title: "KYC document classification for a mid-market AU bank" dek: "A 2024 deployment that took new-account verification from 4 hours to 9 minutes per file, with a documented audit trail every internal-audit team has signed off on." sector: "Financial Services" client: "Mid-market Australian bank · ~180,000 customers" engagement: "Audit → Pilot → Practice Retainer" duration: "16 weeks" year: "2024" outcome: "New-account verification: 4 hours → 9 minutes · 96% straight-through · 100% audit coverage" solution: "Document-intelligence pipeline (passport, driver licence, utility bill) with confidence-scored straight-through processing and human review queue." timeSaved: "~3.85 hrs per file · A$0.18 per file processed" visual: "none" cardFigure: "compliance" timeMetric: "3.85 hrs" timeMetricLabel: "saved / file" costMetric: "A$0.18" costMetricLabel: "cost per file" speedMetric: "27×" speedMetricLabel: "faster end-to-end" publishedAt: "2024-06-18" keywords:
- KYC automation Australia
- AML/CTF compliance AI
- banking document intelligence
- AUSTRAC reporting
The problem
A mid-market AU bank — around 180,000 customers, growing at 14% per year — was running new-account KYC by hand. Compliance officers received passports, driver licences and utility bills as scanned PDFs and verified them against the AUSTRAC AML/CTF Act 2006 requirements. Each verification took an experienced officer about four hours including the cross-reference checks.
At their growth rate they would have needed to hire three more compliance officers within twelve months. The Chief Risk Officer didn't want to. The work was paperwork, but the regulator was AUSTRAC. The build had to be auditable end-to-end.
What we did
Eight weeks of build, four weeks of pilot, four weeks of staged rollout. The deployed system:
- Read all three document types (passport, AU driver licence, utility bill) using a fine-tuned document-intelligence model
- Performed structured-data extraction with confidence scores per field
- Cross-referenced extracted fields against the application record, ATO API, and AUSTRAC PEP/sanctions list
- Routed any file below the confidence threshold — or any sanctions hit — to a human review queue
- Wrote every decision, every confidence score, every reference check and every model version into an immutable Postgres audit log
The pipeline ran in the bank's existing Azure tenancy. No customer data left the bank.
The hardest part wasn't the AI. It was the audit-log schema. We spent two weeks with the bank's internal auditor and AUSTRAC liaison getting that schema to a state where any decision the system made could be reconstructed three years later from the audit log alone.
The outcome
| Before | At 12 months in production | |
|---|---|---|
| Time per verification | ~4 hours | ~9 minutes (including the human review on the 4% queue) |
| Straight-through processing rate | 0% | 96% |
| New-account onboarding wait | 3–5 business days | Same-day for 96% of applicants |
| Cost per file (loaded staff vs. model + infra) | ~A$340 | A$0.18 |
| AUSTRAC audit findings | 2 minor in previous cycle | 0 since deployment |
| FTE added in 12 months despite 14% customer growth | n/a | 0 |
What's interesting
Most of the wins didn't come from "AI processed the documents faster". They came from:
- Confidence-scored routing. The 4% of files that went to human review were the 4% that should have gone to human review. The other 96% genuinely didn't need an officer's eye.
- The cross-reference checks. Officers had been doing those manually; now they happened automatically and in parallel. That saved more time than the OCR did.
- The audit log. Internal Audit went from sampling 5% of files to having defensible evidence on 100%. That alone made the engagement worth it.
We didn't replace the compliance team. We took the bottom of their work off their desk so they could spend their time on the cases that actually need a human brain.
— Chief Risk Officer, mid-market Australian bank
What we'd do differently
Engage AUSTRAC liaison earlier. We engaged them in week four; we should have done so in week one. The audit-log design would have landed two weeks sooner.
Pre-classify the queue. The 4% human-review queue could itself be triaged: documents we're uncertain about for expected reasons (faded scans, multi-page utility bills) vs. unexpected reasons (sanctions hits, name mismatches). We did this in month three; it should have been month zero.
What we didn't do
We didn't replace the core banking system. We didn't deploy any agent that takes onboarding decisions without a documented decision trail. We didn't fine-tune the model on customer data — the extraction model was pre-trained; only the routing logic was tuned on the bank's own data.