5 Emerging Trends in KYC: What to Be Prepared For in 2025

Since the KYC fundamentals are determined by regulators, it’s reasonable to start this overview of KYC trends with major legal changes that may affect related industries. 

In the EU, the development of the AI Act has reached another milestone. The law, aimed at responding to the risks and problems linked to technology use, came into force on August 1st, 2024. 

Adopting a “risk-based” approach to AI systems, the AI Act will provide the technology’s do’s and don'ts in the EU. AI-powered applications will be classified according to the risk they pose to end users, with more or less regulation for the different risk levels. Also, the framework prohibits some AI-based use scenarios, such as “real-time” remote biometric identification in publicly accessible spaces for the purpose of law enforcement and social scoring. You can explore the summary of the AI Act for more details on the authorities’ vision. 

On top of that, 2024 saw the EU Digital Identity Framework Regulation come into force. According to this framework, all EU member states will now be required to offer at least one EU Digital Identity Wallet to all citizens and residents by 2026. This new wallet is supposed to enable individuals to safely request, store, and share important digital documents about themselves, and electronically sign or seal documents. In practice, this will mean there will be more pressure on governmental KYC systems to deliver so as to avoid the misuse of these wallets. 

There are also some activities around the broader implementation of international standards covering virtual asset service providers. For instance, back in 2023, the Financial Action Task Force (FATF) reported that 75% of jurisdictions were only partially or not at all compliant with their requirements—a number that has unlikely changed much since. And, more recently, in November 2024, FATF presented its Money Laundering National Risk Assessment Guidance, where it provided tailored KYC/AML recommendations to a number of countries worldwide.

Last but not least, December 30th, 2024 was the deadline for crypto-asset service providers in the EU to comply with the FATF Travel Rule. The Travel Rule states that all financial institutions are to share information about the originator and beneficiary of wire transfers and other types of payments with regulators. So in 2025, we may witness a number of crypto companies fall short of the new requirements and risk major consequences from fines all the way through to dissolution.

KYC typically applies to regulated industries; thus, these industries must stay on top of any regulatory changes. However, it’s also crucial for non-regulated sectors to be fully aware, as many regulatory changes are in response to potential threats or challenges that may have a broader impact. As the legal framework is constantly changing, regulatory compliance remains one of the enduring KYC trends.

The next point on the list of ongoing KYC challenges is that detecting identity thieves and their fraudulent tactics is becoming harder. Today, bad actors don’t walk alone: they create human fraud farms and use bots based on the latest advances in the generative AI (GenAI) realm. 

The results are clear to see: according to Regula’s deepfake report, in 2024 49% of companies experienced both audio and video deepfakes, up from 37% and 29% respectively in 2022. What’s more, it is estimated that a deepfake attempt occurred every five minutes, while digital document forgeries grew 244% YoY.

Fortunately, many companies seem to be aware of the problem, as the projection for growth in KYC spend worldwide is 140% over the next five years, a dramatic rise from an already impressive $9.2 billion in 2024.

The high adoption rates of innovative fraud prevention measures indicate shifts in the KYC framework on the corporate side. The emphasis on implementing security solutions, rather than merely following formal procedures, is one of the most encouraging KYC trends.

The power and capabilities of AI are growing at an extremely rapid pace. Unfortunately, due to the democratization of this technology, bad actors are likely to be some of the earliest adopters. This means that the highest level of vigilance is required to keep this threat in check.

As AI continues to be the source of many security issues, it will also continue to be the force behind many solutions to these issues. Regulatory technology (RegTech) solutions are expected to be more commonly employed in 2025, as the RegTech market is projected to reach 25.19 billion USD by 2028.

RegTech’s mix of AI, ML, blockchain, and big data analytics is becoming more and more essential for identifying suspicious activities and complying with AML regulations. It can process colossal amounts of data within seconds, compile reports just as quickly, and automatically flag potential threats.

At the same time, solutions like Regula Document Reader SDK and Regula Face SDK will see more adoption for smart ID verification and liveness checks. They can process images of documents and verify their authenticity, as well as conduct instant facial recognition and prevent fraudulent presentation attacks such as the use of static face images, printed photos, video replays, video injections, or masks.

Companies in fraud-sensitive sectors like Banking and Fintech are already deploying these tools, integrating them into onboarding and ongoing user activity monitoring. 2025 should see a rise in the adoption of these solutions from other industries—Healthcare and Education, just to name a few.

The concept of portable digital identities (PDIs) will grow in adoption in 2025, sometimes even becoming a legal requirement, as evidenced by the aforementioned EU Digital Identity Wallet. 

PDIs are already transforming how we manage our personal data, as users are able to verify their identity with a trusted entity (e.g., a government body) and store the verification in a secure digital wallet. This wallet can then generate verifiable claims, such as confirming age eligibility for services, without disclosing additional personal details. For instance, instead of providing a birth date to prove age, users can confirm they are over 18 through their verified claim.

Europe isn’t the only region that aims to adopt PDIs. Elsewhere, Turkey boasts 99 percent digital ID coverage among adults, while Brazil also claims 90%+ registration rates for their respective initiatives, just to name a couple of examples.

Overall, Gartner predicts that by 2026, over 500 million smartphone users will routinely rely on digital identity wallets for verifiable claims. This means that PDIs will likely become a cornerstone of modern KYC strategies, completely reshaping how we see identity verification.

KYC policies involve conducting periodic customer evaluations that include analyzing their transaction history and business relationships to identify any suspicious activities. Typically, the number of reviews depends on the level of risk posed by a particular customer. High-risk clients are usually reviewed each year, while for medium-risk and low-risk ones, this span is longer—every three or five years, respectively.  

However, the traditional risk-based approach is continually changing, revealing a move from periodic manual reviews to KYC automation allowing ongoing reviews. This proactive framework is called perpetual KYC (pKYC), since all checks are conducted in real time, providing daily or even hourly updates on customer information. 

Additionally, this kind of monitoring allows for dynamic customer reverification. If the system detects any suspicious activity (e.g., spikes in transactions or logins from high-risk locations), businesses can trigger additional verification steps to confirm the user’s identity.

The growing interest in pKYC can be attributed to high-publicity cases of AML failures such as the recent historic fine of $3 billion given to TD Bank.

pKYC is a reasonably new concept that is developing into one of the latest KYC trends. Given the increase in penalties seen in recent years, many companies will likely consider implementing a pKYC approach very soon.

While the compliance pressure remains high, organizations, including ones from non-regulated niches, should revise and enhance their KYC procedures.

Additionally, companies should meet the expectations of customers who are used to dealing with instant, hassle-free verification procedures. With the rise of the malicious use of GenAI, and the increase in the volume of foreign IDs that go through companies’ systems, the paper part of the process isn’t enough to tick off the security box. 

Regula is here to help you embrace this new reality with advanced IDV solutions that enable you to keep your KYC flow compliant, yet customer-centric:

• Regula Document Reader SDK: Remote document verification and authentication backed by an extensive ID template database of over 14,600 documents covering 251 countries and territories

• Regula Face SDK: Biometric verification with liveness detection for seamless and secure user authentication

Book a call to learn more about your opportunities!