commit b6cecaa5f2a05aa9709eb7b745bc5129012415c3
parent 797e79663dbb4e3e88c18536e4bc7dfdb978995f
Author: Florian Dold <florian@dold.me>
Date: Tue, 3 Jun 2025 14:18:18 +0200
exchange_tops: template tos_url
Diffstat:
3 files changed, 427 insertions(+), 427 deletions(-)
diff --git a/roles/exchange_tops/files/etc/taler-exchange/conf.d/kyc-rules.conf b/roles/exchange_tops/files/etc/taler-exchange/conf.d/kyc-rules.conf
@@ -1,421 +0,0 @@
-[exchange]
-
-# Better enable KYC.
-ENABLE_KYC = YES
-
-# Hard limits
-[kyc-rule-withdraw-limit-monthly]
-OPERATION_TYPE = WITHDRAW
-NEXT_MEASURES = verboten
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:2500
-TIMEFRAME = "30 days"
-
-[kyc-rule-withdraw-limit-annually]
-OPERATION_TYPE = WITHDRAW
-NEXT_MEASURES = verboten
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:15000
-TIMEFRAME = "365 days"
-
-# Limit on merchant transactions
-[kyc-rule-transaction-limit]
-OPERATION_TYPE = TRANSACTION
-NEXT_MEASURES = verboten
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:1000
-TIMEFRAME = "1 days"
-
-[kyc-rule-balance-limit]
-OPERATION_TYPE = BALANCE
-NEXT_MEASURES = verboten
-EXPOSED = YES
-# Note: Disabled, kept in case we ever want to impose a limit on wallet balances.
-ENABLED = NO
-THRESHOLD = CHF:1000
-TIMEFRAME = "1 days"
-
-# SMS identification limit on withdraw (voluntary rule)
-[kyc-rule-withdraw-limit-low]
-OPERATION_TYPE = WITHDRAW
-NEXT_MEASURES = sms-registration
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:200
-TIMEFRAME = "30 days"
-
-# Deposit requires ToS acceptance, this way we ensure bank account is confirmed!
-[kyc-rule-deposit-limit-zero]
-OPERATION_TYPE = DEPOSIT
-NEXT_MEASURES = accept-tos
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:0
-TIMEFRAME = "1 days"
-
-# Aggregation limits
-[kyc-rule-deposit-limit-monthly]
-OPERATION_TYPE = AGGREGATE
-NEXT_MEASURES = kyx
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:2500
-TIMEFRAME = "30 days"
-
-[kyc-rule-deposit-limit-annually]
-OPERATION_TYPE = AGGREGATE
-NEXT_MEASURES = kyx
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:15000
-TIMEFRAME = "365 days"
-
-# P2P limits
-[kyc-rule-p2p-limit-monthly]
-OPERATION_TYPE = MERGE
-NEXT_MEASURES = verboten
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:2500
-TIMEFRAME = "30 days"
-
-[kyc-rule-p2p-limit-annually]
-OPERATION_TYPE = MERGE
-NEXT_MEASURES = verboten
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:15000
-TIMEFRAME = "365 days"
-
-[kyc-rule-p2p-domestic-identification-requirement]
-OPERATION_TYPE = MERGE
-NEXT_MEASURES = sms-registration postal-registration
-IS_AND_COMBINATOR = NO
-EXPOSED = YES
-ENABLED = YES
-THRESHOLD = CHF:0
-TIMEFRAME = "30 days"
-
-# #################### KYC measures #######################
-
-# Fallback measure on errors.
