Wipro HOLMES - Automated Enterprise KYC

End to End automation of Know-Your-Customer and Know-Your-Vendor processes for compliance purposes, including: extracting data from input documents, searching the internet and checking public record sources to compile the information needed for compliance checks and generating a report of the same without human intervention or manual effort.


  • Aggregates relevant documents from public and private sources
  • Extracts attributes, information and evidence in a contextual manner
  • Connects with user’s document repositories and master data
  • Annotates source documents for ease of verification by checker
  • Audit trail and evidence generation of every step
  • Natural language and unstructured data processing
  • Machine learning capbilities to improve system accuracy


  • Enhanced customer experience
  • Automates document intensive manual operations
  • New customer onboarding time drastically reduced
  • Cut down on paid data costs
  • Minimises client outreach to get compliance information
  • Reduce dependency on skilled resources
  • Reduces KYC processing cost drastically
  • Improves compliance and scalability


£5 per transaction per day

  • Education pricing available

Service documents

G-Cloud 10



Ravindra Vitankar



Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Deployment will take 4-6 weeks initially. No other constraints once service is running.
System requirements
  • 4 Windows servers
  • 1 Linux server
  • AWS cloud access

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Email support - responded to within 1 business day.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels L1-L4 support on email and phone - at no cost throughout license period. Onsite support at extra cost - limited availability at £75 per hour. Cloud support engineers not provided as service runs on AWS cloud. Technical account manager provided and will be the main point of contact for support.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started User manuals will be provided, and telephonic support/training sessions can be provided during deployment.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Users always keep their data, Holmes EKYX service doesn't store any data, therefore no extraction of data required.
End-of-contract process The EKYC service is Intellectual Property of Wipro Holmes and will be provided as a service till the end date of the contract only.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Firefox
  • Chrome
Application to install No
Designed for use on mobile devices No
Accessibility standards None or don’t know
Description of accessibility No images as part of the service itself, text only, for input and output. Two instances of user input - 1. user inputs text (organisation name to check) into the application; once reports are generated and features extracted, user can review and correct information by editing text fields.
No other input required from the user.
Accessibility testing None as yet.
What users can and can't do using the API We provide REST APIs that can be integrated with various backend services but end users cannot set up nor make changes to the API. Users can request changes to the API and the Wipro Holmes development team will make these changes on their behalf.
API documentation Yes
API documentation formats Open API (also known as Swagger)
API sandbox or test environment No
Customisation available Yes
Description of customisation What: fields and attributes extracted from source documents, user interface, report structure, sources - internal organisational documents, web sources, and more.

How: All customisations need to be requested through the specified person of contact, which may be a client partner or project manager. These customisations will require development efforts and training of the machine learning components, which will be done by the Holmes development team.

Who: All customisation will be carried out by the Holmes backend development team - buyers and users can only request customisations.


Independence of resources Instance of the system deployed will be independent for each user.


Service usage metrics Yes
Metrics types Reports on number of entities and features extracted, sources used, and time taken to generate final report can be generated as required.
Reporting types Reports on request


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach In-house
Protecting data at rest Other
Other data at rest protection approach Data not stored anywhere on the service so no data protection required. Data only stored for the duration of processing to create final report.
Data sanitisation process No
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Data and reports generated can be directly downloaded from the application in PDF format. APIs can also be created to export data into linked systems if required.
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats
  • CSV
  • Other
Other data import formats
  • PDF
  • XLS

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network Other
Other protection within supplier network Only one instance of the application will be deployed and run only on user network, therefore no need for protection in Wipro network.

Availability and resilience

Availability and resilience
Guaranteed availability System downtime is within 1 business day. Other than this, service levels will be decided as per agreement with the client.
Approach to resilience Available on request.
Outage reporting Email alerts will be sent to stakeholders for planned outages in advance and unplanned outages when they occur.

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication Username or password
Access restrictions in management interfaces and support channels User access only provided to set list of users, with administrative access provided to management if required.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications VAPT (Vulnerability Application Penetration Testing) with PWC

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes ISO 27002 provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). ISO 27001 relates to certification requirements for the implementation of an information security management system (ISMS). Wipro's Information Security Management System is certified against international standard ISO27001:2013.
We have adopted the implementation of ISO27001 based Information Security Management System (ISMS) as the baseline for all Customers.
Customer specified security requirements that are over and above Wipro’s information security practices coexist as additional controls to provide a highly controlled environment for processing Customer information or managing information processing systems. These mutually agreed upon controls will be documented in the ODC Security document and implemented during the roll-out.
Wipro's Information Security Management System is successfully re-certified against international standard ISO27001:2013

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach A prioritisation model is followed for change requests, with any changes to systems will be tracked and documented. Impact assessments are carried out on any major changes. Security impact tracked by the Risk and Compliance team.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Depending on criticality of the threat, the impact will be assessed and patches deployed within 1 business day for most threats. Threats are monitored by the Risk and Compliance team.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Protective monitoring process are decided by the Risk and Compliance team, and may be subject to change to tailor as required by the client or user.
Incident management type Supplier-defined controls
Incident management approach The user can utilise support channels of email and telephone to report incidents. A DIY user manual on how to resolve common events and incidents will be provided during deployment.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £5 per transaction per day
Discount for educational organisations Yes
Free trial available No

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