Certification and Production Launch

When utilizing the Trust APIs, there are several steps leading up to your production launch that need to be completed. These steps include verifying all agreements are signed, compliance EDD is completed, and a certification of your application in sandbox is completed.

👍

Time to Live

The certification process along with the confirmation of agreements and EDD can take a bit of time, so make sure you're keeping your solutions engineer up to date about your expected launch time. We recommend you notify your SE about certifying and production launch at least 2 weeks before the expected launch.

Trust API Certification

Before receiving production credentials, you'll need to schedule a certification call with your designated solutions engineer. This call will serve as a verification that the Trust APIs have been implemented correctly and the relevant information pertaining to your end users is being displayed correctly in your application. Because implementations can vary, use the below list to get a base line understanding of what we're expecting to see in your application based on the end points you've added:

Identities
Personal:

  • Obtaining all relevant information for adding an end user to our system KYC L0 (First/Last Name, Phone #, Email)
  • For running KYC L1, obtaining all PII (DoB, Address, SSN/TaxId)
  • For running KYC L2, obtaining proof of identification such as a Driver's License or Passport
  • If running KYC L1, allowing the end user to fix (PATCH /identity) fields that populate the upgradeRequirements array.
  • If running KYC L2, allowing the end user to re-upload another proof of identification if the first round does not pass. Subsequent checks after the second will be a manual review by compliance.

Business:

  • Obtaining all relevant company information required by our APIs
  • Obtaining all information related to anyone who is a 25%+ owner of the business (these are the beneficial owners and can be both individuals as well as other businesses) as well as any authorized signers. These individual beneficial owners should have the same checks as the above section under personal

Custodial Accounts

  • Displaying our terms of service and legal disclaimer to the end user
  • Allowing the end user to give positive consent to the ToS and custodial account agreement (a checkbox, "I Agree" button, etc.) BEFORE the account is created for them.

Fiat Transfer In
ACH:

  • Bank linking via MX is completed (sandbox is simulated)
  • Showing the end user a pending deposit once initiated (updated on receiving the deposit unless using an ISA account setup)

Wire:

  • Display wire instructions for the end user to deposit a wire into a custodial account

Credit/Debit Card:

  • Obtain card details from the end user (explicit inputs or using our Card Widget)
  • Showing the end user a pending deposit once initiated (updated on receiving the deposit unless using an ISA account setup)

Fiat Transfer Out
ACH:

  • Bank linking via MX is completed (sandbox is simulated) or allowing the end user to select an already connected bank account

Wire:

  • Obtain end user's banking information for a wire send out

Crypto Transfer In

  • Allow the end user to specify the asset and blockchain (if applicable)
  • Show the end user the generated wallet address to transfer the crypto in
  • Update end user balance when crypto is received

Crypto Transfer Out

  • Allow the end user to provide a receiving blockchain address and specify the asset and blockchain (if applicable)

Crypto Trades

  • Generate a price for buy/sell
  • Allow the end user to confirm the price
  • Update the end user on the updated balance after the trade is complete

Compliance and Legal Disclaimers

When using the Trust APIs, it's required that you provide specific legal language, disclaimers, and agreements for your end users to view and provide positive consent for. This section will go over the various items, and when they need to be displayed in your application flow. These items need to be in your application and reviewed by compliance before you're able to launch.

📘

Language and Documents

For access to these agreements, language and instruction, please reach out to your designated solutions engineer/account manager.

Agreements:

  • Account Agreement
    * For example, Custodial Agreement, Trust Agreement, Escrow Agreement, etc.

Disclosures:

  • E-Sign Disclosure
    Must be presented to the client using demonstrable consent (check box, click to accept, etc.)
    Use this link for your end user to review the disclosure https://fortresstrustcompany.com/disclosures-e-sign

  • USA Patriot Act Disclosure - The below disclosure should be displayed before CIP information is collected. In
    our case, name and phone number.
    IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT: To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an Account. What this means for you: When you open an Account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see a copy of your driver's license or other identifying documents.

  • Consumer Disclosures (you can use this link https://fortresstrustcompany.com/disclosures-consumer)

Screenshots:

  • Screenshot of the application that will be used to deliver financial services to your end users
  • Screenshot of USA Patriot Act Disclosure
  • Screenshot of Integrator's Terms of Use, User License Agreement and Conditions, etc.
  • Screenshot of Integrator's Privacy Policy
  • Screenshot of Fortress Trust Account Opening Agreement
  • Screenshot of Fortress Trust Consumer Disclosures
  • Screenshot of an ACH Payment Authorization

Some of these items need to be displayed in a specific order to comply with federal regulations. Follow the below guidelines to understand how your UI/UX should be presented.

  • Account Agreement: Shown to the end user, before an account is opened for them (POST /accounts). Need to provide a form of consent (ie. checkbox, "I Agree" button, etc.) for the end user to acknowledge they've consented to the agreement.