A 1993 New Yorker cartoon showed one dog telling another, “On the Internet, nobody knows you’re a dog.” The joke has held up rather well. The compliance systems built on the same underlying assumption have not.
According to Duna, for three decades, the financial industry responded to fraud by adding more checks: more vendors, more workflow steps, more document requirements. The logic was sound at the time.
The person on the other side of an application was a human being with limited time, limited resources, and a finite appetite for friction. Make onboarding hard enough and the bad actor walks away. Let the legitimate customer through. That model is now obsolete.
The attacker is increasingly a model. AI agents can now attempt thousands of onboarding flows simultaneously, generate convincing synthetic documentation, defeat liveness checks using deepfake video, and construct entirely fictitious company structures complete with supporting registries and directorship chains. The marginal cost of each new attempt approaches zero. The time available approaches unlimited. A system designed to exhaust a human adversary simply does not exhaust a model.
The consequences show up in the numbers. According to McKinsey & Company’s Agentic AI Report (2025), only 2% of global financial crime is being detected today, despite the US alone spending $46bn annually on financial crime compliance, and cumulative AML fines since 2008 reaching $321bn globally. Revolut has more than a third of its staff working on financial crime. Wise runs compliance operations across 65 or more licences. The spend is enormous. The outcomes are not commensurate.
Four AI threats to identity verification that already exist
Regulators including FATF, Europol, and the FBI’s Internet Crime Complaint Centre (IC3) have catalogued four distinct threat classes in identity verification as of 2025.
The first is AI-generated documents. Large language models and image synthesis tools can now produce supporting documentation such as utility bills, incorporation certificates, and beneficial ownership records that passes surface-level visual inspection. Document verification that relies on template matching or optical character recognition alone is now a weak control.
The second is deepfake video at onboarding. Real-time face-swapping and voice synthesis have reached the point where video liveness checks can be defeated without specialised hardware. The check designed to confirm that a human is present can now be passed by a model driving a synthetic face.
The third is synthetic companies. Corporate identity fraud has scaled considerably. It is now possible to construct a company with a plausible digital footprint, including a registered address, director history, company number, and some adverse-media-free history, using publicly available registries and AI-assisted content generation. Standard know-your-business (KYB) checks that rely on registry data alone will not catch a synthetic company that is, technically, in the registry.
The fourth is state-sponsored actors. Nation-state fraud operations have the budget, the patience, and the AI infrastructure to probe compliance systems at scale over extended periods. The concept of friction as deterrence carries no weight against an adversary whose resources dwarf the cost of the friction.
Each of these threats shares a structural property: it is optimised against a rules-based system. Rules are observable, testable, and eventually navigable by a patient, automated adversary.
Why friction-first onboarding no longer works as a fraud strategy
Friction-first onboarding was rational when the population of potential fraudsters was constrained by human cost. Every extra document request, every callback, every manual review added effort that a bad actor might not absorb. Legitimate customers tolerated it because switching was costly and the alternative was no account at all.
Neither of those conditions holds anymore. On the fraud side, the marginal cost of completing an onboarding flow has dropped towards zero for model-based attackers. Friction deters humans. It does not deter agents.
On the conversion side, customers now comparison-shop financial services the way they compare any other product. McKinsey’s Global Banking Annual Review 2025 found that in 2018, 25% of customers opened a new bank account without shopping around. Today that figure is 4%. Friction that once locked customers in now loses them to whoever moves faster. More than half of applicants abandon applications that take over ten minutes, according to Ribbit Capital’s Identity Newsletter. Identity is a conversion problem as much as a fraud problem, a framing the industry has been slow to accept.
The systems built on friction-as-defence are now failing at both jobs simultaneously. They are not stopping the attackers they were designed to stop, and they are turning away legitimate customers they were designed to admit.
What AI-native compliance actually looks like in practice
The case for AI-native compliance is sometimes presented as a future ambition. The evidence suggests it is already producing results at firms that have made the transition.
