Financial services & regulated onboardingPattern: routing

    Onboarding & KYC agent

    We design, build and deploy an AI agent that classifies each onboarding document, routes it to the right check, reconciles identity, address and the application form, and hands your compliance officer a clean, evidenced KYC packet — while the accept-or-refer decision stays with a human.

    Onboarding & KYC agent — documents read, cross-checked and verified by an AI agent

    At a glance

    Business valueHigh

    Onboarding is where deals stall and where AML/CDD risk enters — faster, consistent verification wins customers you lose to slow sign-up and closes the gaps a BNM audit looks for.

    Build complexityMedium–high

    A routing front-end into per-document checks, vision/OCR on MyKad and utility bills, sanctions/PEP lookups, and BNM AML/CFT + PDPA-grade controls and audit trail.

    Time to live~a few weeks (one onboarding flow)
    Best fitBanks, fintechs, insurers & any regulated business onboarding new customers

    What changes when it works

    Win customers you lose today to slow, manual sign-up
    Catch document and identity mismatches before an account opens
    The same CDD checks applied consistently to every applicant
    More onboardings cleared without adding compliance headcount

    Time per application

    Manual KYC review today

    ~20–30 min

    With the agent

    ~4–7 min

    Time saved

    ≈ 15–23 minutes saved per applicant — about 75–115 hours a month at 300 onboardings, roughly half a full-time reviewer. And every applicant it clears in minutes instead of days is a customer you keep instead of losing to a competitor's faster sign-up.

    Indicative; actual time depends on the number of documents, screening depth and case complexity.

    Our agentic development process

    Every use case follows the same seven stages — from framing the problem to production.

    Our process, built on Anthropic's agent guidance and the Agent GPA eval framework: Building Effective Agents · Agent GPA

    1. 1Frame
    2. 2Map
    3. 3Design
    4. 4Build
    5. 5Architect
    6. 6Evaluate
    7. 7Deliver

    Stage 1 · Frame

    The business problem

    A Malaysian bank, insurer or fintech onboards each new customer as a bundle — MyKad or passport, a selfie, proof of address, and the application form — then a compliance officer has to verify identity, confirm the address, screen against sanctions and PEP lists, and check every field agrees before an account can open. Most of that time goes to the mechanical part: classifying documents and matching them against each other, not judging risk. It is slow, applicants drop off while they wait, and two officers apply slightly different diligence to the same file — exactly the inconsistency a BNM AML/CFT review flags.

    Stage 2 · Map

    The manual workflow today

    1. 01Open the onboarding bundle and each document
    2. 02Work out what each document is and read the fields by eye
    3. 03Cross-check name, IC/passport number and address across documents
    4. 04Screen the applicant against sanctions and PEP lists
    5. 05Chase missing documents, poor scans or mismatches
    6. 06Only then make the accept, refer or reject call

    Where it breaks: The bottleneck is classifying and matching documents, not judging risk — the slow, repetitive part that clogs at volume, drifts as fatigue sets in, and varies between officers.

    Stage 3 · Design

    The agentic workflow

    We build it as a routing workflow: the agent classifies each incoming document, dispatches it to the right specialised check (identity, address, screening), then reconciles the results into one evidenced KYC packet — re-requesting only what's genuinely missing and escalating anything it can't clear to a human.

    An applicant submits their documents
    1Classify each document (MyKad, passport, bill, form)
    2Route to the right check (identity / address / screening)

    Re-routes and re-requests only when a document is misclassified, unreadable or missing — otherwise it keeps moving.

    3Extract & verify the fields that matter
    4Cross-match & screen against sanctions/PEP lists
    5Assemble an evidenced KYC packet for the officer
    The compliance officer makes the accept / refer / reject decision

    Watch a case flow through the agent — it does the reading and matching; a human still makes the decision.

    See it in action

    In the onboarding bundle

    Application form: address 12, Jalan Ampang, 50450 Kuala Lumpur. MyKad: Ahmad bin Ismail, 880101-14-5523. Utility bill (TNB): 88, Jalan Bukit Bintang, 55100 Kuala Lumpur.

    What the agent flags

    • Name & IC number match across MyKad and the application form
    • Sanctions & PEP screening: no match
    • Proof-of-address document present and legible
    1 discrepancy flagged: address on the form (Jalan Ampang) does not match the utility bill (Jalan Bukit Bintang)

    Every flag cites the exact document & field · your officer makes the accept/refer call · ~RM 0.50–1.10 per applicant.

