KYC (Know Your Customer) is an essential process for all financial services businesses, and that’s no different in Capital Markets. With rapid advancements in Artificial Intelligence (AI) through Large Language Models (LLMs), and now Agentic AI, can these tools be relied upon to accurately find, extract, and interpret information from source documents to the degree required? What are the risks and pitfalls to look out for, and what is the right solution?
KYC, or Know Your Customer, is a well-known part of global financial services regulation. It requires financial services firms to ensure they identify and understand who their customer is. They need to know where their customers money came from, and what types of transactions they intend, and should be able, to perform. KYC is an essential foundational concept in all forms of Banking. It is the cornerstone of other processes, such as Anti-Money Laundering (AML) that help keep our financial systems safe from fraud and theft.
KYC applies regardless of customer type. Whether we’re talking about an individual, business, charity, trust or other legal ownership structure, the KYC rules apply. But it does get somewhat more complex when dealing with companies. Ownership structures can be complicated, and the method by which information required to perform KYC is provided by the customer business to the Bank can also be somewhat different. It almost always requires providing documents to the Bank that prove who owns the company and what the nature of business entails. The more complex the business, the more complex the information, and the harder it is to unravel for the purposes of KYC.
There are also other considerations. In Retail Banking, where most customers would be considered relatively low risk to do business with, the amount of information required is relatively small and straightforward to get. You ask the customer for identity documents when they open an account, and update that information when it expires. There are mobile banking apps to collect the information, and so it’s relatively low friction for the customer to do so themselves when required.
But in Capital Markets and other forms of B2B financial services, the sums of money involved in transactions, as well as complex global ownership structures, increase the risk of doing business. Information needs to be updated and maintained more regularly. But you don’t want to hassle the client every year to perform administrative tasks like updating your data. It’s also expensive to do so and it’s a competitive market.
The good news is much of what needs to be updated can be gathered from the public domain, or from paid data aggregation sources. Companies House in the UK is a good example, and many banks use services such as Dun and Bradstreet or Lexis Nexis to acquire data at scale about their customers rather than reach out directly. This minimises the number of customers they need to contact, which not only helps with customer experience, but also operational cost and risk associated with mass-outreach campaigns. Many firms are dabbling in so-called Portals; web-based environments for customers to share documents and data with the bank securely. These are great, but they have their limitations, and they still require the customer to engage in the process.
However the bank gets the data it needs, it still takes time and money to acquire, read, and extract the relevant information from the documentation. It’s not enough to just collect the data in its raw form and store it. You need to ensure that your decision-making systems, such as Client Lifecyle Management solutions, Screening tools and Transaction Monitoring systems, are fed with the correct data to operate appropriately. Ideally this data would be perpetually refreshed every time it changes, but that’s a very difficult challenge and requires participation from both the customer and the Bank to pull off. In most businesses, there is a balance struck between what is reasonable in terms of operating processes and costs, and how frequently data is updated and processed. It almost always come down to a risk-based approach.
The riskier the customer, the more frequent the refresh of data. But this method is fundamentally flawed. For example, less risky customers can become riskier if their ownership structure changes, or their revenue sources shift to different jurisdictions. Discovering this change after five years is obviously not ok.
There is a constant battle between what is reasonable to expect a bank to do operationally, and what we need them to do as an industry to keep our financial systems healthy and safe. How do we increase the level of scrutiny without adding so much cost we price customers out of financial products entirely? To answer this question, many firms are turning to the rapidly evolving Artificial Intelligence sector to attempt to do just that.
It is seemingly hard-pressed these days to find a problem that doesn’t have AI as the solution. The myriad of LLM tools becoming ever-increasingly available to trial and test is driving innovation agendas across all businesses around the world, and financial services is no different. Initial excitement may have focused on customer experiences, such as chatbots, marketing campaign automation and sales-aids, but attention is rapidly turning to back office and compliance operations.
LLMs are mostly used to support Generative AI. This branch of AI, by its nature, creates content and material in response to novel and unique requests from users. In other words, it makes things up, based on what it knows from its source material. In the case of Large Language Models, that’s effectively the entire Internet.
SLMs, or Small Language Models, are becoming popular because they have less source data to base their interactions on. More control of the source data on which these language models are trained can lead to fewer mistakes and errors when applied to contextually relevant scenarios. In other words, an SLM trained on only financial services data might do better at responding to a user query about a specific company’s financial product than an LLM trained on a much more diverse dataset.
AI Agents are starting to find their way into the thinking of many solution designers as well. Simply put, Agentic AI involves creating a bot with a specific set of instructions but broad access to information against which to execute those instructions. The basic premise is to connect an AI Agent up to an LLM, or series of LLMs, with pre-baked skills such as the ability to extract data from a PDF and give it instructions on what you want it to do. In this example, you might tell it to extract a list of KYC datapoints. You could then create a second Agent that would have a skill to search for and retrieve documentation and provide it to the first Agent. The Agents can learn, adapt, and compound what they learn over time, making them ever more effective at their specific role. They can even be trained to communicate with each other.
Finally, the seemingly forgotten grandparent of AI, Machine Learning. This method of AI involved training a model based on a very closed data set and teaching that model, much like a child, by continuously showing it good and bad examples of the output you wish for it to replicate. Unlike LLMs and SLMs, which are largely left to make their own conclusions from the data they are given, Machine Learning models have less room for unexpected behaviour, are easier to explain and predict, and have almost no ability to hallucinate.
