HomeBlogKnow Your Agent: Why AI in Compliance Creates a New Identity Problem
AIKYAcompliance

Know Your Agent: Why AI in Compliance Creates a New Identity Problem

7 July 202610 min readFirst Mile Labs

Compliance has spent thirty years building an identity architecture around two kinds of actor: natural persons and legal entities. KYC for the humans. KYB for the companies. Every control, every audit trail, every regulatory framework assumes that behind every action in a financial system there is one of those two things — a person or an entity — that can be identified, verified, and held accountable.

That assumption is now breaking.

AI agents — systems that don't just recommend but act — are entering financial workflows at speed. They're reviewing KYC cases, clearing AML alerts, unwrapping UBO structures, initiating payments, and interacting with customers. JPMorgan is deploying an agentic AI onboarding system targeted to compress a five-day KYC process to under one minute. (Source: Risk.net, reported via TechAhead, 2026) ING is rebuilding its client due diligence workflows around agents, drawing on registry and behavioural data the bank already holds rather than asking clients for it. Gartner expects 40% of enterprise applications to embed task-specific AI agents by the end of 2026, up from less than 5% in 2025. (Source: Gartner, 2025)

Which raises a question that most compliance frameworks cannot currently answer: when an agent takes an action in a regulated workflow, who took that action?

This is the identity problem that "Know Your Agent" — KYA — exists to solve. And for compliance teams, it's arriving faster than the frameworks are.


A third category of actor

The reason KYA matters isn't that AI agents are new technology. Compliance has absorbed new technology before. It's that agents break the identity model itself.

A traditional automated system — a screening engine, a rules-based monitoring tool — is a deterministic instrument. It does exactly what its configuration says, every time. When it acts, the "who" is straightforward: the institution that configured it. The system is a tool, and tools don't have identity problems.

An agent is different in kind. It plans. It chooses between approaches. It calls other tools, queries data sources, and takes multi-step actions toward a goal — often in ways that weren't explicitly scripted. Two runs of the same agent on the same case may take different paths. That autonomy is exactly what makes agents useful, and exactly what makes the old identity model insufficient.

When an agent clears an AML alert, the question "who cleared this alert?" now has several possible answers: the institution that deployed the agent, the vendor that built it, the model provider underneath it, the employee whose instruction triggered it, or the agent itself. In an examination, "the system did it" has never been an acceptable answer — and with agents, working out what the acceptable answer even looks like requires infrastructure most institutions haven't built.

KYA is that infrastructure. In its emerging form, it combines four things: verified agent identity (what is this agent and who operates it), authority binding (what is it permitted to do, and on whose behalf), runtime controls (what stops it exceeding that authority), and tamper-evident audit (a complete, provable record of what it did and why). (Source: Stablecoin Insider, KYA in 2026, February 2026)

If that structure sounds familiar, it should. It's the same conceptual shape as KYB: verify the entity, establish who controls it, understand what it's authorised to do, monitor it continuously. The industry has started using the phrase "Know Your Agent" precisely because the problem rhymes with the ones compliance already knows how to solve.


The market is moving before the regulation

What makes this moment unusual is that the commercial infrastructure is being built ahead of any regulatory mandate — a reversal of how compliance frameworks normally develop.

Across the identity and payments ecosystem, KYA frameworks are already taking shape. Some are built around the concept of a verifiable agent passport — a tamper-resistant identity token that ties an agent to the verified business behind it, extending KYB principles to a new category of actor. Worldpay has announced it will use KYA to help merchants verify AI agents at checkout. (Source: Testlio, December 2025) Skyfire, founded by former US Bank executives, has launched a KYA framework in which registered agents go through provider review, operational policy review, purpose verification, and security checks before being assigned a verified agent ID that counterparties can check at transaction time. (Source: Stellagent, April 2026) Visa and Mastercard are advancing competing protocols for agent-initiated payments.

