A claimant registers on the insurance / employee-claims portal and passes KYC document review — every upload magic-byte verified against its declared type, every gate fail-closed, every decision written to an immutable audit trail.
The KYC journey, end to end
One review queue, four outcomes. Each uploaded document is decided per type — accepted, rejected-resubmit (loops the claimant back to re-upload), or rejected-final — and the claimant is verified only when every required doc-type is green.
Spoofed documents never reach a reviewer. The magic-byte gate reads the real file header and rejects a renamed or polyglot file (422) before it is ever stored or queued for compliance.
No double-decisions, no silent writes. A concurrency predicate makes the losing reviewer a clean 409, and every KYC transition is fail-closed — if the audit row cannot be written, the mutation is rejected.
Mail = email sent Bell = in-app alert Amber diamond = automatic check Teal diamond = a person decides
No document byte is trusted on its declared MIME — the magic-byte gate blocks spoofs before review. Reviewers decide each document type independently; a rejected type still open blocks verification, and a re-uploaded doc supersedes the old one. Every state transition is fail-closed audited.
What the portal guarantees
Every KYC decision is type-aware — a re-uploaded doc supersedes the old one; a rejected type still open blocks verification.
Concurrent reviewers cannot double-decide — a status-predicate UPDATE makes the loser a clean 409.
Every KYC transition is fail-closed: if the audit row cannot be written, the mutation is rejected.