Periodic KYC Refresh
To ensure that Paxos meets regulatory requirements, KYC information of end user identities that are directly onboarded to Paxos must be periodically refreshed (every 1-3 years). All customers that integrate with Paxos Identity APIs are subject to this process, and must integrate with the automated workflow outlined below to support it.
We can automate this using a webhook-based or polling-based approach, which leverages Paxos Webhooks, Events API and Identity API.
Webhook-based Approach (preferred)
➊ Consume KYC Refresh Events
Setup a Webhook Consumer to receive the following KYC refresh events for your end users:
Use Get Event to get additional information about the KYC refresh event (last_kyc_refresh_date, next_kyc_refresh_date, etc.).
➋ Prompt End User about Periodic Refresh
When an identity.kyc_refresh.started is received for your end user, prompt the user presenting their current KYC information indicating they should refresh their information if anything has changed, or continue without changes if everything is still accurate.
➌ Inform Paxos about the Refresh
When an end user indicates everything is still accurate, call Update Identity with the identity_id specified in the request, setting the last_kyc_refresh_date to the timestamp the user confirmed their information is still accurate.
If an end user refreshed their information, call Update Identity as specified above, but also include any changes the end user has made to their information.
Calling Update Identity with only last_kyc_refresh_date and no other changes is considered by Paxos to be confirmation
no information has changed, therefore a completed KYC refresh.
The next KYC refresh date will be updated accordingly (1-3 years from the provided last_kyc_refresh_date).
➍ Wait for Completion
Once KYC refresh is complete, a identity.kyc_refresh.completed will be received for the end user in question.
Polling-based Approach
➊ Poll for KYC Refresh Started Events
Poll List Events, offsetting the range_begin for each subsequent poll, fetching identity.kyc_refresh.started events.
We recommend you keep track of the Event ids you've processed in order to idempotently process the event.
➋ Prompt End User about Periodic Refresh
As described above in the webhook-based approach.
➌ Inform Paxos about the Refresh
As described above in the webhook-based approach.
➍ Poll for Completed Refreshes
Poll List Events, offsetting the range_begin for each subsequent poll, fetching identity.kyc_refresh.completed events.
Advanced
Handling Expired Refreshes
If an identity.kyc_refresh.expired is received, it means Paxos did not receive an Update Identity request in the designated window to complete the KYC refresh process (typically 30 days).
If this occurs, several outcomes could be experienced:
- Paxos will restart the KYC refresh process, and a new
identity.kyc_refresh.startedevent will be posted - The Identity could be disabled (meaning the end user will only be able to Liquidate assets and withdraw fiat off platform)
Refreshes in Compliance Review
In some cases, the Paxos compliance team might need to review the changes received from the end user as part of the
KYC refresh process.
In this case, the identity.kyc_refresh.completed event could experience a meaningful delay in being received.
Backdating the Last KYC Refresh Date
If a historical record is known for the last KYC refresh dates of your end users or you've experienced an issue processing KYC refresh for an end-user then you can directly call Update Identity setting the last_kyc_refresh_date to the known date in the past, and Paxos will accept this as the date KYC refresh was performed for the end user.
Setting this date beyond the 1-3 year refresh period for an end user will cause an immediate identity.kyc_refresh.started to be triggered for the end user.