Use case #0003

Regulatory Alignment: How Onboarding Head AI Keeps V-KYC / AML Compliant with ECB / EBA

The ECB / EBA's Video KYC / AML guidelines have been amended multiple times since the original 2020 framework — each amendment adding precision to requirements around agent qualification, network quality standards, document acceptance, consent recording, and audit trail maintenance. Each amendment creates a window during which lenders' V-KYC / AML processes are technically non-compliant if they have not been updated. The Onboarding Head AI closes that window automatically.

The Regulatory Landscape That V-KYC / AML Operates In

Video-based Customer Identification Process (V-CIP), commonly known as V-KYC / AML, was introduced by the ECB / EBA through an amendment to the KYC / AML ECB guide / EBA guideline in January 2020. Since then, it has been subject to several rounds of clarification and modification — through the EBA guideline on KYC / AML (Amendment) 2021, the digital lending guidelines of 2022 which added requirements for consent documentation in the lending context, and subsequent FAQs and clarificatory guidelines that carry operational force even though they are not formally titled as amendments.

The operational requirements that emerge from this body of regulation are precise and demanding. The V-KYC / AML agent must hold a specific qualification. The session must be recorded in its entirety with a specific retention period. The customer's live photograph must be matched against the national ID / eIDAS image using a certified facial recognition system. The geolocation of the customer must be captured. The connection must meet a minimum quality standard. The consent for recording must be obtained and documented before the session begins. The KYC / AML records must be stored in the EU. And the entire process must be auditable to a regulator on demand.

Each of these requirements is a compliance checkpoint. Each has been clarified, modified, or supplemented since the original framework. Keeping a V-KYC / AML process current against all of them — continuously, without waiting for the next inspection to reveal a gap — is the operational challenge the Onboarding Head AI is built to solve.

"The institution that discovers its V-KYC / AML process is non-compliant during an ECB / EBA inspection has paid for that discovery in the most expensive currency there is — supervisory credibility." — Onboarding Head AI · V-KYC / AML Compliance Module

The V-KYC / AML Compliance Checklist the AI Maintains

The Onboarding Head AI maintains a continuously updated V-KYC / AML compliance checklist mapped against the live text of the KYC / AML ECB guide / EBA guideline and all subsequent amendments. Every requirement is checked against the institution's current V-KYC / AML implementation — in the vendor system, in the process documentation, and in the audit trail records. Status is updated automatically when a new guideline is issued or when the institution's implementation changes.

Auto-Monitored

Agent Qualification & Training Requirements

KYC / AML MD 18(c)(iv)

V-KYC / AML agents trained on current process ✓ Training records maintained with dates ✓ Agent supervision log current ✓ Refresher training due in 34 days ⚠ Agent identity verification records ✓

Auto-Monitored

Session Recording & Audit Trail

KYC / AML MD 18(c)(ii)

100% session recording confirmed ✓ Recording retention — 5 years from onboarding ✓ Data stored in the EU (server certificates) ✓ Timestamp integrity verified per session ✓ 3 sessions in Oct missing geolocation tag ✗

Auto-Monitored

Facial Matching & Liveness Verification

KYC / AML MD 18(c)(iii) + UIDAI norms

national ID / eIDAS-based facial match: certified system ✓ Liveness check: anti-spoof certified ✓ Match score threshold ≥ 0.80 enforced ✓ Failed match escalation workflow documented ✓ UIDAI e-KYC / AML XML stored per session ✓

Monitored

Customer Consent & Disclosure Requirements

KYC / AML MD 18(c)(i) + Digital Lending Guidelines

Consent for recording obtained before session ✓ Consent in language preferred by customer ✓ Purpose of V-KYC / AML explained pre-session ✓ Consent wording audit pending (new MD Nov 25) ⚠ Consent withdrawal pathway disclosed ✓

Alert

Connection Quality & Technical Standards

KYC / AML MD 18(c)(v)

Minimum resolution threshold enforced ✓ Connection quality check at session start ✓ Low-bandwidth fallback not documented ✗ Session quality scoring: 4.1% below threshold ⚠ End-to-end encryption confirmed ✓

How Each ECB / EBA Amendment Gets Absorbed Into the V-KYC / AML Process

The regulatory change lifecycle for V-KYC / AML compliance is identical to the broader guideline absorption pipeline — but with two important additions specific to onboarding. First, every V-KYC / AML-related regulatory change is assessed for its impact on the borrower experience before it is operationalised. A new requirement that would add a step to the V-KYC / AML flow is accompanied by a UX impact assessment and a drop-off risk estimate. This prevents the common pattern of compliance changes being implemented without product review, creating unexpected conversion decline.