-[kyc-measure-freeze-investigate]
-CHECK_NAME = skip
-PROGRAM = freeze-investigate
-VOLUNTARY = NO
-CONTEXT = {}
-
-[kyc-measure-inform-investigate]
-CHECK_NAME = form-info-investigation
-# It's an INFO, so the program will never run, but we still
-# must specify one. Maybe make PROGRAM not required for
-# INFO-checks? #9874
-PROGRAM = preserve-investigate
-VOLUNTARY = YES
-CONTEXT = {}
-
-[kyc-measure-inform-internal-error]
-CHECK_NAME = form-info-internal-error
-# It's an INFO, so the program will never run, but we still
-# must specify one. Maybe make PROGRAM not required for
-# INFO-checks? #9874
-PROGRAM = preserve-investigate
-VOLUNTARY = YES
-CONTEXT = {}
-
-[kyc-measure-sms-registration]
-CHECK_NAME = sms-registration
-PROGRAM = tops-sms-check
-VOLUNTARY = YES
-CONTEXT = {}
-
-[kyc-measure-postal-registration]
-CHECK_NAME = postal-registration
-PROGRAM = tops-postal-check
-VOLUNTARY = YES
-CONTEXT = {}
-
-[kyc-measure-accept-tos]
-CHECK_NAME = form-accept-tos
-PROGRAM = check-tos
-CONTEXT = {"tos_url":"https://exchange.taler-ops.ch/terms","provider_name":"Taler Operations AG", "successor_measure":"accept-tos", "validity_years":10}
-VOLUNTARY = NO
-
-[kyc-measure-kyx]
-CHECK_NAME = form-vqf-902.1
-PROGRAM = tops-kyx-check
-VOLUNTARY = NO
-CONTEXT = {}
-
-# Form triggered via tops-check-controlling-entity after vqf-902.11
-[kyc-measure-form-vqf-902.9]
-CHECK_NAME = form-vqf-902.9
-PROGRAM = preserve-investigate
-VOLUNTARY = NO
-CONTEXT = {}
-
-[kyc-measure-form-vqf-902.11]
-CHECK_NAME = form-vqf-902.11
-PROGRAM = tops-check-controlling-entity
-VOLUNTARY = NO
-CONTEXT = {}
-
-# FIXME: #9825
-#[kyc-measure-form-vqf-902.12]
-#CHECK_NAME = form-vqf-902.12
-#PROGRAM = preserve-investigate
-#VOLUNTARY = NO
-#CONTEXT = {}
-
-# FIXME: #9827
-#[kyc-measure-form-vqf-902.13]
-#CHECK_NAME = form-vqf-902.13
-#PROGRAM = preserve-investigate
-#VOLUNTARY = NO
-#CONTEXT = {}
-
-# FIXME: #9826
-#[kyc-measure-form-vqf-902.15]
-#CHECK_NAME = form-vqf-902.15
-#PROGRAM = preserve-investigate
-#VOLUNTARY = NO
-#CONTEXT = {}
-
-# ##################### KYC checks ###########################
-
-[kyc-check-form-info-internal-error]
-TYPE = INFO
-DESCRIPTION = "We encountered an internal error. Staff has been notified. Please be patient."
-DESCRIPTION_I18N = {"de":"Interner Fehler. Mitarbeiter wurden informiert. Bitte warten."}
-FALLBACK = default-investigate
-
-[kyc-check-form-info-investigation]
-TYPE = INFO
-DESCRIPTION = "Staff is checking your case. Please be patient."
-DESCRIPTION_I18N = {"de":"Mitarbeiter prüfen ihren Fall. Bitte warten."}
-FALLBACK = default-investigate
-
-[kyc-check-sms-registration]
-TYPE = LINK
-PROVIDER_ID = sms-challenger
-DESCRIPTION = "Confirm Swiss mobile phone number via SMS TAN"
-DESCRIPTION_I18N = {"de":"Schweizer Mobiltelefonnummer via SMS TAN bestätigen"}
-OUTPUTS = "CONTACT_PHONE"
-FALLBACK = default-investigate
-
-[kyc-check-email-registration]
-TYPE = LINK
-PROVIDER_ID = email-challenger
-DESCRIPTION = "Confirm email address via TAN"
-DESCRIPTION_I18N = {"de":"Email addresse via TAN bestätigen"}
-OUTPUTS = "CONTACT_EMAIL"
-FALLBACK = default-investigate
-
-[kyc-check-postal-registration]
-TYPE = LINK
-PROVIDER_ID = postal-challenger
-DESCRIPTION = "Register Swiss postal address via TAN letter"
-DESCRIPTION_I18N = {"de":"Schweizer Addresse via TAN Brief bestätigen"}
-OUTPUTS = "CONTACT_NAME ADDRESS_LINES ADDRESS_COUNTRY"
-FALLBACK = default-investigate
-
-# This check can be triggered by AML programs and/or AML officers,
-# it do not appear directly in this configuration as it is triggered
-# only indirectly.
-[kyc-check-kycaid-individual]
-TYPE = LINK
-PROVIDER_ID = kycaid-individual
-DESCRIPTION = "Provider personal identification data via KYCAID provider"
-DESCRIPTION_I18N = {"de":"Persönliche Identifikation via KYCAID Service druchführen"}
-OUTPUTS = "PERSON_FULL_NAME PERSON_DATE_OF_BIRTH PERSON_NATIONALITY_CC ADDRESS_STREET ADDRESS_TOWN_LOCATION ADDRESS_ZIPCODE ADDRESS_COUNTRY_CC PERSON_NATIONAL_ID_SCAN TAX_ID"
-FALLBACK = default-investigate
-
-# This check can be triggered by AML programs and/or AML officers,
-# it do not appear directly in this configuration as it is triggered
-# only indirectly.
-[kyc-check-kycaid-business]
-TYPE = LINK
-PROVIDER_ID = kycaid-business
-DESCRIPTION = "Provide business identification via KYCAID provider"
-DESCRIPTION_I18N = {"de":"Geschäftsidentifikation via KYCAID durchführen"}
-# FIXME: correct output labels? FIXME: questionable we can get those from KYCAID...
