# Enhanced Due Diligence (EDD)

There will be cases where sFOX may require additional information be collected from a given end user to identify and mitigate potential risks such as money laundering or ensure compliance with regulatory requirements. For example:

* Risk level changes: An end user who was previously a low volume transactor, begins transferring assets at a higher volume.
* Ongoing monitoring: An end user previously submitted a copy of their ID. The ID has since expired, triggering a request for an updated copy of their ID.
* Validation: When attempting to validate an end user’s KYC information, sFOX found conflicting information about the end user.

In these cases, sFOX will create an Enhanced Due Diligence (EDD) Request for an end user, which will specify the end user who must complete the request and the information required to be collected from the end user.

{% hint style="info" %}
An end user's status within sFOX and their access to or ability to use certain features or functionality does not immediately change as a result of an EDD request being created. 

However, it is important that EDD requests are completed in a timely manner (within 5-10 business days). If an EDD request remains incomplete beyond that, sFOX may be required to restrict the end user's activity.
{% endhint %}

***

## Integrating EDD

It is your responsibility to monitor for EDD requests, collect & submit EDD responses from end users, and ensure timely completion of EDD requests (within 5-10 business days). 

In order to integrate EDD, there are two key processes that must be implemented:

1. [Monitor for EDD Requests](#monitoring-for-edd-requests): Process for identifying when new EDD requests have been created and prompting end users to complete outstanding EDD requests.
2. [Complete an EDD Request](#completing-an-edd-request): Process for collecting EDD responses and/or documents from a given and user and submitting the information to sFOX to complete the given EDD request.

***

## Monitoring for EDD Requests

When an EDD request is created for an end user, it will appear as a new object in a [Get EDD Requests](https://docs.sfox.com/connect/rest-api/end-users/get-edd-requests) response. It is critical that you regularly monitor for new EDD requests so that they may be completed by end users in a timely manner.

There are many ways you may monitor for EDD requests. The following examples are just two of the most common solutions our partners have implemented:

### Example 1: Check for EDD Requests on End User Sign In

When an end user signs in to or opens your application:

{% stepper %}
{% step %}

#### Check if an EDD Request Exists

When an end user signs in to your application, check whether an EDD request exists for the end user by following [Step 1 (Get EDD Request)](#get-edd-request) of [Completing an EDD Request](#completing-an-edd-request).

* **Yes:** If an EDD request does exist, continue to step 2 below.
* **No:** If an EDD request does not exist for the end user, end here.
  {% endstep %}

{% step %}

#### Prompt the End User to Complete the EDD Request

If an EDD request exists for the end user, prompt the end user to submit the required information by continuing to [Step 2 (Get EDD Prompts)](#get-edd-prompts) of [Completing an EDD Request](#completing-an-edd-request).
{% endstep %}
{% endstepper %}

### Example 2: Retrieve and Record EDD Requests at Regular Intervals

At a regular interval defined by you (sFOX recommends at least every 24 hours), retrieve all open EDD requests for your end users, record them in your system, and then notify/prompt applicable end users to complete the requests.

{% stepper %}
{% step %}

#### Retrieve EDD Requests at a Regular Interval

At a regular interval defined by you (sFOX recommends at least every 24 hours), retrieve all open EDD requests for your end users.

Filter the response for outstanding EDD requests. Outstanding EDD requests have `status` = `REQUESTED`.

{% code title="Request" overflow="wrap" lineNumbers="true" %}

```bash
curl --location 'https://api.sfox.com/v1/enterprise/eddq/requests' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}'
```

{% endcode %}
{% endstep %}

{% step %}

#### Record EDD Requests

Record/store at least the `user_id` of each outstanding EDD request in your system.
{% endstep %}

{% step %}

#### Notify End Users of EDD Requests

Notify each end user with an outstanding EDD request that you need to collect additional information from them to ensure the request is completed in a timely manner.

For example, you could send each end user an email notification alerting them to the requirement. Or present them with a CTA to complete the EDD request upon an action such as signing in to your application.
{% endstep %}

{% step %}

#### Complete EDD Request

For example, when an end user opens your application again, check whether you have recorded that they need to complete an EDD request. If so, follow the steps to [Complete an EDD Request](#completing-an-edd-request).
{% endstep %}
{% endstepper %}

***

## Completing an EDD Request

When sFOX has created an EDD request for a given end user, follow these steps to complete the EDD request:

{% stepper %}
{% step %}

### Get EDD Request

[Retrieve the EDD request](https://docs.sfox.com/connect/rest-api/end-users/get-edd-requests) for the end user using the end user’s `user_id` .

