> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getpalm.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Verification reference

> Risk levels, risk signals, match results, and verification lifecycle details.

export const iconProps = (variant = "default") => {
  const iconVariants = {
    default: "palm-icon-default",
    horizontal: "palm-icon-horizontal",
    stack: "palm-icon-stack",
    navigation: "palm-icon-navigation",
    darkHorizontal: "palm-icon-dark-horizontal",
    dark_stack: "palm-icon-dark-stack",
    getStarted: "palm-icon-get-started"
  };
  return iconVariants[variant] ?? iconVariants.default;
};

export const PalmCard = ({title, description, icon, variant = "default", href, items}) => {
  if (variant === "getStarted") {
    return <div data-card className="pc-wrapper-get-started flex flex-col gap-4 border border-[rgba(4,44,47,0.1)] rounded-2xl p-6">
        <div className="pc-wrapper-inner-get-started">
          {icon !== undefined && <div className="pc-icon-container-get-started">{icon}</div>}
          {title !== undefined && <span className="pc-title-get-started">{title}</span>}
        </div>
        {items && items.length > 0 && <ul className="pc-items-get-started">
            {items.map((item, i) => <li key={i}>
                <a href={item.href} className="pc-item-link-get-started">{item.label}</a>
              </li>)}
          </ul>}
      </div>;
  }
  const variants = {
    default: {
      wrapper: "pc-wrapper-default",
      title: "pc-title",
      description: "pc-description"
    },
    horizontal: {
      wrapper: "pc-wrapper-card",
      title: "pc-title-horizontal",
      description: "pc-description"
    },
    stack: {
      wrapper: "pc-wrapper-stack",
      title: "pc-title-stack",
      description: "pc-description"
    },
    darkHorizontal: {
      wrapper: "pc-wrapper-dark-horizontal",
      title: "pc-title-dark-horizontal",
      description: "pc-description-dark-horizontal"
    },
    navigation: {
      wrapper: "pc-wrapper-navigation",
      title: "pc-title-navigation",
      description: "pc-description-navigation"
    },
    dark_stack: {
      icon: "pc-icon-card",
      title: "pc-title",
      description: "pc-description"
    }
  };
  const styles = variants[variant] ?? variants.default;
  const inner = <a data-card href={href ? href : '#'} className={`no-underline flex flex-col h-full items-start gap-4 p-6 rounded-2xl hover:opacity-80 transition-opacity ${styles.wrapper}`}>
      {icon !== undefined && <span className="icon-wrapper">{icon}</span>}
      {(title !== undefined || description !== undefined) && <div className="flex flex-col min-w-0">
          {title !== undefined && <span className={styles.title}>{title}</span>}
          {description !== undefined && <span className={styles.description}>{description}</span>}
        </div>}
    </a>;
  return inner;
};

This page covers the shared concepts across all Palm verifications - risk levels, risk signals, match result types, and verification lifecycle. For quickstart guides and API examples, see <span className="link-wrapper">[Verify a Business](/verify/verify-a-business)</span> and <span className="link-wrapper">[Verify a Person](/verify/verify-a-person)</span>.

<div className="semitransparent-image-wrapper">
  <img src="https://mintcdn.com/palmfinance/1RPIbiD5PV2g0B_e/images/VerifyOverviewEyeCatch.webp?fit=max&auto=format&n=1RPIbiD5PV2g0B_e&q=85&s=4524037c835cc4ca9b7e3e9fbdfa7408" alt="Image showcasing a business risk score card, and the output of a verification request" style={{maxWidth: '1245px', width: '100%', margin: '0' }} width="2492" height="916" data-path="images/VerifyOverviewEyeCatch.webp" />
</div>

***

## Verification lifecycle

Every verification moves through these statuses:

| Status                                                       | Description                                                                                                                                                                           |
| ------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| <span className="initial-bold--success">`pending`</span>     | Verification created but not yet started.                                                                                                                                             |
| <span className="initial-bold--success">`in_progress`</span> | Currently being processed. Most verifications complete in seconds. Cases that require enhanced due diligence are reviewed by our verification team.                                   |
| <span className="initial-bold--success">`completed`</span>   | Finished with results — check `risk.level` and `match` for details. A `completed` status does not mean the person or business "passed" — it means Palm has results for you to act on. |
| <span className="initial-bold--success">`failed`</span>      | System error (provider unavailable, configuration issue). This is not a verification failure — it means something went wrong technically. Retry the request.                          |

The flow: submit verification request, data validated against workflow requirements, entity/entities created and data stored in the vault, request sent, results returned with verification ID.

## Risk levels

Every completed verification returns a risk level. This is Palm's overall assessment based on all signals combined.

| Level                                                     | What it means                                                                                                                                                       | Typical action                                                                                                                                            |
| --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
| <span className="initial-bold--success">`low`</span>      | No significant concerns detected. Identity data matches authoritative records, no watchlist hits, no fraud signals.                                                 | Approve. This is the happy path.                                                                                                                          |
| <span className="initial-bold--success">`medium`</span>   | Minor concerns that warrant attention. Could be a partial name mismatch, a single CIP field that didn't match, or a low-confidence PEP hit.                         | Review recommended. In many cases these resolve to false positives — a name formatting difference, a recent address change. But they should be looked at. |
| <span className="initial-bold--success">`high`</span>     | Serious concerns that require human review before proceeding. Triggers include confirmed synthetic identity flags, multiple field mismatches, or sanctions matches. | Manual review required. Do not auto-approve `high` risk verifications without human review.                                                               |
| <span className="initial-bold--success">`critical`</span> | Severe issues. The fraud score is in the highest tier, there are multiple compounding risk signals, or there's a confirmed sanctions match with high confidence.    | Likely rejection. Critical risk almost always means the identity or business should not be onboarded without extraordinary justification.                 |

## Risk signals

Risk signals are the specific indicators that drove the risk assessment. The `risk.reasons` array in the response contains the signals that contributed to the risk level. Examining individual signals — not just the overall level — is how you make informed decisions about borderline cases.

### Identity risks

| Signal                                                                     | What it means                                                                                                                                                                                           | Typical action                                                                                                                                                                                         |
| -------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| <span className="initial-bold--success">`watchlist_match`</span>           | A match was found on a sanctions or watchlist database. This is a general signal — check the `watchlist` object in the response for the specific list and confidence score.                             | Review the watchlist match details. Potential matches (low confidence) may be false positives due to common names. Confirmed matches require compliance team review.                                   |
| <span className="initial-bold--success">`sanctions_match`</span>           | OFAC SDN list or international sanctions match. This is the most serious identity signal — transacting with a sanctioned individual can carry severe legal penalties.                                   | Escalate to compliance immediately. Do not proceed with onboarding until the match is reviewed and resolved.                                                                                           |
| <span className="initial-bold--success">`pep_match`</span>                 | Person identified as a Politically Exposed Person — someone who holds or recently held a prominent public function (elected officials, senior government employees, military leaders, judiciary).       | PEP status alone isn't disqualifying. It means enhanced due diligence is required. Understand the person's role and assess whether the business relationship makes sense in context.                   |
| <span className="initial-bold--success">`adverse_media`</span>             | Negative news coverage found related to the person — typically involving financial crime, fraud, regulatory action, or legal proceedings.                                                               | Review the specific media coverage. Adverse media is a contextual signal, not a definitive one. A news article about a dismissed lawsuit is different from coverage of an ongoing fraud investigation. |
| <span className="initial-bold--success">`duplicate_identity`</span>        | The submitted identity matches another person already verified in your system. Same SSN, same DOB, but different name or other details.                                                                 | Investigate whether this is a data entry error, a legitimate name change, or potential identity theft.                                                                                                 |
| <span className="initial-bold--success">`identity_theft_indicators`</span> | The identity attributes show patterns consistent with stolen identity use — for example, the SSN belongs to a deceased person, or the identity shows signs of being used without the owner's knowledge. | High-priority review. Identity theft indicators require careful handling because there's a real victim involved.                                                                                       |

## Match results

Match results indicate how well submitted data aligns with authoritative sources. Every verified field returns one of these values:

| Result                                                         | What it means                                                                                                                                                                                                                                                        |
| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| <span className="initial-bold--success">`match`</span>         | The submitted value matches authoritative records. For names, this means an exact match. For addresses, minor formatting differences (e.g., "St" vs "Street") are normalized before comparison.                                                                      |
| <span className="initial-bold--success">`no_match`</span>      | The submitted value doesn't match what's on file. This is a negative signal, but severity depends on the field. An address `no_match` (people move) is less concerning than an SSN `no_match` (SSNs don't change).                                                   |
| <span className="initial-bold--success">`partial_match`</span> | The submitted value is close but not exact. Common causes: name variations ("Bob" vs "Robert"), hyphenated last names, address formatting differences, or minor typos. A `partial_match` is not a failure — it's a signal that something is close but not identical. |
| <span className="initial-bold--success">`not_checked`</span>   | The field was not checked against authoritative sources. This typically means the provider doesn't have data for this field, or the field wasn't required by your workflow.                                                                                          |

Only fields included in the verification request appear in match results.