-# FIXME: lower case names are missing in GANA
-OUTPUTS = "BUSINESS_NAME ADDRESS_STREET ADDRESS_TOWN_LOCATION ADDRESS_ZIPCODE ADDRESS_COUNTRY_CC company_identification_document power_of_atorney_document BUSINESS_REGISTRATION_ID business_registration_document registration_authority_name tops_controlling_owner_identifications"
-FALLBACK = default-investigate
-
-# FIXME: consider moving these into the exchange default config!
-[kyc-check-form-accept-tos]
-TYPE = FORM
-FORM_NAME = accept-tos
-DESCRIPTION = "Accept Taler Operations terms of service"
-DESCRIPTION_I18N = {"de":"Geschäftsbedingungen akzeptieren"}
-# This form field must be set to the etag (!) of the accepted /terms!
-OUTPUTS = ACCEPTED_TERMS_OF_SERVICE
-FALLBACK = preserve-investigate
-
-[kyc-check-form-vqf-902.1]
-TYPE = FORM
-FORM_NAME = vqf_902_1_customer
-DESCRIPTION = "Supply VQF form 902.1"
-DESCRIPTION_I18N = {"de":"Formular VQF 902.1 hochladen"}
-OUTPUTS = CUSTOMER_TYPE CUSTOMER_TYPE_VQF
-# OPTIONAL: NAME, ADDRESS, ID DOCS, ETC. DEPENDING ON LEGAL ENTITY TYPE
-# => aml program will decide on legal entity type between no more forms
-# or vqf_902_9, 11, 12, 13, 15. => after that, AML officer
-FALLBACK = preserve-investigate
-
-[kyc-check-form-vqf-902.9]
-TYPE = FORM
-FORM_NAME = vqf_902_9_customer
-DESCRIPTION = "Supply VQF form 902.9"
-DESCRIPTION_I18N = {"de":"Formular VQF 902.9 hochladen"}
-OUTPUTS = IDENTITY_CONTRACTING_PARTNER IDENTITY_LIST
-FALLBACK = preserve-investigate
-
-[kyc-check-form-vqf-902.11]
-TYPE = FORM
-FORM_NAME = vqf_902_11_customer
-DESCRIPTION = "Supply VQF form 902.11"
-DESCRIPTION_I18N = {"de":"Formular VQF 902.11 hochladen"}
-OUTPUTS = IDENTITY_CONTRACTING_PARTNER CONTROL_REASON IDENTITY_LIST THIRD_PARTY_OWNERSHIP
-FALLBACK = preserve-investigate
-
-#[kyc-check-form-vqf-902.12]
-#TYPE = FORM
-# FIXME #9025: This form will not be supported for the TOPS MVP
-#FORM_NAME = vqf_902_12
-#DESCRIPTION = "Supply VQF form 902.12"
-#DESCRIPTION_I18N = {"de":"Formular VQF 902.12 hochladen"}
-# FIXME: list correct outputs for each form here (and update GANA)
-#OUTPUTS = LEGAL_ENTITY_TYPE
-#FALLBACK = preserve-investigate
-
-#[kyc-check-form-vqf-902.13]
-#TYPE = FORM
-# FIXME: #9827 : This form will not be supported for the TOPS MVP
-#FORM_NAME = vqf_902_13
-#DESCRIPTION = "Supply VQF form 902.13"
-#DESCRIPTION_I18N = {"de":"Formular VQF 902.13 hochladen"}
-# FIXME: list correct outputs for each form here (and update GANA)
-#OUTPUTS = LEGAL_ENTITY_TYPE
-#FALLBACK = preserve-investigate
-
-#[kyc-check-form-vqf-902.15]
-#TYPE = FORM
-# FIXME: #9826: This form will not be supported for the TOPS MVP
-#FORM_NAME = vqf_902_15
-#DESCRIPTION = "Supply VQF form 902.15"
-#DESCRIPTION_I18N = {"de":"Formular VQF 902.15 hochladen"}
-# FIXME: list correct outputs for each form here (and update GANA)
-#OUTPUTS = LEGAL_ENTITY_TYPE
-#FALLBACK = preserve-investigate
-
-[kyc-measure-preserve-investigate]
-TYPE = SKIP
-CONTEXT = {}
-PROGRAM = preserve-investigate
-
-[kyc-measure-default-investigate]
-TYPE = SKIP
-CONTEXT = {}
-PROGRAM = default-investigate
-
-
-# ##################### AML programs #########################
-
-[aml-program-freeze-investigate]
-DESCRIPTION = "Fallback measure on errors that freezes the account and asks AML staff to investigate the system failure."
-COMMAND = taler-exchange-helper-measure-freeze
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-default-investigate]
-DESCRIPTION = "Fallback measure on errors that keeps default rules on the account but asks AML staff to investigate the system failure."
-COMMAND = taler-exchange-helper-measure-defaults-but-investigate
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-preserve-investigate]
-DESCRIPTION = "Fallback measure on errors that preserves current rules on the account but asks AML staff to investigate the system failure."
