Regulatory Compliant Identity Verification

Organizations in regulated industries must meet strict obligations on verifying and documenting the identity of every customer they onboard. KYC requirements under FATF Recommendation 10, the U.S. Bank Secrecy Act, and the EU’s 6th AML Directive mandate customer due diligence at account opening and enhanced due diligence for higher-risk relationships. The same verification discipline extends beyond individual customers. Know Your Business (KYB) programs verify the actual owners and controllers of business partners and vendors. Know Your Employee (KYE) programs apply similar rigor to workforce verification, driven by regulations including the U.S. Accountability Through Electronic Verification Act, the U.K. Economic Crime and Corporate Transparency Act, and the documented rise in synthetic-applicant fraud, which Gartner projects will affect one in four job candidates by 2028.

Each regime specifies acceptable evidence, a required assurance level, and the audit trail regulators will ask to see:

• NIST SP 800-63-4 defines IAL2 as the baseline for remote identity proofing in most regulated U.S. contexts, with explicit requirements for injection attack resistance, fraud prevention against AI-generated documents, and equitable biometric performance across demographic groups.
• eIDAS 2.0 and ETSI TS 119 461 define the equivalent framework for trust services and qualified electronic signatures across the European Union.
• The UK Digital Identity and Attributes Trust Framework (DIATF), assessed by Kantara, sets the standard for right-to-work, right-to-rent, and DBS identity checks.

Any solution deployed in a regulated environment must align to the applicable regime, withstand independent assessment, and produce the evidence record an auditor can follow.

Daon provides regulatory-compliant identity verification combining document authentication, NFC chip reading, mDL data ingestion, biometric face matching, presentation attack detection, and injection attack detection into a configurable workflow aligned to KYC and AML compliance obligations. This extends to KYB and KYE verification across banking, insurance, telecommunications, healthcare, retail, gaming, and cryptocurrency.

Daon’s solution can verify 15,000+ document types across 200+ countries with support for 20+ languages, including multiple non-Latin character sets. Documents are validated through AI-driven analysis of watermarks, holograms, foils, security features, and other proprietary validation techniques. Biometric matching is performed between the document and a live selfie, with iBeta ISO 30107-3 Level 2 certified presentation attack detection and injection attack detection aligned to CEN/TS 18099.

NIST IAL2 compliant and aligned to GDPR, DIATF, eIDAS/ETSI TS 119 461, 21 CFR Part 11, and FHIR, each verification captures 20+ data points to produce the audit trail regulators expect, and authoritative data source integrations include AAMVA, DVS, DHA, and RENAPER for downstream validation. Independently tested performance shows:

• 95%+ straight-through processing
• 84% first-attempt success rate
• <0.1% False Acceptance Rate
• 99.9%+ liveness detection accuracy

While available on both Daon platforms, for organizations that require full data sovereignty, including central banks, government agencies, and healthcare systems subject to on-site hosting mandates, IdentityX provides full platform capability with on-premises hosting under ISO 27001, 27017, 27018, 27701, and SOC 2 Type 2 certifications.