Enhanced Due Diligence (EDD)
There will be cases where sFOX may require additional information be collected from a given end user to identify and mitigate potential risks such as money laundering or ensure compliance with regulatory requirements. For example:
Risk level changes: An end user who was previously a low volume transactor, begins transferring assets at a higher volume.
Ongoing monitoring: An end user previously submitted a copy of their ID. The ID has since expired, triggering a request for an updated copy of their ID.
Validation: When attempting to validate an end user’s KYC information, sFOX found conflicting information about the end user.
In these cases, sFOX will create an Enhanced Due Diligence (EDD) Request for an end user, which will specify the end user who must complete the request and the information required to be collected from the end user.
Integrating EDD
It is your responsibility to monitor for EDD requests, collect & submit EDD responses from end users, and ensure timely completion of EDD requests (within 5-10 business days).
In order to integrate EDD, there are two key processes that must be implemented:
Monitor for EDD Requests: Process for identifying when new EDD requests have been created and prompting end users to complete outstanding EDD requests.
Complete an EDD Request: Process for collecting EDD responses and/or documents from a given and user and submitting the information to sFOX to complete the given EDD request.
Monitoring for EDD Requests
When an EDD request is created for an end user, it will appear as a new object in a Get EDD Requests response. It is critical that you regularly monitor for new EDD requests so that they may be completed by end users in a timely manner.
There are many ways you may monitor for EDD requests. The following examples are just two of the most common solutions our partners have implemented:
Example 1: Check for EDD Requests on End User Sign In
When an end user signs in to or opens your application:
Check if an EDD Request Exists
When an end user signs in to your application, check whether an EDD request exists for the end user by following Step 1 (Get EDD Request) of Completing an EDD Request.
Yes: If an EDD request does exist, continue to step 2 below.
No: If an EDD request does not exist for the end user, end here.
Prompt the End User to Complete the EDD Request
If an EDD request exists for the end user, prompt the end user to submit the required information by continuing to Step 2 (Get EDD Prompts) of Completing an EDD Request.
Example 2: Retrieve and Record EDD Requests at Regular Intervals
At a regular interval defined by you (sFOX recommends at least every 24 hours), retrieve all open EDD requests for your end users, record them in your system, and then notify/prompt applicable end users to complete the requests.
Retrieve EDD Requests at a Regular Interval
At a regular interval defined by you (sFOX recommends at least every 24 hours), retrieve all open EDD requests for your end users.
Filter the response for outstanding EDD requests. Outstanding EDD requests have status = REQUESTED.
curl --location 'https://api.sfox.com/v1/enterprise/eddq/requests' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}'Notify End Users of EDD Requests
Notify each end user with an outstanding EDD request that you need to collect additional information from them to ensure the request is completed in a timely manner.
For example, you could send each end user an email notification alerting them to the requirement. Or present them with a CTA to complete the EDD request upon an action such as signing in to your application.
Complete EDD Request
For example, when an end user opens your application again, check whether you have recorded that they need to complete an EDD request. If so, follow the steps to Complete an EDD Request.
Completing an EDD Request
When sFOX has created an EDD request for a given end user, follow these steps to complete the EDD request:
Get EDD Request
Retrieve the EDD request for the end user using the end user’s user_id .
curl --location 'https://api.sfox.com/v1/enterprise/eddq/requests?user_id=${USER_ID}' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}'Take note of the following response fields:
Get EDD Prompts
Retrieve the EDD prompts–the list of questions and/or information (prompts) that the end user must submit to complete the EDD request.
curl --location 'https://api.sfox.com/v1/enterprise/eddq/prompts' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}'Filter the prompt objects in the response for those that contain the ddq_id of the EDD request obtained in step 1.
Collect Responses from the End User
Collect a response from the end user to each prompt object in the filtered list from step 2.
Use the prompt, is_required, response_type, response_options , and optional_free_form fields in each object to determine how to collect each response:
A given prompt will require either a written/selected response or a document upload from the end user defined by the
response_typefieldWritten/selected response: Prompt will have
response_type=Single-SelectorFree-FormSingle-Select: End user must select one of the options listed in theresponse_optionsarray.Free-Form: End user must answer the prompt with a free-form string response.If
optional_free_form=true: End user should have the option to submit an optional free form response in addition to the above.
Document upload: Prompt will have
response_type=File-Upload
All required prompts (
is_required=true) must be answered before moving to the next step. Excluding a response to a required prompt in your request will result in an error response and responses included in your request will not be recorded/must be re-submitted in a new request.
Submit the End User's EDD Responses
Submit EDD Responses
Once you have collected responses to each prompt from end user, submit the EDD responses to complete the EDD request.
For document uploads (prompts with response_type = File-Upload), you will submit the file name only in this request. Afterwards, you must submit the file itself via a Submit Documents request.
curl --location 'https://api.sfox.com/v1/enterprise/eddq/responses' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}' \
--data '{
"user_id": "${USER_ID}",
"prompts": {
"1": {"response": "${response to prompt ID 1}"},
"2": {"response": "${response to prompt ID 2}"},
"3": {
"response": "${response to prompt ID 3}",
"optional_free_form":"${optional free form response to prompt ID 3}"
},
"52": {"response": "${file name of document submitted for prompt ID 52}"}
}
}'If all EDD responses have been submitted and accepted, the status of the EDD request will change to SUBMITTED .
Upload Documents, If Applicable
Now that EDD responses have been submitted, upload any associated documents via a Submit Documents request for each prompt with response_type = File-Upload.
Using the user_id of the end user and id of the EDD request obtained in step 1 for the user_id and ddq_id request body fields respectively, submit the file:
curl --location 'https://api.sfox.com/v1/enterprise/ddq/upload' \
--header 'Authorization: Bearer ${ENTERPRISE_API_KEY}' \
--form 'files=${FILE_PATH}' \
--form 'user_id="${USER_ID}"' \
--form 'file_types="{\"${FILE}\":\"${DOCUMENT_TYPE}\"}"' \
--form 'ddq_id="${EDD_REQUEST_ID}"'Once EDD responses and documents have been submitted, our team will begin reviewing the submission and the EDD request status change from SUBMITTED IN_REVIEW. Reviews are typically completed in 1-2 business days.
Once our team has completed their review of the submission and it has been accepted, the EDD request status will be change from IN_REVIEW REVIEWED.
Last updated