-COMMAND = taler-exchange-helper-measure-preserve-but-investigate
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-inform-investigate]
-DESCRIPTION = "Measure that asks AML staff to investigate an account and informs the account owner about it."
-COMMAND = taler-exchange-helper-measure-inform-investigate
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-challenger-postal-from-context]
-DESCRIPTION = "Measure to validate a postal address given in the context. Optionally, a 'prog_name' given in the context can be used to automatically follow up with another AML program. By default, the AML program run after address validation is 'inform-investigate'"
-COMMAND = taler-exchange-helper-measure-challenger-postal-context-check
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-challenger-sms-from-context]
-DESCRIPTION = "Measure to validate an SMS phone number given in the context. Optionally, a 'prog_name' given in the context can be used to automatically follow up with another AML program. By default, the AML program run after address validation is 'inform-investigate'"
-COMMAND = taler-exchange-helper-measure-challenger-sms-context-check
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-challenger-email-from-context]
-DESCRIPTION = "Measure to validate an email address given in the context. Optionally, a 'prog_name' given in the context can be used to automatically follow up with another AML program. By default, the AML program run after address validation is 'inform-investigate'"
-COMMAND = taler-exchange-helper-measure-challenger-email-context-check
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-
-# this program should require context 'tos_url' and 'provider_name'
-# and require attribute "ACCEPTED_TERMS_OF_SERVICE"
-[aml-program-check-tos]
-DESCRIPTION = "AML program that enables functions after the ToS have been accepted."
-COMMAND = taler-exchange-helper-measure-validate-accepted-tos
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-clear-measure-and-continue]
-DESCRIPTION = "AML program that clears a measure 'clear_measure' and continues with another AML binary 'exec_name' with context 'next_context', all of which must be given in the context."
-COMMAND = taler-exchange-helper-measure-clear-continue
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-
-[aml-program-preserve-set-expire-from-context]
-DESCRIPTION = "Measure that preserves the current rules but sets them to expire based on the context. The successor measure to activate on expiration can also be specified in the context. Useful when AML staff merely wants to set an expiration date."
-COMMAND = taler-exchange-helper-measure-preserve-set-expiration
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-preserve-set-expire-from-context]
-DESCRIPTION = "Measure that modifies the current rules by combining them with those from the context. The expiration time and successor measure to activate on expiration can also be specified in the context. Useful when AML staff merely wants to update rules."
-COMMAND = taler-exchange-helper-measure-update-from-context
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-tops-sms-check]
-DESCRIPTION = "Program that checks that the user was able to receive an SMS at a Swiss mobile phone number. Enables receiving P2P payments by lifiting kyc-rule-p2p-domestic-identification-requirement and also lifts the kyc-rule-withdraw-limit-low. The new rules expire after 2 years."
-COMMAND = taler-exchange-helper-measure-tops-sms-check
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-tops-postal-check]
-DESCRIPTION = "Program that checks that the user was able to postal mail at a Swiss postal address. Enables receiving P2P payments by lifiting kyc-rule-p2p-domestic-identification-requirement and also lifts the kyc-rule-withdraw-limit-low. The new rules expire after 5 years."
-COMMAND = taler-exchange-helper-measure-tops-postal-check
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-tops-kyx-check]
-DESCRIPTION = "Program that determines what kind of KYC/KYB process should be run based on a first form supplied by the user. Determines the next checks to run. Always concludes by passing all results to an AML officer. Rules are preserved."
-COMMAND = taler-exchange-helper-measure-tops-kyx-check
-ENABLED = YES
-FALLBACK = freeze-investigate
-
-[aml-program-tops-check-controlling-entity]
-DESCRIPTION = "Program that checks if the 'Controlling entity 3rd persion' checkbox was set, and if so triggers the optional form VQF 902.9. Then in either case ensures we run the address validation logic. Always concludes by passing all results to an AML officer. Rules are preserved."
