Nova Agent#
Scope: Everything an Agent (shop owner) needs to onboard customers, handle cash-in/out, manage float, earn commissions, and stay compliant with KYC/AML. Designed for Barbados first, expandable across the Caribbean. Delivery channels:Web (v1) → Android/iOS apps, USSD, POS, APIs.
0) Document Control#
Owner: Product Manager (Agent Platform)
Audience: Product, Engineering, Compliance, CX, Field Ops
Change cadence: Update every sprint (bi-weekly)
Related docs: Nova Core Payments Spec, Merchant App Spec, Compliance Playbook, API Guide
1) Purpose & Outcomes#
Purpose: Equip agents to safely convert cash ↔ e-money, onboard & upgrade customers and act as Nova’s compliant last-mile.
T+0 reliable liquidity: ≥99.9% success on cash-in/out at P95 < 8s.
Scale: 1,000+ active agents in 6 months; median outlet uptime > 95%.
Clean compliance: 100% agent KYC; STRs filed within SLA; zero severe breaches.
Experience: Agent NPS ≥ +40; first cash-in within < 5 minutes from customer walk-in.
2) Personas & Roles#
Agent: Front-line operator (shop operator).
Super-Agent: Wholesaler of float; rebalances agents; receives override commissions. (Banks to work as super-agents)
Field Officer: recruits, trains, audits agents.
Compliance Officer: reviews escalations, approvals, STRs/CTRs.
CX (Support): dispute handling, reversals, education.
Ops/Finance: settlement, commission payouts, reconciliations.
Administration: RBAC, pricing tables, limits, suspensions and compliances.
3) Requirements (High-level)#
3.1 Functional#
F1. Agent authentication (device binding, 2FA, role-based menus)
F2. Customer onboarding (tiered KYC), upgrades, re-KYC
F3. Cash-In (deposit), Cash-Out (withdrawal)
F4. Float management (e-float, cash inventory, low-float alerts, top-up/redemption)
F5. Commissions (real-time accrual, statements, payouts)
F6. Disputes/Reversals (guided flows, evidence capture)
F7. Agent EoD (closing balance, blind count, discrepancy reporting)
F8. Training & certification (in-app courses, quiz, certificate)
F9. Compliance tooling (watchlist hit flows, EDD checklist, STR trigger)
F10. Offline-first (queue & sync; USSD fallback)
F11. Reports (today, weekly, monthly, custom CSV/PDF)
F12. Announcements (bulletins: outages, pricing, campaigns)3.2 Non-Functional#
Security: device attestation, TLS 1.2+, certificate pinning, AES-GCM keystore, encrypted at-rest caches
Availability: 99.9% app/API (monthly)
Performance: P95 txn < 3s (online), < 10s (USSD)
Resilience: idempotent APIs, at-least-once with de-dup keys
Observability: distributed tracing, audit trail (WORM), crash logs
Accessibility: WCAG AA, large text & high-contrast theme
Localization: en-BB (BBD formatting, UTC-4)
3.3 Compliance (Barbados-first)#
Agent onboarding: fit-and-proper, proof of premises, training records
KYC tiers, PoI/PoA capture, PEP/sanctions screen, periodic KYC refresh
Limits per tier, watchlist re-screen daily, STR/CTR generation & routing
Agent outlet listing & signage; fee transparency; receipt standards
Data retention & privacy: lawful basis, purpose limitation, erasure on policy
3.4 Dependencies#
4) Epics → User Stories (with Acceptance)#
Format: Story / Acceptance (Gherkin) / Edge cases
Epic A: Agent Identity & Device Security#
As an Agent, I bind one device with my account via OTP & ID check.
Acceptance
Given I enter username+password
And receive OTP on registered phone
I enter OTP on a clean device
Then the device is bound and I’m required to set a 6-digit app PIN/biometricEdge: Rooted device → block with support override; device loss → remote de-bind.
App auto-locks after 30s idle; biometric unlock enabled.Acceptance: Idle→lock; biometric→unlock; 5 failed PINs → account temporary lock & KBA.
Epic B: Customer Onboarding & KYC#
B1. Create Tier-1 wallet (basic)As an Agent, I register a customer with minimal fields to enable small limits.
Given I scan national ID (MRZ/OCR) and capture selfie
Capture phone number, DoB, address (if required), consent
When screening returns “clear” and FR match ≥ threshold
Then wallet is created; SMS OTP sent; customer sets PINEdge: Duplicate NIN → block + escalation; PEP/Match → EDD route.