The numbers from implementations of Duna’s AI-native onboarding are concrete: onboarding time cut by more than 60%, and analyst follow-up rates down 51%, from around 30% of cases to 17%, measured over a rolling 30-day period through mid-2025. These results sit alongside the 10.6x onboarding and 4.8x productivity figures published at Duna’s Series A. McKinsey’s Agentic AI Report (2025) puts the productivity gains from agentic AI in financial crime work at 200% to 2,000%.
Three properties distinguish AI-native systems from their rules-based predecessors. The first is evidence-based decisioning. Rather than checking whether a document was submitted, an evidence-based system asks whether the evidence is consistent and credible across multiple signals simultaneously. A model can generate a document; it is considerably harder to generate a document that is coherent with the applicant’s digital footprint, behavioural signals, and cross-registry data.
The second is deterministic, auditable outputs. Compliance carries a higher bar for AI deployment than most other functions. An unexplainable decision does not simply mean a missed sale. It means a regulatory enforcement action or a missed suspicious activity report (SAR). AI in compliance needs to produce decisions that can be explained to a regulator, attributed to a specific policy, and reproduced. A policy engine is the layer that makes AI decisions auditable rather than probabilistic.
The third is continuous monitoring. A customer who passes onboarding in January may represent a very different risk profile in July. Static, point-in-time onboarding produces a snapshot that becomes stale the moment it is filed. Continuous lifecycle monitoring, covering daily automated screening against sanctions lists, politically exposed person (PEP) registries, and adverse media, converts identity from a one-time check into a living record.
This represents a fundamental inversion the industry is moving towards: from 99% checkbox and 1% judgement, to 1% checkbox and 99% judgement. The checkboxes get automated. The judgement, meaning the decisions that actually require a human, gets surfaced to people equipped to make it.
Why AI adoption in compliance has been so slow
Only around 10% of firms have made a meaningful AI impact in compliance, according to Duna’s 2026 research. That is a striking gap given the proof of concept is already available.
Four structural factors explain why compliance is in the second wave of AI rather than the first. Risk asymmetry is the most significant. In most business functions, the downside of a failed AI implementation is a missed efficiency gain. In compliance, the downside is a regulatory enforcement action, a fine, a reputational event, or a missed report on criminal activity. The upside is capped; the downside is career-ending. That asymmetry produces rational caution even when the evidence for transition is clear.
The legacy policy layer compounds the problem. Financial institutions have accumulated hundreds of pages of judgement-based compliance policy written for human analysts. Converting that policy into machine-readable rules is a substantial project in its own right, one that has to happen before AI can run on top of it. Firms that have not done that translation work cannot simply plug an AI layer in.
The quality bar is also higher. AI in sales or marketing tolerates imprecision. AI in compliance must be reliable, repeatable, and explainable to a regulator on demand. The bar is higher, the testing cycles are longer, and the tolerance for hallucination is zero.
Finally, constant change creates a persistent engineering challenge. Customer data changes. Regulations change. AI models are updated. Sanctions lists move daily. A compliance system has to handle continuous change in its inputs whilst maintaining consistent, auditable outputs. That is a harder problem than most AI deployments face.
Three decisions that will define the next five years
The first is to treat identity as a living system of record. A KYB or KYC check that produces a PDF and a green light is not an identity system. It is a snapshot. Firms that will be best positioned are those that treat the identity record as something that continues to evolve after onboarding: updated continuously, enriched by new signals, and re-evaluated when the risk environment changes.
The second is to design for determinism and explainability from the outset. Adding explainability to a system built without it is expensive and often impossible. Compliance AI that cannot trace a decision back to a specific policy input will not survive regulatory scrutiny. The architecture decision, to be evidence-based and auditable from day one, is more consequential than the choice of which AI model to run on top of it.
The third is to build for the adversary that actually exists today, not the one that existed in 2015. The compliance frameworks in place at most institutions were calibrated against a human attacker with limited resources. The attacker is now a model. The threat classes are already documented by FATF, Europol, and the FBI. The question is whether the systems being built today are designed to handle them.
A 2% detection rate is not a measurement problem. It is an architecture problem. And the architecture needs to change.
Copyright © 2026 FinTech Global
Copyright © 2018 RegTech Analyst
