Versions Compared

Version Old Version 37 New Version 38
Changes made by

Kristoffer Kristoffer

Kristoffer Kristoffer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version master

The AML resource server is running as a separate service and has its own release cycle different from the rest of the OIDC platform.

Changes in V64

Release date: 2022-01-26

NoChanges
1

Switched to new infrastructure for the entire service. This is a major internal upgrade.

2Financial income (finansinntekter) is presented as part of the financial information.
3

More roles are supported in the response. New roles are:

  • PARTICIPANT_WITH_SHARED_LIABILITY
  • PARTICIPANT_WITH_UNLIMITED_LIABILITY
  • MANAGING_OWNER
  • OWNERSHIP_COUNTY
  • COMPLEMENTARY
  • OBSERVER
  • JOINT_OWNER

For norwegian translation see: https://confluence.bankidnorge.no/confluence/pdoidcl/problems-we-solve/aml-and-compliance/aml-services/the-organization-resource/organization-api-implementation-guide/organization-roles

3

The roles "auditor" and "accountant" are now listed as part of the general roles list. The effect of this is that more than one entity can now be listed with these roles.

The response elements auditor and accountant are marked as DEPRECATED.

Changes in V63

Release date: 2021-11-10

NoChanges
1

Enhanced information about missing signature rights description in Brreg.

2Fixed a bug causing bad behavior in the signature rights options algorithm.
3Fixed a bug where the reason to be a beneficial owner was incorrect in some rare special case.
4Fixed a bug causing missing query mismatch statements in the continuous screening service.

Changes in V62

Release date: 2021-10-18

NoChanges
1

Simplified routine for access to the Norwegian National Registry

Our goal is that the customer should be able to be completely self-served in the process of getting access to information from the Norwegian National Registry.

Previously a specific scope aml_person/NO_NATIONAL_REGISTRY was required. This scope has no longer a valid purpose and is ignored when supplied in the API.

Any customer client is eligible to receive data from the Norwegian National Registry when the following 3 prerequisites are met:

  1. Access is granted by Skatteetaten
  2. Access is delegated to Vipps AS
  3. A request to the API contains expand parameters referring to data elements in the national registry source such as ‘address’

Please encourage the customers to follow our guidelines to fulfill steps 1 and 2: Veiledning for tilgang til folkeregisteret.

Also, make sure to provide the necessary expand parameters in the API requests.

2

Access rights status information API

A new endpoint has been established in order for the customer to check the status of the access rights to the Norwegian National Registry.

A JSON response containing two boolean flags is returned:

  • "granted": true if access has been granted by Skatteetaten (step number 1 above)
  • "delegated": true if access has been successfully delegated to Vipps AS (step number 2 above)

We recommend presenting this information in a visual matter in any merchant's customer portal.

3Improvements to information about ownership in company test data.

Changes in V61

Release date: 2021-10-04

NoChanges
1

The reason to be a beneficial owner is now also returned as part of the JSON API response.

Three new fields are introduced:

  1. reason : Enum describing the reason
  2. reasonPhrase : Text description of the reason. Same as is presented in the report, in the same language.
  3. integratedOwnership: Share of integrated ownership.

In addition, the existing field percentageControl is adjusted to only return a value in cases where the share of control clearly can be described with a number. (Typically this is null when reason is a role or indirect control).

2

Improved support for AML search after persons with nationality other than Norwegian.

  • the input parameter ssn now supports national ID number for the countries Norway, Sweeden, Denmark, and Finland.
  • if a Swedish nationality is given, a Sanction/PEP result with match quality of 500 (full ssn match) is possible.
  • The input parameter countryOfSsn is deprecated and replaced with the more syntactically correct parameter country. Both parameters are supported and have the same effect.
Info
Note that if an ssn is not present, an input consisting of only the name and dateOfBirth parameters are sufficient. This can lead to PEP/Sanction match results for any international person.
Info
Information from national registers, such as an address, is still only available for Norwegian citizens. Similar support will be added for other Nordic countries in a future release.
3Beneficial owners are described with an address when the information is available. (both PDF and JSON)
4Unidentified beneficial owners are described with a country when that information is available. (both PDF and JSON)

Changes in V60

Release date: 2021-09-16

NoChanges
1

New feature: Reason to be a beneficial owner

The list of beneficial owners in the PDF report now includes a reason column. The reason is a description of why the system has classified the entity as a beneficial owner.

There are six possible reasons:

ReasonDescription
Direct ownershipThe person has direct ownership of a certain percentage above 25%
Indirect control or ownership

The person has control of the company through indirect ownership or control through multiple steps. For each step control of at least 25% is required.

