Tenant
A tenant is your brokerage’s isolated environment inside kycert. Every brokerage that subscribes to kycert receives its own tenant with completely separate customer data, bureau results, audit logs, team members, and portal URL. Your tenant slug is the short, unique identifier you chose when creating your account — it appears in both of your kycert URLs:- Dashboard:
admin.kycert.com.br/{slug} - Customer portal:
cadastro.kycert.com.br/{slug}
Customer
A customer is a Person (PF — Pessoa Física) or Company (PJ — Pessoa Jurídica) registered through your onboarding portal, imported via XLSX, or created through the API. Each customer record holds their identification data, uploaded documents, bureau run history, and analyst decisions. Every customer has a status that reflects where they are in your compliance workflow:| Status | Meaning |
|---|---|
pending | Registration received — bureau checks not yet run |
in_review | Bureau complete — awaiting analyst decision |
approved | Cleared for FX operations |
rejected | Blocked by a bureau result or analyst decision |
Bureau Run
A bureau run is a batch of automated KYC/AML checks executed for a specific customer document — a CPF (for individuals) or CNPJ (for companies). When you trigger a run, kycert consults every data source defined in the selected KYC template and returns a consolidated compliance decision. Each run consumes credits from your plan — one credit per data source successfully queried. Runs are immutable once completed: you can review them, download their PDF report, or use them as the basis for an analyst decision, but their results cannot be edited.KYC Template
A KYC template is a reusable compliance configuration that defines:- Which data sources to consult
- Which execution phase each source belongs to (critical, important, or additional)
- What action to take when a source returns
INVALID— automatic block or send to manual review
The 4-Status Decision Model
Every individual source check within a bureau run returns one of four statuses:| Status | What it means |
|---|---|
VALID | No issues found — the source confirmed the document is clean |
INVALID | A compliance problem was detected — for example, an active arrest warrant, a PEP match, or an international sanction |
NO_DATA | The source returned no record for this document — not necessarily a problem, but noted in the report |
ERROR | A technical failure occurred when querying the source — kycert automatically retries once before marking the check as ERROR |
APPROVED, BLOCKED, PENDING_REVIEW, or PARTIAL).
Execution Phases
Data sources in a KYC template run in three distinct phases. The phase determines both how sources execute relative to each other and what happens when one returnsINVALID.
| Phase | How it runs | What happens on INVALID with a block rule |
|---|---|---|
critical | Sequential — stops at the first INVALID block | Customer is rejected immediately; remaining sources do not run |
important | Parallel — all sources run simultaneously | Customer is placed in the manual review queue |
additional | Parallel — all sources run simultaneously | Informational only — result is shown in the report but never triggers a block or review |
Risk Band
After all sources in a bureau run complete, kycert’s decision engine calculates an overall risk band for the customer:| Risk Band | Interpretation |
|---|---|
low | All checks passed cleanly — standard customer profile |
medium | Some informational flags raised — monitor as appropriate |
high | Significant risk indicators found — analyst review strongly recommended |
Audit Log
Every compliance action in kycert is recorded in an immutable audit log: bureau runs, analyst approvals, rejections, holds, configuration changes, user invitations, and API key operations. The audit log is append-only — entries cannot be edited or deleted by anyone, including kycert administrators. This immutability is a direct requirement of BCB Circular 3.978/2020, which mandates that regulated institutions maintain traceable records of all customer due diligence decisions. You can access the full audit log from Settings → Audit Log and export it in CSV format for regulatory submissions.Onboarding Portal
The onboarding portal is the white-label, customer-facing registration interface hosted atcadastro.kycert.com.br/{slug}. It presents a step-by-step wizard that guides your customer through:
- Personal or company identification data
- Address (with automatic CEP lookup)
- Document upload (identity document, proof of address, selfie, or company documents for PJ)
- Terms and consent acceptance
Flow Engine
The Flow Engine is a visual, drag-and-drop editor for building custom compliance automation workflows. Instead of relying solely on the template’s static blocking rules, you can create conditional logic that responds dynamically to bureau results — for example: “If a PEP match is found and the operation value exceeds a threshold, pause the case and notify the compliance officer.” Flows are built on a canvas and can be tested in the Sandbox environment before activating them in production. The Flow Engine is currently in beta — contact your account manager to enable it for your tenant.Bureau Overview
Explore all 28+ data sources, execution mechanics, and the full bureau run lifecycle.
Onboarding Portal
Customize the registration wizard, required document types, and customer communication settings.