A further school of thought centres on human binding — the principle that an agent's activity should be explicitly authorised by a verified real person, with authorisation and responsibility always traceable to that human, verifiable dynamically when risk arises.

These are different architectures answering the same underlying question: how do you extend identity, authority, and accountability to a category of actor that is neither a person nor a company? No single standard has been established yet — the industry is in a transitional period where multiple protocols coexist. (Source: Stellagent, April 2026)

For compliance leaders, the takeaway isn't to pick a winner. It's to recognise that agent identity is becoming a real infrastructure layer, and the institutions that understand it early will be the ones writing their own requirements rather than inheriting someone else's.


The regulatory position: no new rules, but no escape either

The UK regulatory position on AI is often summarised as "no AI rulebook" — and that's accurate, but dangerously incomplete.

The FCA has been consistent that AI in financial services sits inside existing frameworks: Consumer Duty, SMCR, operational resilience. What's less appreciated is how demanding that position actually is. FCA Executive Director Sheldon Mills confirmed in January 2026 that SM&CR accountability remains fully applicable to AI-driven decision-making — responsibility for AI-driven outcomes sits with the financial institution deploying them. (Source: IBS Intelligence, April 2026) FCA Executive Director David Geale told the Treasury Committee that individuals are "on the hook" for AI harm under SMCR. Delegating a decision to an algorithm does not transfer the liability to the algorithm or the vendor. (Source: Aveni, AI Governance in UK Financial Services, April 2026)

Translate that into the compliance context: if an AI agent approves a corporate onboarding case that later turns out to involve a sanctioned UBO, a named senior manager is personally accountable for that decision — a decision they didn't make, didn't review, and may not be able to fully reconstruct. That is the accountability gap KYA exists to close.

And the ground is shifting further. The Bank of England's February 2026 industry roundtables noted that traditional human-in-the-loop validation is increasingly acknowledged as untenable for complex AI models — the human-in-the-loop concept is itself being challenged by agentic AI. (Source: Bank of England AI roundtables summary, February 2026) The FCA's March 2026 Payments Regulatory Priorities report stated, for the first time, that the regulator will consider whether change or development of regulation is needed to support agentic AI payments — a notable step beyond its established technology-neutral position. (Source: Payment Expert, March 2026) The Mills Review, launched in January 2026 and reporting to the FCA Board this summer, is explicitly examining agentic AI. And the EU AI Act's high-risk provisions take full effect in August 2026, bringing explainability and human oversight requirements that apply to any UK firm whose AI systems touch EU markets or customers.

The direction of travel is unmistakable. Not an AI rulebook — but a rising evidentiary bar for exactly the questions KYA answers: what did the agent do, under whose authority, and how do you prove it?


What this means operationally

Here is where the gap between AI adoption and AI governance becomes concrete. The FCA and Bank of England's joint research found 75% of UK financial services firms already using AI — but only 2% of AI use cases run without human sign-off on individual decisions. (Source: FCA / Bank of England joint AI survey, November 2024) An NVIDIA survey of over 800 financial services firms found only 21% had actually put AI agents into live production. (Source: NVIDIA, January 2026)

The bottleneck isn't the technology. It's that most institutions cannot yet answer the governance questions that come with it. Having operated compliance workflows through several generations of automation, these are the five questions I'd expect any examiner — or any second line worth its salt — to ask about an agent in a regulated workflow:

1. What is this agent's identity and provenance? Not "we use an AI tool" — specifically: which agent, which version, built by whom, running on which model, changed when. A compliance decision made by version 2.3 of an agent needs to be attributable to version 2.3, not to a vague notion of "the system." Model updates change behaviour; if you can't tie decisions to versions, you can't explain historic decisions at all.

