How to utilize Policies?

To streamline KYB decisions, the Policies feature enables your compliance and risk team to make more automated and accurate onboarding decisions directly from an identity report’s tasks.

If you enable the Policies feature, and a business meets all of your account’s KYB auto-approval criteria based on the data you provided Middesk, the business’ status will automatically move from the in_review to approved status. Conversely, based on the data provided, if a business does not meet the policies’ criteria you have set, the business will move to the needs_review status for your compliance team to review.

On the Middesk dashboard, you will be able to see a record of the policy decision by clicking on the "View Event Log" button on the businesses' identity report. You can additionally check when and whether the business was auto-approved using the policy_results API or in the policy_results object to the Retrieve a Business endpoint/call. For additional details about the API implementation of Policies, please refer to our API Reference. If you have any feedback about our policies feature, please feel free to follow up at [email protected].


Enabling Policies

Dashboard and API integration users can enable this feature through their dashboard settings. Admins can log in to their dashboard, navigate the Settings page, and click on the Policies tab to opt-in to this feature.

Even if Policies is enabled, the complete business response/identity report will still be returned through the API. Policies is also avaliable in our Sandbox environment.


Permissions and User Roles

Only Admin dashboard users have permission to opt in and enable this feature. The other user roles and permissions will be able to see the Policies decisions, but they won’t have permission to edit the policies rulesets or turn them on/off.

Default Policies

Each Middesk account will be pre-set with a default policy, although it is important to note that this setting won’t be automatically enabled. When the default policy is enabled, a business will be ‘auto-approved’ if the business’ tasks satisfy all of the below criteria:

  • Business name - “Verified” or “Similar Match”
  • Office Address - “Verified” or “Approximate Match” or “Similar Match”
  • Watchlist - “No hits”
  • TIN Match - “Found”

Custom Policies

Within the Policies settings, there is also the ability to configure multiple custom policies from any business attributes to match your compliance requirements. Updating the attributes and rulesets from the default policies settings will effectively transition the account from the default to your custom-defined policies. Policies can only currently be applied to the business attributes. If KYC is enabled for custom policies, you can auto-approve and auto-reject a business with the business’ tasks and the KYC decision.


When the Policies feature is enabled, Middesk will send a business.updated webhook once we have finished processing the attributes and the policy decision is ready to be evaluated. This webhook event will not only include the attributes, but it will also now include the Policy decision. For more information about the statuses emitted from the business.updated webhook, please refer to this documentation.