Go-Live Requirements
Understand approval stages, operational prerequisites, compliance exception handling, and readiness checks before moving a Verto integration into production.
Go-Live Requirements
Use this page to understand what Verto requires before your integration can move from sandbox testing to live production traffic.
1. Complete the production prerequisites
Before you request production access, make sure you can do all of the following:
- Authenticate successfully in sandbox.
- Test your core receive, exchange, payout, or sub-account flows end to end.
- Process webhook events and handle duplicate deliveries safely.
- Use idempotency keys on write operations that can create financial side effects.
- Prepare your KYB, compliance, and commercial documentation.
- Complete the required Country Exposure Attestation before you process live transactions.
- Complete the Dual-Use Goods Compliance Declaration for applicable trade and payment flows.
- Plan your production validation, including test data submission and a low-value penny test where required.
- Build an RFI and compliance-exception workflow before you process live payouts or onboarding cases.
🚦 The Two-Stage Approval Process
Stage 1 (Baseline): 1-3 weeks after primary KYB and commercial setup.
Stage 2 (Advanced Atlas): additional review for higher-risk and nested account flows.
Your approval path depends on whether you are integrating as a direct fintech or as a platform operating on behalf of downstream users.
| 🏦 Partner KYB (Atlas for Fintech) | 🏢 Verto KYB (Atlas for Platforms) |
|---|---|
| You execute Customer Due Diligence (CDD) under your own independent regulatory licence. Authorised-delegate or borrowed-licence models may not qualify. | You deploy on Verto's compliance stack. Verto performs KYB on your downstream buyers via our Onboarding API. |
1️⃣ Stage 1: Baseline Capabilities
Complete standard KYB, commercial, and compliance setup to unlock baseline production access for your master corporate account.
Baseline setup includes:
- Business verification (KYB): Company registration, business model, proof of operations, and ultimate beneficial owner (UBO) information.
- Standard Customer Due Diligence (CDD): Company verification, UBO identification, PEP and sanctions screening, and risk assessment.
- Commercial agreement: Service terms, SLAs, and approved pricing blocks.
- Country Exposure Attestation: Confirmation that you will not use Verto to transact with prohibited sanctioned persons, entities, sectors, regions, or out-of-risk-appetite jurisdictions.
- Dual-Use Goods Compliance Declaration: Confirmation that Verto transactions will not facilitate military, defence, weapons-proliferation, or prohibited dual-use activity.
If your integration only uses first-party flows, Stage 1 may be enough to start operating in production.
| First-party payments | Currency conversion | Multi-currency wallets | Standard corridors |
|---|---|---|---|
| Fully unlocked for your master account. | Now and Deal modes enabled statically. | Hold capital globally. | Major clearing routes enabled. |
2️⃣ Stage 2: Atlas Advanced Capabilities
Any integration that touches third-party cash networks, regulated downstream users, or higher-risk activity requires enhanced approval by the Compliance Team.
| Capability matrix | Examples | Underlying requirement |
|---|---|---|
| Third-party disbursals | Platform payouts, remittances, mass payroll. | Enhanced due diligence, transaction monitoring evidence, and approved operating controls. |
| Nested customer flows | Issuing X-Sub-Account-Id ledgers, vIBANs, POBO, or COBO flows. | Downstream Service Assessment, documented onboarding controls, CDD pipelines, and compliance sign-off. |
| Regulated virtual-asset exposure | Regulated VASPs, non-FI businesses accepting virtual assets, or FIs with crypto-exposed clients. | Enhanced compliance review. Only regulated, transparent control environments may qualify, and approved flows may be limited to first-party activity. |
| Prohibited virtual-asset activity | Unregistered VASPs, privacy coins, mixers or tumblers, high-risk DeFi without AML controls, shell companies, or weak KYT controls. | Not supported. |
| Restricted industries | iGaming and Adult. | Not supported. |
| Restricted and sanctioned jurisdictions | Jurisdictions where onboarding, payments, or both are prohibited or restricted. | Screening against Verto's country risk framework. Confirm the latest restriction status before onboarding or routing payments. |
For nested, third-party, POBO, COBO, or reliance-based flows, your Account Manager will guide you through the formal compliance assessment process. This can include document submission, AML policy review, a compliance review interview, RFI responses, approval sign-off, contractual addenda, and implementation sign-off before production access is granted.
