Velocity Capital Onboarding
The Pipeline · A full walkthrough of the onboarding product
Back to lobby
Product walkthrough · For management & compliance

The onboarding pipeline, end to end.

This page walks through every stop on the client onboarding pipeline — what the client sees, what compliance does, what the system records, and which regulation each step is built around. It is the document compliance can hand to their own auditor.

§ 1 — What this product is

A configurable, whitelabeled client onboarding platform for broker-dealers and RIAs.

One application replaces the patchwork of PDF forms, DocuSign envelopes, KYC vendor portals, and email approval threads that most firms still use. Compliance configures the flow per client type. Clients move through a guided wizard. Reviewers approve or reject from a single workbench. Every step is recorded as immutable audit evidence.

The product ships with four client-type templates out of the box — Professional Trader, Hedge Fund, Intro Broker-Dealer, and Retail — and the Admin Console lets compliance reshape any of them without engineering involvement.

§ 2 — Who uses it

Three personas, three views, one source of truth.

Compliance Admin

Configures the document set, form questions, KYC requirements, eSign templates, and disclosures per client type. Publishes versioned configurations.

Client

Receives an invite, completes a guided wizard, finishes identity verification in-browser, eSigns documents inline, and submits the application.

Compliance Reviewer

Works the queue: reviews applicant data, KYC results, signed documents, and either approves, rejects, or requests more info — all signed and audit-logged.

§ 3 — The six-stop pipeline

From invite to activation in one continuous record.

Invite
Wizard
KYC
eSign
Review
Activation

Each stop produces its own audit row. The application's full history is a deterministic sequence of those rows, joined by application_id.

§ 4 — Stop 1 · Invite

The client receives a one-time invite link tied to a specific client type.

Compliance dispatches the invite from the Admin Console or via an upstream CRM. The link encodes the client type, the published configuration version, and a single-use token. Opening the link creates an applicant record and starts the session.

FINRA 4512(a)(1)(C) · Account opening trigger Account-opening data collection is timestamped from the moment the client begins the application — not when they submit it.
"event": "invite.opened", "applicant_id": "app_8f3a...", "client_type": "pro_trader", "config_version": 14, "opened_at": "2026-06-21T18:34:00Z"
§ 5 — Stop 2 · Wizard

The wizard branches into three paths based on client type.

Institutional path

Pro Trader, Hedge Fund, Intro BD. 9 steps. Embedded at /m/portal.

Retail path

Individual, joint, UGMA, IRA. Step sequence varies by account type. Embedded at /m/retail.

Intro BD path

Same 9-step institutional shell, with additional NAA / MGN / W-8 documents bound to the BD entity.

The 9 institutional steps

1 · Select Account Type
Tell us what kind of account you'd like to open. This selection drives every downstream branch — selecting retail redirects to the retail wizard.
2 · Personal Information
Legal name, identity details, contact info. AI prefills fields when an upstream profile is available.
3 · Employment & Financial Profile
Employment status, employer, income source, net worth, liquid assets. Required by FINRA Rule 2111 for suitability.
4 · Trading Experience
Years of experience, options eligibility, margin eligibility. Drives downstream document requirements (options disclosure, margin agreement).
5 · Identity Verification (KYC)
In-browser identity verification via Hyperverge. Document capture + selfie + liveness check. Takes ~2 minutes.
6 · Tax Certification
US persons: W-9 inline. Foreign persons: W-8 routed to velocity-w8w9.vercel.app. Required by IRS § 1441 / FATCA.
7 · Regulatory Disclosures
Per-disclosure acknowledgments, time-stamped. Required by Reg BI · Disclosure Obligation.
8 · eSign Documents
Inline signature pad. Documents signed in a single envelope using CleverAlpha's eSign engine — not DocuSign.
9 · Confirmation
Submission acknowledgment + expected timeline. Application moves to the compliance queue.
§ 6 — Stop 3 · KYC

Identity verification happens in the browser — no portal redirect.

Hyperverge is embedded as a component (originally from CleverAlpha-2.0). The flow: document capture (driver's license, passport, or state ID) → face match selfie → liveness check. Result returns synchronously. If the result is pending_review, the wizard pauses and notifies compliance.

USA PATRIOT Act § 326 · Customer Identification Program Firms must verify the identity of any person seeking to open an account. The CIP must include name, DOB, address, and identification number — plus reasonable belief that the firm knows the customer's true identity. The Hyperverge result satisfies the "reasonable belief" component.
BSA / OFAC screening Each applicant is screened against OFAC, PEP, and adverse-media lists. Hits route to enhanced due diligence in the Compliance Dashboard.
"event": "kyc.completed", "applicant_id": "app_8f3a...", "vendor": "hyperverge", "result": "passed", "document_type": "drivers_license", "face_match_score": 0.97, "liveness_score": 0.99, "sanctions_hit": false
§ 7 — Stop 4 · eSign

CleverAlpha's own eSign engine — not DocuSign.

