Know Your Customer (KYC) Automation
Identity verification, document checks, risk scoring
View the interactive project page →
Know Your Customer (KYC) Automation
Part of the worlds-biggest-software-project initiative.
An AI-native, open-source identity verification platform that compresses customer onboarding from days to seconds while maintaining full regulatory compliance.
KYC Automation digitises the customer identity verification process required by anti-money laundering regulations worldwide. It combines AI-powered document analysis, biometric verification, sanctions and PEP screening, and dynamic risk scoring into a single platform. The primary audience is financial institutions, fintechs, and regulated businesses that need fast, accurate, and auditable customer onboarding without the cost and friction of manual processes.
Why Know Your Customer (KYC) Automation?
- Manual KYC is expensive and slow. Complex corporate verifications cost $25,000--$50,000 per client. Onboarding friction drives customer abandonment, directly impacting revenue.
- Incumbents are proprietary and fragmented. Leaders like Veriff, AU10TIX, and Sumsub are closed-source SaaS platforms with no self-hosted option, creating vendor lock-in for sensitive biometric data and compliance workflows.
- Per-verification pricing scales poorly. At $0.50--$5 per check, high-volume operators face significant cost pressure. An open-source alternative with self-hosted deployment eliminates per-check fees at scale.
- Perpetual KYC is underserved in the mid-market. Most pKYC offerings are bundled into large enterprise AML suites. A standalone, accessible pKYC capability is a clear gap.
- Deepfake threats are accelerating. Synthetic identity fraud and deepfake attacks are raising the bar for verification quality, yet incumbent deepfake detection remains a cat-and-mouse challenge with limited transparency into detection methods.
Key Features
Document Verification
- AI-powered document verification covering passports, national IDs, and driving licences with OCR data extraction across 100+ countries
- Document forensics detecting tampering, printing artefacts, and font anomalies
- Support for utility bills and supplementary address verification documents
- Configurable verification requirements per regulatory jurisdiction
Biometric Verification
- Facial recognition matching selfies to identity document photos
- Active liveness detection to prevent presentation attacks and replay spoofing
- Video KYC for high-risk customers requiring enhanced due diligence
- Deepfake and synthetic media detection trained on current attack vectors (backlog)
AML Screening & Risk Scoring
- Real-time checks against OFAC, UN, EU consolidated sanctions lists and PEP registers
- Adverse media screening using NLP across multiple languages
- Dynamic risk scoring combining document quality, biometric confidence, device fingerprint, and network signals
- Perpetual KYC with event-driven re-verification when monitoring detects material risk profile changes
Corporate KYC/KYB
- Business registry lookups and beneficial ownership resolution
- Ultimate beneficial owner (UBO) mapping for complex corporate structures
- Combined individual and corporate verification workflows
Case Management & Compliance
- Manual review queue for flagged verifications with evidence storage
- Full audit trail of all verification decisions for regulatory inspection
- No-code verification flow builder for compliance teams to configure requirements per customer segment
- GDPR and BIPA-compliant biometric data handling with configurable retention policies
AI-Native Advantage
An open-source AI-native approach enables multi-modal deepfake detection that combines document forensics, facial motion patterns, and environmental consistency checks -- techniques that benefit from community contribution and transparent methodology rather than proprietary opacity. AI-driven perpetual KYC uses ML to identify changes in a customer's risk profile from external data signals without manual triggers, replacing expensive periodic review cycles. Risk signal aggregation unifies document quality, biometric match confidence, screening results, and behavioural signals into a single explainable fraud score, addressing a key gap where incumbent AI risk scoring lacks the transparency regulators demand.
Tech Stack & Deployment
Self-hosted and cloud deployment modes are planned, addressing the vendor lock-in and data sovereignty concerns that make proprietary SaaS platforms problematic for biometric data. The platform will expose a REST API with webhooks for asynchronous decision delivery, plus mobile SDKs (iOS, Android) for embedded verification flows. Computer vision models can be built on open-source frameworks (PyTorch, TensorFlow -- both Apache 2.0). Reusable identity features will align with the W3C Verifiable Credentials standard and OAuth 2.0/OpenID Connect protocols. Sanctions list data is sourced from public government publications (OFAC, UN, EU) under open terms.
Market Context
The KYC and identity verification market is large, contested, and growing, driven by expanding regulatory requirements and rising fraud sophistication. Incumbent pricing follows a per-verification model ($0.50--$5 per check) with enterprise volume discounts and SaaS subscription tiers. Primary buyers are compliance teams and engineering leaders at financial institutions, fintechs, cryptocurrency exchanges, and increasingly non-financial regulated sectors (proptech, legaltech, healthtech) seeking to embed identity verification into their onboarding flows.
Project Status
This project is in the research and specification phase.
Contributions, feedback, and domain expertise are welcome.
Contributing
We welcome contributions from developers, domain experts, and potential users. See CONTRIBUTING.md for guidelines.
Important: All contributions must be your own original work or clearly attributed open-source material with a compatible licence. Copyright infringement and licence violations will not be tolerated and will result in immediate removal of the offending contribution. If you are unsure whether a piece of code, text, or other material is safe to contribute, open an issue and ask before submitting.
Licence
Licence to be determined. See discussion for context.