{% code title="Request" overflow="wrap" lineNumbers="true" %}

```bash
curl --location 'https://api.sfox.com/v1/enterprise/eddq/requests?user_id=${USER_ID}' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}'
```

{% endcode %}

Take note of the following response fields:

* `id`: This is the EDD request ID. You will use this when submitting the end user's responses in [step 4](#submit-the-end-users-edd-responses) to specify the EDD request you are submitting responses for.
* `ddq_id`: You will use this is [step 2](#get-edd-prompts) in order to determine the information that needs to be collected from the end user.
  {% endstep %}

{% step %}

### Get EDD Prompts

[Retrieve the EDD prompts](https://docs.sfox.com/connect/rest-api/end-users/get-edd-prompts)–the list of questions and/or information (prompts) that the end user must submit to complete the EDD request.

{% code title="Request" overflow="wrap" lineNumbers="true" %}

```bash
curl --location 'https://api.sfox.com/v1/enterprise/eddq/prompts' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}'
```

{% endcode %}

Filter the prompt objects in the response for those that contain the `ddq_id` of the EDD request obtained in [step 1](#get-edd-request). 
{% endstep %}

{% step %}

### Collect Responses from the End User

Collect a response from the end user to each prompt object in the filtered list from [step 2](#get-edd-prompts). 

Use the `prompt`, `is_required`, `response_type`, `response_options` , and `optional_free_form` fields in each object to determine how to collect each response:

* A given prompt will require either a written/selected response or a document upload from the end user defined by the `response_type` field
  * Written/selected response: Prompt will have `response_type` = `Single-Select` or `Free-Form`
    * `Single-Select`: End user must select one of the options listed in the `response_options` array.
    * `Free-Form` : End user must answer the prompt with a free-form string response.
    * If `optional_free_form` = `true`: End user should have the option to submit an optional free form response in addition to the above.
  * Document upload: Prompt will have `response_type` = `File-Upload` 
* All ***required*** prompts (`is_required` = `true`) must be answered before moving to the next step. Excluding a response to a required prompt in your request will result in an error response and responses included in your request will not be recorded/must be re-submitted in a new request.
  {% endstep %}

{% step %}

### Submit the End User's EDD Responses

#### Submit EDD Responses

Once you have collected responses to each prompt from end user, [submit the EDD responses](https://docs.sfox.com/connect/rest-api/end-users/create-edd-responses) to complete the EDD request.

For document uploads (prompts with `response_type` = `File-Upload`), you will submit the ***file name only*** in this request. Afterwards, you must submit the file itself via a [Submit Documents](https://docs.sfox.com/connect/rest-api/end-users/submit-documents) request.

{% code title="Request (Create EDD Responses)" lineNumbers="true" %}

```bash
curl --location 'https://api.sfox.com/v1/enterprise/eddq/responses' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}' \
--data '{ 
  "user_id": "${USER_ID}",
  "prompts": {
    "1": {"response": "${response to prompt ID 1}"},
    "2": {"response": "${response to prompt ID 2}"},
    "3": { 
        "response": "${response to prompt ID 3}", 
        "optional_free_form":"${optional free form response to prompt ID 3}"
    },
    "52": {"response": "${file name of document submitted for prompt ID 52}"}
  }
}'
```

{% endcode %}

If all EDD responses have been submitted and accepted, the `status` of the EDD request will change to `SUBMITTED` .

#### Upload Documents, If Applicable

Now that EDD responses have been submitted, upload any associated documents via a [Submit Documents](https://docs.sfox.com/connect/rest-api/end-users/submit-documents) request for each prompt with  `response_type` = `File-Upload`.

Using the `user_id` of the end user and `id` of the EDD request obtained in [step 1](#get-edd-request) for the `user_id` and `ddq_id` request body fields respectively, submit the file:

{% code title="Request (Submit Document)" overflow="wrap" lineNumbers="true" %}

```bash
curl --location 'https://api.sfox.com/v1/enterprise/ddq/upload' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}' \
--form 'files=${FILE_PATH}' \
--form 'user_id="${USER_ID}"' \
--form 'file_types="{\"${FILE}\":\"${DOCUMENT_TYPE}\"}"' \
--form 'ddq_id="${EDD_REQUEST_ID}"'
```

{% endcode %}
{% endstep %}
{% endstepper %}

Once EDD responses and documents have been submitted, our team will begin reviewing the submission and the EDD request status change from `SUBMITTED` <i class="fa-arrow-right">:arrow-right:</i> `IN_REVIEW`. Reviews are typically completed in 1-2 business days.

Once our team has completed their review of the submission and it has been accepted, the EDD request status will be change from `IN_REVIEW` <i class="fa-arrow-right">:arrow-right:</i> `REVIEWED`.&#x20;