Know Your Customer (KYC) Automation

Identity verification, document checks, risk scoring

View the interactive project page →

Know Your Customer (KYC) Automation

Part of the worlds-biggest-software-project initiative.

An AI-native, open-source identity verification platform that compresses customer onboarding from days to seconds while maintaining full regulatory compliance.

KYC Automation digitises the customer identity verification process required by anti-money laundering regulations worldwide. It combines AI-powered document analysis, biometric verification, sanctions and PEP screening, and dynamic risk scoring into a single platform. The primary audience is financial institutions, fintechs, and regulated businesses that need fast, accurate, and auditable customer onboarding without the cost and friction of manual processes.


Why Know Your Customer (KYC) Automation?

  • Manual KYC is expensive and slow. Complex corporate verifications cost $25,000--$50,000 per client. Onboarding friction drives customer abandonment, directly impacting revenue.
  • Incumbents are proprietary and fragmented. Leaders like Veriff, AU10TIX, and Sumsub are closed-source SaaS platforms with no self-hosted option, creating vendor lock-in for sensitive biometric data and compliance workflows.
  • Per-verification pricing scales poorly. At $0.50--$5 per check, high-volume operators face significant cost pressure. An open-source alternative with self-hosted deployment eliminates per-check fees at scale.
  • Perpetual KYC is underserved in the mid-market. Most pKYC offerings are bundled into large enterprise AML suites. A standalone, accessible pKYC capability is a clear gap.
  • Deepfake threats are accelerating. Synthetic identity fraud and deepfake attacks are raising the bar for verification quality, yet incumbent deepfake detection remains a cat-and-mouse challenge with limited transparency into detection methods.

Key Features

Document Verification

  • AI-powered document verification covering passports, national IDs, and driving licences with OCR data extraction across 100+ countries
  • Document forensics detecting tampering, printing artefacts, and font anomalies
  • Support for utility bills and supplementary address verification documents
  • Configurable verification requirements per regulatory jurisdiction

Biometric Verification

  • Facial recognition matching selfies to identity document photos
  • Active liveness detection to prevent presentation attacks and replay spoofing
  • Video KYC for high-risk customers requiring enhanced due diligence
  • Deepfake and synthetic media detection trained on current attack vectors (backlog)

AML Screening & Risk Scoring

  • Real-time checks against OFAC, UN, EU consolidated sanctions lists and PEP registers
  • Adverse media screening using NLP across multiple languages
  • Dynamic risk scoring combining document quality, biometric confidence, device fingerprint, and network signals
  • Perpetual KYC with event-driven re-verification when monitoring detects material risk profile changes

Corporate KYC/KYB

  • Business registry lookups and beneficial ownership resolution
  • Ultimate beneficial owner (UBO) mapping for complex corporate structures
  • Combined individual and corporate verification workflows

Case Management & Compliance

  • Manual review queue for flagged verifications with evidence storage
  • Full audit trail of all verification decisions for regulatory inspection
  • No-code verification flow builder for compliance teams to configure requirements per customer segment
  • GDPR and BIPA-compliant biometric data handling with configurable retention policies

AI-Native Advantage

An open-source AI-native approach enables multi-modal deepfake detection that combines document forensics, facial motion patterns, and environmental consistency checks -- techniques that benefit from community contribution and transparent methodology rather than proprietary opacity. AI-driven perpetual KYC uses ML to identify changes in a customer's risk profile from external data signals without manual triggers, replacing expensive periodic review cycles. Risk signal aggregation unifies document quality, biometric match confidence, screening results, and behavioural signals into a single explainable fraud score, addressing a key gap where incumbent AI risk scoring lacks the transparency regulators demand.


Tech Stack & Deployment

Self-hosted and cloud deployment modes are planned, addressing the vendor lock-in and data sovereignty concerns that make proprietary SaaS platforms problematic for biometric data. The platform will expose a REST API with webhooks for asynchronous decision delivery, plus mobile SDKs (iOS, Android) for embedded verification flows. Computer vision models can be built on open-source frameworks (PyTorch, TensorFlow -- both Apache 2.0). Reusable identity features will align with the W3C Verifiable Credentials standard and OAuth 2.0/OpenID Connect protocols. Sanctions list data is sourced from public government publications (OFAC, UN, EU) under open terms.


Market Context

The KYC and identity verification market is large, contested, and growing, driven by expanding regulatory requirements and rising fraud sophistication. Incumbent pricing follows a per-verification model ($0.50--$5 per check) with enterprise volume discounts and SaaS subscription tiers. Primary buyers are compliance teams and engineering leaders at financial institutions, fintechs, cryptocurrency exchanges, and increasingly non-financial regulated sectors (proptech, legaltech, healthtech) seeking to embed identity verification into their onboarding flows.


Project Status

This project is in the research and specification phase.
Contributions, feedback, and domain expertise are welcome.


Contributing

We welcome contributions from developers, domain experts, and potential users. See CONTRIBUTING.md for guidelines.

Important: All contributions must be your own original work or clearly attributed open-source material with a compatible licence. Copyright infringement and licence violations will not be tolerated and will result in immediate removal of the offending contribution. If you are unsure whether a piece of code, text, or other material is safe to contribute, open an issue and ask before submitting.


Licence

Licence to be determined. See discussion for context.