Why AI Will Have the Biggest Impact on KYB

Every few years, something shifts the AML compliance conversation from "are we doing enough?" to "are we doing it right?" Right now, that shift is AI. Not AI as a buzzword, but AI as a specific answer to specific problems: inconsistent reviews, slow onboarding, manual ownership analysis, and the rising data demands of regulators who expect structured, traceable evidence at scale.

We put that question to compliance professionals at banks and payment service providers across Europe in a recent Sinpex webinar. The session featured Dr. Firas Habach, Money Laundering Reporting Officer for Switzerland at Revolut, and Dr. Camillo Werdich, CEO and Founder of Sinpex. The results were clear. When asked what would have the biggest impact on KYB over the next two years, 64% said AI and automation maturing. That ranked higher than AMLA direct supervision, enforcement pressure, and improvements to beneficial ownership registers combined.

But a vote of confidence is not a roadmap. This post unpacks what AI actually does well in KYB, where the risks are real, and what compliance teams need to have in place before automation can deliver on its promise.

TL;DR

• 64% of compliance professionals ranked AI and automation maturing as the single biggest upcoming impact on KYB — ahead of regulatory change, enforcement pressure, and registry improvements combined.

• 38% of teams take more than three days to verify a complex cross-border business customer. Only 5% complete the process in under two hours.

• AI's most defensible value in KYB is not speed alone, but consistency: eliminating the variability that makes human-only processes hard to defend at audit.

• Evidence and traceability are non-negotiable. AI built on repackaged data from aggregators is not compliance-grade.

• Perpetual KYB is now technically feasible. The blocker is rarely the technology — it is the underlying data infrastructure.

Why Manual KYB Is Breaking Under Current Demands

The core problem with manual KYB is not that it is slow. It is that it produces inconsistent outcomes in ways that create compounding compliance risk.

A study shared during our practitioner roundtable illustrates the point precisely: when 36 compliance officers were asked to review the same transaction monitoring alert, they produced 14 different responses. That is not a skills problem. It is a structural one. When processes rely on individual judgment without consistent data input and standardized workflows, outcomes vary — and variability is exactly what regulators flag during audits.

The scale challenge compounds this. Institutions onboarding business customers at volume, particularly those expanding cross-border, face a combination of:

• Jurisdictional variation: Document validity periods, registry accessibility, and UBO disclosure requirements differ significantly across EU member states, even before AMLA harmonization takes full effect.
• Unstructured source data: Ownership information often arrives as PDFs, shareholder lists in various languages, or documents from registries that offer no structured API access.
• Sequential manual steps: In many institutions, each review step still requires a human to collect, read, extract, cross-check, and document data before another human reviews the output.

Our audience poll confirmed the reality. When asked how long it takes to verify a business customer with a complex cross-border ownership structure, 43% said one to three days and 38% said more than three days. Only 5% complete the process in under two hours.

This is the baseline AI is being asked to improve.

Where AI Genuinely Accelerates KYB

The area where AI creates the most immediate, measurable value in KYB is ownership analysis — specifically, beneficial ownership resolution across layered, multi-jurisdictional structures.

As Camillo Werdich, CEO of Sinpex, explained during the roundtable: "The complexity comes from the fact that data is usually not accessible in a structured way. In Germany you have shareholder lists. In the US you have no shareholder information publicly available at all. In reality, this information comes in as a PDF, which is very unstructured in most cases."

LLMs are now capable of extracting targeted, structured information from these documents at speed and scale. This means:

• Pulling the correct split of first name, last name, and title from unstructured text
• Identifying dates of birth and nationalities across multiple document formats
• Calculating capital shares and mapping voting power, a data point the EU AML Regulation is now making increasingly prominent
• Completing in minutes what previously required an analyst to manually read, format, and verify across multiple documents

But extraction alone is not enough. The more defensible AI capability is cross-validation: taking data from multiple independent sources and confirming consistency automatically. Rather than relying on an analyst to notice a discrepancy on page seven of an exhibit, a well-built system surfaces exactly where an address, name, or shareholding percentage conflicts across all submitted documents.

