From Days to Hours: What KYC Onboarding Actually Looks Like at Scale

You know that feeling when a new account opening just… sits.

Three days. Maybe more. The KYC process churned through manual steps, scattered across Slack threads and provider portals and someone’s spreadsheet. The customer waiting. The ops team juggling.

Most fintech teams think their KYC bottleneck is the ID check. It’s not.

The ID check takes seconds. What takes days is everything around it.

Onboarding Regulatory Reality Check

Before we get into workflows, let’s name what’s making this hard, from an European perspective:

AMLD6 (EU): Requires ongoing monitoring, beneficial ownership verification, and risk-tiered due diligence. It’s not a one-time check — it’s a living process.

PSD2: Adds strong customer authentication layers on top of identity verification. The compliance surface keeps growing.

Proper accreditation (like ACPR in France): For regulated entities like Qonto, critical processes require a two-step validation model. No shortcuts.

The short version: KYC isn’t optional, and the requirements don’t simplify as you scale. They multiply.

The Real Problem with KYC Isn’t Verification

Document collection varies by country. Entity types change what you need. Beneficial ownership structures are messy — and inconsistently documented. Re-KYC triggers are poorly defined, often buried in a Slack thread or someone’s memory.

What’s painful is the operational overhead, not just the regulatory rule.

When you’re processing 4,000 account openings per week, like Qonto’s Head of Onboarding shared on our podcast, even a small amount of manual coordination per case adds up fast. That’s when KYC stops being a compliance problem and becomes an operational crisis.

KYC as an Orchestration Problem

Here’s the reframe that changes everything.

Onboarding isn’t a verification flow. It’s an orchestration problem. If you take KYC and KYB into account, you’re coordinating between:

→ Identity verification providers (Onfido, Jumio, Sumsub, Veriff)

→ Screening tools (ComplyAdvantage, Dow Jones)

→ Business verification layers (Middesk, Signzy), including ultimate beneficiaries check

→ Contract execution (DocuSign)

→ Internal review queues and analyst assignments

→ Country-specific document rules

→ Risk tier logic that changes what’s required

Each of these has dependencies. Each can fail or stall. And the branching logic (what to do when a beneficial owner is flagged, or when a document is unreadable, or when a jurisdiction requires a second verification step) is probably gathering dust in a knowledge base, or, worse, exists only in oral form.

Until you make it a workflow. That you constantly adapt.

Forest Admin is the Orchestration Layer for Fintech Onboarding

This is exactly what Forest Workflows is built for.

Forest is the ops orchestration layer that lets fintechs run compliance and business operations across any supplier, any database, with humans and AI agents working together. And your data never leaves your infra.

That last part matters more than most people realize. When you’re handling KYC data (passports, proof of address, beneficial ownership structures) you can’t afford to route sensitive applicant information through a third-party SaaS layer you don’t control. Your regulators don’t care about your vendor’s security certifications. They care about yours.

Forest Workflows runs on your stack. Two types of tasks power every step:

→ Native tasks: direct operations on your own database. Customer records, document metadata, account status, risk flags, all staying exactly where they are. No exports, no copies, no sync lag.

→ MCP Connector tasks: external API calls, orchestrated by Forest through your infrastructure. Onfido for IDV. ComplyAdvantage for screening. DocuSign for contracts. The call goes out, the result comes back, the full exchange is logged in your own DB.

No copy-paste between systems. No tab-switching. No “someone export that spreadsheet.”

The workflow is the ops interface. Humans handle the judgment calls. AI agents handle the pattern recognition and document fetching. Forest handles the plumbing; and the audit trail.

The Country Problem: how to adapt onboarding per regulator?

Country-specific compliance is the real bottleneck no one talks about in vendor pitch decks.

Qonto runs separate KYC workflows for 8 European markets including France, Belgium, Germany and Italy. While Qonto’s team is aiming to reuse certain parts, these are not variations on the same flow but genuinely separate workflows, each with different:

→ Required document types

→ Accepted verification providers

→ Approval thresholds and escalation logic

→ Regulatory reporting requirements

Bringing the process knowledge in the operating tool works: after deploying Forest workflows in their Belgium pilot, they achieved 100% compliance rate.

And a similar approach in Italy is helping demonstrate operational capability to regulators, directly supporting market re-opening.

This is not a product feature story. This is what compliance teams actually need: a way to codify country logic without writing custom code every time a new market opens up.

In Forest Workflows, each country variant is a separate workflow that shares the same underlying logic where possible (with sub workflows), and branches where it doesn’t. One canvas per market. No custom code. No engineering sprint every time compliance requirements shift in a new jurisdiction.

