> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lumx.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Request for Information

> Respond to additional information requests during verification

A Request for Information (RFI) is how Lumx's compliance team asks for missing or corrected details during a KYC/KYB review, account provisioning, or transaction monitoring. Instead of rejecting outright, the affected object pauses and waits for you to submit what's needed. RFIs can be raised at three levels: customer, account, and transaction.

## Customer RFI

When compliance needs additional or corrected information on a customer's KYC/KYB review, the customer moves to `RFI`. The `statusReason` payload spells out which documents or fields are at issue.

### Trigger

Subscribe to the `customer.rfi` [webhook](/developer/webhooks#available-events) to be notified the moment the customer enters this state.

```json customer.rfi event (excerpt) theme={null}
{
  "eventType": "customer.rfi",
  "data": {
    "customerId": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "status": "rfi",
    "statusReason": {
      "rejectLabels": ["DOCUMENT_QUALITY"],
      "rejectSubLabels": ["DOCUMENT_BLURRY"],
      "documents": [
        {
          "type": "PASSPORT",
          "status": "DECLINED",
          "comment": "Document is blurry and illegible",
          "rejectLabels": ["DOCUMENT_QUALITY"]
        }
      ]
    }
  }
}
```

### Inspecting what's needed

`statusReason` has top-level `rejectLabels` and `rejectSubLabels` describing what went wrong, plus a `documents` array with per-document issues. If the rejection involves an associated party (UBO, shareholder, representative), that party shows up under `associatedParties` with its own `statusReason`.

You can also read the customer at any time to see the current state and labels:

```bash Request theme={null}
curl https://api-sandbox.lumx.io/customers/3c90c3cc-0d44-4b50-8888-8dd25736052a \
  -H "Authorization: Bearer YOUR_API_KEY"
```

### Resolving the RFI

To resolve a customer RFI, re-submit the corrected information through the same endpoints used during the original onboarding and then start a new verification:

1. If additional information needs to be corrected, send `PATCH /customers/{id}/additional-information`.
2. If a document needs to be replaced, send `POST /customers/{id}/documents`.
3. If an associated party's documents are flagged, re-upload via the associated-party endpoints.
4. Start a new verification with `POST /customers/{id}/verifications`.

The customer moves back into `UNDER_VERIFICATION`. On approval you'll get `customer.approved`. If more issues are found, you'll get another `customer.rfi`. See [Business verification](/guides/business-verification#handling-rejections) for the end-to-end resolution example.

<Warning>
  A `FINAL_REJECTION` is permanent. The customer can't resubmit and can't be re-verified.
</Warning>

## Account RFI

Virtual accounts go through their own verification after a customer is approved. When compliance needs more information to provision an account, its status moves to `RFI`.

### Trigger

Subscribe to the `account.rfi` [webhook](/developer/webhooks#available-events).

```json account.rfi event theme={null}
{
  "eventType": "account.rfi",
  "data": {
    "id": "ce4c89f3-60f2-45a3-9de7-415a462dd95c",
    "customerId": "96fec1e2-78d9-4978-813d-674bba64020d",
    "status": "RFI",
    "currency": "USD"
  }
}
```

### Resolving the RFI

When an account enters `RFI`, Lumx's compliance team reaches out on your usual channel (email or Slack) with the specific information needed. You respond on the same channel. Once compliance reviews it, the account moves back through `PROVISIONING` and emits `account.active` when it's ready to receive funds.

<Info>
  An API-driven flow for account RFIs is coming. Until then, resolution stays on email/Slack.
</Info>

## Transaction RFI

On-ramps and off-ramps flagged by Lumx's transaction monitoring are put on hold pending review. Holds prevent fraud and money laundering and protect Lumx's relationship with its banking partners.

### Resolving the RFI

Compliance manually reviews the flagged transaction. If it isn't a false positive, they reach out on your usual channel (email or Slack) with the transaction details and an RFI. They usually ask for:

* The relationship between the sender and the receiver.
* The purpose of the transaction.
* The expected outcome.
* Any other context that helps clarify what's going on.

Once you provide the information, compliance reviews it and decides whether to release the transaction.

<Warning>
  If you don't respond within 24 hours, the transaction may be refunded to the sender.
</Warning>

<Info>
  An API-driven flow for transaction RFIs is coming. Until then, resolution stays on email/Slack.
</Info>

## Related resources

<CardGroup cols="2">
  <Card title="Identity Verification" href="/compliance/identity-verification">
    Data requirements and verification statuses.
  </Card>

  <Card title="Source of Funds and Wealth" href="/compliance/source-of-funds">
    Documentation accepted to verify source of funds and wealth.
  </Card>

  <Card title="Webhooks" href="/developer/webhooks">
    Full list of customer and account events.
  </Card>

  <Card title="Business verification" href="/guides/business-verification">
    End-to-end onboarding flow for business customers.
  </Card>
</CardGroup>
