David Schreiber
Balázs Pete
Building an Identity system of record in times of AI
How financial institutions can prepare for the AI transformation in compliance and identity verification
The identity and compliance industry sits at the edge of a massive AI transformation. Financial institutions spend up to 10-20% of their workforce on financial crime operations — mostly running manual, labor-intensive processes that haven't changed much in decades.
Recent industry research indicates financial crime has the highest potential for AI automation, with 81% of executives prioritising compliance cost reduction. In our conversations with executives, we also experience a mindset shift: next to compliance excellence, there is an increased focus on efficiency.
At the same time, regulated institutions need to prepare for new identity fraud risks powered by AI, and most haven't started preparing for this yet.
Why AI in compliance is different
Compared to sectors like sales or support where AI transformation is already underway, compliance AI has distinct properties that make it both more challenging and more valuable.
No incumbent system exists. Most prospects use more than six different providers, with large variance in selected vendors per use case. There's no standardized incumbent system (like Salesforce or Zendesk) that everyone uses. This creates both opportunity and complexity.
The market is concentrated. The identity industry TAM centers on a few thousand large institutions. Transformation will happen by upgrading enterprise businesses, not through powering new startup entrants.
Risk aversion is high. Compliance teams have zero tolerance for error. This means AI needs to meet an extremely high bar to instill confidence. For instance, certain Duna customers won't use established data vendors due to a lack of detailed paper trail for their data sources.
Quality and audit requirements. All automation needs 100% repeatability and explainability of every decision made, plus configurable guardrails. Audits require re-running processes and getting identical results.
Policies need rewriting. Regulated companies often have hundreds of pages of compliance documentation. These policies rely on human discretion and are heavily outlier-dependent. Most current policies are not suitable yet for automation and require rewriting how things should be done: translating policies into code.
Change is constant. Compliance policies change on a regular basis. And Periodic Reviews (also known as re-KYC or Remediations) require re-verification of files on a 1, 3, or 5-year basis. Any system needs to handle this constant evolution.
Three paths forward
We see three ways this transformation can unfold:
1. Market expansion by point solutions
Existing vendors (ID&V, screening, data providers) use their relationships to expand their offering.
2. Existing team with AI agent workflows
Existing compliance teams use AI workflows for time-consuming operations.
3. New AI-native system of record
Implementation of a new, AI-native system to handle identity-related actions end-to-end.
Duna's AI-native approach
We're building an AI-native identity system of record. We break down identity data into discrete pieces of evidence, storing them for continuous evaluation. On top of this policy engine, we deploy virtual agents to evaluate or generate additional evidence where human labor or discretion was previously needed.
The system provides guardrails and QA capabilities for when and how agents are deployed. As an evidence-based system, it functions as a labeled dataset to train proprietary agents. The system is also enabled for sharing evidence across an identity network (or internally within departments of regulated institutions).
The success depends on delivering measurable business impact across three outcomes:
(1) Increasing revenues through improved conversion
(2) Decreasing operational costs
(3) Avoiding risks, non-compliance, and fraud
Since Duna's start, AI has been part of the product experience through integrations with external technologies: document and biometric verification, web crawlers for registry data, adverse media and sanctions, and language tools for localization.
To deploy Duna AI successfully, we first built a system-of-record foundation. With Duna’s policy engine now in production across the full customer lifecycle, the Duna AI products focus on these three areas:
(1) Revenue enhancement
Smart document verification that reduces re-requests and improves conversion
Autofill capabilities that accelerate onboarding using verified public web data
(2) Cost reduction
Virtual screening assistants that reduce false positives by ~70%
AI companions that suggest actions based on policies and contextual case data
Automated decision-making without human intervention where policies allow
(3) Risk management
Automated case summaries for audits and QA
Web monitoring that analyses website content and detects changes
Cross-network behavioral insights that function like modern data providers
Evidence-based systems vs. workflow-based systems
Traditional workflow systems optimize for certain steps to happen in sequence. They're actions-first instead of data-first.
When sequences or evaluations change, these workflow systems struggle. They can't easily assess if prior or subsequent steps need re-evaluation, simulate consequences of changes, or handle AI inclusion without prescriptive training sets.
Duna's evidence-based system is a "desired state mechanism." The goal is to describe what a compliant state looks like. The system determines what information or checks are required to get there. Policy changes or re-evaluations can run at any time without engineering work.
This creates a complexity inversion: workflow systems are initially easier to build, but become very difficult when requirements change. Evidence-based systems require significant upfront platform investment, but handle requirement changes without adding complexity. For customers, Duna has built this technical heavy lifting, whilst customers benefit from the decreased complexity.
Preparing for the future
The compliance and identity industry will transform. The question isn't whether it wil, but how quickly and in what form.
Financial institutions that invest early in AI-native systems will gain competitive advantages in conversion rates, operational efficiency, and risk management. Those that wait risk falling behind in an increasingly automated world.
The transformation is already beginning. The institutions that succeed will be those that embrace AI not as a point solution, but as the foundation for a new way of thinking about compliance and identity.
Want to learn more about how AI can transform your compliance operations? Visit duna.com or reach out to discuss your specific use case.
