Skip to main content

Overview

Verifow operates as a multi-tenant platform. Each bank or financial institution operates within its own tenant, with complete data isolation from other institutions.

What Is a Tenant?

A tenant represents your organization within Verifow. All your transactions, cases, rules, reports, and users exist within your tenant boundary.

Tenant Characteristics

FeatureDescription
Data IsolationTransaction data, cases, and user records are completely isolated from other tenants
Independent RulesEach tenant maintains its own custom rules alongside the shared CBN mandatory rules
Dedicated AdminsEvery tenant has BANK_ADMIN users who manage day-to-day operations
Engine ConfigurationRisk weights and thresholds can be tuned per tenant
Auto-Seeded RulesNew tenants automatically receive the 9 CBN mandatory rules
KYC Provider SelectionEach tenant chooses between embedded providers or BYOL (Bring Your Own License)
KYC Trust ModeControls how KYC status is resolved: STRICT, HYBRID, or EXTERNAL
BYOL Fallback ModeDefines behavior when the BYOL provider is unavailable

Data Boundaries

The following data is scoped to your tenant and never shared:
  • Transaction screening history
  • Compliance cases and notes
  • Custom detection rules
  • KYC applications and verification results
  • KYB applications and corporate verification data
  • Regulatory reports
  • Audit logs
  • User accounts and roles

KYC Provider Configuration

Each tenant independently controls how customer identity verification is performed.

Provider Modes

ModeDescriptionUse Case-
EMBEDDEDPlatform-managed providers (primary → fallback chain)Default — no setup required
BYOLTenant provides their own KYC API credentialsInstitutions with existing provider contracts

Configuring BYOL

BANK_ADMIN users can configure BYOL from Dashboard → Settings → KYC Provider:
  1. Select BYOL from-he mode dropdown.
  2. Enter your prov-er details:
    • Provider Name — e.g., “YourProviderName”
    • Base URL —-our provider’s API root
    • API Key / App ID -Authentication credentials
    • Endpoints — Paths-or NIN, BVN, and Liveness checks
    • R-ponse Mapping — JSON paths to extract first/last names
    • Match Confidence — Threshold for name match success (0–100)
  3. Save — new verifications immediately use your provider.
The configuration is stored securely as JSON in Tenant.kycProviderConfig and is never exposed to other tenants.

KYC Trust Mode

Controls how KYC status is resolved during transaction screening:
ModeDescription
STRICTDefault. KYC records must exist in the DB. Payload KYC is ignored.
HYBRIDUses payload KYC if provided, falls back to DB lookup.
EXTERNALRequires KYC status in every transaction payload. No local DB lookup.
Managed via PATCH /api/v1/tenants/me with kycTrustMode.

BYOL Fallback Mode

Defines behavior when the BYOL provider is unavailable:
ModeDescription
NONEDefault. Returns ServiceUnavailableException.
WALLET_RESERVEFalls back to the embedded provider if the wallet has available funds.
Managed via PATCH /api/v1/tenants/me with byolFallbackMode.
Note: Tenant-level configuration changes for engine weights or feature flags are handled by platform administrators. Contact your account manager if you need adjustments beyond KYC provider selection.