A banking customer is sitting at home with his laptop open in front of him. He connects an AI-powered financial assistant to his current account, closes his laptop, and picks up the paper. Over the next few days, the agent is quietly working away, monitoring his balance, detecting upcoming bills, and transferring money between accounts whilst he gets on with his life.
This is the reality of agentic AI in the not-too-distant future, and while it’s going to be a big-win for all of us struggling to find time for our personal finance admin, it’s a potential compliance minefield. But only if we’re unprepared.
The KYC problem
The problem isn’t the technology, rather, it’s that the architecture of financial compliance is built around the understanding that the source of every transaction is a verified human with genuine intent. Know Your Customer (KYC) is the bedrock of that architecture; developed on that understanding. However, in a world of AI agents, that is turned on its head.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
KYC inevitably breaks down when AI agents start to act autonomously, negotiating with service providers, switching tariffs, executing payments and so on, even though the instructions driving the agent’s actions are likely to have been set weeks or months ago.
KYC was built to verify who a customer is, not to track whether an agent is still doing what the customer actually wants. And as customers are beginning to step back from the transactions themselves, operating through AI at a supervisory level rather than an active one, the core of KYC comes under real pressure.
The stakes in retail banking are meaningfully higher than in institutional or wholesale settings. These are ordinary individuals, with consumer protections and limited financial resilience if something were to go wrong. For some customers, this could mean a missed mortgage payment or the shock of an empty account just before bills are due to be paid. The human cost is real and personal.
KYC must evolve
KYC will need to undergo some extensive revisions to operate effectively in this new world. KYC’s enduring strength has always been its insistence on putting the human at the centre, the individual who gives consent, carries accountability, and can be traced. Those instincts matter more than ever.
What is needed is not a complete reinvention of compliance, but a deliberate extension of its core principles to a new category of actor: Know Your Agent (KYA). KYA simply applies the same logic to a new kind of challenge.
Know Your Agent: extending existing principles, not replacing them
KYA isn’t here to stomp all over KYC. It’s here to extend the same core principles of identity verification, authority, and accountability to a new category. But where KYC was built in response to problems that had already emerged, refined over years of regulatory experience, KYA needs to be built ahead of the curve, before the problems it’s designed to prevent have had a chance to land.
The logic for KYA mirrors KYC closely. Just as a financial institution must verify a customer’s identity, confirm their authority to transact, and maintain an auditable record of that relationship, the same obligations should apply to any AI agent acting within the financial system. Every agent should carry a credential issued from the deploying institution, scoped to specific transaction types and value thresholds, and removable at the customer’s request. An agent’s mandate should be as readable to a compliance team as any customer’s account profile, leaving no grey areas.
Building the infrastructure now
At Moneyhub, this isn’t a theoretical debate. Our Smart Payments infrastructure, built on Variable Recurring Payments, already embeds KYA principles in practice: hard-coded consent rules, immutable transaction limits, and human-defined constraints that autonomous systems cannot breach. It is the architecture that makes agentic finance genuinely safe and genuinely trustworthy.
Let’s return to our customer from the opening: he eventually opens his laptop to find a payment he doesn’t recognise has been processed. He doesn’t care that the agent technically acted within its parameters. He wants to know who is at fault, who was watching, and whether anyone could have stepped in. Those are real, human questions, and they deserve a real, human answer.
KYA is how the industry ensures that answer is already there before the customer ever has to ask.
Nejc Korosec, Head of Compliance at Moneyhub
