start with AML documentation

2 files changed, 74 insertions, 1 deletions

diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst
index 8ab5f93a..e6f4de33 100644
--- a/manpages/taler.conf.5.rst
+++ b/manpages/taler.conf.5.rst
@@ -91,6 +91,9 @@ AML_THRESHOLD
   Largest amount in this currency that can be transferred per month without
   an AML staff member doing a (manual) AML check. For example: "USD:1000000".
 
+KYC_AML_TRIGGER
+  Program to run on KYC attribute data to decide whether we should immediately flag an account for AML review. Program must return 0 if a manual AML review is not needed, and non-zero to trigger an AML review. The KYC attribute data of the new user will be passed on standard-input.
+
 ENABLE_TIPPING
   This option can be used to announce that an exchange does not allow
   the use of the reserves for tipping. The default is YES which means
diff --git a/taler-exchange-manual.rst b/taler-exchange-manual.rst
index 0c5db851..fe1a130e 100644
--- a/taler-exchange-manual.rst
+++ b/taler-exchange-manual.rst
@@ -1942,7 +1942,77 @@ transaction and decide on freezing or permitting the transfer. They may also
 request additional KYC data from the consumer and can change the threshold
 amount above which a further AML review is triggered.
 
-FIXME: describe use of taler-exchange-offline commands!
+AML Officer Setup
+^^^^^^^^^^^^^^^^^
+
+To begin the AML setup, AML staff should launch the GNU Taler
+exchange AML SPA Web interface. (FIXME-Sebastian: how?). The
+SPA will generate a public-private key pair and store it in the
+local storage of the browser.  The public key will be displayed
+and must be securely transmitted to the offline system for
+approval.  Using the offline system, one can then configure
+which staff has access to the AML operations:
+
+.. code-block:: shell-session
+
+  [root@exchange-offline]# taler-exchange-offline \
+     aml-enable $PUBLIC_KEY "Legal Name" rw > aml.json
+  [root@exchange-online]# taler-exchange-offline \
+     upload < aml.json
+
+The above commands would add an AML officer with the given "Legal Name" with
+read-write (rw) access to the AML officer database.  Using "ro" instead of
+"rw" would grant read-only access to the data, leaving out the ability to
+actually make AML decisions.  Once AML access has been granted, the AML
+officer can use the SPA to review cases and (with "rw" access) take AML
+decisions.
+
+Access rights can be revoked at any time using:
+
+.. code-block:: shell-session
+
+  [root@exchange-offline]# taler-exchange-offline \
+     aml-disable $PUBLIC_KEY "Legal Name" > aml-off.json
+  [root@exchange-online]# taler-exchange-offline \
+     upload < aml-off.json
+
+
+AML Triggers
+^^^^^^^^^^^^
+
+AML decision processes are automatically triggered under certain configurable
+conditions.  The primary condition that *must* be configured is the
+``AML_THRESHOLD``:
+
+.. code-block:: ini
+  :caption: /etc/taler/conf.d/exchange-business.conf
+
+  [exchange]
+  # Accounts or wallets with monthly transaction volumes above this threshold
+  # are considered suspicious and are automatically flagged for AML review
+  # and put on hold until an AML officer has reached a decision.
+  AML_THRESHOLD = "EUR:1000000"
+
+Additionally, certain KYC attributes (such as the user being a
+politically exposed person) may lead to an account being
+flagged for AML review.  The specific logic is configured by
+providing the exchange with an external helper program that
+makes the decision given the KYC attributes:
+
+.. code-block:: ini
+  :caption: /etc/taler/conf.d/exchange-business.conf
+
+  [exchange]
+  # Specifies a program to run on KYC attribute data to decide
+  # whether we should immediately flag an account for AML review.
+  KYC_AML_TRIGGER = taler-exchange-kyc-aml-pep-trigger.sh
+
+The given program will be given the KYC attributes in JSON format on standard
+input, and must return 0 to continue without AML and non-zero to flag the
+account for manual review.  To disable this triger, simply leave the option to
+its default value of '[/usr/bin/]true'. To flag all new users for manual
+review, simply set the program to '[/usr/bin/]false'.
+
 
 
 Setup Linting