Note that ownership of some specific share class may lead to greater control than the actual ownership percentage, and this aspect is taken into account in the calculation.

Direct role in the foundationThe organization of interest is a foundation. Major roles in such foundations are classified as beneficial owners.
Indirect control through role in some foundationThe person has a major role in some foundation which in the next step has great ownership (25% each step) of the organization of interest.
Voting rightsThe person has direct ownership of some specific share class giving voting rights greater than 25%.
Both voting rights and direct ownershipThe person has direct ownership of some specific share class giving voting rights greater than 25%. The direct ownership percentage in itself is also large enough to classify the person as a beneficial owner.

This information will soon also be available in the JSON response.

2

New feature: Continuous screening of organizations

Status
colourYellow
titlebeta

At this stage only alerts about sanctions are supported. In future releases, this feature will be extended to support alerts about other changes in the organizations.

Note that this feature is in a beta stage, and is currently only available to some customers.

3The three-year financial history numbers are now presented side-by-side on a single page.  
4Continuous screening of persons: Added support to present a queryMismatch remark in monitored person alerts with a match indicator of 155
5Links to information about PEP/Sanction results in the PDF reports are no longer clickable. A restriction in the PDF/A standard (PDF for archiving purposes) caused the hyperlinks to be corrupt in some cases. Instead, the links are now presented as pure text.
6

Minor layout improvements in the PDF reports.

  • improved ordering of subsidiaries
  • changed order of some chapter
7Removed the time-of-day component in the lastChanged response element.

Changes in V59

Release date: 2021-08-23

NoChanges
1

New feature: The roles of the person

The person service can now return a list of the person's official roles in companies. Note: Include the expand parameter roles in the request to enable this feature.

2

A number of improvements to the PDF reports, affecting both content and visuals.

  • Improved formatting, layout, and other visual improvements, including "smart" page breaks.
  • A more detailed description about ownership indicators
  • Added a chapter about PEP/Sanctions lists in the optional appendix
3

Added/changed the "type" property of beneficial owners and shareholders. A beneficial owner can now be recognized as "unidentified" when it is unknown if the entity is a real person or an organization of some sort.

Changes in V58

Release date: 2021-07-01

NoChanges
1

Page breaks are now avoided inside chapters of PDF reports, when possible.

2

PEP and Sanction results are ordered by match indicator in the PDF reports.

3Fixed a bug where signature rights were missing from a company of type sole proprietorship.
4Fixed a bug where the webhook URL of a continuous screening monitor was not returned from the information endpoint.
5Minor visual improvements in testdata reports.

Changes in V57

Release date: 2021-06-23

NoChanges
1

Corrected some typos in the English language organization reports

2Support for the upcoming OIDC domain change. As described here: https://bankid-services.statuspage.io/incidents/ps6xdc0pccs5
3Fixed a bug where clients in the Current environment did not have access to test data from FREG (Folkeregisteret).

Changes in V56

Release date: 2021-05-26

NoChanges
1

Switched to T-rank as the source of all ownership information delivered from the organization service:

  • Beneficial owners
  • Direct owners
  • Subsidiaries

This change comes with multiple benefits for the customer:

  • Improved data quality
  • Calculation of beneficial owners is in accordance with the updated rule set in The Anti-Money Laundering Act.
  • All ownership information is now completely in sync with the present ownership indicators calculation

Note that with this release we are also making some changes to the presentation of ownership in the PDF reports:

  • The list of owners is limited to the 20 with the biggest ownership.
  • All ownership chapters are included even if the listed content is empty.
  • Visual improvements

Changes in V55

Release date: 2021-05-04

NoChanges
1

Organization resource: Supplier of official roles has been switched to T-rank

2Some minor text improvements in the PDF reports
3

Fixed a bug in handling of some signature rights with specific individuals

4Fixed a bug causing duplicate "roles" chapters in the reports
5Fixed a bug in the continuous screening service where the description of a 175 match indicator was wrong in some cases

Changes in V54

Release date: 2021-04-20

NoChanges
1

Minor bug fixes in the national registry output.

Changes in V53

Release date: 2021-04-14

NoChanges
1

Added support for multiple persons with the same role in the organization response. This upgrade can affect all official roles, but statistics shows that it basically applies to the following set of roles:

  • CEO
  • Chairman
  • Deputy chairman

To benefit from this update, changes must be made to the client's request and response handling as follows:

Request: The expand officialRoles has been deprecated. This must be replaced with the newly introduced expand roles.

XML Response: Furthermore, the element officialRoles in the XML response has been deprecated. A new response element roles has been introduced. This is corresponding to the new expand and contains a different data structure.

