AI 底层逻辑 / 经典论文

AI Account Opening / KYC：开户与准入决策架构

访问日期按 2026-06-30 记录。本文不输出法律或合规结论；规则、阈值、客户通知和报告义务的最终适用性由 Legal / Compliance / BSA-AML owner 按机构、产品、客户、渠道和司法辖区确认。

321 行ai-foundations/papers/143-ai-account-opening-kyc-onboarding-decision-architecture.md

AI Account Opening / KYC / Onboarding Decision Architecture 解读

面向对象: AI PM / Product Architect / Senior BA / AML-KYC Product Lead / Identity Platform Architect / Digital Banking Transformation Lead。核心问题: 数字开户不是把证件 OCR、活体检测、制裁筛查、欺诈模型和开户表单串起来。成熟系统要把 eligibility、CIP/KYC/CDD、identity proofing、fraud、AML handoff、例外队列、客户沟通、资金激活和审计证据设计成一个可解释、可复核、可治理的 decision architecture。学习目标: 设计 account opening state machine、decision gate、risk-tiering、evidence package、small business UBO/KYB flow、fraud/AML handoff、hold/decline ownership、model risk controls 和面试表达。

Source Anchors

Source	Link	用途
FFIEC BSA/AML Manual - Customer Identification Program	https://bsaaml.ffiec.gov/manual/AssessingComplianceWithBSARegulatoryRequirements/01	参考 CIP written program、risk-based identity verification、account-opening risk factors、缺少可验证身份时的处理路径
FFIEC BSA/AML Manual - Customer Due Diligence	https://bsaaml.ffiec.gov/manual/AssessingComplianceWithBSARegulatoryRequirements/02	参考 customer risk profile、nature and purpose、ongoing monitoring 与 KYC/CDD 信息更新
FFIEC BSA/AML Manual - Beneficial Ownership Requirements	https://bsaaml.ffiec.gov/manual/AssessingComplianceWithBSARegulatoryRequirements/03	参考 legal entity customer beneficial owner / control person information、verification、recordkeeping 和无法形成合理信念时的处理
FFIEC BSA/AML Manual - Suspicious Activity Reporting	https://bsaaml.ffiec.gov/manual/AssessingComplianceWithBSARegulatoryRequirements/04	参考 suspicious activity escalation、SAR decision ownership、supporting documentation、confidentiality 和 management notification
FinCEN CDD Final Rule resources	https://www.fincen.gov/resources/statutes-and-regulations/cdd-final-rule	参考 CDD 四个核心要求、beneficial ownership、customer risk profile 和 ongoing monitoring；具体适用性由 Legal / Compliance 判断
FinCEN BOI resources	https://www.fincen.gov/boi 和 https://www.fincen.gov/boi/Reference-materials	参考 BOI reporting / access / safeguards 的当前官方材料；开户 KYB/UBO 架构不应把 FinCEN BOI registry、CDD rule 和本机构客户资料混成同一事实源
FinCEN BSA Filing Information / SAR resources	https://www.fincen.gov/resources/filing-information	参考 SAR filing operations、SAR form resources 和 BSA E-Filing handoff；AI 不拥有 SAR filing decision
NIST SP 800-63-4 Digital Identity Guidelines	https://pages.nist.gov/800-63-4/	参考 identity proofing、authentication、federation、fraud controls、forged media、customer experience 和 privacy
NIST SP 800-63A-4 Identity Proofing and Enrollment	https://pages.nist.gov/800-63-4/sp800-63a.html	用 identity resolution、evidence validation、attribute validation、identity verification、enrollment 和 exception handling 组织 proofing gate
NIST AI RMF	https://www.nist.gov/itl/ai-risk-management-framework	用 Govern / Map / Measure / Manage 组织 AI decisioning、model/vendor risk、monitoring、human oversight 和 incident learning
ISO/IEC 42001	https://www.iso.org/standard/81230.html	用 AI management system 视角组织 roles、operation、performance evaluation、internal audit、management review 和 continual improvement

一句话:

Account opening AI is a governed decision-and-evidence fabric, not an IDV widget selection problem.

