LET'S TALK
← All work
AMLKYCBSAOFACDeep Prototype

KycFlow — AML/KYC Onboarding Workflow

16 seeded customer applications with sanctions screening (OFAC/EU/UN), PEP check, beneficial-ownership tree at 25% threshold, source-of-funds review, and Enhanced Due Diligence triggers. BSA 31 CFR §1020 evidence shape with realistic high-risk scenarios.

KycFlow — AML/KYC Onboarding Workflow preview
Open live →

What it is

The shape behind a financial-institution onboarding desk. Every applicant runs through the same pipeline: identity verification, sanctions screening against 4 lists, PEP check, adverse-media scan, beneficial-ownership extraction, source-of-funds review, expected-activity reconciliation. Risk score drives the workflow.

What’s in it

  • 16 seeded applications across individual / business / correspondent banking. Mix of clean approvals, sanctions-hit rejections, PEP review queue, undisclosed-BO shell-company patterns, high-risk jurisdictions, fuzzy matches requiring human judgment.
  • Sanctions screening across OFAC SDN List, EU Consolidated Sanctions, UN 1267/1718, PEP database, and adverse media. Results: clear / fuzzy match / exact hit.
  • Beneficial ownership tree at 25% threshold per FinCEN CTA. Shell companies with nominee directors flagged. Trust / parent-entity ownership requiring tier-2 disclosure surfaced.
  • Risk scoring (0-100) blending: sanctions hits (+heavy), PEP match, high-risk jurisdiction (FATF + OFAC sanctioned countries — 10 in catalog), industry risk (VASP / shell / defense contractor), expected-activity volume.
  • EDD triggers for PEP matches, correspondent banks, high-risk jurisdictions, large expected volumes, undisclosed BO — all with the specific FFIEC BSA/AML Manual citation.
  • Decision rationale captured per application for examiner review.

Why this shape

BSA Section 1020 / FinCEN’s Customer Identification Program rules are the most actively examined area of bank compliance. The pattern at every regulatory exam: “show me the BO disclosure for vendor X, the PEP escalation for customer Y, the source-of-funds doc for application Z.” Every one of these is a row in the same table. KycFlow is that table.

How it ships

Single HTML file, ~38KB. Zero dependencies. The sanctions-list logic, BO-tree audit, jurisdictional risk catalog, EDD trigger rules, and 16-application seed are 380 lines of vanilla JavaScript.

Open the tool →