SGI Onboarding Kit — 45 days
Operational roadmap for integrating your SGI to Inopay's unified KYC infrastructure. Objective: first 20 KYCs in production by D+45.
Dedicated WhatsApp hotline. From the pilot agreement signature, your SGI has direct access to the Inopay product team for 30 days, 7 days a week, 9 AM-9 PM UTC.
Overview — 4 sprints
| Sprint | Week | Objective | Deliverable |
|---|---|---|---|
| Sprint 0 | Before D-0 | Scoping, signature | Pilot agreement signed, sandbox access granted |
| Sprint 1 | W1-W2 | Design review + technical integration | First test KYC passed in sandbox |
| Sprint 2 | W3-W4 | UAT + compliance | 10 acceptance KYCs validated, compliance checklist signed |
| Sprint 3 | W5-W6 | Supervised go-live | First 20 KYCs in production, daily review |
Sprint 0 — Before D-0 (preparation, 1 week)
SGI side
- Appoint a project lead (product or compliance officer profile)
- Appoint a technical contact (backend developer, familiar with REST APIs)
- Provide Inopay with: legal name, CREPMF licence number, address, billing contact, source IP for sandbox whitelisting
- Identify complementary documents/fields specific to your SGI (if applicable)
Inopay side
- Create the SGI tenant on the platform
- Generate sandbox and production API keys
- Send the welcome pack: keys + dashboard links + documentation
- Schedule the 3 sessions of sprint 1
Sprint 1 — Technical integration (2 weeks)
Session 1 · Design review (90 min)
- Presentation of the Inopay KYC investor journey
- Review of your SGI's specific needs (complementary documents, internal workflow)
- Configuration of requirements: required documents, mandatory fields, auto-approval or manual review, welcome messages
- Integration option selection: embedded (widget on your site), redirect (redirection to
kyc.inopay.com) or pure API (you own the UI)
Session 2 · Technical integration (120 min)
- Creation of a test KYC session:
POST /v1/kyc/sessions - Webhook listening: HMAC-SHA256 signature verification, event processing
- Retrieval and verification of a signed Ed25519 attestation
- Implementation of the cross-SGI portability flow (tests with a fictional tenant)
- Setup of the SGI feedback loop (webhook
kyc.validated→ your internal IS)
Session 3 · UAT kick-off (60 min)
- Sprint 1 validation: first test KYC completed end-to-end
- Sprint 2 test plan approval (10 scenarios: KYC1, KYC2, KYC3, rejection, complement, portability, revocation…)
Sprint 2 — UAT + compliance (2 weeks)
Acceptance checklist (10 mandatory scenarios)
- KYC1 auto-validated (standard diaspora investor)
- KYC2 validated after human review (complete investment profile)
- Institutional KYC3 with successful PEP screening
- KYC rejected for blurry document: clear reason returned, investor notified
- KYC with complement request: notification → investor upload → workflow resumed
- Cross-SGI portability with consent: valid signed attestation retrieved
- Portability without consent: clean rejection, no information leak
- Post-validation revocation: webhook received, access cut off
- Webhook replay attempt: invalid signature detected and rejected
- Load test: 100 concurrent KYCs, rate-limit verification
Compliance & security
- Signature of the UEMOA processing agreement (annex to the pilot contract)
- GDPR checklist (if your SGI processes EU investors): legal basis, retention periods, data subject rights
- Continuity plan: fallback procedure in case of Inopay unavailability, maintenance windows
- Internal permissions: who at your SGI accesses the dashboard and with what rights
Sprint 3 — Supervised go-live (2 weeks)
Week 5 — First 10 real KYCs
- Production activation limited to 10 KYCs/day
- Daily 15-minute review (Inopay + SGI)
- Per-KYC analysis: latency, auto-validation rate, investor comments, detected friction
- Quick adjustments on messages, fields, AI thresholds
Week 6 — Gradual scale-up
- Progressive cap lift: 50 KYCs/day, then 100/day
- Weekly 60-minute review: KPIs, incidents, roadmap
- Monthly billing begins (1st invoice at end of following month, at −50 % pilot tariff)
- Transition from WhatsApp hotline → standard email support at D+45
Dedicated contacts
| Role | Channel | Availability |
|---|---|---|
| Partnership project lead | Email + dedicated WhatsApp | 9 AM-7 PM UTC, 5 days a week |
| Integration tech lead | Email + video slots | Scheduled sessions + async support |
| Compliance & legal | Response within 24 business hours | |
| Post-golive support | partenaires@getinopay.com | Within 4 business hours (tier 2) |
| Production emergency | 30-day WhatsApp hotline | 7 days a week, 9 AM-9 PM UTC |
Success indicators at D+90
| KPI | Target |
|---|---|
| KYCs processed / month | ≥ 100 |
| Auto-validation rate | ≥ 70 % |
| KYC1 validation SLA met | ≥ 95 % |
| Investor NPS on KYC journey | ≥ 50 |
| Security incidents | 0 |
| SGI satisfaction (quarterly survey) | ≥ 8/10 |
Quarterly review. At D+90, then every quarter: progress meeting with Inopay executives, joint roadmap adjustment, product decisions.