Compliance Status
The Compliance Status API lets you check whether an individual or a business is
compliant according to the risk monitoring configured for your company in
Taktikal. It surfaces PEP hits, outstanding requirements (such as AML or MiFID
flows that have not been completed), and an overall is_compliant flag that you
can use to gate onboarding or transaction flows.
Two endpoints are available, one for individuals and one for businesses.
Endpoints
GET /api/management/compliances/individuals/status
GET /api/management/compliances/businesses/status
Individual Compliance Status
Returns the compliance status of a single person, identified by their SSN or email + phone. The response reflects the person's standing against your company's compliance configuration — PEP/sanctions screening, AML/MiFID requirements, and any other risk monitoring you have enabled.
Request
GET /api/management/compliances/individuals/status
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
Ssn | string | No | The individual's SSN (kennitala) |
Email | string | No | Email address of the individual. |
Phone | string | No | Phone number of the individual. |
Example Request
curl --location 'https://onboarding.taktikal.is/api/management/compliances/individuals/status?email=jon@example.com&phone=5551234' \
--header 'Authorization: Basic YOUR_BASE64_ENCODED_CREDENTIALS'
Response
{
"pep_found": false,
"status": "compliant",
"status_messages": [],
"requirements": [],
"is_compliant": true
}
Response Fields
| Field | Type | Description |
|---|---|---|
pep_found | boolean | true if the person matched a PEP or sanctions list |
status | string | Overall status. "compliant" means the person meets all requirements; any other value indicates an issue (see status_messages) |
status_messages | array of string | Human-readable reasons when the person is not compliant (see values below) |
requirements | array | Compliance flows the person still needs to complete. Present when status_messages contains "does not meet all requirements" or "missed due dates" |
requirements[].compliance_type | string | Type of requirement: "PEP", "AML", or "MIFID" |
requirements[].answered_date | string (ISO date) | null | When the requirement was last answered |
requirements[].next_date | string (ISO date) | null | When the requirement is next due |
requirements[].flow_key | string | Key of the Taktikal flow that fulfills this requirement |
is_compliant | boolean | Shortcut for status === "compliant" |
Possible status_messages Values
| Message | Meaning |
|---|---|
pep found | The individual matched a PEP list |
has not been risk evaluated | Your company has not completed a risk evaluation for this person yet |
missed due dates | One or more recurring requirements are overdue |
does not meet all requirements | The person has open requirements that must be completed — see the requirements array for the relevant flows |
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Status retrieved successfully |
| 401 | Missing or invalid credentials |
| 404 | The individual was not found in your company's compliance records |
A 404 means the person has never been registered in compliance for your
company. This is expected for first-time users and typically means you need to
route them through your onboarding requirement flows before the compliance check
can succeed.
Business Compliance Status
Returns the compliance status of a legal entity (business), identified by its
registration SSN (kennitala). The response shape is nearly identical to the
individual endpoint, minus the pep_found flag.
Request
GET /api/management/compliances/businesses/status
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
Ssn | string | No | The business's SSN (kennitala) |
Name | string | No | Name of the business. |
Example Request
curl --location 'https://onboarding.taktikal.is/api/management/compliances/businesses/status?name=Acme%20ehf.' \
--header 'Authorization: Basic YOUR_BASE64_ENCODED_CREDENTIALS'
Response
{
"status": "compliant",
"status_messages": [],
"requirements": [],
"is_compliant": true
}
Response Fields
| Field | Type | Description |
|---|---|---|
status | string | Overall status. "compliant" means the business meets all requirements |
status_messages | array of string | Reasons why the business is not compliant, if any |
is_compliant | boolean | Shortcut for status === "compliant" |
HTTP Status Codes
| Code | Description |
|---|---|
| 200 | Status retrieved successfully |
| 401 | Missing or invalid credentials |
| 404 | The business was not found in your company's compliance records |