Approvals for Stage 2 typically take 4-8 weeks due to enhanced compliance and regulatory review.
3. Validate your operational readiness
Before launch, confirm that your production environment is operationally ready:
- Store production secrets separately from sandbox values.
- Confirm production IP allowlisting where required.
- Enforce MFA for production users and configure approval workflows for sensitive payment actions where required.
- Deploy webhook endpoints over HTTPS and monitor delivery failures.
- Log correlation IDs, payment references, and transaction state changes.
- Confirm the corridors, currencies, jurisdictions, and payout models you plan to support are approved for your account.
- Submit production test data where required, using non-settled production transactions if your implementation plan requires data validation.
- Complete a low-value penny test where required to validate data integrity, not only connectivity.
- Obtain implementation and compliance sign-off before enabling live transaction settlement.
- Confirm your team can detect, assign, and escalate Requests for Information (RFIs) using Handle RFIs and Compliance Exceptions.
4. Understand post-launch obligations
After go-live, your production activity remains subject to ongoing controls:
- Transaction monitoring: Inbound and outbound transactions may be screened in real time. Transactions can be paused for compliance review if screening or monitoring rules require investigation.
- KYC refresh: Customer information may need to be refreshed periodically based on risk rating. Typical review cycles are every 3 years for low-risk customers, every 2 years for medium-risk customers, and annually for high-risk customers.
- Material change notification: Notify Verto if your group structure, client base, product activity, or country exposure changes materially after approval.
- RFI response SLAs: Respond to RFIs within the agreed timelines. Delayed or repeated non-response can suspend affected transactions and may trigger account review.
🛑 Common Blockers
Address these early to ensure your Go-Live hits the scheduled launch date:
| Blocker | Why it blocks | Resolution Path |
|---|---|---|
| Incomplete KYB or CDD | We cannot complete business verification, UBO checks, sanctions screening, and risk assessment. | Submit complete company, ownership, control, and business-operations evidence upfront. |
| Missing attestations | Production access requires country exposure and dual-use goods commitments where applicable. | Complete the Country Exposure Attestation and Dual-Use Goods Compliance Declaration before live processing. |
| Unsupported or restricted corridors | Some industries, jurisdictions, payment types, or virtual-asset activities are prohibited or require enhanced approval. | Confirm corridor, jurisdiction, industry, and payment-type eligibility before committing to a route. |
| No audit trail | We cannot verify operational controls, fraud protocols, or transaction decisioning. | Ensure your backend maintains strict transaction logging, including correlation IDs, payment references, status changes, and user actions. |
| Webhook gaps | Status changes cannot be reconciled safely. | Test webhook delivery, retries, duplicate handling, and failure monitoring before launch. |
| Missing idempotency | Network retries can create duplicate operations. | Add Idempotency-Key to payment and other write requests with financial impact. |
| Missing production validation | Connectivity tests do not prove that production data maps correctly end to end. | Complete required test data submission, penny testing, and sign-off before enabling settlement. |
| No MFA or approval workflow | Production users may be able to perform sensitive actions without the required security controls. | Enforce MFA and configure payment approval workflows before granting live access. |
| No RFI workflow | Compliance exceptions can stall or suspend transactions. Persistent non-response can trigger account review. | Build an exception queue, assign owners, track response SLAs, and follow Handle RFIs and Compliance Exceptions. |
🎯 Next Steps
| Environments → Prepare your sandbox and production configuration. | Handle RFIs and Compliance Exceptions → Prepare your review and escalation workflow before launch. |
Updated 9 days ago