In 2026, the speed of business is no longer a metric – it is becoming a vulnerability. As financial institutions race toward sub-second onboarding and frictionless global transfers, they have entered an escalating arms race with adversaries leveraging generative AI and synthetic identities.
The traditional KYC checkbox if not already dead, is dying, and is rendered obsolete by deepfakes that can bypass legacy biometric checks in seconds. For today’s compliance leaders, the mandate has shifted. Now, you can no longer choose between velocity and security. To survive, firms are needing to move beyond static onboarding and embrace new technologies.
Chaitanya Sarda, co-CEO of AiPrise, believes that KYC is being pulled in two directions at once.
He explained, “Customers expect near instant onboarding. Fraud, sanctions, and regulatory pressure are all rising. The question is not “how do we go faster” but “how do we go faster without lowering the bar.” From what we see, the bottleneck is rarely a lack of data. It is the way the work is done. Most teams already have rich inputs: identity providers, sanctions and PEP lists, device and network data, documents, sometimes even behavioural signals.
“But analysts still spend a huge amount of time logging into multiple tools, collecting screenshots and PDFs, copying fields into case systems, and reconciling conflicting signals by hand.”
According to Sarda, such a model does not scale. The KYC model that can keep pace with both speed and risk usually has five elements.
The first is risk-based KYC in practice, not just on paper. He said, “Almost everyone says they run “risk based KYC.” In reality, many customers still go through almost the same flow. The teams that move fastest have clear risk tiers that actually change the work: Low and medium risk customers move through highly automated checks with light touch sampling. High risk customers always get human review, more signals, and stricter escalation. The result is simple: you keep human judgment for the cases where it matters most, and you stop treating every profile as if it is high risk by default.”
The second element is one KYC profile per customer. Fragmentation is the next drag on speed. KYC data, he claims, sits in registries, vendor portals, case tools, CRMs and internal notes.
Sarda remarked, “A more resilient pattern is to build a single KYC profile per customer that pulls together: Identity and device data Sanctions, PEP, and adverse media hits Basic behaviour or transaction flags Historic decisions and rationale When a new event happens, you are not starting from zero. You are updating a known profile. It is also much easier to explain decisions to auditors and regulators when everything lives in one place.”
The third element is that AI agents are the first pass, and humans are the decision makers.
“Most of the anxiety about AI in KYC comes from the idea of a black box making final decisions. That is not where the real value is. Where we see impact today is in specialised agents that do the heavy lifting and hand a cleaner picture to humans: Screening agents that cluster and rank hits, instead of dumping a flat list of possible matches, said Sarda.
He added, “Document agents that read passports, IDs, and company documents in many languages, extract key fields, and flag inconsistencies. Website and digital footprint agents that review a business’s online presence, check contact details, and surface signals that it may not be what it claims. In production, this kind of setup can cut case investigation time by around eighty percent and reduce false positive queues dramatically, while analysts still own the approval or decline. The speed comes from moving the grunt work to machines, not from relaxing controls.”
The fourth element is a shift from one-off checks to continuous reviews. Sarda said, “Onboarding used to be the main KYC moment, with periodic refresh on a fixed schedule. That is becoming less tenable as risk, customer behaviour, and regulation change faster. A more sustainable model looks more like continuous monitoring: Watch for events that matter: new sanctions entries, adverse media, ownership changes, geography shifts, unusual usage. Tie those events to risk tiers: the same trigger does not mean the same action for every customer. Make re-verification part of normal operations, with clear playbooks. Agents are well suited to monitoring streams of data for relevant changes and nudging humans when something material happens.”
The final element is that observability is non-negotiatable. Sarda said, “For any of this to be acceptable to risk teams and regulators, observability has to be treated as a first class requirement. That means: Every automated check has human readable logs. Every recommendation can be explained in policy language, not only model language. Risk and compliance teams can override, correct, and improve the system when they see gaps. If you can show how decisions were made, on what data, and where humans were in the loop, conversations with auditors become much easier, even when AI is involved.”
Sarda concluded, “The real trade off is not “speed versus safety.” It is “manual, fragmented, and slow” versus “well structured, explainable automation plus human judgment.” KYC that relies on screenshots, spreadsheets, and one off checks will fall behind. KYC that combines a strong data foundation with well designed agents and clear oversight can move faster and improve risk control at the same time.”
Bottlenecks remain
According to Tim Khamzin, founder and CEO of Vivox AI, KYC onboarding is faster than it used to be, but key bottlenecks remain around data and document availability, particularly where firms are dependent on customers to provide information.
He remarked, “Even with automation, onboarding often slows while teams wait for responses, which is why automated and structured requests for information are becoming increasingly important. Cross-border onboarding presents an additional challenge, as firms must assess unstructured information across multiple jurisdictions, each with different regulatory expectations, approaches and data standards.”
Khamzin noted, however, that firms are using data and AI most effectively before onboarding begins, to pre-qualify customers and identify potential risk earlier in the process.
“This includes drawing on open-source intelligence, public registers and readily available information, such as corporate records or professional profiles, to build an initial risk view before formal KYC is triggered,” said Khamzin.
“Regulators, however, remain cautious where AI-driven assessments are not explainable or where higher-risk customers are not subject to appropriate enhanced due diligence. To maintain consistency across regions and products, firms need clear controls and governance at each stage of the KYC lifecycle, ensuring risk standards are applied coherently even where local requirements differ.”
Still not aligned
In the view of Anthony Quinn, CEO of Arctic Intelligence, KYC has become faster, but not necessarily better aligned to customer identity risk. While automation has reduced friction in data collection and verification, many organisations are still constrained by fragmented risk frameworks that produce inconsistent outcomes.
He said, “AI is increasingly used to surface higher-risk customers earlier, yet regulatory concern is growing where organisations may be unable to clearly explain how those risk decisions were made or how they align to stated risk appetite. The issue is not speed, it is coherence. Consistent KYC at scale requires a single, defensible risk methodology that sits above individual onboarding tools.”
Copyright © 2026 FinTech Global
