While artificial intelligence (AI) races ahead across the financial services sector, compliance specialists are warning that shortcuts in Know Your Customer (KYC) systems could expose companies to serious legal and regulatory risks.
Desigan Naidoo, executive manager: technology at LexisNexis, says that, although AI promises faster and more seamless customer onboarding, a failure to comply with Financial Intelligence Centre (FIC) requirements may uncomfortably expose organisations during audits or investigations.
He also addresses the tension between cutting-edge AI and the frameworks: “Tech tends to move in trends, as in what’s fastest and most advanced, but the tricky part comes in syncing that with the slower pace of regulatory systems.”
The risk arises when entrants to the KYC market promise seamless, data-minimal identity verification, such as simply going on a face as input. “These can offer faster, nicer customer experiences, so they’re attractive on the surface” he said, but added they often fall short on legislative protections and full compliance.
“The main stumbling block, as I’ve mentioned,” he continued, “is that the FIC’s focus is on compliance, rather than on technological advances. Also, laws require the permission of legislative bodies in order to move forward, whereas tech just speeds along, without waiting for anyone’s permission.”
This misalignment creates vulnerabilities for organisations that rely on unproven tools. “Following the correct process and ticking all the compliancy boxes may sound tedious, but it will save you a lot of cost and administrative headaches in the long run,” he advises.
For businesses that are dependent on robust KYC, particularly in finance, fintech, and related sectors, the risks are significant. Exciting-sounding “bleeding-edge” AI products may offer incomplete validation journeys. But Naidoo warns: “When you’re audited, those flags emerge, and ultimately, the responsibility rests with you, and not the supplier.”
Organisations should not simply base their comfort on what vendors tell them. Due diligence is essential.
Naidoo advises organisations to shift their mindset on KYC, from viewing it as a burdensome obligation to seeing it as a strategic opportunity: “Don’t chase the most cost-effective shortcut. Treat KYC as a way to assure customers that your operations and clientele are beyond reproach. This becomes a powerful selling point, in and of itself.”
Looking ahead, he stresses the need for internal expertise to navigate evolving technologies: “Growing organisations should have capabilities (maybe a CIO or dedicated team) to assimilate these tools, while still maintaining compliance.”
He notes that KYC intersects with numerous regulatory structures, including data protection laws such as POPIA and global standards, such as GDPR.
Naidoo believes that younger business practitioners, including those of Gen Z, prioritise ethical business practices, community impact, and transparency. “How you do business matters to them – not just profits, but your approach to ethics, competition, and society.”
Robust KYC demonstrates a commitment to preventing illicit activities such as money laundering and terrorism financing, so aligning with Financial Action Task Force (FATF) goals. “By championing ethical KYC, compliant organisations can signal that their values matter to them as much as revenue.”
This scrutiny is expanding beyond traditional accountable institutions under the FIC Act. Reporting institutions and supply chain partners now face similar due diligence as accountable entities vet their networks. “KYC is becoming the bare minimum to indicate ethical, legal, and compliant operations,” Naidoo observes. “It’s evolving into continuous monitoring throughout the business lifecycle – not just a one-off onboarding snapshot.”
The term “KYC” itself can be misleading, he adds. “It’s really more of a ‘know everybody’; customers, suppliers, vendors, and employees. It’s 360-degree due diligence.”
Internationally, especially where fintech and exports are concerned, expectations for KYC compliance are even higher than they are here, given the fact that we’re dealing with mature markets. “South Africa, while pragmatic, adopts best practices and implements them practically, balancing innovation with tangible ROI, within our current economic realities.”
Naidoo rejects some popular fear-based narratives around AI. “Marketing tends to push a pessimistic view: ‘Keep up with AI or be left behind.’ That view, which also arises from aggressive AI marketing, tends to hinder responsible adoption, however, turning it into a CV checkbox rather than a tool.”
Instead, he advocates viewing AI as an enabler: “It provides access to human knowledge in your own language, freeing people to offer more of their talents.”
From a local perspective, Naidoo sees immense potential. “With our economic imbalances, we can’t leave people behind. AI should be seen as a catalyst to empower and enable the struggling masses to create their own futures. We need to spread access widely, almost for free, because the societal return will far outweigh narrow commercial gains.”
Naidoo’s carefully weighs insights underscore a balanced path forward for this sector: “We should embrace innovation, but do so responsibly, with embedded ethics and law at the core. Strong KYC should be positioned as a competitive and societal advantage in an increasingly regulated world.”