Key Concepts
This guide explains the core terminology and concepts you'll encounter throughout TrustGate. Understanding these terms will help you navigate the platform effectively, whether you're a compliance officer reviewing cases or a developer integrating our APIs.
We use the format "TrustGate Term (Industry Term)" throughout this documentation for searchability. For example, "Applicant (User/Individual)" helps you find information whether you search for "applicant" or "user."
People & Entities
Applicant (User/Individual)
An Applicant is a person undergoing KYC (Know Your Customer) verification. This is the individual whose identity you are verifying.
Key Attributes:
- Personal information (name, date of birth, email, phone)
- Nationality and country of residence
- Address details
- Verification status:
pending,in_progress,review,approved,rejected,withdrawn - Risk score (0-100)
- Risk flags:
pep,sanctions,adverse_media,high_risk_country
Example API Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"first_name": "John",
"last_name": "Smith",
"email": "john.smith@example.com",
"status": "approved",
"risk_score": 25,
"flags": []
}
Company (Business Entity)
A Company is an organization undergoing KYB (Know Your Business) verification. Companies require verification of their legal status, ownership structure, and beneficial owners.
Key Attributes:
- Legal name and trading name
- Registration number and tax ID
- Incorporation date and country
- Legal form (LLC, Corp, Ltd, GmbH, etc.)
- Registered and business addresses
- Industry and business description
- Verification status:
pending,in_review,approved,rejected,withdrawn
Example API Response:
{
"id": "660e8400-e29b-41d4-a716-446655440001",
"legal_name": "Acme Corporation Ltd",
"registration_number": "12345678",
"incorporation_country": "US",
"status": "in_review",
"ubo_count": 2
}
Beneficial Owner / UBO (Ultimate Beneficial Owner)
A Beneficial Owner (also called UBO) is an individual who owns or controls a significant portion of a company. Regulatory requirements typically define this as 25% or more ownership or voting rights.
Key Attributes:
- Full name and date of birth
- Nationality and country of residence
- Ownership percentage and type (direct, indirect, control)
- Voting rights percentage
- Roles: director, shareholder, signatory, legal representative
- Verification status:
pending,verified,failed,linked - Link to individual KYC (if the UBO is also verified as an Applicant)
Ownership Types:
- Direct: Directly owns shares in the company
- Indirect: Owns shares through another entity
- Control: Has control through voting rights or other mechanisms
Verification Components
Workflow (Verification Level)
A Workflow defines the configurable verification process for applicants. Workflows determine which verification steps are required and how decisions are routed.
Components:
- Steps required (document upload, liveness check, screening, etc.)
- Risk thresholds for auto-approval
- Escalation rules
- SLA timings
Example Workflow Rules:
| Rule Name | Conditions | Action |
|---|---|---|
| Auto-approve low risk | risk_level = low, no hits | auto_approve |
| Escalate sanctions hits | has_sanctions_hit = true | escalate |
| Review high-risk countries | country in [KP, IR, SY] | manual_review |
Step (Verification Step)
A Step is an individual verification task within an applicant's workflow. Each step represents a discrete action that must be completed.
Step Types:
document- ID document upload and verificationliveness- Liveness/selfie verificationselfie- Photo capture for face matchingaddress- Address verificationphone- Phone number verificationemail- Email verificationscreening- AML/sanctions screening
Step Statuses:
pending- Not yet startedin_progress- Currently being processedcomplete- Successfully finishedfailed- Failed verification (may allow retry)skipped- Skipped based on workflow rules
Document (Identity Document)
A Document is a file uploaded for verification, typically an identity document like a passport, ID card, or driver's license.
Supported Document Types:
- Passport
- National ID card
- Driver's license
- Residence permit
- Utility bill (for address verification)
- Bank statement
Document Statuses:
pending- Awaiting processingprocessing- OCR/verification in progressverified- Successfully verifiedrejected- Failed verificationexpired- Document has passed its expiry date
Extracted Data: Documents are processed with OCR (Optical Character Recognition) to extract:
- Full name
- Date of birth
- Document number
- Issue and expiry dates
- Nationality
- MRZ data (for passports)
Screening & Monitoring
Screening Check (AML Check)
A Screening Check is a search run against sanctions, PEP, and adverse media databases. Each check searches for potential matches against the provided name and other identifiers.
Check Types:
sanctions- Sanctions list screening (OFAC, EU, UN, etc.)pep- Politically Exposed Person screeningadverse_media- Negative news and media screening
Check Statuses:
pending- Check is queuedclear- No matches foundhit- One or more potential matches founderror- Check failed (network issue, etc.)
Screening Hit (Match/Alert)
A Screening Hit is a potential match found during a screening check. Hits require review to determine if they represent a true match or a false positive.
Key Attributes:
- Matched name and entity ID from the source list
- Confidence score (0-100) based on fuzzy matching
- Hit type:
sanctions,pep,adverse_media - Source list and version (e.g., "OFAC-SDN-2025-11-27")
- Resolution status:
pending,confirmed_true,confirmed_false
PEP Tiers:
- Tier 1: Heads of state, senior politicians, supreme court justices
- Tier 2: Regional governors, ambassadors, senior military
- Tier 3: Mayors, local politicians, mid-level officials
- Tier 4: Family members and close associates of Tiers 1-3
Confidence Levels:
| Score Range | Level | Description |
|---|---|---|
| 90-100 | Very High | Strong name and data match |
| 75-89 | High | Good match, minor variations |
| 50-74 | Medium | Partial match, review recommended |
| 0-49 | Low | Weak match, likely false positive |
Monitoring Alert (Ongoing Alert)
A Monitoring Alert is generated when an already-verified applicant triggers a new screening hit during ongoing monitoring. This happens when watchlists are updated and a previously clear applicant now matches a new entry.
