The Regulatory Shift

The Financial Action Task Force's updated recommendations, released in late 2024, represent the most significant revision to KYC standards in a decade. For the first time, regulators are explicitly endorsing AI-assisted verification as a primary tool — not merely a supplement to manual processes.

This shift has profound implications for how financial institutions structure their compliance operations. The era of treating automated KYC as a "nice to have" enhancement is over. Forward-thinking compliance teams are now rebuilding their workflows around automation-first principles.

"The guidance makes clear that explainable AI in verification decisions is not just permissible — it is the expected standard for demonstrating due diligence."

Enhanced Beneficial Ownership Requirements

One of the most impactful changes in the 2025 guidance is the enhanced treatment of beneficial ownership. Institutions are now expected to verify the ultimate beneficial owner down to a 10% threshold, down from the previous 25% in many jurisdictions.

This seemingly small change has enormous operational implications:

  1. Corporate structure complexity — Multi-tier holding structures that were previously acceptable may now require full unwinding to identify all beneficial owners above the 10% threshold.
  2. Ongoing monitoring — Beneficial ownership information must now be re-verified at least annually, and upon any material change to the corporate structure.
  3. Registry integration — Institutions are expected to cross-reference customer-provided ownership information against national and EU beneficial ownership registries.

73%

of compliance teams report that beneficial ownership verification is their biggest operational challenge in 2025

New Technology Standards

For the first time, FATF's guidance explicitly addresses the use of biometric verification, AI document analysis, and machine learning risk scoring. The guidance distinguishes between:

  • Baseline technology — OCR and automated document parsing, now considered standard practice
  • Enhanced technology — Biometric matching and liveness detection, expected for higher-risk customer segments
  • Advanced technology — ML-based risk scoring with explainable AI, required for designated non-financial businesses and professions (DNFBPs)

The explainability requirement deserves particular attention. Regulators are now expecting institutions to demonstrate not just what decision was made, but why — with a traceable, auditable chain of reasoning that a non-technical examiner can follow.

Practical Implications for Your Programme

Based on our analysis, here are the three highest-priority actions compliance teams should take in the next 90 days:

  1. Audit your beneficial ownership threshold — Map your current UBO verification process against the 10% threshold. Identify gaps in your corporate client portfolio and build a remediation plan.
  2. Review your technology stack for explainability — If you're using AI-based risk scoring, ensure your vendor can provide decision-level explanations. Models that cannot produce auditable reasoning trails will become a regulatory liability.
  3. Update your CDD policies — Your written Customer Due Diligence policy needs to reflect the enhanced requirements. Examiners will cross-reference your documented procedures against your actual technology and operational practices.

Looking Ahead

The 2025 FATF guidance represents an opportunity as much as a compliance burden. Institutions that embrace AI-assisted verification — with proper explainability and audit trails — will find themselves better positioned with regulators, operating at lower cost, and delivering superior customer experience.

The days of choosing between compliance rigour and operational efficiency are ending. Modern KYC infrastructure delivers both simultaneously. The question for compliance leaders in 2025 is not whether to adopt these technologies, but how quickly.