Second, regulatory changes to V-KYC / AML requirements trigger an automatic vendor compliance check — verifying whether the current KYC / AML vendor's system supports the new requirement. If a guideline requires a new type of document to be captured or a new consent disclosure to be made before the session, the Onboarding Head AI checks the vendor API documentation and, if the vendor system does not yet support the requirement, raises a vendor escalation before the compliance deadline rather than after.

Jan 2020

Original Framework

V-CIP (V-KYC / AML) Introduced via KYC / AML ECB guide / EBA guideline Amendment

ECB / EBA permits video-based customer identification as an alternative to physical KYC / AML. Core requirements established: agent qualification, session recording, facial matching, geolocation capture.

May 2021

Amendment Round 1

Document Acceptance Expanded; Retention Period Specified

Additional document types accepted for V-KYC / AML. Session recording retention period explicitly set at 5 years from onboarding date. Onboarding AI updated checklist and verified vendor storage configurations within 4 hours of publication.

Sep 2022

Digital Lending Overlay

Consent Documentation Requirements Added for Lending Context

Digital Lending Guidelines add specific consent disclosure requirements for V-KYC / AML in the loan origination context. Onboarding AI flagged 3 consent screen copy elements requiring update and raised a product ticket with exact revised language within 6 hours.

Nov 2025

Current Amendment — Active

Consent Language Precision Requirements & Low-Bandwidth Fallback Mandate

New guideline adds precision requirements for consent wording and mandates documented fallback procedures for below-threshold connections. Onboarding AI has flagged 2 open items (consent wording audit pending, low-bandwidth fallback documentation). Both have product tickets raised with 30-day resolution deadline.

Before and After: The V-KYC / AML Compliance Gap That Used to Exist

Without Onboarding Head AI

📅 Circular published — nobody assigned to read it for 2 weeks
🔄 Compliance team summarises — product team unaware for another week
⚠️ V-KYC / AML process runs non-compliant for 30–90 days on average
❌ Vendor system gap discovered only when implementation starts
🚫 No UX impact assessment — compliance changes cause drop-off spikes
📊 Compliance gaps discovered at ECB / EBA inspection — not before
😰 Retroactive log review required to determine period of non-compliance

With Onboarding Head AI

⚡ Circular captured within 2 minutes — V-KYC / AML impact assessed in 30 mins
🔁 Product, compliance & vendor all notified simultaneously — zero relay delay
✅ V-KYC / AML process updated before compliance deadline — zero gap period
🔍 Vendor API check run immediately — gaps flagged before implementation
📐 UX impact assessment runs before any compliance change goes live
📡 Compliance checklist current to yesterday — inspection-ready always
📋 Full V-KYC / AML audit trail maintained per session — regulator data room ready

30minTime from ECB guide / EBA guideline publication to V-KYC / AML compliance impact assessment

ZeroDays of non-compliant V-KYC / AML operations — gap eliminated by design

5yrV-KYC / AML session recording retention automatically verified per session

AlwaysCompliance checklist current — inspection-ready posture maintained

Compliance Is Not the Ceiling — It Is the Floor

A V-KYC / AML process that merely meets the ECB / EBA's minimum requirements is not a competitive advantage — it is the entry ticket. The Onboarding Head AI ensures that entry ticket is never at risk of being revoked by a compliance gap. That frees the product team to focus on what actually differentiates the onboarding experience: speed, clarity, borrower confidence, and the friction-free moment when a loan application becomes a loan disbursement. Compliance at baseline is automatic. Excellence above baseline is where the work gets interesting.