KYC Now Decides Who Gets Approved, and Who Walks Away

If identity verification decides who gets approved, how fast onboarding clears and where a company can expand, why is it still treated like a compliance back office?

That is the sharper question inside PYMNTS Intelligence research done with Trulioo, according to PYMNTS. The research says the way companies organize KYC, KYB and emerging KYA functions can affect operating costs, approval rates and expansion opportunities at least as much as traditional fraud prevention.

Why is KYC suddenly a revenue gatekeeper rather than a compliance file?

KYC used to be judged mainly by two questions: did it satisfy regulators, and did it block enough fraud? Those questions still matter. But they’re no longer enough.

The PYMNTS and Trulioo research points to a broader reality: identity operating models now shape conversion, customer experience and long-term growth. If a legitimate customer or business gets delayed, escalated or rejected, the identity system has made a commercial decision, even if the company calls it a compliance decision.

That puts KYC, KYB and KYA in the same category as payments infrastructure, risk engines and onboarding flows. They decide who enters, who waits and who leaves.

The tension is simple. Tighter checks can reduce fraud and regulatory exposure. Clumsy checks can also reject good users, raise support costs and slow expansion. XOOMAR analysis: identity strategy is becoming less about whether a company can check a box, and more about whether it can separate risk from friction at scale.

That same infrastructure question sits near the launch problems we covered in Embedded Finance Platforms Can Make or Break Your Launch, where operational design choices can shape how quickly financial products reach users and partners.

Which identity metrics now belong in operating reviews?

The research gives executives a harder metric than “compliance passed”: cost per review.

The gap persists even among companies in the same revenue bands, according to PYMNTS. Scale alone does not explain it.

That matters because identity verification is no longer an occasional event. Digital platforms continuously onboard consumers, merchants, gig workers, suppliers and marketplace participants. A few dollars per review can become a material cost when volumes rise.

The bigger finding is not that outside providers are cheaper. The research does not prove that external-only models are always better. It does show that internal-heavy models carry higher average review costs while also reporting greater operational challenges in several categories.

Executives should be tracking more than fraud losses. The identity scorecard now needs:

• Approval rates: How many legitimate users pass without avoidable friction.
• Manual review rates: How much work still depends on human intervention.
• False positives: How often good customers or businesses get slowed or rejected.
• Cost per verification: Whether identity spend scales cleanly.
• Market readiness: Whether the same model can support expansion without rebuilding controls.

The most commercially painful metric may be false positives. Forty-three percent of firms operating internal identity teams report false-positive friction, substantially higher than organizations using hybrid or external approaches. Every unnecessary decline is a lost relationship, not just a risk-team artifact.

Why does KYB break faster than consumer KYC as platforms expand?

KYB carries a heavier burden than consumer KYC because business identity changes over time and often depends on layered information. Trulioo’s related identity trend research points to dynamic and continuous KYB that analyzes ownership structures, business behavior and digital footprints to reflect real-time risk changes.

That is a different problem from confirming a consumer’s identity at onboarding. A business can change control, alter behavior or present a profile that looks legitimate on the surface while hiding risk underneath.

Trulioo senior product manager Mayank Sarkar described one version of that threat:

“Synthetic business fraud is different. It involves the meticulous creation of entirely fictitious entities,” said Mayank Sarkar, Trulioo senior product manager. “Bad actors will skillfully combine elements of real data that is stolen or has been compromised, and combine that with entirely fabricated information, resulting in a business profile that looks completely authentic on the surface and very difficult to detect using traditional checks.”

That quote explains why KYB is becoming a growth bottleneck. Marketplaces, payment companies, B2B fintechs and embedded finance providers need to onboard businesses fast. But speed without strong business verification can raise exposure, while overly manual KYB can trap firms in slow, high-touch review models.

XOOMAR analysis: the strategic KYB question is no longer “does this company exist?” It is “who controls it, how is it behaving and does the relationship still fit the risk profile over time?”

How does KYA change identity from checking users to governing software?

KYA, or know your agent, adds a new identity layer for AI agents, bots, delegated software and automated workflows that act for people or businesses.