1. 核心心智模型

开户决策至少包含四条不同责任线:

Product eligibility
  + Identity assurance
  + Financial crime risk
  + Customer activation
  + Evidence and communication governance

很多项目失败，是因为把所有异常都压成一个 KYC failed。高级架构要把不同问题分开:

问题	真实 owner	典型系统动作	客户沟通边界
产品资格不符合	Product / Eligibility policy	decline / offer alternate product	可解释产品规则，但不暴露内部风控阈值
无法形成身份合理信念	KYC/CIP owner + Operations	request evidence / hold / decline / close per policy	说明需要验证信息，不推断欺诈
身份证明流程无法完成	Identity platform + CX + Accessibility	retry / alternate method / trusted referee / branch path	避免把技术失败表述为客户风险
欺诈风险高	Fraud Risk	manual review / restricted activation / decline per policy	客户安全语言，避免泄露规则
AML/CDD 风险需增强审核	BSA/AML Compliance	CDD/EDD queue / relationship manager review / SAR-sensitive handling	SAR 相关信息不能向客户泄露
资料或实益拥有人信息矛盾	KYB / BSA Operations	RFI / authority review / entity verification	明确缺少或不一致信息，不替客户下结论
首次入金风险高	Deposit Operations / Fraud / Payments	hold funding / limit account / delayed activation	解释资金可用性或验证步骤，由政策批准
客户放弃或被困住	Product + CX Risk	rescue path / assisted onboarding / abandon recovery	不把摩擦率下降误认为风险下降

开户不是一次性 yes/no，而是一组 state transitions。AI 可以排序、推荐、摘要和路由，但不能模糊 owner。

2. End-to-End State Machine

lead / pre-application
  -> consent and purpose capture
  -> application intake
  -> eligibility screen
  -> identity proofing
  -> CIP information collection and verification
  -> CDD risk profile
  -> legal entity / UBO / authority review if applicable
  -> fraud and synthetic identity assessment
  -> sanctions / AML screening and referral triggers
  -> decision orchestration
  -> account creation or hold / decline / RFI
  -> funding and activation
  -> early-life monitoring
  -> ongoing CDD update triggers

2.1 状态必须区分

State	含义	不应混用
`application_started`	客户开始申请，尚未形成开户关系	不等于 customer record completed
`consent_captured`	已取得特定用途同意/披露确认	不等于可任意复用身份数据
`identity_proofing_pending`	身份证明流程未完成	不等于 AML hold
`cip_verification_pending`	关键识别信息待验证	不等于欺诈结论
`cdd_review_pending`	需补足 nature/purpose、expected activity、risk profile	不等于产品资格失败
`fraud_review_pending`	欺诈信号需人工复核	不等于 SAR decision
`aml_review_pending`	AML/CDD/SAR-sensitive review	不应把原因暴露给普通客服或客户
`approved_restricted`	可创建账户但有入金、出金、转账或渠道限制	不等于 fully active
`opened_not_funded`	账户已建但未入金/未激活	不等于 onboarding complete
`active`	账户可按政策使用	仍需 early-life monitoring
`declined`	申请被拒或未开户	原因 catalog 和通知 owner 必须明确
`abandoned`	客户中途退出或超时	可能是 hidden harm / friction signal