Alert Priorities:
critical- Sanctions match detectedhigh- PEP Tier 1-2 match detectedmedium- PEP Tier 3-4 or adverse media matchlow- Low-confidence matches
Case Management
Case (Investigation)
A Case is a review ticket created when hits require investigation or manual review is needed. Cases provide a structured workflow for compliance officers to investigate and resolve issues.
Case Types:
sanctions- Sanctions hit investigationpep- PEP hit investigationfraud- Suspected fraud investigationaml- General AML concernverification- Document/identity verification issue
Case Statuses:
open- Newly created, awaiting assignmentin_progress- Actively being investigatedpending_info- Waiting for additional informationresolved- Investigation completeescalated- Escalated to senior reviewerclosed- Case closed (no further action)
Case Priorities:
critical- Requires immediate attention (sanctions)high- Review within 24 hoursmedium- Review within 72 hourslow- Review within 1 week
Risk Assessment
Risk Score (Risk Rating)
The Risk Score is a 0-100 numeric assessment of an applicant's overall risk level. Higher scores indicate higher risk.
Risk Levels:
| Score Range | Level | Typical Action |
|---|---|---|
| 0-30 | Low | Auto-approve (if enabled) |
| 31-60 | Medium | Manual review recommended |
| 61-80 | High | Enhanced due diligence required |
| 81-100 | Critical | Escalate to senior compliance |
Risk Signal Categories: Risk scores are calculated from weighted signals across these categories:
| Category | Weight | Examples |
|---|---|---|
| AML (Screening) | 40% | Sanctions hits, PEP matches, adverse media |
| Document | 20% | Rejected documents, expired IDs, low OCR confidence |
| Country | 15% | FATF grey/black list countries, high-risk jurisdictions |
| Address | 10% | Unverified address, high-risk area |
| Identity | 10% | Missing information, data mismatches |
| Device | 5% | VPN usage, suspicious IP, datacenter access |
Risk Factors (Risk Signals)
Risk Factors are individual signals that contribute to the overall risk score. Each factor has a name, score contribution, and source.
Common Risk Factors:
sanctions_hit- Match on sanctions listpep_hit- Politically exposed person matchadverse_media- Negative media coveragehigh_risk_country- Nationality or residence in FATF-listed countrydocument_rejected- ID document failed verificationvpn_detected- Applicant using VPN or proxydisposable_email- Temporary email address used
Fraud Prevention
Device Intel (Device Fingerprinting)
Device Intel captures fraud signals from the applicant's device, IP address, email, and phone number to detect suspicious activity.
Fraud Signals:
| Signal | Description | Risk Impact |
|---|---|---|
vpn | VPN detected | +20 points |
proxy | Proxy server detected | +20 points |
tor | TOR exit node detected | +30 points |
bot | Automated bot detected | +40 points |
datacenter | Datacenter IP (cloud providers) | +10 points |
disposable_email | Temporary email service | +15 points |
voip_phone | VOIP phone number | +10 points |
recent_abuse | IP/email associated with abuse | +25 points |
Portability
KYC Share Token (Reusable KYC / Portable Identity)
A KYC Share Token allows an approved applicant to share their verified identity with other businesses without re-verifying. This enables portable identity across platforms.
Key Features:
- Configurable permissions (basic info, ID verification, address, screening results)
- Expiration date (max 90 days)
- Usage limits (max 10 uses per token)
- Revocable at any time
- Full access logging for audit
Available Permissions:
| Permission | Data Shared |
|---|---|
basic_info | Name and date of birth |
id_verification | ID type, number, verification status |
address | Verified address |
screening | AML/sanctions screening result |
documents | Access to verified document metadata |
full | All verification data |
Audit & Compliance
Audit Log (Activity Log)
The Audit Log provides a tamper-evident record of all actions taken in the system. Logs are chain-hashed to prevent modification and support regulatory audits.
Logged Events:
- Applicant created/updated/deleted
- Document uploaded/verified/rejected
- Screening check initiated/completed
- Hit resolved
- Case created/assigned/resolved
- User login/logout
- Settings changed
API Concepts
Tenant (Organization)
A Tenant is an organization using TrustGate. Multi-tenancy ensures complete data isolation between different customers.
External ID (Customer Reference)
The External ID is your internal identifier for an applicant or company. Use this to link TrustGate records to your own database.
Webhook (Event Notification)
Webhooks deliver real-time notifications when events occur (applicant approved, screening hit found, etc.). Configure webhook endpoints in Settings > Integrations.
Quick Reference
| TrustGate Term | Industry Term | Description |
|---|---|---|
| Applicant | User/Individual | Person undergoing KYC |
| Company | Business Entity | Organization undergoing KYB |
| Beneficial Owner | UBO | Individual owning 25%+ of company |
| Screening Check | AML Check | Search against watchlists |
| Screening Hit | Match/Alert | Potential watchlist match |
| Case | Investigation | Review ticket for hits |
| Workflow | Verification Level | Configurable verification process |
| Step | Verification Step | Individual verification task |
| Risk Score | Risk Rating | 0-100 risk assessment |
| Device Intel | Device Fingerprinting | Fraud detection signals |
| KYC Share Token | Reusable KYC | Portable verified identity |
Next Steps
Now that you understand the key concepts:
- Quick Start Guide - Create your first applicant
- Dashboard Tour - Explore the interface
- API Reference - Integrate via API