2. What is it authorised to do — and where is that written down? An agent that can gather registry data, assemble a case file, and draft a recommendation is one risk profile. An agent that can approve onboarding, clear alerts, or file a SAR is a fundamentally different one. The boundary between "prepares the decision" and "makes the decision" needs to be explicit, documented, and enforced at the system level — not implied by how the team happens to use the tool.

3. Who is the accountable human, per decision? Under SMCR this is not optional. Every agent action in a regulated workflow needs to map to a named individual with genuine oversight capability. "The head of compliance owns AI" is a statement of intent, not a control. The mapping has to survive contact with a specific case: this decision, this agent, this accountable person, this evidence of oversight.

4. What does the audit trail actually capture? An activity log ("agent accessed Companies House at 14:32") is not a decision trail. What regulators increasingly expect is the reasoning record: what the agent was asked to do, what information it gathered, what it concluded, and why. Sampling won't survive either — the Bank of England roundtables flagged that traditional sampling-based validation doesn't scale to systems making thousands of decisions a day. The expectation is heading toward interaction-level records, not spot checks.

5. What are the boundaries and the kill switch? What happens when the agent encounters a case outside its competence? Does it escalate, or does it guess? Can you halt it immediately if behaviour drifts? The Bank of England has specifically raised the need for kill switches in the context of autonomous agents. (Source: Burges Salmon, July 2026) An agent without a tested stop mechanism is an operational resilience finding waiting to happen.


The uncomfortable parallel

There's a pattern here that anyone who has worked in compliance operations will recognise, because we've lived through it once already.

When KYC automation arrived, institutions bought tools faster than they built governance. The result was a decade of remediation: lookback exercises, s166 reviews, fines for systems that were deployed without anyone being able to explain what they actually did. Monzo's £21 million fine and Starling's £29 million fine were, at root, governance failures — controls that didn't keep pace with growth and technology. (Source: FCA enforcement notices, 2024–2025)

Agentic AI is arriving with the same adoption curve and higher stakes, because this time the technology doesn't just process — it decides. The institutions that treat agent governance as a launch prerequisite will avoid the remediation cycle. The ones that bolt it on afterwards will relive it, with SMCR personal accountability attached.

The good news is that compliance teams are better positioned for this than they think. The conceptual toolkit already exists — it's the same one used for KYB. Verify the actor. Establish who controls it. Define what it's authorised to do. Monitor continuously. Keep evidence that survives examination. The actor is new. The discipline isn't.


Where this leaves compliance teams

Know Your Agent is not yet a regulatory requirement, and nobody should pretend otherwise. But the components of it — agent identity, authority binding, accountable humans, decision-level audit — are already regulatory expectations under existing frameworks the moment an agent touches a regulated decision. The FCA has simply declined to write a new rulebook for something its existing rulebook already covers.

For compliance leaders evaluating or deploying AI agents this year, the practical agenda is clear: maintain a register of every agent in your workflows and what it's authorised to do; map each one to a named accountable senior manager; demand decision-level audit trails from any vendor, not activity logs; define and test escalation boundaries and stop mechanisms; and treat agent identity as part of your identity architecture, alongside KYC and KYB — not as an IT procurement detail.

The institutions that get this right won't just be defensible. They'll be the ones able to deploy agents aggressively, because their governance can keep pace with their ambition. In compliance, the ability to prove control has always been the real enabler of speed.

KYC told us who the customer is. KYB told us who the company is. KYA will tell us who — and what — is acting on their behalf. The third pillar is being built now, and compliance teams have a rare opportunity to be early to a framework instead of remediating their way into it.


First Mile Labs builds KYB/KYC orchestration and configurable risk decisioning infrastructure for banks and fintechs — with decision-level audit trails designed for the way compliance is examined, not just the way it's automated. If you're thinking through AI governance in your onboarding workflows, talk to us.

Previous
The False Positive Spiral: How Over-Conservative Risk Rules Are Costing Banks Good Customers

See automated KYB in practice

Book a demo and walk through a live KYB case from application to decision.

Request a demo →