How to Build a KYC verification Agent Using CrewAI in Python for retail banking

By Cyprian AaronsUpdated 2026-04-21
kyc-verificationcrewaipythonretail-banking

A KYC verification agent in retail banking takes a customer’s identity data, checks it against policy and external/internal sources, and produces a decision-ready summary for ops or compliance. It matters because onboarding speed is directly tied to conversion, but the bank still has to satisfy AML/KYC controls, auditability, and jurisdiction-specific data handling.

Architecture

  • Input normalization layer

    • Parses customer-submitted data from forms, PDFs, OCR output, or API payloads.
    • Normalizes names, addresses, dates of birth, document numbers, and country codes.

  • Document verification toolset

    • Validates ID document metadata.
    • Checks expiry dates, issuing country, format consistency, and image quality signals if available.

  • Sanctions / PEP / adverse media screening toolset

    • Calls internal or third-party screening services.
    • Returns match candidates with scores and source references for audit.

  • KYC policy reasoning agent

    • Applies bank-specific rules: threshold logic, required documents by risk tier, escalation triggers.
    • Produces a structured recommendation: approve, reject, or manual review.

  • Audit and case logging layer

    • Stores every input, tool result, agent decision, and rationale.
    • Preserves traceability for compliance review and regulator requests.

  • Human-in-the-loop escalation path

    • Routes ambiguous or high-risk cases to an analyst.
    • Prevents the agent from making final decisions where policy requires manual approval.

Implementation

1) Install CrewAI and define your tools

CrewAI works well when the agent has narrow tools instead of broad freedom. For KYC, keep the tools deterministic: one for document checks, one for screening, one for policy lookup.

from crewai.tools import BaseTool
from pydantic import BaseModel, Field

class DocumentCheckInput(BaseModel):
    full_name: str = Field(..., description="Customer full legal name")
    dob: str = Field(..., description="Date of birth in ISO format")
    id_number: str = Field(..., description="Government ID number")
    issuing_country: str = Field(..., description="ISO country code")

class DocumentCheckTool(BaseTool):
    name: str = "document_check"
    description: str = "Validate basic KYC document consistency."
    args_schema = DocumentCheckInput

    def _run(self, full_name: str, dob: str, id_number: str, issuing_country: str) -> str:
        # Replace with real validation logic or API calls
        if len(id_number) < 6:
            return "FAIL: ID number too short"
        return f"PASS: Basic document checks passed for {full_name} ({issuing_country})"

class ScreeningInput(BaseModel):
    full_name: str
    dob: str

class ScreeningTool(BaseTool):
    name: str = "screening_check"
    description: str = "Screen customer against sanctions/PEP/adverse media."
    args_schema = ScreeningInput

    def _run(self, full_name: str, dob: str) -> str:
        # Replace with vendor API integration
        return f"NO_MATCHES_FOUND for {full_name}"

2) Create the KYC analyst agent with strict instructions

The key pattern is to constrain the agent to summarize evidence and recommend a disposition. Don’t let it invent facts or override policy.

from crewai import Agent

kyc_agent = Agent(
    role="KYC Verification Analyst",
    goal="Verify retail banking customer identity using provided tools and produce a compliant recommendation.",
    backstory=(
        "You are a banking operations analyst who follows KYC policy exactly. "
        "You never guess missing facts. You always cite tool outputs."
    ),
    tools=[DocumentCheckTool(), ScreeningTool()],
    verbose=True,
    allow_delegation=False,
)

3) Define a task that forces structured output

For banking workflows you want an auditable response. Ask for JSON-like output with clear fields so downstream systems can store it without fragile parsing.

from crewai import Task

kyc_task = Task(
    description=(
        "Review this retail banking applicant for KYC readiness.\n"
        "Customer data:\n"
        "- full_name: Jane Doe\n"
        "- dob: 1990-04-12\n"
        "- id_number: A1234567\n"
        "- issuing_country: GB\n\n"
        "Use the available tools to validate identity consistency and screening status.\n"
        "Return:\n"
        "1. decision (APPROVE | MANUAL_REVIEW | REJECT)\n"
        "2. reasons (bullet list)\n"
        "3. evidence (tool outputs)\n"
        "4. missing_items (if any)\n"
        "5. audit_notes (short compliance note)"
    ),
    expected_output="A structured KYC assessment with decision and evidence.",
    agent=kyc_agent,
)

4) Run the crew and persist the result for audit

Use Crew and kickoff() to execute the workflow. In production you would persist both inputs and outputs to your case management system with immutable timestamps.

from crewai import Crew, Process

crew = Crew(
    agents=[kyc_agent],
    tasks=[kyc_task],
    process=Process.sequential,
    verbose=True,
)

result = crew.kickoff()

print(result)

A practical production pattern is to wrap kickoff() in a service endpoint that stores:

  • request payload
  • tool responses
  • final agent output
  • model version
  • policy version
  • analyst override if applicable

That gives you an audit trail when compliance asks why a customer was approved or escalated.

Production Considerations

  • Data residency

    • Keep PII inside approved regions.
    • If your LLM endpoint is hosted outside your jurisdiction, do not send raw identity documents there.
    • Use tokenization or field-level redaction before calling any external model service.

  • Compliance controls

    • Hard-code policy thresholds outside the prompt where possible.
    • Separate “recommendation” from “decision”; many banks require human approval on edge cases.
    • Log the exact policy version used during evaluation.

  • Monitoring

    • Track manual-review rate, false positive screening rate, average time-to-decision, and override frequency.
    • Alert when screening vendors degrade or when tool latency spikes.
    • Sample outputs for QA against known-good test cases.

  • Guardrails

    • Restrict tools so the agent cannot write to core banking systems directly.
    • Validate all outputs against a schema before persisting them.
    • Block free-form acceptance/rejection when required fields are missing.

Common Pitfalls

  • Letting the agent make unsupported claims

    • Mistake: asking the model to infer income source or residency from weak signals.
    • Fix: force it to say “insufficient evidence” and route to manual review.

  • Sending raw sensitive data everywhere

    • Mistake: passing passport scans and full addresses into every tool call.
    • Fix: redact unnecessary fields per step and keep PII handling minimal.

  • Skipping audit structure

    • Mistake: storing only the final answer text.
    • Fix: persist inputs, tool outputs, timestamps, policy versioning, and final disposition as separate fields.

Retail banking KYC is not about building a clever chatbot. It is about producing a controlled workflow that is explainable under audit pressure and safe under regulatory scrutiny. CrewAI fits well when you treat the agent as a coordinator over deterministic tools rather than as an autonomous decision-maker.

Keep learning

By Cyprian Aarons, AI Consultant at Topiax.

ShareX / TwitterLinkedIn

Want the complete 8-step roadmap?

Grab the free AI Agent Starter Kit — architecture templates, compliance checklists, and a 7-email deep-dive course.

Get the Starter Kit

Related Guides

Related
build claims processing agent langchain python insurance
Related
build fraud detection agent llamaindex typescript healthcare
Related
build kyc verification agent llamaindex typescript healthcare
Related
build document extraction agent llamaindex typescript pension funds
Related
build underwriting agent llamaindex typescript investment banking