As an Agent, I upgrade a customer by capturing PoA & SoF.Acceptance: Documents validated (format+freshness), address verified; limits raise.
Expiry triggers; Agent collects refreshed docs; account stays usable with temporary grace.
Epic C: Cash-In & Cash-Out#
As an Agent, I convert cash to e-money for a customer.
Given I input customer MSISDN and amount
And customer confirms via OTP (optional)
Then agent e-float decreases; customer balance increases; both receive receiptsEdge: Wrong MSISDN → confirm name preview; cash mismatch → cancel & log.
As an Agent, I pay cash against customer e-money.
Given customer presents number & ID
And initiates withdrawal on their phone or provides OTP
When I validate OTP and enter agent PIN
Then customer balance decreases; agent e-float increases; receipt printed/SMSEdge: Insufficient cash → suggest partial; PIN fail 3x → cooldown.
Agent can help elderly/assisted send P2P via “assisted mode” with customer consent.
Epic D: Float & Liquidity#
D1. View float & cash targetsDashboard shows e-float, suggested cash drawer min/max, low-float alerts.
Agent requests top-up from Super-Agent/Bank; generates payment ref; ledger locks until settlement; auto-apply on confirm.
Agent sells e-float for bank credit/cash pickup; SLA D+0/D+1.
Epic E: Commissions#
Commission per eligible txn visible instantly; period summary, payout status.
Acceptance: Commission table matches tariff; negative adjustments shown.
Weekly auto-payout to agent wallet; statement export (CSV/PDF).
Epic F: Disputes & Reversals#
Guided wizard: type, counterparty, amount, evidence (photo, notes).
Acceptance: Ticket ID; SLA timer; status updates; customer notified if impacted.
For erroneous deposits: within X minutes, if untouched, instant reversal; else CX review.
Epic G: Training & Certification#
Micro-courses: AML basics, KYC capture, safety; quiz pass ≥80% to unlock features.
Outlet prints “Authorized Agent” certificate; QR to verify status.
If PEP/sanctions match, app blocks wallet creation & opens EDD checklist.
Threshold triggers auto-draft; Agent adds narrative; Compliance submits to FIU.
Epic I: Reports & EoD#
Blind cash count; system expected vs counted; discrepancy logged with reason codes.
I2. Reports
Today/Week/Month, top services, cash/float curve, export CSV/PDF.
Epic J: Offline & USSD#
Cash-in/out vouchers (QR/short code) generated offline; 30-min TTL; sync executes.
*XXX# → 1) Cash-in 2) Cash-out 3) Float 4) EoD 5) Help; PIN at final step.
5) Processes (step-by-step)#
5.1 Agent Onboarding (by Field Officer)#
1.
Application → KYC (ID, PoA, photo of storefront) → Fit & Proper check
2.
Contract e-sign → Training → Certification quiz
3.
Device binding → Outlet branding (signage, fee poster)
4.
Initial e-float purchase → Go-live
5.2 Customer Registration (at Agent)#
1.
Collect consent → Scan ID → Selfie → Address, phone
2.
System screens (PEP/sanctions, duplicates)
3.
Create wallet → SMS OTP → Set PIN
4.
Optional: immediate cash-in
5.3 Cash-In#
1.
Enter MSISDN & amount → show customer name preview
2.
(Optional) Customer approves OTP on their phone
3.
Agent PIN → Success receipts (SMS & on-screen)
4.
E-float− / Customer balance+; Commission accrues
5.4 Cash-Out#
1.
Customer requests; shows ID; agent inputs MSISDN & amount
2.
Customer enters OTP/PIN on their device (or agent’s CMA / secure pad)
3.
Agent PIN → Cash paid; e-float+ / customer−; receipts
5.5 Float Top-Up / Redemption#
Top-Up: choose source (Super-Agent/Bank), amount, receive ref; settle; apply.
Redeem: choose destination (Bank/Super-Agent), amount; SLA status visible.
5.6 End-of-Day (EoD)#
1.
Announce closing → Disable new txns → Blind cash count
2.
System expected vs counted → Reason codes for delta
3.