This is a deliberate architectural choice. CA's eSign engine (SACompliance/ESign on the admin side, ESignUser on the client side) lets the firm own the audit envelope, control the signature ceremony, and avoid the per-envelope vendor fees of DocuSign/HelloSign/Adobe Sign.

Documents bound to each client type are signed in a single envelope. Field positions are mapped in the Admin Console's eSign template editor. The signature pad captures stroke timing, IP, and user-agent. The completed envelope is sealed with a SHA-256 hash and written to immutable storage.

ESIGN Act (15 U.S.C. § 7001) · UETA Electronic signatures are legally equivalent to handwritten signatures when the signer intends to sign, consents to electronic signing, and the signature is associated with the record. The signature ceremony in this product is built to record all three.
SEC Rule 17a-4(f) · WORM storage Signed envelopes are stored in write-once-read-many storage for 6 years.
§ 8 — Stop 5 · Compliance Review

One workbench, one decision per row.

The Compliance Dashboard (/m/compliance) is the principal's surface. Live counts of queue depth. Filterable table. Slide-out drawer for full applicant detail. Three terminal actions: Approve · Request Info · Reject.

The Ops View (/m/ops) is the same surface with decision controls removed — for SLA monitoring without approval authority.

FINRA 4512(c) · Principal approval No account may be opened without principal approval. The reviewer's identity, basis for approval, and timestamp are recorded as part of the immutable audit trail.
"event": "compliance.approved", "application_id": "VEL-009", "reviewer_id": "user_principal_42", "basis": "KYC passed, all docs signed, suitability met", "prior_hash": "sha256:9c8b3...", "this_hash": "sha256:a14f7...", "acted_at": "2026-06-21T18:34:00Z"
§ 9 — Stop 6 · Activation

Approval fires a chain of one-shot events.

§ 10 — Audit trail

Every field recorded, with retention and lineage.

Every step writes a row to its dedicated Supabase table. Rows are joined by application_id. Critical events are hash-chained (each row's hash includes the prior row's hash) so any tampering is detectable.

onboarding_configs
Versioned configurations published by compliance admins. Columns: id, client_type, version, document_set, form_questions, logic, published_by, published_at. Retention: 6 years.
applicants
One row per client. Columns: id, email, client_type, config_version, invite_token_hash, opened_at. Retention: 6 years.
onboarding_drafts
Per-step persisted answers. Columns: applicant_id, step, payload, completed_at. Retention: 6 years.
kyc_results
Hyperverge results. Columns: applicant_id, vendor, result, document_type, face_match_score, liveness_score, sanctions_hit, raw_payload_redacted. Retention: 6 years.
esign_envelopes
Sealed envelopes. Columns: applicant_id, document_ids, signature_strokes, signed_ip, signed_ua, envelope_hash, storage_uri. Retention: 6 years, WORM.
compliance_actions
Reviewer decisions. Columns: application_id, reviewer_id, action, basis, prior_hash, this_hash, acted_at. Retention: 6 years, hash-chained.
§ 11 — Regulatory mapping

Every step ties to a documented rule.

Pipeline stopRuleWhat it requiresHow we satisfy it
Invite / WizardFINRA 4512Customer account information at openingSteps 2–4 collect & persist
WizardFINRA 2090Know Your CustomerStep 2 identity, step 3 financial profile
WizardFINRA 2111SuitabilityStep 3 + step 4 drive suitability profile
KYCPATRIOT Act § 326Customer Identification ProgramStep 5 Hyperverge in-browser verification
KYCBSA / OFACSanctions screeningOFAC, PEP, adverse-media screening on Step 5
TaxIRS § 1441 / FATCATax certificationStep 6 W-9 inline / W-8 routed
DisclosuresReg BIDisclosure ObligationStep 7 per-disclosure acknowledgment
eSignESIGN Act / UETAElectronic-signature equivalenceStep 8 signature ceremony + envelope hash
ReviewFINRA 4512(c)Principal approvalCompliance Dashboard approve action
AllSEC 17a-3 / 17a-4(f)Books and records, WORMHash-chained audit trail, 6-year retention
§ 12 — Whitelabel

What you can rebrand for Velocity Capital.

SurfaceWhere it livesEffort
Brand colorsvelocity-brand.css — three CSS variables5 min
Wordmark / logoReplace .vc-wordmark markup or swap ca-logo.png15 min
Display copyPer-page <h1> / vc-lead text30 min
Email sender / fromNotification config in Admin Console → Notifications5 min
eSign templateAdmin Console → eSign Templates → mapperper template
Regulatory citationsHand-edited in m-*.html narrative panels and /explainer sectionsper change
Custom domainVercel project → Settings → Domains5 min

Every red and white surface in this explainer is tagged with data-velocity-brand so a future find-and-replace can swap branding in one pass without touching content.