-COMMAND = taler-exchange-helper-measure-tops-3rdparty-check
-ENABLED = YES
-FALLBACK = freeze-investigate
diff --git a/roles/exchange_tops/tasks/main.yml b/roles/exchange_tops/tasks/main.yml
@@ -1,7 +1,7 @@
---
- name: Place taler-exchange external individual KYC provider configuration
ansible.builtin.template:
- src: templates/etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf.j2
+ src: etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf.j2
dest: /etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf
owner: taler-exchange-httpd
group: taler-exchange-kyc
@@ -9,7 +9,7 @@
- name: Place taler-exchange external KYC provider configuration
ansible.builtin.template:
- src: templates/etc/taler-exchange/secrets/exchange-kyc-provider-business.secret.conf.j2
+ src: etc/taler-exchange/secrets/exchange-kyc-provider-business.secret.conf.j2
dest: /etc/taler-exchange/secrets/exchange-kyc-provider-business.secret.conf
owner: taler-exchange-httpd
group: taler-exchange-kyc
@@ -17,15 +17,15 @@
- name: Place taler-exchange AML program environment
ansible.builtin.template:
- src: templates/etc/taler-exchange/taler-exchange.env.j2
+ src: etc/taler-exchange/taler-exchange.env.j2
dest: /etc/taler-exchange/taler-exchange.env
owner: taler-exchange-httpd
group: root
mode: "0400"
- name: Place taler-exchange KYC configuration (if exists)
- copy:
- src: files/etc/taler-exchange/conf.d/kyc-rules.conf
+ ansible.builtin.template:
+ src: etc/taler-exchange/conf.d/kyc-rules.conf
dest: /etc/taler-exchange/conf.d/kyc-rules.conf
owner: root
group: root
@@ -33,7 +33,7 @@
- name: Place taler-exchange denominations config
ansible.builtin.template:
- src: templates/etc/taler-exchange/conf.d/denominations.conf.j2
+ src: etc/taler-exchange/conf.d/denominations.conf.j2
dest: /etc/taler-exchange/conf.d/denominations.conf
owner: root
group: root
diff --git a/roles/exchange_tops/templates/etc/taler-exchange/conf.d/kyc-rules.conf b/roles/exchange_tops/templates/etc/taler-exchange/conf.d/kyc-rules.conf
@@ -0,0 +1,421 @@
+[exchange]
+
+# Better enable KYC.
+ENABLE_KYC = YES
+
+# Hard limits
+[kyc-rule-withdraw-limit-monthly]
+OPERATION_TYPE = WITHDRAW
+NEXT_MEASURES = verboten
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:2500
+TIMEFRAME = "30 days"
+
+[kyc-rule-withdraw-limit-annually]
+OPERATION_TYPE = WITHDRAW
+NEXT_MEASURES = verboten
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:15000
+TIMEFRAME = "365 days"
+
+# Limit on merchant transactions
+[kyc-rule-transaction-limit]
+OPERATION_TYPE = TRANSACTION
+NEXT_MEASURES = verboten
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:1000
+TIMEFRAME = "1 days"
+
+[kyc-rule-balance-limit]
+OPERATION_TYPE = BALANCE
+NEXT_MEASURES = verboten
+EXPOSED = YES
+# Note: Disabled, kept in case we ever want to impose a limit on wallet balances.
+ENABLED = NO
+THRESHOLD = CHF:1000
+TIMEFRAME = "1 days"
+
+# SMS identification limit on withdraw (voluntary rule)
+[kyc-rule-withdraw-limit-low]
+OPERATION_TYPE = WITHDRAW
+NEXT_MEASURES = sms-registration
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:200
+TIMEFRAME = "30 days"
+
+# Deposit requires ToS acceptance, this way we ensure bank account is confirmed!
+[kyc-rule-deposit-limit-zero]
+OPERATION_TYPE = DEPOSIT
+NEXT_MEASURES = accept-tos
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:0
+TIMEFRAME = "1 days"
+
+# Aggregation limits
+[kyc-rule-deposit-limit-monthly]
+OPERATION_TYPE = AGGREGATE
+NEXT_MEASURES = kyx
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:2500
+TIMEFRAME = "30 days"
+
+[kyc-rule-deposit-limit-annually]
+OPERATION_TYPE = AGGREGATE
+NEXT_MEASURES = kyx
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:15000
+TIMEFRAME = "365 days"
+
+# P2P limits
+[kyc-rule-p2p-limit-monthly]
+OPERATION_TYPE = MERGE
+NEXT_MEASURES = verboten
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:2500
+TIMEFRAME = "30 days"
+
+[kyc-rule-p2p-limit-annually]
+OPERATION_TYPE = MERGE
+NEXT_MEASURES = verboten
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:15000
+TIMEFRAME = "365 days"
+
+[kyc-rule-p2p-domestic-identification-requirement]
+OPERATION_TYPE = MERGE
+NEXT_MEASURES = sms-registration postal-registration
+IS_AND_COMBINATOR = NO
+EXPOSED = YES
+ENABLED = YES
+THRESHOLD = CHF:0
+TIMEFRAME = "30 days"
+
+# #################### KYC measures #######################
+
+# Fallback measure on errors.