Submit; lock EoD report; send to Ops/Compliance
6) Data Model (simplified)#
Agent {id, outlet_id, person_id, status, roles[], limits, device_fingerprint, training_status}
Outlet {id, address, geo, signage_url, super_agent_id}
Wallet {id, owner_type(agent|customer|merchant), owner_id, balance, tier, status}
Txn {id, type(cashin|cashout|p2p|c2b...), amount, fees, commission, from_wallet, to_wallet, state, created_at, idempotency_key}
FloatLedger {id, agent_wallet_id, delta, reason(topup|redeem|txn), ref}
Commission {id, agent_id, txn_id, amount, schedule_id, paid_at}
KYCProfile {id, subject_type(agent|customer), docs[], selfie, result, risk_score, refreshed_at}
AMLAlert {id, subject_id, trigger(rule_id), status, str_id?}
AuditEvent {id, actor, action, entity, before, after, ip, device, ts}
Dispute {id, txn_id, opened_by, type, evidence[], status, resolution}
7) API Contracts#
All requests carry X-Agent-Id, X-Device-Id, mTLS; OAuth2 client creds + agent JWT; use Idempotency-Key.
Auth#
POST /agent/auth/login
{ "username": "...", "password": "...", "otp": "123456", "device_info": {...} }
→ { "token": "jwt", "agent": {...}, "rBAC": [...] }
Customer KYC#
POST /kyc/customers
{ "msisdn":"1246...", "id_type":"NID", "id_front":"s3://...", "id_back":"...", "selfie":"...", "address":{...}, "consent":true }
→ { "customer_id":"...", "wallet_id":"...", "tier":"T1", "status":"active" }
Cash-In#
POST /txns/cashin
{ "customer_msisdn":"1246...", "amount": 50.00, "confirm_via":"otp", "idempotency_key":"..." }
→ { "txn_id":"...", "state":"posted", "receipts":{ "agent":"...","customer":"..." } }
Cash-Out#
POST /txns/cashout
{ "customer_msisdn":"1246...", "amount": 80.00, "customer_otp":"948201", "idempotency_key":"..." }
→ { "txn_id":"...", "state":"posted" }
Float Top-Up#
POST /float/topup
{ "source":"super_agent", "amount":1000.00 }
→ { "instruction_id":"...", "status":"pending_settlement" }
Commissions#
GET /agents/{id}/commissions?period=2025-08
→ { "total": 243.50, "lines":[{ "txn_id":"...", "amount":0.40, "type":"cashin"}] }
Dispute#
POST /disputes
{ "txn_id":"...", "type":"wrong_beneficiary", "notes":"...", "evidence":["s3://..."] }
→ { "case_id":"...", "status":"open" }
8) Security & Risk Controls#
Device: Play Integrity / DeviceCheck attestation; root/jailbreak detection; secure keystore; clipboard off on sensitive inputs.
Identity: 2FA (OTP), app PIN/biometric, session timeouts, geo-IP anomaly alerts.
AuthZ: fine-grained scopes (e.g., cashout:execute, kyc:upgrade), ABAC by outlet.
Transactions: limits by tier; velocity checks; name preview on MSISDN; OTP on withdrawals; dual-control for high amounts.
Comms: TLS + cert pinning; SMS masking; receipt redaction.
Privacy: data minimization; redaction in logs; role-based PII access; retention policies.
Fraud: rules engine (structuring, burst txns, midnight cashouts), risk scores, cooldowns, temporary holds.
Audits: WORM audit events; tamper-evident hashing; monthly compliance review.
9) Operations & Support#
Monitoring: txn success rate, float shortages, OTP latency, crash-free sessions, USSD failures; alerts to Ops/On-call.
EoD Reconciliation: agent closeout vs ledger; deltas auto-ticketed.
Incident Response: sev ladder (P1=outage, P2=degradation, P3=data issue); runbooks; comms template to agents.
Business Continuity: USSD fallback if app/API down; offline vouchers; paper receipt pads as last resort.
Comms: in-app bulletins for outages/tariff updates; emergency SMS blast.
10) UX Modules (MVP → v2)#
Home: float/cash snapshot, low-float banner, quick actions.
Onboard: KYC capture (ID scan, selfie, docs), screening result, PIN setup handoff.
Cash-In/Out: numeric pad, name preview, OTP step, receipt share/print.
Float: top-up, redeem, history, supplier list (bank/super-agent), SLAs.
Commissions: real-time tally, rate card, payout calendar, statements.
Disputes: guided wizard, evidence capture, statuses.
Training: course cards, quiz, certificate QR.
Reports: day/week/month, filters, CSV/PDF export.
Settings: device, language, contact support, legal, sign-out.