    Step by step

    1. 1

      Classify each document

      The agent reads every file in the bundle and works out what each one is — MyKad, passport, selfie, utility bill, bank statement, application form — including scans and phone photos, so the right checks run on the right documents.

    2. 2

      Route to the right check

      Each document is dispatched to its specialised handler: identity documents to identity verification, address proofs to address matching, the applicant's details to sanctions and PEP screening — the routing that keeps each check focused and accurate.

    3. 3

      Extract and verify fields

      It pulls the fields that matter into a structured record — name, IC/passport number, date of birth, address, nationality — tagging the source document for each, and checking documents are legible and in date.

    4. 4

      Cross-match and screen

      It reconciles those fields against each other — name and IC on MyKad vs the form, address on the bill vs the form — and screens the applicant against sanctions and PEP watchlists, keeping the evidence for each result.

    5. 5

      Assemble the KYC packet

      It produces a one-page packet: the applicant, the checks that passed, the screening result, and the two or three items to look at — each with the detail and the document it came from.

    6. 6

      Hand to a human

      The compliance officer reviews the flagged items and makes the accept, refer or reject decision. Nothing is auto-approved.

    Stage 4 · Build

    How we build it with Claude

    Gather contextthe document bundle & the applicant's case record
    Take actionclassify, route & screen (MCP tools)
    Verify workre-check the match & screening result before surfacing

    It's wired straight into your onboarding intake and screening provider through connected tools — no manual exports — and it works from the applicant's live case record, not a stale copy, so a re-submitted document updates the packet. Guardrails and a full audit trail are built in from day one: every classification and every flag traces back to the exact document and field it came from, and no account opens without your officer's decision.

    Integrations

    • Onboarding intake / origination system
    • Document store or upload inbox
    • Sanctions / PEP screening provider
    • Optional: core banking or policy admin system (read-only)

    Under the hood

    • Pattern: a routing workflow on the Claude Agent SDK — a classifier front-end dispatches each document to a per-type check chain, each tool exposed via an in-process MCP server.
    • Context: the whole bundle is loaded — text plus vision for MyKad, passports and utility-bill photos — with the applicant's live case record pulled fresh (not a stale copy) and long submissions compacted so nothing is silently dropped.
    • Tools: a document classifier, a vision/OCR field extractor, an address/identity matcher, and a read-only sanctions/PEP screening lookup — read tools separated from any write, which goes to the review queue only.
    • Guardrails: schema-locked JSON output, no write access to the core banking / policy admin system, least-privilege, and a hard rule that no account is opened without a human accept decision.
    • Untrusted input: every submitted document is treated as untrusted (prompt-injection resistant) — a doctored PDF or a caption inside an image can't steer the agent's classification or decision.
    • Recovery & escalation: a misclassified, unreadable or missing document is re-routed or re-requested; low screening confidence or an ambiguous match escalates to the officer — it never guesses an identity or a screening result.
    • Observability & audit: every classification, tool call, screening hit and the final packet are logged and traceable, with the officer's decision captured against it — a machine-readable BNM/PDPA audit trail, not a screenshot.
    • Eval harness: a golden set of historical onboardings — including impersonation attempts, mismatched addresses and true sanctions hits — with deterministic checks plus an LLM-as-judge on the fuzzy calls, regression-tested on every change before it touches a live applicant.

    Stage 5 · Architect

    Single model or multi-agent?

    Single model with tiered routingOur pick here

    Onboarding is heterogeneous — different document types need different checks — so we route with a classifier and lean on tiering (Haiku for the obvious, Sonnet for reasoning, Opus for the borderline), not a multi-agent swarm. One well-instrumented, tiered pipeline is reliable, cheaper and easier to audit.

    We reserve multi-agent designs (≈15× the tokens) for genuinely parallel, breadth-first work — not for a single applicant's tightly-coupled file.

    Which model does what

    Classify documents & extract fields (incl. scans)

    Reliable vision and structured extraction on messy MyKad photos, passports and utility bills.

    Claude Sonnet

    Route high-volume, clear-cut documents

    Cheapest and fastest for the bulk of obvious classifications and simple field checks.

    Claude Haiku

    Reconcile & reason across the bundle

    The workhorse — strong reasoning at moderate cost; handles cross-matching and screening review.