+[kyc-measure-freeze-investigate]
+CHECK_NAME = skip
+PROGRAM = freeze-investigate
+VOLUNTARY = NO
+CONTEXT = {}
+
+[kyc-measure-inform-investigate]
+CHECK_NAME = form-info-investigation
+# It's an INFO, so the program will never run, but we still
+# must specify one. Maybe make PROGRAM not required for
+# INFO-checks? #9874
+PROGRAM = preserve-investigate
+VOLUNTARY = YES
+CONTEXT = {}
+
+[kyc-measure-inform-internal-error]
+CHECK_NAME = form-info-internal-error
+# It's an INFO, so the program will never run, but we still
+# must specify one. Maybe make PROGRAM not required for
+# INFO-checks? #9874
+PROGRAM = preserve-investigate
+VOLUNTARY = YES
+CONTEXT = {}
+
+[kyc-measure-sms-registration]
+CHECK_NAME = sms-registration
+PROGRAM = tops-sms-check
+VOLUNTARY = YES
+CONTEXT = {}
+
+[kyc-measure-postal-registration]
+CHECK_NAME = postal-registration
+PROGRAM = tops-postal-check
+VOLUNTARY = YES
+CONTEXT = {}
+
+[kyc-measure-accept-tos]
+CHECK_NAME = form-accept-tos
+PROGRAM = check-tos
+CONTEXT = {"tos_url":"{{ EXCHANGE_BASE_URL }}terms","provider_name":"Taler Operations AG", "successor_measure":"accept-tos", "validity_years":10}
+VOLUNTARY = NO
+
+[kyc-measure-kyx]
+CHECK_NAME = form-vqf-902.1
+PROGRAM = tops-kyx-check
+VOLUNTARY = NO
+CONTEXT = {}
+
+# Form triggered via tops-check-controlling-entity after vqf-902.11
+[kyc-measure-form-vqf-902.9]
+CHECK_NAME = form-vqf-902.9
+PROGRAM = preserve-investigate
+VOLUNTARY = NO
+CONTEXT = {}
+
+[kyc-measure-form-vqf-902.11]
+CHECK_NAME = form-vqf-902.11
+PROGRAM = tops-check-controlling-entity
+VOLUNTARY = NO
+CONTEXT = {}
+
+# FIXME: #9825
+#[kyc-measure-form-vqf-902.12]
+#CHECK_NAME = form-vqf-902.12
+#PROGRAM = preserve-investigate
+#VOLUNTARY = NO
+#CONTEXT = {}
+
+# FIXME: #9827
+#[kyc-measure-form-vqf-902.13]
+#CHECK_NAME = form-vqf-902.13
+#PROGRAM = preserve-investigate
+#VOLUNTARY = NO
+#CONTEXT = {}
+
+# FIXME: #9826
+#[kyc-measure-form-vqf-902.15]
+#CHECK_NAME = form-vqf-902.15
+#PROGRAM = preserve-investigate
+#VOLUNTARY = NO
+#CONTEXT = {}
+
+# ##################### KYC checks ###########################
+
+[kyc-check-form-info-internal-error]
+TYPE = INFO
+DESCRIPTION = "We encountered an internal error. Staff has been notified. Please be patient."
+DESCRIPTION_I18N = {"de":"Interner Fehler. Mitarbeiter wurden informiert. Bitte warten."}
+FALLBACK = default-investigate
+
+[kyc-check-form-info-investigation]
+TYPE = INFO
+DESCRIPTION = "Staff is checking your case. Please be patient."
+DESCRIPTION_I18N = {"de":"Mitarbeiter prüfen ihren Fall. Bitte warten."}
+FALLBACK = default-investigate
+
+[kyc-check-sms-registration]
+TYPE = LINK
+PROVIDER_ID = sms-challenger
+DESCRIPTION = "Confirm Swiss mobile phone number via SMS TAN"
+DESCRIPTION_I18N = {"de":"Schweizer Mobiltelefonnummer via SMS TAN bestätigen"}
+OUTPUTS = "CONTACT_PHONE"
+FALLBACK = default-investigate
+
+[kyc-check-email-registration]
+TYPE = LINK
+PROVIDER_ID = email-challenger
+DESCRIPTION = "Confirm email address via TAN"
+DESCRIPTION_I18N = {"de":"Email addresse via TAN bestätigen"}
+OUTPUTS = "CONTACT_EMAIL"
+FALLBACK = default-investigate
+
+[kyc-check-postal-registration]
+TYPE = LINK
+PROVIDER_ID = postal-challenger
+DESCRIPTION = "Register Swiss postal address via TAN letter"
+DESCRIPTION_I18N = {"de":"Schweizer Addresse via TAN Brief bestätigen"}
+OUTPUTS = "CONTACT_NAME ADDRESS_LINES ADDRESS_COUNTRY"
+FALLBACK = default-investigate
+
+# This check can be triggered by AML programs and/or AML officers,
+# it do not appear directly in this configuration as it is triggered
+# only indirectly.
+[kyc-check-kycaid-individual]
+TYPE = LINK
+PROVIDER_ID = kycaid-individual
+DESCRIPTION = "Provider personal identification data via KYCAID provider"
+DESCRIPTION_I18N = {"de":"Persönliche Identifikation via KYCAID Service druchführen"}
+OUTPUTS = "PERSON_FULL_NAME PERSON_DATE_OF_BIRTH PERSON_NATIONALITY_CC ADDRESS_STREET ADDRESS_TOWN_LOCATION ADDRESS_ZIPCODE ADDRESS_COUNTRY_CC PERSON_NATIONAL_ID_SCAN TAX_ID"
+FALLBACK = default-investigate
+
+# This check can be triggered by AML programs and/or AML officers,
+# it do not appear directly in this configuration as it is triggered
+# only indirectly.
