To ensure that Paxos meets regulatory requirements, KYC information of end user identities that are directly onboarded to Paxos must be periodically refreshed (every 1-3 years). All customers that integrate with Paxos Identity APIs are subject to this process, and must integrate with the automated workflow outlined below to support it. Paxos streamlines KYC Refresh using a webhook-based or polling-based approach, which leverages Paxos Webhooks, Events API and Identity API.

Webhook-based Approach

Sequence Diagram for KYC Refresh

➊ Consume KYC Refresh Events

Setup a Webhook Consumer to receive the following KYC refresh events for your end users:
Use Get Event to get additional information about the KYC refresh event (last_kyc_refresh_date, next_kyc_refresh_date, etc.).

➋ Prompt End User about Periodic Refresh

When an identity.kyc_refresh.started is received for your end user, prompt the user presenting their current KYC information indicating they should refresh their information if anything has changed, or continue without changes if everything is still accurate.

➌ Inform Paxos about the Refresh

When an end user indicates everything is still accurate, call update-identity with the identity_id specified in the request, setting the last_kyc_refresh_date to the timestamp the user confirmed their information is still accurate. If an end user refreshed their information, call update-identity as specified above, but also include any changes the end user has made to their information.
Calling update-identity with only last_kyc_refresh_date and no other changes is considered by Paxos to be confirmation no information has changed, therefore a completed KYC refresh. The next KYC refresh date will be updated accordingly (1-3 years from the provided last_kyc_refresh_date).

➍ Wait for Completion

Once KYC refresh is complete, a identity.kyc_refresh.completed will be received for the end user in question.

Polling-based Approach

➊ Poll for KYC Refresh Started Events

Poll List Events, offsetting the created_at.gt for each subsequent poll, fetching identity.kyc_refresh.started events.
We recommend you keep track of the Event ids you’ve processed in order to idempotently process the event.

➋ Prompt End User about Periodic Refresh

As described above in the webhook-based approach.

➌ Inform Paxos about the Refresh

As described above in the webhook-based approach.

➍ Poll for Completed Refreshes

Poll List Events, offsetting the created_at.gt for each subsequent poll, fetching identity.kyc_refresh.completed events.

Advanced

Handling Expired Refreshes

If an identity.kyc_refresh.expired is received, it means Paxos did not receive an update-identity request in the designated window to complete the KYC refresh process (typically 30 days). If this occurs, several outcomes could be experienced:
  • Paxos will restart the KYC refresh process, and a new identity.kyc_refresh.started event will be posted
  • The Identity could be disabled (meaning the end user will only be able to Liquidate assets and withdraw fiat off platform)

Refreshes in Compliance Review

In some cases, the Paxos compliance team might need to review the changes received from the end user as part of the KYC refresh process. In this case, the identity.kyc_refresh.completed event could experience a meaningful delay in being received.

Backdating the Last KYC Refresh Date

If a historical record is known for the last KYC refresh dates of your end users or you’ve experienced an issue processing KYC refresh for an end-user then you can directly call update-identity setting the last_kyc_refresh_date to the known date in the past, and Paxos will accept this as the date KYC refresh was performed for the end user.
Setting this date beyond the 1-3 year refresh period for an end user will cause an immediate identity.kyc_refresh.started to be triggered for the end user.