These various advances in AI technology, and their continuous improvement in terms of both accuracy and reduced cost of adoption, mean that many firms are scrambling to find ways to utilise them to drive greater efficiency into their business. KYC and other regulatory compliance functions are no different.
A broad question indeed. Certainly, there are many who believe that AI will fully automate the KYC process, in time. However, this should be treated with at least some caution for now. KYC, and indeed almost all regulatory-controlled processes, relies heavily on high degrees of precision. The current level of accuracy in most LLMs for complex and precise data extraction sits around 70-80% (though this number may well be out of date by the time this article goes to print). This is an average, and individual data sets give varied results.
The challenge is that, on our best day, humans are roughly 95% accurate. That means that when we’re not tired, bored, or otherwise pre-occupied, we can maintain a repetitive process to a consistent standard of quality 95% of the time. As humans, we tend to set the bar higher for automated technologies such as AI, at around 98 or 99%. There is good reason for this.
If you have 100 humans operating a repetitive, well-structured, and clearly controllable process you should expect about 95% of the output to be as you desired it to be. But not all humans are equal. If one human began making a mistake, the issue is reasonably isolated and with training and support this person’s output could realistically be improved in relatively short order.
With AI, where the same model is working on everything all the time, if there is an error or misunderstanding in the machine’s application of the rules, the issue is now systemic and difficult to resolve quickly. The error is everywhere, fast. Whilst this is true of most automated technologies, such as robotic production lines in manufacturing, what is unique about AI is that it may even be impossible to understand what it is the machine has applied or misunderstood; such is the complexity of the neural network that sits underneath modern LLM-based solutions.
Two issues plague the current application of AI in regulatory processes.
Of the two, the inconsistency point is far more problematic for regulatory use cases than accuracy statistics. But most people overly focus on the former.
The reason that inconsistency is a more significant problem for Financial Services companies is both an ethical and, ultimately, legal one. If the data produced by AI is inconsistent, it makes it very difficult to explain how the model arrived at its outcome. If you can’t explain it, then you can’t rely on it. If you can’t rely on it, then how do any of your decision-making algorithms stand up to scrutiny afterward? Never mind the regulator or legal systems holding your business to account, how could any Chief Risk Officer rightly sign off on a process whereby not only the outcome, but the decision-making process itself could not be understood or explained thereafter? Remember as well that most LLMs are trained on the broadest and least reliable of datasets…the internet. Hardly a reliable source.
But if AI is so terribly inconsistent, why is everyone so excited about it?
Beyond the hype (and there is a lot of it) there are some very encouraging signs that AI will eventually achieve the level of precision and accuracy required to undertake the more rudimentary tasks involved in processes such as KYC. Correctly, and predictably, extracting key data points from documents is an area of focus right now, particularly for us here at FinTrU. Our TrU Label product is built to enable exactly that, using proprietary Machine Learning models that are trained exclusively on datasets relevant to the use cases against which they will be applied.
Beyond the hype (and there is a lot of it) there are some very encouraging signs that AI will eventually achieve the level of precision and accuracy required to undertake the more rudimentary tasks involved in processes such as KYC. Correctly, and predictably, extracting key data points from documents is an area of focus right now, particularly for us here at FinTrU. Our TrU Label product is built to enable exactly that, using proprietary Machine Learning models that are trained exclusively on datasets relevant to the use cases against which they will be applied.
How should Capital Markets firms respond?
Firstly, experiment. Almost every Capital Markets business we speak to has an AI budget these days, Experimentation, and partnering with firms that are also experimenting with the technologies available is key to understanding the art of the possible.
Secondly, set your expectations appropriately. The current state of development is enough to create a “technology enabled solutions” approach, but not a complete replacement of humans altogether. If you don’t want to add significant risk, and likely future remediation and regulatory fines, to your business then a healthy balance of AI pre-processing and human oversight is the order of the day.
Look for solutions in the market that enable this, and partner with them early to help them develop their solutions to your specific use cases and needs. Remember that hype-curves end (usually) with disappointment, but that five years from now the world you live in will be very different regardless. The iPhone was not the first smartphone, and it came way after the hype-curve on that technology trend had collapsed.
AI and Machine Learning make excellent junior-grade “makers” and a multi-layered approach to data extraction where humans review, and correct, the output of AI will give confidence to regulators and lawmakers as well as delivering efficiencies into your process. Those efficiencies will compound over time to ultimately arrive at straight through processing in a controlled, predictable, and risk tolerant fashion.
Finally, when adopting LLMs as part of your solution, make sure to select options that allow for contextualised training based on your own datasets. This will allow you to tune and test the results more comprehensively to shake off those inconsistencies, and organisations that provide such models are more likely to be open to helping you explain how they operate to regulators. Put good controls around your data, be clear about what you’re processing and why, and ensure that whenever necessary, and wherever possible, you gain the consent of those whose data you are processing.
TrU Label improves and automates the process of extracting critical business information from large, complex, and variably formatted documents. It provides a high-quality, consistent output that can be integrated into upstream processes and systems.
Book a Demo