+[kyc-check-kycaid-business]
+TYPE = LINK
+PROVIDER_ID = kycaid-business
+DESCRIPTION = "Provide business identification via KYCAID provider"
+DESCRIPTION_I18N = {"de":"Geschäftsidentifikation via KYCAID durchführen"}
+# FIXME: correct output labels? FIXME: questionable we can get those from KYCAID...
+# FIXME: lower case names are missing in GANA
+OUTPUTS = "BUSINESS_NAME ADDRESS_STREET ADDRESS_TOWN_LOCATION ADDRESS_ZIPCODE ADDRESS_COUNTRY_CC company_identification_document power_of_atorney_document BUSINESS_REGISTRATION_ID business_registration_document registration_authority_name tops_controlling_owner_identifications"
+FALLBACK = default-investigate
+
+# FIXME: consider moving these into the exchange default config!
+[kyc-check-form-accept-tos]
+TYPE = FORM
+FORM_NAME = accept-tos
+DESCRIPTION = "Accept Taler Operations terms of service"
+DESCRIPTION_I18N = {"de":"Geschäftsbedingungen akzeptieren"}
+# This form field must be set to the etag (!) of the accepted /terms!
+OUTPUTS = ACCEPTED_TERMS_OF_SERVICE
+FALLBACK = preserve-investigate
+
+[kyc-check-form-vqf-902.1]
+TYPE = FORM
+FORM_NAME = vqf_902_1_customer
+DESCRIPTION = "Supply VQF form 902.1"
+DESCRIPTION_I18N = {"de":"Formular VQF 902.1 hochladen"}
+OUTPUTS = CUSTOMER_TYPE CUSTOMER_TYPE_VQF
+# OPTIONAL: NAME, ADDRESS, ID DOCS, ETC. DEPENDING ON LEGAL ENTITY TYPE
+# => aml program will decide on legal entity type between no more forms
+# or vqf_902_9, 11, 12, 13, 15. => after that, AML officer
+FALLBACK = preserve-investigate
+
+[kyc-check-form-vqf-902.9]
+TYPE = FORM
+FORM_NAME = vqf_902_9_customer
+DESCRIPTION = "Supply VQF form 902.9"
+DESCRIPTION_I18N = {"de":"Formular VQF 902.9 hochladen"}
+OUTPUTS = IDENTITY_CONTRACTING_PARTNER IDENTITY_LIST
+FALLBACK = preserve-investigate
+
+[kyc-check-form-vqf-902.11]
+TYPE = FORM
+FORM_NAME = vqf_902_11_customer
+DESCRIPTION = "Supply VQF form 902.11"
+DESCRIPTION_I18N = {"de":"Formular VQF 902.11 hochladen"}
+OUTPUTS = IDENTITY_CONTRACTING_PARTNER CONTROL_REASON IDENTITY_LIST THIRD_PARTY_OWNERSHIP
+FALLBACK = preserve-investigate
+
+#[kyc-check-form-vqf-902.12]
+#TYPE = FORM
+# FIXME #9025: This form will not be supported for the TOPS MVP
+#FORM_NAME = vqf_902_12
+#DESCRIPTION = "Supply VQF form 902.12"
+#DESCRIPTION_I18N = {"de":"Formular VQF 902.12 hochladen"}
+# FIXME: list correct outputs for each form here (and update GANA)
+#OUTPUTS = LEGAL_ENTITY_TYPE
+#FALLBACK = preserve-investigate
+
+#[kyc-check-form-vqf-902.13]
+#TYPE = FORM
+# FIXME: #9827 : This form will not be supported for the TOPS MVP
+#FORM_NAME = vqf_902_13
+#DESCRIPTION = "Supply VQF form 902.13"
+#DESCRIPTION_I18N = {"de":"Formular VQF 902.13 hochladen"}
+# FIXME: list correct outputs for each form here (and update GANA)
+#OUTPUTS = LEGAL_ENTITY_TYPE
+#FALLBACK = preserve-investigate
+
+#[kyc-check-form-vqf-902.15]
+#TYPE = FORM
+# FIXME: #9826: This form will not be supported for the TOPS MVP
+#FORM_NAME = vqf_902_15
+#DESCRIPTION = "Supply VQF form 902.15"
+#DESCRIPTION_I18N = {"de":"Formular VQF 902.15 hochladen"}
+# FIXME: list correct outputs for each form here (and update GANA)
+#OUTPUTS = LEGAL_ENTITY_TYPE
+#FALLBACK = preserve-investigate
+
+[kyc-measure-preserve-investigate]
+TYPE = SKIP
+CONTEXT = {}
+PROGRAM = preserve-investigate
+
+[kyc-measure-default-investigate]
+TYPE = SKIP
+CONTEXT = {}
+PROGRAM = default-investigate
+
+
+# ##################### AML programs #########################
+
+[aml-program-freeze-investigate]
+DESCRIPTION = "Fallback measure on errors that freezes the account and asks AML staff to investigate the system failure."
