A KYC Ruleset is the engine that drives a verification decision within a FrankieOne workflow. It’s a pre-configured set of logical conditions that defines exactly what is required for a customer’s identity to be considered verified.
When you execute a KYC workflow, the ruleset is applied to the customer’s data. The workflow checks this data against various independent sources (like credit bureaus or government databases), and the ruleset determines if the returned matches are sufficient to meet your specific compliance and business needs.FrankieOne provides standard, out-of-the-box rulesets designed to meet common regulatory requirements in different regions, such as Australia’s 2+2 verification or Canada’s FINTRAC methods.
At its core, a ruleset is based on two simple principles:
1
It defines WHAT to match
name : The customer’s full name.
dob : The customer’s date of birth.
address : The customer’s residential address.
gov_id : A government-issued document like a passport or driver’s licence.
2
It defines HOW MANY matches are needed
For each piece of information, the ruleset defines the minimum number of successful matches required from independent data sources. Example: A rule might require that the customer’s name be successfully matched against at leasttwo different sources.
By combining these conditions, rulesets can accommodate a wide range of verification scenarios — from simple identity checks to complex, multi-source regulatory requirements — ensuring workflows remain flexible and compliant.
What it does: Verifies an individual’s identity by matching their information against at least two independent data sources. As part of the upcoming changes to AML/CTF regulation, this ‘safe harbour’ model is being phased out in favour of a risk-based approach which will also be open to biometrics and digital IDs. These changes are expected for existing entities by 31st March 2026.
Logic: Requires 2× Name MatchesAND a combined total of 2× Address/DOB Matches.
Australia’s AML/CTF regulations are evolving toward a risk-based approach and now recognize biometrics and digital IDs as valid verification methods. For details on upcoming changes—affecting existing entities from 31 March 2026 and new regulated entities from July 2026—refer to AUSTRAC’s official guidance.
Purpose: Specialized ruleset to verify an individual’s age with high confidence.
What it does: Allows businesses to confidently verify a user is over a certain age. The “OR” logic provides flexibility to increase pass rates.
Logic: Passes if EITHER of these conditions are met:
Path A: 2× Name Matches AND 2× DOB Matches.
OR
Path B: 2× Name Matches AND 1× DOB Match AND 1× Address Match.
Best Practice for Age Verification: Government-issued IDs are the most reliable data source for age verification as they provide an exact match against official records. When using consumer or commercial data sources, it is critical to review fuzziness settings to ensure they are set to require an exact match for the Date of Birth to avoid false negatives.
Purpose: Standard ruleset for US-based onboarding that aligns with common Customer Identification Program (CIP) requirements.
What it does: Provides a clear pathway to meeting baseline US federal requirements for customer identity verification under the Bank Secrecy Act (BSA).
Logic: Requires 1× Name Match , 1× DOB Match , 1× Address Match , AND1× Gov ID Match (e.g., an SSN).
Purpose: Multi-part ruleset designed to meet Canadian compliance requirements. Provides two distinct pathways for verification; a customer only needs to pass one.
What it does: Verifies identity using one of the methods prescribed by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).
Now that you understand the logic behind our rulesets, see our Electronic KYC with Government ID guide for a step-by-step walkthrough of how to execute a workflow that uses one of these rulesets.