    Claude Sonnet

    Adjudicate ambiguous / borderline cases

    Invoked only when Sonnet flags low confidence or a possible screening match — a small fraction of applicants.

    Claude Opus

    What it costs — an estimate

    AI usage — per applicant

    input documents + classification + reasoning + output packet, at Claude Sonnet token rates

    ~RM 0.50–1.10

    AI usage — at 300 onboardings/month

    roughly half with the Batch API for overnight, non-urgent runs

    ~RM 150–330 / month

    Build (one-off)

    a focused single onboarding flow is a few weeks of engineering; we quote fixed after a short discovery

    scoped per integration

    Ongoing

    small next to the manual-review time it removes and the drop-offs it recovers

    monitoring + support

    Indicative only, shown in Ringgit at roughly RM 4.70 to the USD; per-token rates follow Anthropic's published pricing (confirm current figures). Screening list access is priced by your provider, separate from AI usage. Actual AI usage depends on document sizes and monthly volume.

    Stage 6 · Evaluate

    How we measure success

    • Deterministic checks first — document classified correctly, fields match, required documents present
    • Self-verification — the agent re-checks its match and screening result before surfacing them
    • Business KPIs — reviewer time per applicant, onboarding drop-off, consistency, and true hits caught

    We score the agent with the Agent GPA framework — Goal, Plan, Action, a current standard for agent reliability — on top of the human baseline. (reference)

    Setting the baseline

    First we measure the current manual onboarding on a sample — time per applicant, how consistently two officers reach the same conclusion, and how many mismatches or screening hits slip through. That human baseline is what every agent metric is measured against, so the lift is provable rather than assumed.

    What we test — Goal · Plan · Action

    GoalDid it reach the right outcome?

    Agreement with a senior compliance officer

    Its packet, flags and recommended action match an expert's on held-out onboardings

    ≥ 90%
    PlanWas the approach sound and complete?

    Required checks executed

    Every mandated CDD check — identity, address, screening — is run, nothing skipped

    100%

    Correct routing

    Each document is dispatched to the right check for its type

    ≥ 99%
    ActionWere the individual steps correct?

    Document classification accuracy

    Each document is identified as the right type

    ≥ 98%

    Field extraction accuracy

    Did it read each field — name, IC/passport, address — correctly?

    ≥ 98%

    Screening recall (true-hit catch rate)

    Of the real sanctions/PEP hits in the golden set, the share it surfaces — any miss is a release-blocker, and every possible match is escalated to the officer, never auto-cleared.

    ≥ 99% (goal: no missed hit)

    No hallucinated details

    Every field in the packet traces to a source document

    0 tolerated

    The go-live gate

    The agent does not touch a live applicant until it beats the human baseline and clears these GPA targets on a golden set of historical onboardings — including impersonation attempts and true screening hits. Every change is regression-tested against the same set before it ships.

    Stage 7 · Deliver

    How we'd deliver it

    We start with a proof-of-concept on your real historical onboardings — including the messy scans, mismatches and true screening hits — and prove reliability before it touches a live applicant. A focused single-flow rollout is a matter of weeks.

    Free consultation

    Is your compliance team classifying and matching KYC documents by hand?

    Tell us your onboarding flow and volumes and we'll tell you honestly whether an onboarding & KYC agent is worth building — and what it would take.

    Talk to us about this

    Frequently asked questions

    Does the agent open accounts or approve customers?
    No. It classifies, verifies, screens and flags; a human compliance officer makes the accept, refer or reject decision. Human-in-the-loop is essential for regulated onboarding in Malaysia.
    How is it kept compliant with BNM AML/CFT and PDPA?
    With a full audit trail so every onboarding decision can be reconstructed, screening evidence retained, and PDPA-aligned handling of where identity data is processed, stored and accessed. Treat this as a starting point for your compliance team, not legal advice.
    Can it screen against sanctions and PEP lists?
    Yes — it connects to your screening provider as a read-only lookup and retains the evidence for each result. A possible match is always escalated to your officer, never cleared automatically.
    How long does it take to deploy?
    A proof-of-concept for one focused onboarding flow is usually a matter of weeks; a full rollout takes longer, mostly because of integration and getting officers comfortable, not the AI.

    Examples are based on real, anonymised engagements; details are generalised. Anchor Sprint is a member of the Anthropic Claude Partner Network — a deployment and rollout partner, not a reseller. This is general information, not legal or compliance advice.