<aside> ℹ️

The FAQ here are intended for CARO users and people who have already had some exposure to CARO. If you have just discovered CARO, you might find the introductory resources on our website helpful to get started.

</aside>

CARO usage

Which entity should we use for credentialing?

If your enterprise consists of more than one entity, you will need to choose one that is to represent the corporate ATP status. However, we cannot advise on the choice of entity for ATP credentialing.

In the end, your compliance team must be comfortable with the following decisions:

with which corporate identity you appear in VRS interactions and
to which entities you give permission to utilize that corporate identity.

A way of thinking about this is to start at the end of the process: For which entity can you prove ATP status? Then this entity will also need to undergo identity proofing bearing in mind that:

the entity for the Identity and ATP credentials must be related;
the entity name and address across all documents must match;
the individuals submitting the documents must be authorized to act on behalf of that entity.

Your VRS set-up may also help you decide, as it makes sense to use the same entity for credentialing as you use with your VRS.

I have my first set of credentials! How does credential renewal work?

As far as regular renewals of your Identity and ATP credentials are concerned, your work is done.

For as long as you maintain your contract and subscription payments with us, your credentials will be monitored and re-issued in the background. We will only need to involve you in further due diligence activities if something changes about your company that affects the validity of the credentials. If we detect anything like that, you will hear from us.

What details are captured by CARO's audit log?

CARO offers two audit logs. One captures transaction details, such as transaction ID, time, type, status, interacting parties. The other log captures user activity, so you always know who did what when in your CARO Enterprise Account. These data are securely stored in a non-public database.

What data are stored on the blockchain?

CARO stores an enterprise's unique Decentralized Identifier (DID) on the Ethereum blockchain. The DID leads to the DID document, which may contain details on how to contact you through your CARO account (a so-called endpoint). This enables certain types of information exchange with your trading partners for a variety of business interactions.

Are a Trading Partner's licenses visible in the electronic credentials?

No. Any organizational or licensing documents submitted during the credential application process are used for due diligence by the Credential Issuer but will not be disclosed in the electronic credentials.

Do I have to upload all my trading partners to set up CARO?

If you use CARO only for VRS interactions, you do not need to pre-populate CARO with your business partners. The list of trading partners within CARO will grow organically as interactions with your CARO Enterprise Account happen through the VRS network. The use of verifiable credentials by CARO caters for the underlying due diligence and capturing of salient counterparty details in your audit log by design. Refer to Trading Partners.

If you use CARO for entity master data management, it is advisable to set up your contact list with all relevant business partners to enable monitoring. Refer to: