정책 작성 가이드

Verify the submitted business registration documents for corporate entity validation.

Expected documents: business registration certificate, corporate registry extract

Verification steps:
1. Extract company name, registration number, incorporation date, registered address,
   and representative name from the business registration certificate
2. If a corporate registry extract is provided, cross-validate company name and
   registration number between both documents
3. Verify that the incorporation date is in the past and the registration has not expired
4. Check that the registered address includes street, city, and country
5. Screen the representative name against AML/sanctions watchlists
6. Verify that all required fields are present and non-empty

Decision criteria:
- APPROVE if all fields are consistent across documents, no AML matches found,
  and registration is valid and not expired
- REJECT if AML screening returns a high-risk match (SAN-CURRENT, PEP-CURRENT)
  or the registration is expired
- FLAG for manual review if AML returns a partial or medium-risk match,
  or if fields are inconsistent between documents

Verify the submitted invoice for payment processing approval.

Expected documents: invoice (PDF or image)

Verification steps:
1. Extract vendor name, vendor address, invoice number, invoice date, payment due date,
   line items (description, quantity, unit price, amount), subtotal, tax amount,
   and total amount
2. Verify that all required fields are present: vendor name, invoice number,
   invoice date, at least one line item, and total amount
3. Calculate the expected subtotal from line items (quantity x unit price for each)
   and check it matches the stated subtotal
4. Verify that tax is calculated correctly based on the subtotal
5. Check that the total equals subtotal plus tax
6. Validate that the invoice date is not in the future
7. Validate that the payment due date is after the invoice date

Decision criteria:
- APPROVE if all required fields are present, all calculations are correct,
  and dates are valid
- REJECT if required fields are missing, amounts do not add up,
  or the invoice date is in the future
- FLAG for manual review if minor discrepancies exist (e.g., rounding differences
  less than 1%) or if any field is partially unreadable

Review the submitted compliance document to verify regulatory requirements are met.

Expected documents: regulatory license, compliance certificate, or permit document

Verification steps:
1. Extract document type, issuing authority, issue date, expiration date,
   license/permit number, entity name, and scope of authorization
2. Verify that all required sections are present: document header with issuing authority,
   body with license details, signature block, and date fields
3. Check that the expiration date is in the future (document is currently valid)
4. Verify that the entity name on the document matches the expected entity name
5. Confirm that the license/permit number follows the expected format
6. Check that the issuing authority is a recognized regulatory body

Decision criteria:
- APPROVE if all required sections are present, the document is not expired,
  entity names match, and the license number format is valid
- REJECT if the document is expired, required sections are missing,
  or entity names do not match
- FLAG for manual review if the entity name is a close but not exact match,
  or if the issuing authority cannot be verified

Screen individuals referenced in the submitted documents against AML/sanctions databases.

Expected documents: any document containing person names (contracts, corporate filings,
partnership agreements, board resolutions)

Verification steps:
1. Extract all person names mentioned in the submitted documents, along with any
   available identifying information (date of birth, nationality, role/title)
2. For each extracted person, perform AML/sanctions watchlist screening
3. Classify screening results by risk level:
   - High risk: current sanctions (SAN-CURRENT), current PEP (PEP-CURRENT),
     regulatory enforcement (REL)
   - Medium risk: linked to PEP (PEP-LINKED), former PEP (PEP-FORMER),
     former sanctions (SAN-FORMER)
   - Low risk: media reports (RRE), insolvency (INS)
4. Summarize all screening results with person name, match status, and risk level

Decision criteria:
- APPROVE if no AML/sanctions matches are found for any screened individual
- REJECT if any individual has a high-risk match
- FLAG for manual review if any individual has a medium-risk or low-risk match

# Bad
Verify the document and check if it is valid.

# Good
Extract the company name, registration number, and incorporation date from the
business registration certificate. Verify that all fields are present, the
registration number follows a valid format, and the incorporation date is in the past.

# Bad
Extract invoice details and check the amounts.

# Good
Extract invoice details and check the amounts.
- APPROVE if all line item amounts sum to the stated total and all required fields
  are present
- REJECT if amounts do not match or required fields are missing
- FLAG for manual review if amounts match but optional fields are missing

# Bad
Check the submitted files for compliance.

# Good
Review the submitted business registration certificate (PDF or scanned image)
for corporate compliance requirements.

# Bad - one policy doing everything
Verify the vendor invoice, check the vendor's business registration,
screen all directors against AML lists, validate the vendor's insurance
certificate, and confirm their bank account details.

# Good - split into focused workflows
Workflow 1 (Invoice): Verify invoice amounts, dates, and required fields
Workflow 2 (Vendor KYB): Validate business registration and screen directors
Workflow 3 (Vendor Compliance): Check insurance certificate and bank details