A new customer submits their government ID and proof of address. Within minutes, GPT-4o Vision has extracted every field, an AML screening API has checked global watchlists, an AI risk score has been generated, and the onboarding decision has been made — with a full compliance audit trail.
2 hrs
saved/application
vs. manual review
<3 min
verification
end-to-end
100%
watchlist coverage
OFAC, EU, UN + 300 more
Full
AML audit trail
BSA/AML compliant
Typical build: 3–4 week sprint · Fixed price · Zero delivery risk
Trigger
Document upload
Avg runtime
<3 minutes
Compliance
BSA/AML + FINRA
A compliance analyst manually reviewing each ID document, running AML checks one by one, and writing up risk assessments burns 1–3 hours per application. At any volume, this becomes the bottleneck to onboarding.
Manually checking 300+ global watchlists is not feasible. Missed PEP hits or sanctions matches expose your FinTech to regulatory fines, licence revocations, and reputational damage that can't be undone.
Regulators require a timestamped record of every KYC decision. Manual processes produce inconsistent, incomplete records that fail BSA/AML audits. One gap in your compliance trail can trigger enforcement action.
This is the actual workflow Kovil AI builds and deploys — not a diagram. Here's what runs inside every node.
The customer uploads two documents via a secure web portal: a government-issued photo ID (passport, driver's licence, national ID card) and a proof of address document (utility bill, bank statement, council tax letter, dated within 90 days). n8n's webhook receives the file payloads and stores them in encrypted S3 storage. Supported formats: PDF, JPG, PNG, HEIC.
GPT-4o Vision processes both documents simultaneously. For the photo ID, it extracts: full legal name, date of birth, document number, issue date, expiry date, issuing country, and MRZ (machine readable zone) data. For proof of address, it extracts: name, address, document date, and issuing institution. Confidence scores are generated per field — low-confidence extractions are flagged for manual review.
The extracted name, DOB, and nationality are submitted to Jumio or Refinitiv World-Check for AML/PEP screening. The API checks against: OFAC SDN list, EU consolidated sanctions, UN sanctions, PEP (politically exposed persons) databases, adverse media sources, and global law enforcement lists. Results are returned with match confidence scores and matched entity details.
A Python risk scoring model combines: AML screening results, document authenticity signals from GPT-4o Vision, completeness of extracted data, geographic risk (customer country vs document country), and any adverse media flags. The output is a KYC risk score from 1–100 with a written risk summary. Thresholds are configurable: <30 auto-approve, 30–70 enhanced due diligence, >70 escalate to compliance officer.
Based on the risk score and any hard-stop flags (direct sanctions match, expired document, name mismatch), the decision engine routes the application: auto-approved customers receive an onboarding confirmation email immediately; EDD queue customers receive a request for additional documentation; escalated applications are routed to the compliance officer with a full context packet.
Every step of the KYC process is written to an immutable compliance log: document upload timestamps, GPT-4o extraction outputs and confidence scores, AML API response codes, risk score with model version, decision outcome, and the identity of any human reviewer. This log satisfies BSA/AML, FINRA, and international KYC regulatory requirements.
ID extraction
Extracts structured data from government IDs and address documents. Handles 150+ document types across 190+ countries.
AML screening
Global AML, sanctions, PEP, and adverse media screening. Covers OFAC, EU, UN, and 300+ additional watchlists.
KYC scoring
Custom risk scoring combining AML results, document signals, and geographic risk factors. Configurable thresholds per product.
Orchestration
Manages the full pipeline, API calls, decision routing, notification delivery, and retry handling.
CRM + audit
Stores the complete customer verification record, decision, and compliance documentation.
Notifications
Auto-approvals, EDD document requests, compliance escalation alerts — all delivered from your domain.
Kovil AI scopes, builds, tests and deploys this workflow end-to-end. Your compliance team reviews the audit trail on day one.
GPT-4o Vision supports 150+ government ID types across 190+ countries including passports, national IDs, driver's licences, residence permits, and military IDs. The extraction prompt is tuned for each document family. New document types can be added by updating the extraction prompt without rebuilding the pipeline.
The standard build screens against OFAC SDN, EU consolidated sanctions, UN Security Council sanctions, HM Treasury (UK), and PEP databases. The Jumio/Refinitiv integration covers 300+ global watchlists. Your compliance team can specify additional lists during the scoping phase.
All documents are encrypted in transit and at rest. PII extracted by GPT-4o Vision is never stored in plain text in the workflow logs. Documents are deleted from temporary storage after 24 hours post-decision. Audit logs contain only hashed identifiers and decision metadata, not raw PII.
Any AML hit with a match confidence above the configured threshold triggers an immediate hard stop — the application is not auto-processed. A compliance officer is alerted via email and Slack with the full match details, applicant information, and AML API response for manual review before any onboarding decision is made.
Book a 30-minute discovery call. We'll scope the KYC/AML workflow for your document types, risk thresholds, and compliance requirements — fixed price, zero delivery risk.
Typical sprint: 3–4 weeks · Fixed-price · Fully managed delivery · Post-launch support included