“Cash-In flow” storyboard (4 screens)
“Float Top-Up” + “Low Float Banner”
“KYC Document capture guidelines” (angles, glare)
*XXX# (Agent)
1 Cash-In
2 Cash-Out
3 Float
4 End-of-Day
5 Help
#1 Cash-In
Enter Customer Number:
Enter Amount:
Confirm [CustomerName] 50.00? (1)Yes (2)No
Enter Agent PIN:
Success: TxnID 7F2A • Bal +50.00
12) KPIs & Analytics#
Liquidity: % low-float alerts resolved < 60m; avg float days-of-cash
Throughput: txns/outlet/day; P95 latency; failure rate by cause
Compliance: KYC defect rate; watchlist hit handling time; STR SLA
Quality: dispute rate/1k txns; reversal success window utilization
Engagement: active agents (7/30d), training completion, NPS
Revenue: commission/agent/week; mix (cash-in/out vs c2b); payout accuracy
13) Agile Delivery Plan#
13.1 Definition of Ready (DoR)#
User story with business value, acceptance criteria, UX notes, dependencies identified, data contract sketched, monitoring defined.
13.2 Definition of Done (DoD)#
Code+tests merged; feature flagged; logs/metrics/alerts in place; security reviewed; docs updated; UAT signoff; rollout playbook written.
13.3 Release Slices (example)#
Device bind & login (A1/A2)
Cash-In basic (C1 online path)
KYC Tier-1 minimal (B1 skeleton)
Observability baseline (latency, errors)
Commissions accrual view (E1)
KYC upgrade (B2), watchlist flow (H1)
Float top-up (D2) + low-float alerts
Training & certification (G1/G2)
13.4 RACI (excerpt)#
Product: R (backlog, priorities)
Engineering: R (build), A (quality)
Compliance: A (policies), C (flows)
Field Ops: R (recruit/train), C (feedback)
CX: R (disputes), C (content)
Finance/Ops: A (settlement), C (commissions)
13.5 Risks & Mitigations#
Float shortages → predictive alerts, super-agent SLAs, dynamic limits
Fraud/social engineering → name preview, OTP on cash-out, scripts for agents
Network outages → USSD & offline vouchers, store-and-forward
KYC capture quality → on-device doc quality checks, retake prompts
14) Checklists#
14.1 Agent Go-Live Kit#
14.2 Daily Open/Close#
Open: login → float & cash verify → printer paper check → test SMS
Close: blind cash count → EoD submit → safe lock → sync offline queue
14.3 Security#
App PIN set; biometric enabled; no device sharing; screen lock 30s; biannual password change; report device loss immediately.
15) Tariffs & Commissions (example – to be finalized)#
Cash-In: Free to customer; agent earns commission tiered by slab.
Cash-Out: Customer pays fee by bands; agent earns % of fee.
P2P: Small sender fee (promo-free at launch).
Bill Pay/C2B: Customer free; merchant pays MDR; no agent commission.
Commission payout: Weekly to agent wallet; negative adjustments visible.
16) Content & Training (in-app microcourses)#
AML basics (10 min): red flags, reporting lines, no-tipping-off.
KYC capture (12 min): doc quality, selfie guidance, PoA freshness.
Cash handling (8 min): counterfeit spotting, drawer discipline.
Customer care (8 min): scripts for common issues, accessibility needs.
17) Glossary#
MSISDN: Mobile number identifier
E-float: Electronic float the agent holds to service transactions
STR/CTR: Suspicious/Threshold Transaction Report
EDD: Enhanced Due Diligence
PEP: Politically Exposed Person
Appendix A — Field Texts & Receipts (samples)#
Nova: You received BBD 50.00 from AGENT 1024. Bal: 212.40. Txn: 7F2A.
Nova: Cash-out BBD 80.00 for 1246xxxxxxx. Your e-float +80.00. Txn: 91BD.
Appendix B — Limits (illustrative; configurable)#
Tier-1: Max bal 1,000 BBD; daily txn 1,000 BBD; single cash-out 500 BBD
Tier-2: Max bal 5,000; daily 5,000; single 2,000
Tier-3: As approved; EDD required
Appendix C — QA Scenarios (smoke)#
Create Tier-1, fail on duplicate ID → error & escalation path shown
Cash-In normal; idempotency replay → 409 with original txn returned
Cash-Out wrong OTP → decline; cooldown after 3 attempts
Float top-up pending → transaction blocked with actionable message
EoD discrepancy → ticket auto-created; next-day follow-up
What we’ll need from Engineering to start#
Feature flags: cashin, cashout, kyc_t1, float_topup, commissions_v1, eod_v1, ussd_agent_v1
API stubs + idempotency library; audit events schema; risk rules v1; KYC vendor SDK; SMS/USSD connectors; S3 (doc storage) with pre-signed URLs.
Modified at 2025-08-21 15:02:56