状态设计的核心不是漂亮流程图，而是避免系统把“未完成、待审核、拒绝、限制、关闭、可疑活动”混成一个 UI 文案。

3. Decision Domains

3.1 Gate Map

Gate	Decision question	AI role	Human / policy owner	Evidence
Consent and purpose	是否可采集、处理、共享、保存这些数据	classify data purpose, detect missing consent	Privacy / Legal / Product	consent version, purpose tag, channel proof
Product eligibility	客户是否符合产品、地区、年龄、账户类型、业务类型等规则	prefill, recommend alternate path	Product / Legal / Compliance	eligibility rule id, application snapshot
Identity proofing	申请人是否与真实自然人建立足够关联	document/liveness/media/device risk scoring	Identity platform + KYC Ops	identity claim, evidence validation, verification result
CIP verification	是否可形成对客户真实身份的合理信念	non-documentary match, discrepancy triage	BSA/AML Compliance	CIP fields, verification method, discrepancy resolution
CDD risk profile	是否理解关系性质和目的、可建立风险档案	risk-tier recommendation, expected activity anomaly	BSA/AML owner	customer profile, expected activity, risk factors
KYB / UBO	小企业/法人客户是否有实体、授权人、控制人、实益拥有人证据	entity extraction, ownership graph consistency	KYB / BSA Ops	entity docs, ownership attestation, BO verification
Fraud	是否存在 synthetic identity、device farm、stolen identity、mule risk	fraud score, link analysis, velocity	Fraud Risk	signal bundle, graph links, reviewer decision
AML handoff	是否需要 AML/CDD/EDD/SAR-sensitive review	red-flag detection, evidence summary	BSA/AML Compliance	referral reason, supporting documentation
Funding activation	是否允许入金、解冻、发卡、转账、提高限额	funding risk score, return risk	Deposit Ops / Fraud / Payments	funding source, account status, restriction policy
Communication	客户看到什么原因、下一步、申诉/补件路径	approved template fill, translation	Legal / Compliance / CX / Product	notice id, reason code, delivery proof

3.2 Outcome Table

Outcome	When used	Guardrail
Approve and activate	低风险、必要信息与证据足够、资金路径清晰	early-life monitoring 仍要保留
Approve restricted	身份/KYC 可接受但资金或早期行为风险需限制	限制、解除条件、客户文案和监控必须版本化
Request information	缺少可补证据或信息冲突可解释	只索取必要材料，避免无限 RFI loop
Hold for review	需要人工判断、增强审核或跨团队确认	必须有 queue owner、SLA、客户状态文案
Decline / do not open	不符合资格、无法验证、风险超出政策或政策禁止	reason code 和客户沟通由对应 owner 批准
Exit / close after opening	已开账户但后续无法完成必要验证或出现政策触发	账户关闭、资金退回、SAR-sensitive 处理需 Legal/Compliance/Ops 确认
Abandon / timeout	客户未完成流程或未响应	计入 friction/harm monitoring，不应自动视为低风险成功

4. Reference Architecture

digital channel / branch assisted / contact center
  -> consent and disclosure service
  -> application journey orchestrator
  -> document and evidence capture
  -> identity proofing service
  -> CIP verification service
  -> CDD / KYB profile service
  -> fraud and synthetic identity graph
  -> sanctions / AML referral interface
  -> policy and decision orchestration
  -> exception queue workbench
  -> core account opening
  -> funding and activation controls
  -> customer communication service
  -> evidence ledger and audit binder
  -> monitoring, QA, model risk and management reporting

关键设计是 decision orchestration 不直接吞掉所有模型输出。它应接收结构化信号:

decision_signal:
  source: identity_proofing_vendor
  signal_type: evidence_validation
  result: inconclusive
  confidence: calibrated_bucket_medium
  reason_codes: [DOCUMENT_GLARE, ADDRESS_MISMATCH]
  customer_safe_reason: additional_information_needed
  evidence_refs: [doc_id, session_id, vendor_response_id]
  owner: identity_platform
  expires_at: 2026-07-15

5. Evidence Bundle

开户 evidence bundle 要能回答三个问题:

当时系统知道什么?
哪个规则、模型、人员或队列作了什么动作?
客户、审计、合规、模型风险和运营复盘分别能看到什么?

