be taken to onboard a profile successfully. Tasks are displayed on the profile’s product application.
When configuring a smart policy, you can use any of the out-of-the-box tasks that PassFort provides or create your own custom tasks. See the full list of out-of-the-box tasks.
Tasks are specific to profile type, meaning that every task is associated with either individual profiles or company profiles.
Tasks can be passed manually or with the assistance of automated checks.
Users can use the Task notes area at the bottom of the task to upload relevant documents (like supporting evidence) and add notes (like record which conversations or events took place outside of PassFort).
Multiple checks can be assigned to one task. The smart policy can be configured so as soon as one automated check is successful, the task is passed. To learn more about automated checks, see the definition for Checks.