KYC compliance at platform scale
How a composable platform for regulated financial services shipped a production-ready KYC component — with full bitemporal audit history from day one — without writing a single line of custom versioning logic.
A composable platform for building financial services products enables banks and fintechs to configure and deploy regulated customer journeys in a fraction of the time typically required. Their KYC (Know Your Customer) component sits at the centre of the onboarding workflow — verifying customer identity, managing document lifecycles, tracking risk ratings, and ensuring every compliance decision is auditable against the regulatory state that existed when it was made.
KYC data is inherently temporal. Documents expire. Risk classifications change. Corrections propagate backward through a customer's history. Satisfying both the operational requirement (current customer status) and the compliance requirement (audit record of what was known and when) typically requires bespoke versioning logic, shadow tables, or a parallel audit database — all of which carry ongoing maintenance burden and the risk of divergence between what the system shows now and what it actually recorded at the time.
"What was the risk status of this customer when this transaction was approved?" — a standard SQL query.
Building the KYC component on XTDB meant that full bitemporal history was automatic from day one. Every status change, document update, and risk reclassification is recorded on both valid time and system time without a single line of custom history logic. Any compliance question is answered by querying the database directly — no reconstruction from logs, no reconciliation against a shadow table, no bespoke audit export.
The result: a component that shipped faster, carries less implementation risk, and is inherently ready for any future reporting obligation. As new regulations arrive — or as the platform expands to new jurisdictions — the audit foundation is already in place. There is no catch-up work, and no ambiguity about what the system recorded at the time of any decision.
The composable platform approach means that the same bitemporal foundation underpins every product built on top — not just KYC. As new composable components are added, the audit and compliance properties are inherited automatically, with no per-feature instrumentation required.