---
name: kyc
description: >
  Domain rules for Know-Your-Customer / identity-verification code. Use whenever
  working on onboarding, identity checks, sanctions/PEP screening, or storing
  verification artifacts. <REPLACE WITH YOUR REAL TRIGGER CONDITIONS>
---

# KYC Domain  <DOMAIN STUB — fill in for your org>

> Domain skill stub. Replace examples with your real obligations. KYC is highly
> regulated and jurisdiction-specific — keep specifics in references/ and cite the
> controlling regulation.

## Verification
- Required checks per tier: <e.g. document + liveness + sanctions screen>.
- Never approve onboarding on partial verification; record the decision + reason.

## Data handling
- Identity documents are PII+ — handle per the `pii-handling` skill, encrypted,
  access-audited, retention-limited per regulation. <CONFIRM RETENTION>

## Screening
- Sanctions / PEP screening runs at onboarding and on a recurring cadence.
- A screening hit blocks and routes to manual review; never auto-clear.

## Auditability
- Every verification decision is logged (see `regulatory-logging`) with the
  evidence reference and the rule version applied.

<Add your real tiers, jurisdictions, vendors, and retention rules in references/.>