Audit Trail
An audit trail is a chronological and immutable record of all actions, decisions, and events related to a document verification process. It provides formal evidence that each verification step was performed in compliance with regulatory requirements, and enables the complete reconstruction of the verification journey in the event of an inspection.
In the context of KYC/AML compliance, the audit trail is not simply a technical log โ it is a regulatory obligation. Regulated entities must be able to demonstrate to supervisory authorities (FCA in the UK, FinCEN in the US, BaFin in Germany) that they performed adequate checks on each customer, when they were performed, what the results were, and what decisions were taken as a result. Absent or insufficient audit trails can result in significant financial penalties.
A comprehensive audit trail records every event with a precise timestamp: document submission, identity of the user who initiated the verification, results of each automated check (OCR, authenticity, consistency), confidence scores assigned, automatic or manual decision, identity of the human reviewer where applicable, and any subsequent status changes. Each entry is cryptographically signed to ensure integrity and prevent retrospective tampering.
CheckFile automatically generates an exhaustive audit trail for every verification. It is accessible via the REST API and dashboard, exportable in PDF and JSON formats for regulatory reporting, and retained for the legally required duration (5 years minimum for KYC obligations in most jurisdictions). The system guarantees entry immutability: once recorded, no data can be modified or deleted, in accordance with WORM (Write Once Read Many) principles.
Regulations
Real-world examples
- 1.During an FCA inspection, a bank presents the complete audit trail of a flagged customer: the inspector can trace every verification performed since account opening, the confidence scores obtained, and the decisions taken at each step.
- 2.An accounting firm exports monthly audit trails of its client verifications in PDF format to attach to its compliance files, proving adherence to its due diligence obligations.
- 3.Following a fraud suspicion, an insurer's compliance team reviews the audit trail and discovers that the identity document had received a confidence score of only 68% during initial underwriting, but an operator had manually approved the file โ this information is passed to the relevant authorities.