It begins, as many modern financial journeys do, with a form. Or rather, a series of forms— uploaded, notarized, signed, re-signed, and submitted again because someone mistyped the middle initial of your father’s name. Know Your Customer, the mantra goes. The promise is simple: if institutions can truly understand who they’re dealing with, they can prevent financial crime, money laundering, and a host of other ills.
In theory, KYC is elegant. In practice, it’s a little like introducing yourself to a room full of mirrors, each one asking for a reflection slightly different than the last.
A friend of mine, newly hired as a KYC analyst at a well-known European bank, put it plainly: “I spend most of my time asking decent people for documents they already sent.” She laughed, but not unkindly. “It’s less about knowing, more about re-knowing, and then knowing again, just to be safe.”
The Risk-Based Dream That Drowned in Paper
The irony isn’t lost on anyone in the field. KYC is built on the ideal of proportionality, apply scrutiny where it’s due, ease up where it isn’t. The retiree in Rotterdam should not face the same checks as the oil trader in Dubai. The frameworks say this. Regulators say this.
And yet, inside institutions, the guiding logic often becomes ‘ask for everything, from everyone, just in case’. Internal policy tends to outrun external regulation. It’s not because people don’t understand proportionality, but because discretion is dangerous in systems where mistakes are punished harder than excess.
So risk-based becomes risk-averse. Efficient becomes exhaustive. Clients, especially international ones, quickly find themselves buried in documentation requests that feel more like a trust fall gone wrong.
When Trust Left the Building
Not so long ago, banking was about memory. A client’s history meant something, the length of relationship, past behavior, a sense of who they were. There was space for human judgment, and yes, for trust. Now, even legacy clients are treated like strangers at every refresh.
Part of this is systemic. Siloed databases don’t communicate. Onboarding teams rotate. And risk appetite, once a nuanced dialogue, has hardened into a checklist with no room for familiarity.
This erosion of relational context isn’t a minor administrative issue; it’s a cultural loss. The space once filled by trust has been overtaken by templates, by cold repetition. It leaves clients frustrated, and KYC professionals feeling like glorified box-tickers. Everyone knows it wasn’t meant to be this way.
Empathy as a Control
And here’s a quieter point — the one that doesn’t always make it into risk matrices or onboarding workflows: empathy.
KYC may appear clinical — a set of rules and documents — but beneath it lies the beating heart of any institution: people. And people, inevitably, come with culture, complexity, and context. Their lives rarely unfold in tidy timelines, and their financial journeys don’t always conform to local templates.
Take, for instance, a personal episode. I was transferring funds from my Indian account to my Dutch bank, a straightforward effort to repay part of my mortgage here in the Netherlands. Nothing unusual, or so I thought. But the KYC analyst reviewing the transaction seemed puzzled, even suspicious. “Where did this money come from?” they asked. Then came the follow-up: “If you have this much money, why are you working in Europe?”
The question, while not ill-intentioned, missed the point. Like many professionals in global industries, I’d spent over 15 years working across the Middle East before moving to the Netherlands as a highly skilled migrant. The transfer wasn’t sudden wealth or shadowy income, but the long, steady result of years of work, now being used responsibly. But to the analyst, divorced from that context, it raised a flag.
It wasn’t the question that frustrated me. It was the absence of understanding. Of pause. Of perspective.
This is, I suspect, the story behind many of the recent regulatory reprimands in Europe. Not willful misconduct, but a lack of cultural literacy. Too often, clients from certain regions are flagged not because they are riskier, but because they are less understood. Differences in naming conventions, address formats, or the nature of transnational careers can all become misinterpreted signals.
Empathy, it turns out, is not just a soft skill. It’s a control.
When the Machines Arrived
Technology was meant to save us. And, in fairness, it has helped. Automated ID verification, real- time screening, pattern recognition – these things matter.
But even automation has its traps. Many of the tools introduced to reduce friction have made it easier to request more, not less. Just one more field. One more upload. One more justification. Why risk a judgment call when the system will ask for everything automatically?
So instead of elevating decision-making, tech sometimes suffocates it. Analysts, reduced to intermediaries between systems and clients, struggle to inject nuance into interactions designed to be fast, not thoughtful.
Regulation and the Art of Overcorrection
Then there’s the regulator – watching, advising, occasionally fining.
To be fair, European AML frameworks are among the world’s most mature. They encourage a thoughtful, risk-based approach. They ask institutions to know their clients in a meaningful way.
But the gap between what is written and what is practiced is widening. Institutions, eager to stay on the safe side, over-implement. One bank’s interpretation becomes another’s gold standard, and soon, everyone’s playing a game of defensive compliance.
Regulators call for proportionality; institutions deliver uniformity. And clients, caught in the middle, wonder why they’re proving their identity again when nothing has changed.
Outsourcing the Knowing: Who Watches the Screeners?
In a world of rising costs and shrinking headcount, it’s unsurprising that many firms now outsource parts of the KYC process. Third-party providers, onboarding utilities, and regtech solutions now do the “knowing” on behalf of institutions.
But here’s the uncomfortable truth: outsourcing the function doesn’t outsource the liability. And yet, oversight is often fragmented, if not superficial. Contracts govern service levels, not cultural alignment. Errors go unnoticed until they become issues.
This is where the EU’s Digital Operational Resilience Act (DORA) could be a quiet game-changer. Though designed with ICT in mind, its emphasis on third-party risk oversight has profound implications for KYC. Institutions will be forced to scrutinize not only what their partners do, but how, why, and with what ethical footing.
Outsourced trust, after all, still carries your name.
What Needs to Change
So what’s the way forward? Some of it is simple. Simplify. Streamline. Stop asking for more than you need. Make systems talk to each other. Give experienced staff permission to use their judgment. Ask whether a client’s story makes sense before asking for their rent agreement.
Some of it is harder. Invest in cultural fluency. Train teams not just in procedures, but in perspective. Redesign systems to capture the context, not just the content. Bring compliance and client service back into dialogue.
And at the top, institutions need to rediscover the courage to interpret policy sensibly. Compliance doesn’t have to mean overkill. Regulation doesn’t require suspicion. The goal is to protect, not to alienate.
The Bridge, Rebuilt
At its best, KYC is a bridge: between institutions and individuals, between data and discernment. It is a promise that fair players will be welcomed and protected.
What we need now is less rigidity and more reason. Less suspicion, more structure. Less bureaucracy, and more of what we once had, and still quietly want: a human being who sees you, listens for what matters, and says, “Yes, we know you.”
Maybe that’s the real future of KYC. Not something new, just something remembered.
Author Bio
Chris Thomas is an internal audit and risk management leader with nearly two decades of experience across banking, asset management, and fintech. He has worked in 15+ countries and held senior roles at Deloitte, Travelex, Cofra Holding AG, and Triodos Bank. Known for his practical, human approach to complex risk issues, Chris combines sharp insights with storytelling to build trust and drive meaningful change. Outside of work, he’s a cricket lover, movie and TV enthusiast, and an avid reader of legal and murder mysteries.