Trulioo frames KYA as part of the AI era, where companies need to verify not only humans but also the agents acting on their behalf. Its trend research says emerging KYA frameworks focus on who coded each agent, what permissions it holds and how it behaves in real time.

Trulioo Chief Technology Officer Hal Lonas put it directly:

“KYA will help determine if there’s a bad actor behind the agent, if that person or business was allowed to create it and if it has permission to make a particular purchase.”

That moves identity beyond names, documents and business records. It pulls in permissions, provenance, behavioral monitoring and audit trails for non-human actors.

The PYMNTS research shows why this is becoming urgent. Internal teams report a 53% KYA incident rate, while hybrid models report 28%, nearly cutting that figure in half.

The research does not define every type of incident. That matters. But the direction is clear enough: companies that rely only on internal identity operations may struggle when the subject being verified is no longer a person or a business, but software acting with delegated authority.

This connects directly to the broader governance problem in our bot governance coverage: once automated actors start making decisions or initiating activity, identity checks have to answer who stands behind the machine.

Why can't banks, fintechs, regulators and customers agree on the same good identity check?

The same verification event serves different masters.

Compliance officers want defensible controls. Fraud teams want better detection. Product leaders want fewer onboarding drop-offs. Finance chiefs want lower review costs and higher conversion. Customers and merchants want access now, and they usually don’t care whether the delay came from a database check, document review or internal policy queue.

Regulators, based on the source material, are pushing companies toward auditable and adaptable workflows across changing requirements, including references in Trulioo’s trend research to the EU’s Anti-Money Laundering Authority (AMLA) and local FinCEN updates. The point is not that every firm faces the same rulebook. It’s that identity systems have to adjust without becoming operational sludge.

Vendors are responding by selling more than one-off checks. The source material points to orchestration, AI-powered fraud intelligence, reusable KYC and continuous KYB as identity tools that connect compliance, product and risk work into a more unified model.

XOOMAR analysis: the winning model is unlikely to be pure outsourcing or pure internal control. PYMNTS’ data makes hybrid identity architecture look like the more interesting middle path, because it lets firms retain governance and policy oversight while drawing on external verification technologies, data sources and automation.

How did one-time onboarding become continuous identity infrastructure?

Earlier identity programs were built around fixed moments: open the account, verify the customer, file the evidence. Digital onboarding broke that model.

PYMNTS says digital platforms continuously onboard consumers, merchants, gig workers, suppliers and marketplace participants. Trulioo’s related trend research extends that idea into reusable KYC, dynamic KYB and KYA for agentic commerce.

That shift changes the operating question. A one-time gate can miss later changes in ownership, behavior or permissions. A fragmented set of identity tools can also create inconsistent risk decisions and higher manual review needs.

The newest phase is not about adding more checks everywhere. That would crush conversion. It is about routing the right checks to the right risk at the right time, then updating the risk view as facts change.

Which evidence will show whether identity teams are winning or just adding layers?

The next phase of identity verification should be judged by evidence, not vendor language.

Watch for three signals.

• Cost compression: If hybrid or external-heavy models keep reducing average review costs without raising incidents, boards will push harder against expensive internal-only setups.
• False-positive reduction: If firms can cut the 43% false-positive friction reported by internal teams, identity will show up directly in conversion and customer acquisition economics.
• KYA maturity: If the 53% internal-team KYA incident rate falls toward the 28% reported by hybrid models, agent identity will move from experiment to board-level control.

The thesis is practical: firms that treat identity as infrastructure should be better positioned to approve good customers, block bad actors and enter new markets with less operational drag. The evidence that would weaken that thesis is equally clear: if lower-cost models produce weaker controls or if KYA incidents rise despite orchestration, companies will have swapped one form of complexity for another.

Disclaimer: This XOOMAR analysis is for informational and educational purposes only. It is not financial, investment, legal, tax, or professional advice. It does not provide buy, sell, hold, price-target, portfolio, or personalized recommendations. Verify information independently and consult qualified professionals before making decisions.

The Bottom Line

• Identity checks now influence whether legitimate customers and businesses are approved, delayed or rejected.
• Poorly designed KYC, KYB and KYA workflows can raise costs and slow market expansion.
• Companies that reduce friction without weakening risk controls may gain a competitive onboarding advantage.