This matters for auditability. When a regulator asks how you reached a decision, the answer needs to trace back to a primary source. As Werdich noted: "What really matters in compliance is evidence. You want a clear path towards the source of information. It can be the customer. But it can also be a document collected from the commercial registry directly."

For a detailed walkthrough of what automated UBO identification looks like in practice, see our post From Hours to Minutes: How to Automate UBO Identification in Your KYC Onboarding.

The Shift to Perpetual KYB: What It Actually Requires

Beyond onboarding, AI is enabling a structural shift in how institutions manage their existing portfolio. The traditional model of periodic re-KYC at fixed intervals is being replaced by perpetual KYB: continuous monitoring of registry data, ownership changes, and AML signals, triggered by risk events rather than calendars.

The regulatory direction is clear. EU AML requirements are shortening review cycles, broadening PEP scope, and requiring institutions to understand their portfolios in near-real time. When we polled compliance professionals on the AMLA data collection exercise, the readiness gap was striking: only 30% had responded or were in the process of responding, 23% were tracking closely without being sampled, and 27% were hearing about it for the first time. Regulatory expectation and institutional readiness are not aligned.

What makes perpetual KYB feasible now is the combination of direct registry connectivity, AI-based extraction, and automated monitoring pipelines. Rather than reaching out to an end customer every two or three years for updated documents, institutions can pull registry data automatically, flag material changes in ownership or risk profile, and trigger a human review only when something significant shifts.

The blocker, as practitioners consistently note, is not the technology. It is the underlying data infrastructure. If a core banking system cannot ingest structured data from external APIs in a meaningful way, no amount of AI at the front end produces sustainable results. For a practical overview of what EU AML changes require from existing compliance programs, see EU AML 2027: What Compliance Teams Need to Do Right Now.

What to Demand from KYB Vendors Before You Trust Them

The volume of KYB technology vendors has grown significantly, and not all of them are selling the same thing. The most common blind spot when compliance teams evaluate tools is confusing a polished demo with compliance-grade performance.

When asked what institutions are not demanding from vendors often enough, Werdich's answer was data provenance: "Everyone repackages data from the other one, and at the end, nobody knows what's true."

The right questions are not about features. They are about evidence:

• Where exactly does each data point originate?
• Can you show us a real case from our jurisdiction, not a curated demo?
• What happens when registry data and the customer-submitted document disagree?
• How does your system document the decision trail in a way a regulator can follow?

Q&A: AI in KYB Compliance

Does AI replace compliance officers in KYB?

No. AI handles the structured, extractable elements of KYB: pulling data from registries, reading PDFs, cross-validating shareholder information. The risk-based judgment, the interpretation of adverse media in context, and the final compliance decision remain human responsibilities. What changes is the quality and consistency of the information the compliance officer receives before making that call.

What is the biggest risk of using AI for KYB decisions?

Accepting AI output without a clear evidence path. If your system cannot show exactly where a data point came from and how it was verified, it is not audit-defensible. The risk is not AI being wrong — it is AI being wrong in a way you cannot explain to a regulator.

What does perpetual KYB actually mean in practice?

Instead of reviewing every business customer on a fixed schedule, perpetual KYB monitors relevant data sources continuously and triggers a review only when something material changes: a new UBO, a registry update, a sanctions list hit, or a change in business activity. It requires connected data feeds and a configurable risk model to determine what counts as a material change.

What should compliance teams ask AI vendors before signing a contract?

Ask for a live demo using a real case from your jurisdiction. Ask specifically where each data point originates and how the system handles a conflict between two sources. Request a walkthrough of the audit trail a regulator would see, not just the compliance officer dashboard.

When will regulators start using AI for audits — and what does that mean for compliance teams?

The direction of travel is already clear. AMLA's current data collection exercise is requesting granular UBO data at a depth that suggests automated analysis is the intent. As one practitioner put it during our roundtable: "AI is not emotional. There's no more room for dark pink versus light pink. It is either compliant or it is not." Institutions whose data is not clean, structured, and traceable will find that an AI-assisted regulatory audit produces results that are harder to contextualize after the fact.

If you want to see how this works in practice for your institution, book a conversation with the Sinpex team.

‍