PDF Response: The new expand results in a new and different chapter in the PDF reports.

See the API documentation for further details.


2Improvements in error handling.

Changes in V52

Release date: 2021-04-07

NoChanges
1

Added integration with FREG (The new Folkeregisteret). This new service replaces DSF, and has multiple benefits for the customers of BankID AML, such as a much easier registration process through Altinn. The feature will soon be ready for all customers.

2Text improvements in the PDF reports regarding the sources used in the sanction and PEP searches. 
3Better validation of the dateOfBirth parameter.

Changes in V51

Release date: 2021-03-16

NoChanges
1Continuous screening: Fixed a bug causing duplicate webhook signals
2Continuous screening: Adjustments to what time of day alerts are being delivered. Previously alerts used to be ready in the evening at 20:00, but now they also can be delivered earlier during the day when available.
3Continuous screening: Improvements to the monitor statistics. Deletion of alerts will give a more immediate effect to the number of "active alerts".

Changes in V50

Release date: 2021-03-04

NoChanges
1A better description of the sanction- and PEP lists being used in PDF reports
2Support for the OFAC sanction list in organization search. Use the new scope aml_organization/OFAC (restricted access)
3Improved performance while generating PDF reports
4Fixed a bug in the continuous screening alert delivery service

Changes in V49

Release date: 2021-02-22

NoChanges
1

This release includes a major upgrade of an internal framework component.

2The ownership indicators feature no longer require specific access (the scope aml_organization/ownership.indicators is no longer required)
3A bug causing bad scrolling behavior in the API documentation when using the Chrome browser has been fixed.
4Fixed a bug in the monitor service causing incorrect matchindicator

Changes in V48

Release date: 2021-01-27

NoChanges
1

The first release of the new Organization Async Session API.

In upcoming releases, the asynchronous API will be extended with

  • introduction of batch support
  • person search support

The asynchronous alternative is the only available option for new integration partners, and existing partners are encouraged to migrate their implementation.

Benefits are improved robustness and quality of delivery, especially under periods of high traffic load.

Have a look at the documentation for more information.

2

Improved description of some ownership indicators in the PDF reports

3Minor improvements in the API documentation

Changes in V47

Release date: 2021-01-11

NoChanges
1

Fixed a bug in the monitor statistics calculation causing an HTTP 500 error from the GET monitor endpoint in some cases.

Changes in V46

Release date: 2021-01-06

NoChanges
1

The first release of the new Organization Session API 

Status
colourYellow
titlebeta

2The GET report endpoint now returns an HTTP 500 error immediately for failing reports, preventing clients from polling the endpoint for a long time in such cases.
3Minor bugfixes

Changes in V45

Release date: 2020-12-09

NoChanges
1

Information about BankID identification has been enhanced with more information about the related BankID certificate.

In the PDF report the following elements are presented:

  • Timestamp (time of authentication)
  • Certificate serial number (serial number of the BankID certificate)
  • Organization (Issuer of the BankID certificate)
  • Organizational Unit (Organization number of the issuer)

The following elements are added to the JSON response:

  • originator (complete originator String, similar to the one delivered as part of the ID Token)
  • serialNumber (BankID serial number, similar to bankid_altsub in the ID Token)
Info
titleExample originator string
CN=BankID Bankenes ID-tjeneste Bank CA 2,
OU=988477052,
O=Bankenes ID-tjeneste AS,*
C=NO;OrginatorId=9775;OriginatorName=Gjensidige Bank RA 1
2Fixed a bug in continuous screening which caused an error when adding persons.
3The lifespan of PDF reports has been increased to 30 minutes (from the previous 10 min). This is the deadline for when all reports must be downloaded before they are deleted from the server.
4Changes to the terms used in PDF reports regarding the organization types General Partnership and General Partnership with shared liability. "Aksjonærer" is renamed to "Deltakere" (English: Partners). Also, the percentage of ownership is removed from General Partnership. 
5

Adjustments to which scenarios the signature rights remark exceptions possible is added to the response.

Changes in V44

Release date: 2020-11-23

NoChanges
1

Changes in the response from the authorizations API of the organization resource: The whole board will now always be included as a valid signature rights option.

2

The test data has been improved with more representative values for ownership indicators.

3The organization type is written in Norwegian in the PDF reports when Norwegian language has been selected.
4Continuous screening: nationality parameter is only mandatory in conjunction with the SSN parameter.