## Vault storage

Palm stores all submitted data in an encrypted vault at the time of verification. When you re-verify a person or business, Palm pulls from the vault.

## Workflows

Every verification request includes a `workflow_key`. The workflow controls what happens when Palm processes a verification — which checks run, what fields are required, and how risk is assessed.

### What a workflow configures

A workflow defines a sequence of automated checks. Depending on your configuration, a single verification request can trigger any combination of:

| Check                 | What it does                                                 |
| --------------------- | ------------------------------------------------------------ |
| Identity verification | KYC/KYB against authoritative sources.                       |
| TIN verification      | EIN or SSN validated against IRS records.                    |
| Risk assessment       | Evaluates risk signals and calculates an overall risk level. |

### Execution mode

Workflows run in `headless` mode — the API call executes all checks and returns results synchronously. No user interaction required. You submit the verification request, Palm runs the configured checks, and you get results back in one response.

### How to get a workflow key

Palm configures workflows based on your compliance requirements. During onboarding, we'll set up one or more workflows tailored to your use case — the checks you need, the fields you require, and the risk thresholds that match your program. You'll receive a `workflow_key` for each configuration.

If your requirements change (e.g., you need to adjust required fields), reach out and we'll update your workflow configuration.

A self-service workflow configurator is available in Palm Console (beta). [Contact us](mailto:support@getpalm.com) for access.

## Webhooks

Verification completion fires webhook events:

| Event                                                                            | Description                |
| -------------------------------------------------------------------------------- | -------------------------- |
| <span className="initial-bold--success">`user.verification.completed`</span>     | KYC verification finished. |
| <span className="initial-bold--success">`business.verification.completed`</span> | KYB verification finished. |

Webhook payloads include the verification ID, risk level, and summary match results. Subscribe to webhooks for async notification rather than polling. See <span className="link-wrapper">[Webhooks](/developer-guide/webhooks)</span>.

## Best practices

* **Handle all risk levels:** Implement logic for `low`, `medium`, `high`, and `critical` outcomes. Don't just handle the happy path.
* **Use risk signals:** Examine individual signals in `risk.reasons`, not just the overall risk level. Two verifications can both be `medium` risk for very different reasons — a PEP match requires different handling than a data mismatch.
* **Verify associated people:** For businesses, verify owners with significant ownership by including them as associates. Regulatory frameworks typically require verification of anyone with 25%+ ownership or significant control.
* **Subscribe to webhooks:** Use async notification rather than polling for verification completion.
* **Log verification IDs:** Store verification IDs for audit trail and support. You'll need them for compliance reporting and dispute resolution.
* **Review match results:** Use field-level match data to understand verification confidence. A verification with `low` risk but several `partial_match` results is less confident than one with all `match` results.

## Next steps

<div className="grid lg:grid-cols-2 gap-6 mt-6">
  <PalmCard variant="navigation" title="Verify a person" description="Verify a person's identity with KYC checks, synthetic identity detection, and watchlist screening." icon={<Icon className={iconProps("navigation")} icon="arrow-right" />} href="/verify/verify-a-person" />

  <PalmCard variant="navigation" title="Verify a business" description="Confirm that a business entity is real, registered, and in good standing." icon={<Icon className={iconProps("navigation")} icon="arrow-right" />} href="/verify/verify-a-business" />

  <PalmCard variant="navigation" title="Monitor" description="Enroll verified businesses in ongoing monitoring." icon={<Icon className={iconProps("navigation")} icon="arrow-right" />} href="/monitor/overview" />

  <PalmCard variant="navigation" title="Onboard overview" description="Find and onboard businesses into your platform." icon={<Icon className={iconProps("navigation")} icon="arrow-right" />} href="/onboard/overview" />
</div>
