Scope
Compliance is a product surface, not a sentence in the footer. Users and operators need to see identity state, limits, review state, blocked movement, evidence, and escalation paths.
Fedha is mobile-money and e-money infrastructure first, with any cross-border or approved digital-asset expansion gated behind separate licensed-path review. Zent corridor flows are reviewed as regulated digital-asset and payout operations where applicable. Hazina is closer to business treasury and partner-bank/payment-rail operation, but still needs KYB, sanctions screening, monitoring, and audit evidence.
Identity tiers
Tiered access lets products launch useful low-risk states without allowing high-risk movement before verification is complete.
| Tier | Example requirements | Typical capability |
|---|---|---|
| Tier 0 | Phone or invited evaluation user | View-only or demo state |
| Tier 1 | Phone, name, basic profile | Low-limit wallet or sandbox use |
| Tier 2 | Government ID, selfie, address where required | Higher wallet and transfer limits |
| Enhanced | Source of funds, business context, manual review | High-value or higher-risk movement |
Business KYB
Fedha clients, Hazina operators, and Zent corridor clients need business onboarding that maps entity, directors, beneficial owners, operating purpose, source of funds, user roles, and approval authority.
KYB state should gate account creation, payouts, approval limits, external beneficiaries, and production environment access.
Zent corridor controls
Digital finance corridor movement requires more than KYC. Every movement should carry risk state, sanctions result, destination risk, provider state, mobile-money payout evidence, Travel Rule status where applicable, and operator approval state.
| Control | Required for | Surface |
|---|---|---|
| Transaction monitoring | Digital-value movement | Counterparty and transaction risk state |
| Sanctions blocking | All regulated movement | Allow, hold, or blocked decision |
| Travel Rule | Regulated digital-asset transfers where applicable | Originator and beneficiary workflow |
| Destination allowlist | Institutional withdrawals | Policy and approval gate |
| Case management | Alerts and exceptions | Owner, reason, notes, and resolution |
Reporting and evidence
Regulator-ready operation means every decision is traceable. Keep identity changes, operator actions, approvals, webhook deliveries, ledger entries, rail events, and evidence exports tied to stable IDs.
Suspicious-activity, board, auditor, counterparty, and reconciliation packs should be generated from the same source of truth rather than assembled manually after an incident.
Related docs