The starting position
The bank had invested significantly in AI capability over a three-year period — new platforms, expanded data science team, vendor partnerships, and a portfolio of 14 active AI initiatives across the customer-onboarding pipeline. From the inside, the picture looked like progress. From the outside, the cost-to-onboard had not materially moved, the false positive rate on KYC alerts was stuck above 90%, and the PRA had begun asking questions about model risk governance that the team did not have credible answers to.
The board commissioned a portfolio review. We were brought in to do it.
What we found in the diagnostic
The first six weeks were portfolio audit and honest current-state mapping. Of the 14 active AI initiatives in the KYC pipeline, the compounding test classified 11 as augmentation (real local efficiency, no structural change), 2 as scope-limited but salvageable, and 1 as fundamentally not going to compound and worth retiring deliberately.
The deeper finding was structural. The KYC workflow was running on customer data that lived in seven different systems with three competing definitions of "customer." The decision rights were diffuse: when the model flagged a case incorrectly, no named role owned the consequence. The override loop was broken — analysts overrode the system regularly, but the override reasons were captured as free-text comments that nobody read, let alone fed back into training. There was no decision log. There was no lineage observable in production. And the existing model risk framework had been designed for traditional credit models, not for the AI/ML pipeline that was now driving the workflow.
In short: every condition for compounding was absent. The reason the bank's portfolio wasn't compounding was not the technology. It was the operating pattern around the technology.
What we redesigned
The blueprint phase produced a target-state operating model for the KYC workflow built around the five enablement pillars:
Production function: Workflow rebuilt in BPMN 2.0 from first principles around the question of what KYC would look like if AI were native. Routine cases now flow end-to-end through the system with full audit trails. Analyst attention concentrates on cases the system passed up — low confidence, novel patterns, regulatory threshold triggers. The analyst role shifted from "do the case" to "handle exceptions and curate the feedback that improves the system."
Data layer: A new customer wide-row (action data, captured at the point of onboarding rather than reconstructed afterwards) that joins identity, document evidence, sanction screening, PEP checks, internal history, and risk signals into a single record updated in real time. Built specifically for the workflow, not retrofitted from the warehouse. Lineage observable in production for any input to any decision.
Decision rights: A formal decision rights matrix mapping which decisions the system makes by default, which escalate to which named human role, and what the override interface looks like at each step. Every material decision has a named first-line owner with authority to pause or roll back the workflow.
Embedded governance: A second-line risk specialist embedded in the delivery team from day one. Decision logs, lineage, model risk file, and monitoring telemetry all produced as a by-product of running the workflow rather than retrofitted at a deployment gate. The PRA conversation moved from defensive posture to constructive dialogue.
Feedback flywheel: Override decisions captured in structured form and fed back into the training data. The model retrains on a defined cadence and the override rate is monitored continuously against a target band of 5–8%.
How the delivery ran
Phase 2 delivered the blueprint in 14 weeks with the embedded second-line risk specialist co-located with the team for the duration. Phase 3 (activation and delivery) ran for 12 months with our practitioners embedded alongside the bank's operations, technology, and risk teams.
The first six months looked like nothing from the outside — data layer construction, workflow rebuild, decision rights matrix, governance instrumentation. The bank's CFO asked hard questions at month 4 and month 6. The executive sponsor (the COO) held political space for the work and refused to allow it to be scoped down. By month 8 the redesigned workflow was processing live cases at 40% of full volume. By month 10 it was at 80%. By month 12 the legacy workflow had been retired and the analyst team had been retrained into the new role design.
What the outcomes look like
Twelve months after activation:
- Analyst time per case dropped 73% — not because the system replaced analysts, but because the system handles the routine 67% of cases end-to-end and concentrates the analyst's time on the cases that genuinely need human judgment.
- End-to-end straight-through processing on 67% of cases — measured against a baseline of approximately 15% straight-through under the legacy workflow.
- Override rate stable in the target band of 5–8% — meaning the human review is meaningful (not rubber-stamping) and the model is performing well enough that overrides are productive learning signal rather than corrections.
- Decision logs queryable on demand for any individual case in the entire history. The PRA was walked through the redesigned workflow at month 14 and the response was substantively positive.
- Model risk file built to PRA SS1/23 standard and approved by internal model risk function and external audit on first review.
- The KYC analyst team is smaller (about 60% of its previous size) but each role is more specialised, more consequential, and structurally harder to do. Career paths have been redesigned to support the new role types.
Why this was harder than it sounds
Three things made this engagement hard, and they are the same three things that make AI Enablement work hard in any large bank.
The political surface area was enormous. The redesign touched operations, technology, risk, compliance, the model risk function, internal audit, the PRA's view of senior accountability, and HR (the role redesign). Coordinating that was the actual work. The technical work was hard but solvable; the political work was the variable that decided whether the project survived.
The data layer rebuild was unglamorous and slow. Six months of work that produced no visible business outcome. Multiple times during that period, other priorities tried to grab the team's attention. The COO's job was political cover, not technical oversight, and it was the variable that most determined survival.
The role redesign was the hardest single thing. Telling KYC analysts that their job was about to change structurally — that they would be doing fewer cases but each one would be harder, that the team would be smaller, that their career path was being redesigned — required real organisational courage from the executive team and a serious investment in change management. The bank handled it well. Many wouldn't.
What changed for the bank
The technical outcomes are real and they matter. The deeper change is structural: the bank now has a working model of what AI Enablement looks like in one priority workflow. The data layer that was built for KYC is being reused for credit decisioning. The governance machinery that was built for the KYC model is being reused for the fraud model. The role design that was built for KYC analysts is being adapted for the next operations function.
Compounding is exactly what it sounds like. The first project is the proof. The second project starts halfway built. The third project starts further along than that. Two years from now, this bank will be operating at structural cost and accuracy levels that competitors who have not done the work will not be able to match within the same timeframe.
That is the case for starting now.