TL;DR: KYC onboarding and AML screening increasingly need to work as a single operational flow, especially as neobanks and digital financial services move verification into real time, according to Veriff. The governance challenge is not just customer experience; it is keeping identity, risk, and compliance checks aligned before bad actors move money.
NHIMG editorial — based on content published by Veriff: Mastering KYC onboarding: Your ultimate guide with a comprehensive checklist
By the numbers:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, 46% confirmed and 26% suspected.
- Only 5.7% of organisations have full visibility into their service accounts.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
Questions worth separating out
Q: How should organisations design KYC onboarding for digital banking customers?
A: Organisations should design KYC onboarding as a staged trust decision with separate controls for identity proofing, AML screening, and account activation.
Q: Why do KYC and AML controls need to stay distinct?
A: KYC and AML controls answer different governance questions.
Q: What breaks when onboarding decisions are made too quickly?
A: When onboarding decisions are made too quickly, organisations often activate accounts before risk signals are fully assessed or exceptions are routed correctly.
Practitioner guidance
- Separate identity proofing from AML decisioning Define which checks establish who the customer is and which checks determine whether the relationship is acceptable from a financial-crime perspective.
- Map onboarding exceptions to explicit escalation paths Create clear triggers for manual review, enhanced due diligence, and delayed activation when verification signals are incomplete or inconsistent.
- Tune verification depth by product and geography Apply stronger checks where regulatory exposure, payment capability, or fraud risk is higher.
What's in the full article
Veriff's full guide covers the operational detail this post intentionally leaves for the source:
- Step-by-step KYC onboarding checklist for customer verification workflows.
- Practical guidance on building a digital-first onboarding process for neobanks.
- Examples of how to combine identification, verification, and risk checks in one workflow.
- Operational detail on customer onboarding choices that reduce friction without removing controls.
👉 Read Veriff's guide to mastering KYC onboarding and checklist design →
KYC onboarding, AML screening, and verification gaps in practice?
Explore further
KYC onboarding is a trust-allocation problem, not a form-completion problem. Financial institutions often describe onboarding as a verification journey, but the real governance decision is how much operational trust to grant before the first transaction. That distinction matters because identity evidence, AML screening, and product activation are separate control layers with different failure modes. Practitioner conclusion: treat onboarding as a staged trust decision, not a single approval.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
A question worth separating out:
Q: Who should be accountable for customer onboarding risk?
A: Accountability should sit with a named owner for the full onboarding trust decision, not just with the team that performs document checks. IAM, compliance, and fraud functions all influence the outcome, so ownership must cover escalation rules, review thresholds, and activation policy. Without clear accountability, exceptions tend to fall between teams rather than being resolved.
👉 Read our full editorial: KYC onboarding and money-laundering controls are still converging