Digital Wallet & Custodial Account Creation

In a regulated investment platform, an "Electronic Wallet" is not merely a user interface feature; it is a distinct Custodial Account or Sub-Account legally tied to a verified individual or entity.

Before any funds can be accepted, stored, or deployed, the platform must establish a "Reasonable Belief" of the customer's identity. This process is governed by the USA PATRIOT Act and SEC Customer Identification Program (CIP) rules.

1. Identity Verification (The CIP Requirement)

The creation of a wallet is technically blocked until the investor successfully passes the Know Your Customer (KYC) stage.

The "Gatekeeper" Logic

Data Collection: The investor submits Personal Identifiable Information (PII), including full name, government-issued ID, and Taxpayer Identification Number (SSN/EIN).
Third-Party Verification: In compliance with SEC Regulation S-ID, this data is not validated by the platform directly but is securely transmitted to a specialized KYC provider.
The Result: Only upon receiving a VERIFIED webhook from the provider does the system should unlock the wallet creation module.

Regulatory Impact: Under the Bank Secrecy Act (BSA), financial institutions are strictly prohibited from opening accounts for anonymous or sanctioned entities.

2. Wallet Provisioning & Data Handoff

Once identity is established, the system provisions the custodial wallet. This involves a secure data exchange between the platform and the Banking/Wallet Provider (e.g., Dwolla, North Capital).

The Provisioning Workflow

Data Propagation: The verified KYC data is forwarded to the Wallet Provider's Customer Verification System (CVS).
Risk Scoring: The provider performs a secondary check (often checking banking history or ChexSystems).
- Individual Profiles: Verification is typically instant.
- Entity Profiles (LLC/Trust): May require manual review of Beneficial Ownership information.
Account Creation: Upon approval, a unique Wallet ID is generated and linked to the investor’s user profile.

3. Data Security & Handling Standards

The storage of sensitive PII (Personal Identifiable Information) is a high-risk activity governed by strict cybersecurity standards.

NIST 800-63B Compliance

To ensure data integrity, the platform adheres to NIST Special Publication 800-63B (Digital Identity Guidelines).

Data Minimization: The platform adopts a "Pass-Through" architecture. Sensitive documents (like Passport photos or full SSNs) are transmitted directly to the secure provider via encrypted channels and are not stored in the platform's primary database.
Encryption: All data in transit is secured via TLS 1.2+ protocols.

4. Record Retention & Audit Trails

Once the wallet is created, the platform acts as the record-keeper for the lifecycle of that account.

Regulatory Retention Rules

SEC Rule 17a-4(f): The platform must retain the records of the identity verification and wallet creation timestamp in a non-rewriteable format (WORM).
FINRA Rule 4511: All electronic communications regarding the account—specifically the "Wallet Created" notification—must be archived and accessible for a minimum of five years to satisfy audit requirements.

Digital Wallet & Custodial Account Creation ​

1. Identity Verification (The CIP Requirement) ​

The "Gatekeeper" Logic ​

2. Wallet Provisioning & Data Handoff ​

The Provisioning Workflow ​

3. Data Security & Handling Standards ​

NIST 800-63B Compliance ​

4. Record Retention & Audit Trails ​

Regulatory Retention Rules ​