Recommended flow for your case (simpler and safer):

1. Company submits registration form → status = "pending"

2. Admin verifies registration proof and other details

3. Admin changes status to "approved" → now the company can log in

4. Optional: send email notification to company when approved

So OTP verification is not mandatory if your main verification is admin approval.

If you want, I can update your registration component to handle pending status instead of OTP flow. This way it aligns with your admin verification workflow.

Do you want me to do that?