Evidence object	内容	设计要求
Application snapshot	表单、渠道、设备、时间、产品、客户输入	immutable version, PII access control
Consent record	披露、同意、用途、第三方共享、biometric/IDV notice where applicable	purpose-bound, versioned, retrievable
Identity claim	申请人核心属性、证据类型、proofing path	不把 proofing pass 当成 CIP pass
Evidence validation result	证件/文件/属性验证结果	source, method, vendor version, discrepancy
Identity verification result	face match、liveness、manual check、trusted referee	accessibility fallback and retry history
CIP verification record	documentary / non-documentary method and result	BSA/AML policy mapping
CDD profile	relationship purpose、expected activity、occupation/business、risk tier	updated on trigger, not only at onboarding
UBO / authority package	entity docs、ownership/control person、attestation、verification	KYB queue and beneficial ownership owner
Fraud signal bundle	device, network, velocity, synthetic, mule, deepfake indicators	customer-safe separation from internal rules
AML referral record	red flags, referral reason, supporting docs, analyst decision	SAR confidentiality and restricted access
Decision log	outcome, reason code, policy/model versions, human override	deterministic replay as far as practical
Communication proof	message template, channel, delivery, customer action path	wording approved and reason-owned
Activation record	account created, restrictions, funding status, holds, release	avoids active account with unresolved critical gate

6. Small Business / UBO Flow

小企业开户的难点不是多收几份文件，而是把三件事分清:

entity exists
  + applicant has authority
  + natural persons behind control / ownership are identified and risk-assessed where applicable

6.1 KYB / UBO Decision Table

Decision point	Evidence	Common AI support	Guardrail
Entity identity	formation record, EIN/TIN, business address, registration status	document extraction, registry match, name normalization	registry mismatch enters KYB review; AI summary not final entity verification
Authorized representative	officer title, resolution, signer authority, role evidence	authority document extraction, signature package triage	authority ambiguity cannot be hidden behind “business verified”
Beneficial owner / control person	ownership attestation, control prong info, ID evidence	ownership graph consistency, duplicate person detection	CDD/BO applicability and thresholds are Compliance-owned
Business nature and purpose	NAICS/MCC, website, expected activity, cash intensity	business classification, website risk summary	do not over-rely on web presence for legitimacy
Ownership discrepancy	conflicting names, addresses, percentages, hidden nominees	anomaly detection, graph links	escalates to KYB/BSA queue; customer wording stays evidence-based

FinCEN BOI resources should be treated as official source anchors, not as a substitute for institution-owned CDD/KYB procedures. The architecture should preserve source provenance:

customer attestation != state registry != FinCEN BOI data != third-party KYB vendor != internal CDD profile

7. Customer Harm and Abandonment

开户 AI 的客户伤害常隐藏在“未完成”里:

Harm pattern	Signal	Control
False reject	high decline / upheld appeal / manual overturn	segment review, reason QA, reviewer calibration
Endless evidence loop	repeated upload, same rejection reason, no alternate path	max retry policy, assisted path, evidence reuse
Accessibility failure	liveness or document capture fails for legitimate users	alternate proofing, trusted referee, branch/contact center path
Privacy overcollection	asking for documents beyond decision need	field-level necessity review, purpose tags
Confusing hold	customer sees generic “under review” for days	SLA-based status, safe explanation, escalation path
Abandoned onboarding	drop-off after IDV, CDD, UBO, funding	rescue analytics, friction-vs-risk dashboard
Wrong denial communication	product decline, fraud decline and KYC failure share one message	reason taxonomy and message owner

North-star metric 不应只是 conversion rate。更稳的指标组合:

eligible activation rate
  + verified identity completion
  + false reject / overturn rate
  + RFI completion burden
  + review SLA
  + segment friction disparity
  + early-life fraud / AML quality
  + complaint and recourse outcome

8. Model Risk and AI Governance

开户链路里的 AI 不止一个模型:

