Skip to content
FinTech

KYC review cut from 5 days to 4 hours

Client: Regulated FinTech operating in UK and US-East  ·  Timeline: 11 weeks to production + ongoing

5d to 4h
Review time
-93%
Time to decision
100%
Human approval retained

The challenge

The client was a regulated FinTech running a dual UK/US-East market, processing roughly 1,400 new business KYC applications a month. Each application packet ran 40-60 pages: certificates of incorporation, beneficial ownership declarations, source-of-funds documentation, sanctions screening, and country-specific overlays.

The review queue had stretched to five business days end to end. Two compliance officers were doing the heavy lifting, and both were openly burning out. The backlog had grown from a clean queue at the start of the year to roughly 380 in-flight packets by the time we were brought in. Customer-facing teams were getting daily escalations from sales reps whose deals were stuck in onboarding limbo.

Leadership had explicitly ruled out two options. They would not outsource the actual approval decision to an offshore team — the regulator would not have worn it. And they were not willing to deploy a fully automated decisioning system, both because of regulatory risk and because the edge cases genuinely needed judgment. They wanted humans in the loop, but in fewer of the loops.

The solution

We engaged through our AI & Automation service line, specifically the Document & Data Automation and RAG & Knowledge Systems sub-lines.

We built a three-stage pipeline. Stage one was an OCR/IDP layer (AWS Textract with a tuned post-processing layer) that extracted structured data from every document in the packet — incorporation details, UBO names, jurisdictions, dates, sanctions identifiers. Stage two was a Claude-based reasoning step running against a RAG index of the client’s own KYC policy, jurisdiction-specific rules, and sanctions list snapshots, which produced a structured risk summary per packet with explicit citations back to the source documents. Stage three was a routing layer that classified packets as clean, flagged, or edge case.

Clean packets went to a human reviewer with a one-page summary and a pre-filled checklist — review time dropped to under 15 minutes. Flagged packets came with a list of the specific concerns and the policy clauses they triggered. Edge cases were routed to a senior compliance officer with the full reasoning trace attached.

We scoped the human-in-loop carefully. Every approval decision stayed with a named human reviewer, every reasoning step was logged with citations, and the compliance officer kept a daily 5% sample audit for the first three months to verify the AI’s classifications. We worked with the client’s external auditor before go-live to confirm the audit trail met their evidentiary standard.

Full story

How we delivered

Weeks 1-3: scoping with the regulator in the room

Before we wrote a line of code we ran a scoping workshop with the head of compliance, the external auditor, and the client’s general counsel. The output was a written boundary document: what the pipeline would do, what it would not do, what the audit trail needed to contain, and what would trigger a manual override. That document became the spec.

Weeks 3-6: the document and reasoning layers

We built the OCR/IDP layer on AWS Textract with a tuned post-processing pass for the document types that mattered most. The RAG layer was indexed against the client’s KYC policy, the FCA and FinCEN guidance the policy referenced, and weekly sanctions list snapshots. The reasoning step ran on Claude with a tight system prompt requiring citation back to the source document for every claim in the risk summary.

Weeks 6-9: routing and the human interface

The routing layer classified packets as clean, flagged, or edge case based on the structured risk summary. We built the reviewer interface inside the client’s existing case management tool so compliance officers were not switching contexts — they saw the one-page summary, the citations, and the source document side by side.

The inflection point

In week 7 we caught the model citing a sanctions list snapshot that was three days stale. The packet would still have been correctly flagged, but the citation was wrong. We tightened the index refresh job to hourly and added a freshness check that surfaces in the audit log. It was the kind of thing a less-careful build would have shipped past.

Weeks 9-11: parallel run and cutover

We ran the pipeline in parallel with the existing process for two weeks, comparing classifications on every packet. The model agreed with the human reviewer on 96% of clean packets and surfaced two issues the human had missed on flagged packets. The audit caught zero false-negatives on the edge cases. Cutover happened at the end of week 11.

What ongoing looks like

  • Daily 5% sample audit for the first three months, dropped to 2% after
  • Weekly review of any packet the model and human disagreed on
  • Monthly retraining against new jurisdiction overlays and policy changes
The results

Outcomes that matter

5d to 4h
Review time
-93%
Time to decision
100%
Human approval retained
380 to 0
Backlog cleared
11
Weeks to production
5%
Audit sample

Want results like this?

Book a discovery call and we will scope the right path for your goals.

Book a Call Talk to sales