How BaaS Providers Handle Onboarding: the Multiplication Effect

It gets more complex when you’re not the regulated entity but  when you’re the infrastructure layer enabling others to operate banking services. Which is the case for Banking-as-a-Software (BaaS) providers.

Swan, a BaaS that’s been a Forest Admin customer for years, enables 150+ software companies to embed banking into their products. Each of those companies has end-users who need onboarding (KYC/KYB). 

“Finding the right balance between customer friction and checks against fraud is the key challenge. To scale fast, we need to really limit the customer friction… but fraudsters hear about us.”

— Maxime de Juniac, Swan

That tension — speed vs. control — is the defining challenge of fintech operations at scale. Move too fast and you let fraud through. Move too slow and you lose legitimate customers before they finish onboarding.

The answer isn’t to pick a side. It’s to make the workflow smart enough to apply different friction levels based on risk signals. Low-risk applicant from a known device in a low-risk jurisdiction? Straight-through processing. Unusual beneficial ownership structure with a high-risk country flag? Human review, second verification step, escalation trail.

Same workflow engine. Different branches.

Where AI Is Starting to Matter in Onboarding Efficiency

The frontier is moving fast here.

Dift, a fintech startup helping nonprofits raise funds, is taking an innovative approach: instead of asking applicants to upload documents, asking for a name or company ID number, they auto-fetch everything from public sources and run AI analysis on the results.

“We are moving towards a vision where they can enter just their name… and then we can fetch all of the required documents and analyze them with AI.”

— Nathanaël Romano, Dift

In Forest Workflows, that AI inference step is just another task: an MCP task that calls your document intelligence provider, returns a structured result, and can route the case accordingly. The human analyst only enters the picture when required and when the AI flags something it can’t resolve. And during the whole process, Forest  logs automatically every call, every result, every decision.

As the logic gets more complex, the need for auditable, configurable workflow design gets more critical. And that’s one of the problems Forest is designed to absorb.

Making the Case for Secured Workflows in Onboarding

For anyone who needs to make a business case internally:

→ Efficient:from  3–5 days to 4–8 hour: typical reduction in KYC/KYB onboarding time with structured workflows

→ Compliant: Able to reach 100% compliance rate at scale

→ Battle-proven: 4,000 account openings/week processed at Qonto

These aren’t marketing numbers. They’re the output of teams that stopped treating KYC as a one-time integration project and started treating it as a living operational system.

Workflow Pattern: KYC/KYB Onboarding in Forest Workflows

To help you get started, here is the basic Onboarding process.

You can also use our Skill file to feed your favorite LLM or AI agent tool.

Each step below maps directly to a task type in Forest Workflows. Native tasks run against your own database. MCP tasks call external providers — orchestrated by Forest, logged to your infra.

Step 1 — Application intake [Native task]

Collect applicant type (individual vs. entity), jurisdiction, and product tier. Query your DB to route to the correct workflow variant.

Step 2 — Document collection [Native task + MCP task]

Trigger country-specific document request. Beneficial owner threshold varies by jurisdiction (25% in most EU markets). MCP task calls your document collection provider; results and metadata written back to your DB.

Step 3 — Verification layer [MCP tasks]

MCP task → IDV provider (Onfido, Sumsub, Veriff). MCP task → screening provider (ComplyAdvantage, Dow Jones). For entities: MCP task → business verification (Middesk, Signzy). All results logged to your DB with timestamps.

Step 4 — Risk scoring [Native task]

Apply risk tier logic directly on your data. Assign low / medium / high based on signals: document quality, screening matches, country risk, transaction profile, beneficial ownership complexity.

Step 5 — Human review (conditional) [Native task]

Medium and high-risk cases route to analyst queue in Forest. Full context surfaced in the workflow UI: verification results, screening flags, document package, risk score rationale. Two-step validation for regulated categories (ACPR-compliant).

Step 6 — Decision and activation [Native task + MCP task]

Approve, reject, or request additional information. Decision and rationale written to your DB. MCP task → DocuSign for contract execution. MCP task triggers downstream activation and risk monitoring enrollment.

Step 7 — Ongoing monitoring [Native task]

Re-KYC triggers scheduled based on risk tier. Screening updates monitored via recurring MCP tasks. All changes timestamped in your DB. Full audit trail retained — retrievable on demand for regulatory inspection.

Extra steps — Escalation

This can be set up as a branch or a sub-workflow and will feed a dedicated approver inbox.

————————————————————

The whole pattern can be built once in Forest Workflows, then adapted to your needs, per country and entity type — without rebuilding from scratch each time, without an engineering sprint, without touching your core stack.

That’s the shift. From tribal knowledge to repeatable infrastructure.