AI / model asset	Risk	Required governance
ID document classifier	wrong evidence type or missed tamper	eval by document class, quality, region, channel
Liveness / PAD / media integrity	false pass, false fail, bias, injection bypass	adversarial eval, segment QA, vendor monitoring
Attribute matching	name/address/DOB false mismatch	match policy, thresholds, manual review
Synthetic identity graph	unfair or opaque network inference	feature lineage, reviewer evidence, calibration
Fraud score	false decline or mule account pass	outcome monitoring, override QA, early-life loss linkage
CDD risk tiering	under-risking high-risk profiles or overburdening low-risk customers	typology coverage, scenario review, Compliance owner
LLM evidence assistant	hallucinated summary or unsafe customer wording	grounded summary only, citation requirement, output policy
Routing model	queues overloaded or wrong owner	queue telemetry, SLA, reviewer feedback

Use NIST AI RMF for lifecycle risk management and ISO/IEC 42001 for operating system discipline:

AI inventory -> intended use -> risk tier -> eval plan -> release gate
  -> runtime monitoring -> incident / harm review -> management review
  -> control improvement

9. Anti-Patterns

Anti-pattern	Why it fails	Better architecture
`KYC failed` as universal reason	owner, evidence and communication collapse	controlled reason taxonomy by decision domain
IDV vendor pass equals CIP pass	proofing signal is not full compliance decision	CIP decision service with policy mapping
Decline before queue triage	false rejects and poor customer recourse	hold/RFI/review state with SLA and evidence
AML, fraud and product decline share message	confidentiality, fairness and customer harm risks	customer-safe message catalog by owner
Funding before critical gates clear	mule and synthetic accounts can activate	restricted opening and activation control
LLM writes denial reason	invented reasons and inconsistent notices	structured reason code source of truth
BO data overwritten by latest source	destroys provenance and auditability	source-ranked evidence graph
Conversion optimized alone	hides abandoned harmed customers	balanced risk, harm and activation metrics

10. 面试表达

30 秒版本:

我会把 AI 开户设计成 decision-and-evidence architecture，而不是把 OCR、活体、名单筛查和欺诈分数简单串联。核心是建立状态机和 gate: consent、eligibility、identity proofing、CIP verification、CDD risk profile、KYB/UBO、fraud、AML handoff、funding activation 和 customer communication。每个 gate 都有 owner、reason code、evidence bundle、人工复核和客户安全文案。AI 可以辅助评分、路由和摘要，但不能替代 Legal/Compliance 的适用性判断、SAR decision 或正式 denial/adverse communication ownership。

2 分钟版本:

我的架构会先分离四条责任线: 产品资格、身份保证、金融犯罪风险、账户激活。身份 proofing 按 NIST SP 800-63-4 拆成 resolution、evidence validation、attribute validation、identity verification 和 enrollment；CIP/CDD 按 FFIEC/FinCEN source anchors 转成机构政策和证据要求；小企业 KYB 要区分 entity exists、authorized representative、beneficial owners/control person 和 business purpose。技术上我会设计 journey orchestrator、policy decision service、identity/CIP/CDD services、fraud graph、AML referral interface、exception workbench、customer communication service 和 evidence ledger。所有模型输出都进入结构化 decision signal，不允许 LLM 发明拒绝原因。运营上我会重点看 false reject、manual overturn、RFI burden、abandonment、review SLA、segment friction disparity、early-life fraud/AML quality 和 complaint/appeal outcome。开户成功不是“更多人过审”，而是合规、可解释、客户负担可控、风险可管理、事后能 replay。

11. Portfolio Exercise

为一个 digital checking + small business checking onboarding 设计:

Account opening state machine。
CIP / CDD / KYB / UBO decision gate map。
Risk-tiering table and activation restrictions。
Exception queue taxonomy and SLA。
Customer-safe hold / decline reason catalog。
Evidence bundle schema。
AI model inventory and eval plan。
2 页 architecture memo + 2 分钟面试回答。