The hard part is collection, not the rule
Anyone working in compliance or on an onboarding desk knows it: the difficulty in KYC is not interpreting the regulatory obligation, it is gathering and reconciling the information. To onboard an institutional counterparty, an analyst ends up jumping between the business register, the beneficial ownership portal, sanctions databases, PEP lists, regulator websites and the client's data room. Each source has a different format, every document has to be read, and data gets moved by hand into a spreadsheet or a workflow tool. That is where errors creep in: an outdated company extract, a misread beneficial owner, a name transcribed differently from how it appears on a list.
The Anti-Money Laundering Directive (AMLD), across its successive versions transposed throughout the Union, requires customer due diligence, identification of the beneficial owner, risk assessment and record keeping. With the EU AML package and the arrival of the European authority AMLA, the bar on file quality and traceability rises further. The point is not to run fewer checks: it is to run them so that every data point is verifiable at the source.
What AI actually does during onboarding
AMARIL is a vertical AI platform for finance that reads and analyses corporate and financial documents the way an analyst would, but at scale and with full traceability. In a counterparty onboarding flow, that means several very concrete things.
Structured extraction: the AI reads the company register extract, the articles of association, filed financial statements (under OIC or IFRS), powers of attorney and identity documents, and extracts legal form, capital, governing bodies, shareholdings and signing powers. From a complex ownership chain it reconstructs the beneficial owners, flagging percentages and the points where the documentation is not sufficient to close the loop.
Screening against lists: names of natural and legal persons, controlling entities and beneficial owners are checked against sanctions lists, PEP registers and adverse media sources. The system handles transliteration variants and surfaces potential matches, distinguishing likely namesakes from solid hits.
File assembly: instead of copy-paste across portals, the analyst receives a file that is already composed, with the counterparty profile, the beneficial ownership map, the screening outcomes and indexed documents. Human work shifts to where it truly matters: the risk judgement and the decision.
Source citation: the detail that changes everything in compliance
In an anti-money-laundering dossier, a data point without a source is a data point that does not exist. If an inspector from Banca d'Italia, an auditor or the future AMLA asks where a given beneficial owner comes from, or why a counterparty was rated medium risk, the answer has to trace back to a specific document, a page, a line.
That is why AMARIL always answers with a source citation. Every item in the file points to the document it was extracted from: the business register extract, the page of the articles of association, the financial statement line, the record of the sanctions list consulted on a given date. The operating principle is no hallucinations: if the information is not in the documents, the system says so instead of inventing it. For a team that has to defend its choices in front of a regulator, this is the difference between a usable tool and one more source of risk.
A recent European example is worth recalling: due diligence files built on counterparties with cross-border structures, typical of transactions on Euronext or Borsa Italiana, are exactly the ones where manual reconstruction of the beneficial owner is most fragile and where documentary traceability makes the difference in an inspection.
Where the data lives: EU cloud, GDPR, on-premise
A KYC file contains sensitive personal data and confidential client information. That is why architecture matters as much as functionality. AMARIL runs on cloud infrastructure within the European Union, with end-to-end encryption and a zero retention policy, in line with the GDPR, and is also available on-premise for institutions that, by internal policy or supervisory requirement, must keep data inside their own perimeter. No onboarding data leaves the institution's control to train third-party models.
Takeaway for finance teams
Onboarding a counterparty under AMLD will remain a regulated and demanding process: that is not what changes. What can change is how the file is built. Moving the extraction of corporate data, the reconstruction of beneficial owners and the screening against lists onto a vertical AI frees analysts from low-value work and cuts transcription errors between portals. There is only one condition for this to genuinely work in compliance, and it is non-negotiable: every data point must be cited at the source, with no hallucinations, on European and compliant infrastructure. That is how efficiency becomes defensible in front of a regulator.
