Versions Compared

Old Version 11

changes.mady.by.user Kristoffer Skaret

Saved on

compared with

New Version 12

changes.mady.by.user Kristoffer Skaret

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version master

...

The service supports assessment of both individuals (persons) and organizations.

The person resource and the organization resource handles on demand queries of single results, while the continuous screening of persons service (pilot) offers notifications based on continuous monitoring a set of individuals of your choice.

Table of Contents

Table of Contents
maxLevel1

The person resource

The following dataset is offered in addition to the base identity (Name and SSN) provided by BankID:

  • Residential address from the national registry ("Folkeregisteret" / DSF). We will deliver residential address from other public sources if your company has not applied for the DSF register.
  • Search results from available sources on PEP (Politically Exposed Person) og RCA (Relative or Close Associate)
  • Search results from sanction lists (EU og UN)

Three variants of the resource is available, where the first and second requires that the individual is first identified with BankID at the highest level of assurance.

  1. Identifying the individual via the BankID IDP in the OIDC Provider from BankID
  2. Identifying the individual via data embedded in a BankID SDO that is the result of an individual signing a document with BankID in the legacy way via BankID Server.
  3. Assessment of individuals (based on SSN) without any associated identification with BankID

The first variant is associated with a regular end-user OIDC Flows whereas the second and third variant uses the Client Credential Flow. The AML services responds with the same set of data for all variants. 

In addition to JSON formatted structured data, a signed PDF report containing the same information is also available.

The organization resource

The following dataset is offered:

key information (delivered by default)

  • Company name
  • Org number
  • DUNS number
  • Lei number
  • Organization type
  • Country
  • Registered date
  • Webpage
  • Employees
  • Member of registries
  • Sources

Possible additional data that you can choose

To query additional details, a client must declare this explicitly as part of the request by usage of the "expand" parameter. Se API documentation for further details.

...

Certificate of registration

...

  • Postal address
  • Visiting address

...

Financials: Credit history

...

Last tree years

...

Financials: Accountant

...

Financials: Credit

...

Lei number

...

Ownership: Beneficials

...

Name, address, owner share, date of birth, roles

...

Ownership: Subsidiaries

...

name, org number, percentage (owned by the company)

...

name, org number, percentage, type (organization or person) 

...

Authorizations

...

Here you will find: signature rights and power of procuration.

...

Official Roles

...

Roles delivered: CEO, chairman, board members, deputy members

...

Sanction

...

Status, message (if no hit), matchIndicator, matchIndicatorDescription,

aliasList, address, source (listname), data provider (source) Initial date, LastUpdate 


Note

Note that two different versions of the person resource API is currently available.

  1. The new Person API is still inn a Pilot stage but will very soon be production ready. We strongly recommend new customers to choose this API.
  2. The old Person API is still available, but will soon be deprecated. Existing customers are recommended to migrate to the new API.

The new API offers more features and content, and hopefully a simpler integration process more in line with the organization API

Note

The following expand arguments are present in the API docs, but they are currently not supported until the associated functionality becomes available in a future release.

  • financials.credit
  • links.reports.*

The continuous screening of persons service (pilot)

Note

Availability of this service is restricted while in pilot phase.

The service is implemented in form of a monitor system, which is available through a number of different API endpoints.

A brief walkthrough of the integration process:

1) Register the monitor

To be able to subscribe to notifications you must first make a request to create your monitor. Create a new monitor API reference.

An important attribute of the registration request is the webhook url. This is the endpoint where you wish to receive the notifications.

2) Add persons to the monitor

Next the collection of individuals of your choice must be added to the monitor. There are different methods for how to populate or manipulate the list, such as batch file upload and POST JSON array.

3) Receive notifications

The service will continuously monitor all registered individuals and trigger alerts whenever a state has changed, for instance if a person has been added to a PEP- or Sanction-list.

Your system will be notified about such alerts through notifications send to the webhook endpoint. Notifications are send out once every night if there are unhandled alerts registered on the monitor. A notification contains information about number of alerts, and what monitor triggered the alerts.

4Retrieve alerts

A request to the alerts endpoint is responded with a list of all unhandled alerts. Each alerts consists of an ID and details about what attribute on the particular individual triggered the alert.

5) Mark alerts as received

...

.


API documentation

See separate AML API documentation for technical details about the HTTP API. 

...

Example test subjects has been prepared with positive search results in the test environments. 

Implementation guides

Separate implementation guides for each of the resource APIs

Provisioning

Note
iconfalse

Note that OIDC Clients must be provisioned to gain access to the AML service. Access is provisioned on a per-scope basis

...