The KYC handover is a one-page document — sometimes two — that says: this user passed identity verification, here is the evidence trail, here are the flags raised and resolved. Every regulator wants one. Not every regulator wants the same one.
SRIJ's expectation is conservative and exhaustive: the document should reproduce the source of identity (citizen-card scan, passport scan), the timestamp of verification, the geographic IP at registration, and the operator's anti-money-laundering risk score with its supporting calculation. The platform stores all of it; the operator's compliance team consumes it.
MGA's expectation is explicitly risk-tiered: the document should reproduce the verification method (eID, document + selfie, manual), the risk tier the user was placed in, the policy the tier triggers, and the date of next review. MGA does not require the source images on every handover — just on audit demand.
The platform's job is to produce both versions from the same source-of-truth event log. We don't keep two KYC stacks. We keep one event log and two handover-document templates, each pulling the fields the relevant regulator wants.
Operationally, this is invisible to the operator's compliance team — they get whichever document the regulator requested, on demand, in the format the regulator's portal accepts. The integration cost is real but one-time: each new template is 2-3 days of engineering plus a sign-off cycle with the operator's lawyer.
The operator we worked with last quarter went from a 12-day audit response cycle to a 36-hour one. The handover document didn't change. The system that produces it did.