Changes in V43

Release date: 2020-11-05

NoChanges
1

Næringskode (NACE) is included in the organization PDF report

Changes in V42

Release date: 2020-11-03

NoChanges
1

Fixed a bug in the report generator sometimes causing the endpoint to return HTTP 404 (Bad Request) before eventually returning HTTP 200 (Ok)

2Correcting a rounding error in the ownership indicators

Changes in V41

Release date: 2020-10-28

NoChanges
1

Various improvements to the new "Ownership indicator" pilot feature. (temporarily restricted access)

Changes in V40

Release date: 2020-10-21

NoChanges
1

Fixed a bug causing an invalid return value of housetype: "0"

2Fixed a bug causing an error when searching after some specific organizations
3Minor visual improvements in PDF reports

Changes in V39

Release date: 2020-10-07

NoChanges
1

Added optional parameter showMissingAccessAlerts to the person resource API. The parameter makes it possible to hide the DSF chapter and information about missing access to DSF from the PDF reports.

2Minor text change in signature rights remark.
3Stability improvements.

Changes in V38

Release date: 2020-09-22

NoChanges
1

The property statusCodes in the organization response used to be an array of strings, but is now an array of enums, with the following possible values: BANKRUPT, UNDER_LIQUIDATION, UNDER_COMPULSORY_LIQUIDATION, CLOSED_COMPANY

2Introducing a warning message in the beneficial owner's section of the PDF report when the beneficial owner's can not be detected because of the ownership structure.

Changes in V37

Release date: 2020-09-08

NoChanges
1Stability improvements in the PDF report generator. Introducing a fallback mechanism in the integration with a timestamp server.
2

Additions have been made to the list of situations causing a SERVER_ERROR to be reported as part of the "response_warnings" response element.

3Corrections in the API documentation examples - all role names are CAPITAL LETTERS.

Changes in V36

Release date: 2020-08-24

NoChanges
1

The new parameter caseReference is required when requesting information from the National Registry. Read more about this parameter in the Person resource.

Info

Note that for access to information from the National Registry the customer must first apply for access and sign an agreement with Skatteetaten. Vipps will help the customer through this process.

After the application is approved, the client will be granted access to the scope aml_person/NO_NATIONAL_REGISTRY

2A deleted company will now be returned with the statusCode "Avviklet"

Changes in V35

Release date: 2020-08-10

NoChanges
1

Improved error handling in cases where one data source is unavailable.

2

Introducing the new response element "response_warnings" in the Organization resource. This is a list of warnings about specific response elements that could not be delivered for some reason. At the moment, the only notable reason is that a necessary data source is unavailable.

Example:

Code Block
languagejs
"response_warnings":[
      {
         "property":"keyInformation",
         "type":"SERVER_ERROR",
         "message":"National Registry service is unavailable"
      }]
3Sanction results with a match indicator of either 125 or 155 might now be delivered with a (warning) note about the birthdate when this is different than the search criteria.
4The "expands" parameter now affects the content of PDF reports in the test environments.
5Fixed a bug where a search on a deleted company resulted in an error response.
6Fixed a bug causing historic name to be excluded from PDF reports.
7Improved reliability of the reports download service.
8

Performance improvements and bug fixes.

Changes in V34

Release date: 2020-06-09

NoChanges
1

The monitor state IMPORT_COMPLETE has been renamed to ACTIVE. See diagram.

2The monitor states UNKNOWN and DEACTIVATED were unused and has been removed
3Corrected the error message when missing parameter 'countryOfSsn'
4Fixed a bug causing some role persons without birthdate to be missing from the report

Changes in V33

Release date: 2020-05-26

NoChanges
1

Continuous screening: Added an endpoint with the possibility to DELETE an entire monitor

2

Continuous screening: The GET /monitor endpoint returns more relevant statistics about the persons in the monitor.

  • "ordered": Number of people added to the monitor, but not yet confirmed
  • "confirmed": Number of people confirmed added to the monitor
3Organization: The signature description "Styrets medlemmer hver for seg" is handled as CONCLUSIVE.
4The quality of the test data is improved. This includes a change of SSN for most of the persons to a new valid one. Note: The old test data with existing SSN will still work for a time period.

Changes in V32

Release date: 2020-05-04

...

NoChanges
1

Introducing a timeout of 9 seconds on the person and organization resource endpoints, so all requests can be excepted to give a response within this time limit.

2

Person report: Sanction results will contain an explicit note when the birth date is different than the search criteria.

In the JSON response, a new data element "queryMismatch" is introduced to inform about the same thing.

3Invalid organization number is handled as HTTP 400 bad request
4

Monitor: Introducing a new data element "hitType" on alerts. The enum comes in two variants:

  • MATCH: the person has been added to a sanction or PEP list
  • REMOVED: the person has been removed from a sanction or PEP list
5

Person test data: search on date of birth is now possible

6Organization test data: purpose is returned

...