Skip to main content
Onboarding in Levery is the institution’s customer admission and account provisioning workflow. It establishes a controlled path from an end user’s identity record to a permissioned account that can access regulated markets under institutional policy. Access is granted only after the platform has strong signals that:
  • the user controls the email address they registered with,
  • the institution has the minimum required user information on record,
  • identity verification (KYC) has been completed, and
  • the user controls the wallet account that will be used to access permissioned markets.
This flow is intentionally structured as a sequence of checks. Each step reduces risk, improves auditability, and creates a clear basis for approval decisions, whether those approvals are automated or completed by a compliance team.
This page guides end users of a financial institution that runs its own Levery instance. It also highlights configuration points where the institution can strengthen security, improve deliverability, and reduce onboarding friction.

What onboarding achieves for the institution

A properly configured onboarding policy allows an institution to:
  • enforce identity verification before allowing access to restricted products,
  • ensure every wallet account is linked to a verified user record,
  • maintain an auditable trail of verification and approval decisions,
  • reduce fraud and account takeover risk through one-time codes and wallet ownership proof,
  • and route edge cases to manual review without breaking the end-user experience.

Security posture

Onboarding combines time-limited verification codes, identity verification, and wallet ownership proof, which reduces account takeover risk and prevent users from linking accounts they do not control.

Auditability and operations

Each stage produces an explicit status that can be used for reporting and review workflows. Institutions can require manual approval for higher-risk segments without forcing users to repeat steps.

Who does what

End user - the institution’s customer

Verifies email, provides personal details, completes identity verification, and links a wallet account.

Institution operator - operator of the Levery instance

Configures email delivery and identity verification, sets activation rules, and determines whether users are approved automatically or require compliance review.

Compliance team - institutional role

Handles exceptions, reviews “under review” cases, and supports operational approval workflows.

What the end user should have before starting

The onboarding process is smoother when the user has the following ready:
  • Access to the email inbox used for registration.
  • Personal details and address information.
  • A government ID document (depending on the institution’s KYC requirements).
  • A phone available (identity verification is typically easiest on mobile).
  • A wallet option (either a new wallet created during onboarding or an existing wallet).
If identity verification is completed on mobile, the user should keep the Levery application open on desktop and return to it after the verification provider finishes.

Step-by-step onboarding (end-user journey)

1

Verify email with a one-time code

Levery begins by verifying email ownership using a one-time code delivered to the user’s inbox. This confirms the user can receive communications at the registered address and establishes a reliable identity anchor for notifications, policy updates, and operational follow-ups.What the user does
  1. Enters an email address in the institution’s Levery application.
  2. Receives a time-limited verification code by email.
  3. Enters the code to confirm control of the address and continue.
Why this is secure
  • Codes are short-lived and cannot be reused after successful verification.
  • Verification attempts are limited to reduce brute-force risk.
  • Resend behavior can be throttled to reduce abuse.
  • The platform can avoid revealing whether an email is registered, depending on institutional policy.
If users report they are not receiving codes, the first institutional check is outbound email delivery configuration. Levery supports sending OTP emails using the institution’s own SMTP credentials and sender domain, improving deliverability, branding consistency, and audit alignment.
2

Provide personal details

After email verification, Levery collects the minimum information required to start identity verification and support compliance and reporting needs.Typical information requested
  • Legal full name.
  • Date of birth (the platform requires adults, 18+).
  • Government ID number (if required by the institution).
  • Residential address details.
Why this matters
  • It ensures identity verification has complete information and reduces back-and-forth.
  • It supports downstream workflows, including review, reporting, and exception handling.
  • It creates a consistent profile record tied to a verified email identity.
Levery is designed so that sensitive user information can be stored under strict access controls. Institutions can choose a model where end users can view submitted details but cannot change records outside the onboarding workflow. Compliance roles can be granted controlled visibility for review purposes.
3

Complete identity verification (KYC)

Identity verification confirms the user is who they claim to be. In Levery, KYC is performed through the provider selected by the institution (for example, Sumsub), following the institution’s configured verification level and jurisdiction requirements.What the user does
  1. Opens the verification link or scans the QR code provided by the platform.
  2. Completes verification with the provider, often on mobile.
  3. Returns to the Levery application and waits for the status to update.
Common status meanings
  • In progress The user started verification but has not completed it.
  • Approved Verification passed and onboarding can continue.
  • Under review or On hold Additional review or information is needed.
  • Rejected Verification failed under the provider’s rules.
Benefits for institutions
  • Institutions can reuse existing KYC vendor relationships, workflows, and risk tiers.
  • Identity checks can be aligned with internal policy, product access rules, and jurisdiction requirements.
  • Verification outcomes can be recorded for audits and compliance operations.
Institutions can configure KYC status updates via provider webhooks and also reconcile status when webhooks are delayed. This improves operational stability without exposing complexity to end users.
4

Link a wallet and prove ownership

After KYC approval, Levery requires the user to link the wallet account that will be used inside the platform. The key security requirement is proof of control. The user must demonstrate they control the wallet they are linking.What the user does
  1. Connects a wallet (either created during onboarding or an existing wallet).
  2. Reviews a signature request in the wallet interface.
  3. Signs a message to prove control of that wallet account.
This is not a transaction. It does not move funds. It does not grant spending permissions. It is a secure ownership proof that binds a verified identity to a wallet account for permissioned access.
Why institutions benefit
  • It prevents users from registering wallet addresses they do not control.
  • It creates a strong link between identity verification and the account used for regulated access.
  • It improves auditability and supports enforcement for permissioned pools and restricted features.
5

Activation and review policy

Once wallet ownership is confirmed, the institution’s activation policy determines what happens next.
  • If the institution enables automatic activation, the user receives access immediately.
  • If the institution requires manual approval, the user is placed in a review queue and may see an “under review” message.
This is a deliberate design choice. Many institutions require more than KYC alone for access, for example additional risk scoring, customer classification, or operational checks. Levery supports these policies without forcing the user to repeat onboarding steps.

Returning later

Onboarding is designed to be resilient:
  • The user can refresh the page or return later without losing progress.
  • Completed steps are not repeated.
  • If a session expires, the user signs in again and onboarding resumes from the next required step.
If the user switches devices during onboarding, the email verification and identity verification steps may need to be revalidated depending on institutional security settings and session lifetime.

What institutions can configure

Institutions can tailor onboarding controls to match internal security standards, deliverability practices, and compliance workflows.

Email delivery for one-time codes

Institutions can send verification codes using their own SMTP credentials, sender domain, and branded messaging. This improves deliverability, reduces phishing confusion, and aligns onboarding communications with existing customer policies.

KYC provider and verification level

Institutions can connect their own identity verification provider credentials and configure verification levels by region, product, or risk tier. This keeps the onboarding experience consistent while meeting jurisdiction requirements.

Activation policy

Institutions can choose automatic activation after verification or staged, manual activation for higher-control environments. This supports workflows that require internal approvals or additional risk checks.

Support guidance

When onboarding issues occur, the most common institutional checks are:
  • Outbound email delivery configuration (SMTP and sender domain).
  • KYC provider configuration and connectivity (including webhook delivery and status reconciliation).
  • Activation policy (automatic approval vs review queue).
When escalating an onboarding issue, institutions typically ask end users to provide their registered email and the wallet address they attempted to link. This helps support teams identify the relevant record quickly while keeping the process consistent and auditable.