Skip to main content

Introduction to Passfort's terms

We’re building out this list. If there’s another term you’d like to see here, let us know.


Learn more about checks.

Custom field

Passfort has a defined data structure that captures the majority of compliance use cases, but if there is additional data you'd like to capture, you can use custom fields.

Configure them for individual profiles and/or company profiles, and choose from a wide range of information types, such as text, number, currency, multiple choice, and more.

Custom fields can be used in Smart policies and Risk models.

You can also map them to form questions, which allows you to send customer requests asking them to complete their own details.

Learn about custom fields.

Data provider

Your data providers are the third-party services you use to run checks, for example, Moody's Analytics Orbis, Companies House, or Onfido.

When you run a check from Passfort, the profile details are sent to the data provider, which performs the check and returns the result.

Each data provider has its own way of performing checks, which means the available configuration options depend on your chosen data provider.

Learn more about configuring data providers.

Product applications

Learn more about new product applications.


The products or services that profiles can apply for, for example, a current account or credit card.

Every product has at least one smart policy, which is the set of rules that determines which due diligence measures are required to onboard profiles. If both individuals and companies can apply for the product, the product has one smart policy for individual profiles and one smart policy for company profiles.

If you have Risk configured, a product also has at least one risk model. The risk model assigns risk levels to profiles' product applications. If both individuals and companies can apply for the product, there is one risk model used for individual profiles making applications and one risk model used for company profiles making applications.


Learn more about profiles.

Risk models

For example:

  • If an individual is between 0-18, add 999 to the application's total risk score.

  • If an individual is between 19-60, add 0 to the application's total risk score.

  • If an individual is aged 60+, add 50 to the application's total risk score.

A risk level is a label that’s assigned to the product application based on the total risk score. You choose which risk levels are assigned for the risk scores.

For example:

  • A Low risk level is assigned to product applications from individual profiles when the total risk score is between 0-50.

  • A Medium risk level is assigned to product applications from individual profiles when the total risk score is between 51-100.

  • A High risk level is assigned to product applications from individual profiles when the total risk score is 101+.

If a profile does not have the information needed to calculate a required risk factor, for example, if the profile’s age has been left blank and Age is a required risk factor, the application's status is set to Requires risk score and a user must manually add the missing data to the profile before the product application can progress.

Smart policies use risk levels to determine whether to assign specific onboarding tasks or reject applications automatically. If profile data changes, for example, an individual ages from 60 to 61, the risk score is recalculated, and the policy is reapplied automatically. To learn more about how and when risk scores are recalculated, see Monitored product applications.

Once a task is assigned, it cannot be removed, even if the application's risk level changes. For example, if an application's risk level is High risk and it changes to Low risk when the risk score is recalculated, the High risk tasks still need to be completed for the application to be approved.

Learn more about the full list of risk factors.

Smart policies

If you do not have Risk configured, a smart policy provides a set of tasks that’s applied to every profile.

If you do have Risk configured, the smart policy first checks the application's risk level before taking action. You can configure the smart policy to:

  • Automatically reject applications based on risk level: If the profile matches a risk level you’ve specified, the application is rejected automatically.

  • Assign tasks based on risk level: The profile is assigned the tasks you’ve specified for that application risk level.

Smart policies for company profiles can have tasks with associate smart policies. These are the rules that determine which onboarding tasks are required for company associates, for example, officers, shareholders, and trustees, as part of the tasks required for the company’s onboarding process.

Associate smart policies, like regular smart policies, are applied to either individual profiles or company profiles. If you have Risk configured, you can specify which tasks are assigned based on an application's risk level, and whether applications with certain risk levels are rejected automatically.

Additionally, associate smart policies can have tasks based on the associate’s role. For example, an associate smart policy might specify one set of tasks for officers and another set for shareholders.

Smart policies and associate smart policies can be configured to automatically approve applications when all tasks are passed successfully.

Learn more about smart policies.


When configuring a smart policy, you can use any of the out-of-the-box tasks that Passfort provides or create your own custom tasks. See the full list of out-of-the-box tasks.

Multiple checks can be assigned to one task. The smart policy can be configured so that as soon as one automated check is successful, the task is passed. To learn more about automated checks, see the definition for checks.

To have multiple automated checks required for onboarding, create a separate task for each check.

Learn more about tasks.


Learn more about user roles.