+COMMAND = taler-exchange-helper-measure-freeze
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-default-investigate]
+DESCRIPTION = "Fallback measure on errors that keeps default rules on the account but asks AML staff to investigate the system failure."
+COMMAND = taler-exchange-helper-measure-defaults-but-investigate
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-preserve-investigate]
+DESCRIPTION = "Fallback measure on errors that preserves current rules on the account but asks AML staff to investigate the system failure."
+COMMAND = taler-exchange-helper-measure-preserve-but-investigate
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-inform-investigate]
+DESCRIPTION = "Measure that asks AML staff to investigate an account and informs the account owner about it."
+COMMAND = taler-exchange-helper-measure-inform-investigate
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-challenger-postal-from-context]
+DESCRIPTION = "Measure to validate a postal address given in the context. Optionally, a 'prog_name' given in the context can be used to automatically follow up with another AML program. By default, the AML program run after address validation is 'inform-investigate'"
+COMMAND = taler-exchange-helper-measure-challenger-postal-context-check
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-challenger-sms-from-context]
+DESCRIPTION = "Measure to validate an SMS phone number given in the context. Optionally, a 'prog_name' given in the context can be used to automatically follow up with another AML program. By default, the AML program run after address validation is 'inform-investigate'"
+COMMAND = taler-exchange-helper-measure-challenger-sms-context-check
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-challenger-email-from-context]
+DESCRIPTION = "Measure to validate an email address given in the context. Optionally, a 'prog_name' given in the context can be used to automatically follow up with another AML program. By default, the AML program run after address validation is 'inform-investigate'"
+COMMAND = taler-exchange-helper-measure-challenger-email-context-check
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+
+# this program should require context 'tos_url' and 'provider_name'
+# and require attribute "ACCEPTED_TERMS_OF_SERVICE"
+[aml-program-check-tos]
+DESCRIPTION = "AML program that enables functions after the ToS have been accepted."
+COMMAND = taler-exchange-helper-measure-validate-accepted-tos
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-clear-measure-and-continue]
+DESCRIPTION = "AML program that clears a measure 'clear_measure' and continues with another AML binary 'exec_name' with context 'next_context', all of which must be given in the context."
+COMMAND = taler-exchange-helper-measure-clear-continue
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+
+[aml-program-preserve-set-expire-from-context]
+DESCRIPTION = "Measure that preserves the current rules but sets them to expire based on the context. The successor measure to activate on expiration can also be specified in the context. Useful when AML staff merely wants to set an expiration date."
+COMMAND = taler-exchange-helper-measure-preserve-set-expiration
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-preserve-set-expire-from-context]
+DESCRIPTION = "Measure that modifies the current rules by combining them with those from the context. The expiration time and successor measure to activate on expiration can also be specified in the context. Useful when AML staff merely wants to update rules."
+COMMAND = taler-exchange-helper-measure-update-from-context
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-tops-sms-check]
+DESCRIPTION = "Program that checks that the user was able to receive an SMS at a Swiss mobile phone number. Enables receiving P2P payments by lifiting kyc-rule-p2p-domestic-identification-requirement and also lifts the kyc-rule-withdraw-limit-low. The new rules expire after 2 years."
+COMMAND = taler-exchange-helper-measure-tops-sms-check
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-tops-postal-check]
+DESCRIPTION = "Program that checks that the user was able to postal mail at a Swiss postal address. Enables receiving P2P payments by lifiting kyc-rule-p2p-domestic-identification-requirement and also lifts the kyc-rule-withdraw-limit-low. The new rules expire after 5 years."
+COMMAND = taler-exchange-helper-measure-tops-postal-check
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-tops-kyx-check]
+DESCRIPTION = "Program that determines what kind of KYC/KYB process should be run based on a first form supplied by the user. Determines the next checks to run. Always concludes by passing all results to an AML officer. Rules are preserved."
+COMMAND = taler-exchange-helper-measure-tops-kyx-check
+ENABLED = YES
+FALLBACK = freeze-investigate
+
+[aml-program-tops-check-controlling-entity]
+DESCRIPTION = "Program that checks if the 'Controlling entity 3rd persion' checkbox was set, and if so triggers the optional form VQF 902.9. Then in either case ensures we run the address validation logic. Always concludes by passing all results to an AML officer. Rules are preserved."
+COMMAND = taler-exchange-helper-measure-tops-3rdparty-check
+ENABLED = YES
+FALLBACK = freeze-investigate
