Artificial intelligence is advancing at breakneck speed, and biometric authentication with liveness detection—once considered the gold standard in digital identity verification—is now under siege. Deepfakes, synthetic media, and AI-generated spoofing tools are more accessible and convincing than ever. Traditional systems relying on cloud-based analysis or static liveness checks are dangerously outdated.
Deepfakes, synthetic media, and AI-generated spoofing tools are more accessible and convincing than ever. Traditional facial recognition systems, especially those relying solely on cloud-based analysis or passive liveness checks, are completely obsolete, despite their prevalence in fintech, DeFi, and digital banking worldwide. At the same time, threat actors no longer need sophisticated tools to bypass standard facial recognition systems. A free, anonymous email account, some AI video gen software off the internet, and a still image or two from any social media account are now enough to fool most identity verification platforms – this is because they do not process the data locally.
The Threat
AI-powered fraud now makes it possible to bypass many KYC onboarding processes with nothing more than a still image, a free email account, and widely available deepfake software.
Cloud-based verification platforms introduce additional risk—sending sensitive biometric data offshore, often to vendors with questionable ownership, opaque data handling, or ties to jurisdictions that undermine privacy and sovereignty.
Fintechs and DeFi companies face heightened exposure, especially when relying on providers in the UK, US, Canada, and EU that use offshore subprocessors or outdated verification models.
Most systems labeled as “liveness detection” perform only surface-level checks before sending the image to the cloud for advanced processing. This forces them to rely on outdated 2D image processing often provided by questionable offshore data processors, making them easy targets for presentation attacks using photos, deepfake videos, or even AI-generated avatars. Biometric systems that were once built to stop fraud are now frequently bypassed by it.
“AI-driven fraud is exploding across legal, real estate, and financial services. This is a technology arms race. The only way to win is to meet AI with better AI, backed by privacy-first architecture. With our edge-computing biometrics, your users’ most sensitive data never leaves their device, and fraud attempts never reach your systems.” said Matthew Unger, CEO at iComply
The iComply Platform: Built for the Next Era of Threats
We’ve spent the last five years engineering and refining a better Live Face Match biometric authentication system that can perform any type of check directly on the user’s device. This not only addresses these modern threats, it is a game changer for personal data privacy and national data sovereignty. Our latest release of the iComply platform delivers randomized, concurrent liveness and biometric testing. Performed entirely on-device via our proprietary edge computing architecture to detect and neutralize generative AI spoofing before it can infiltrate your onboarding process.
Fall 2025 Release Highlights
1.Advanced Multi-Expression Live Face Match Testing: Enhancements to performance and concurrent processing of both biometric face matches and liveness detection algorithms. Our platform doesn’t just check for motion and a face match; it challenges users to perform randomized facial expressions and micro-movements in 3D, making it nearly impossible for pre-recorded or deepfaked media to replicate. Each expression is evaluated independently alongside biometric confidence scores and device metadata to create your confidence threshold, which can be customized based on your risk tolerance.
Real-time 3D facial recognition combined with randomized micro-expression prompts.
Concurrent biometric and liveness analysis makes pre-recorded or AI-generated forgeries virtually impossible to pass.
Independent scoring for each challenge, combined with device metadata, allows for fully configurable pass/fail thresholds.
2. Edge Computing for Real-Time AI Fraud Detection: Unlike API driven KYC or identity verification systems, our identity and biometric checks are performed directly on the user’s device through edge computing. Edge-computing ensures your customer data is always processed locally, in the country where they are at that moment, and validated before you touch it. This reduces exposure, accelerates processing time, and ensures biometric data never leaves the device, drastically improving both privacy and security. With this release, Pro and Enterprise accounts can now leverage enhanced configurability and data localization control for emerging regulations covering data privacy, security, and sovereignty.
All biometric processing happens locally, on the user’s device. This ensures that data never leaves the country of origin. Zero data leakage. Zero third-party processing.
No reliance on offshore cloud processors means significantly reduced attack surface, zero transmission risk, and compliance with emerging data sovereignty laws.
Enhanced configurability for Pro and Enterprise clients to meet national and sector-specific privacy mandates.
3. Enhanced Threshold Controls for Precision Matching: Manage thresholds for biometric confidence score, adjust pass criteria, and the number of facial expressions required to be completed successfully.
Dynamically set biometric confidence thresholds (e.g., 70%, 85%, 95%) based on your risk profile.
Adjust requirements based on the risk and use case of the biometric verification event.
AI Isn’t Going Away, But Neither Are We Organizations can no longer rely on “good enough” systems from five years ago to stop the threats of today. AI-generated fraud is evolving faster than most compliance teams can adapt. Without advanced, on-device defences, organizations risk onboarding bad actors, breaching data protection laws, and undermining user trust. By engaging iComply as their AML compliance technology partner, our clients reduce cost, manual operations, and fragmented systems while gaining clarity, consistency, and confidence in their AML compliance program. A program that is built not just for today’s threats but also for the upcoming threats posed by generative AI and offshore data processing.
About iComply iComply is a global leader in modular compliance solutions for KYB, KYC, KYT, and AML. Founded in 2017 and headquartered in Vancouver, Canada, iComply helps regulated and emerging financial services providers operate with trust, accountability, security, and privacy. Our proprietary edge computing technology processes and encrypts sensitive identity data directly on the user’s device, enabling compliance without compromising privacy or data sovereignty. The iComply platform consolidates up to eight legacy vendors into one secure, configurable system—reducing compliance costs by up to 90%, improving customer satisfaction by over 25%, and ensuring readiness for evolving regulations in over 195 countries and 142 languages. Learn more at www.icomplyis.com.
August 2025, Vancouver, Canada: iComply, a global leader in digital compliance technology, has announced a new strategic partnership with CE Corner, Canada’s premier continuing education provider for legal, financial, and insurance professionals. Together, the two firms are launching the first in a series of accredited training programs designed to equip professionals with the awareness and tools needed to combat AI-driven fraud, cryptocurrency abuse, and rising AML compliance threats.
The inaugural course, titled “Protecting Clients from Emerging Fraud,” is now live and available free of charge. It provides CE credit in multiple jurisdictions and is tailored for legal, real estate, wealth management, and financial services professionals.
“AI-driven fraud is exploding among legal, real estate, and financial services providers,” said Matthew Unger, CEO of iComply. “This is a technology arms race that demands active engagement from every level of an organization.”
Technology is advancing faster than compliance teams can train. Salesforces, support reps, and client-facing teams are now the frontline defence against fraud Yet most are ill-equipped to identify sophisticated attacks that use deepfakes, AI-generated documents, or blockchain obfuscation techniques. This new partnership aims to close that gap and give our frontline resources better tools and training to protect themselves, their clients, and our financial markets from AI-powered fraud.
Course Overview:
In just 1 hour, participants will learn:
How emerging fraud schemes are evolving through AI, spoofing, and social engineering
What frontline staff must know to detect threats before losses occur
Practical tactics for identifying red flags and protecting clients
Why CE training is no longer optional in a rapidly digitizing world
iComply delivers end-to-end KYB, KYC, KYT, and AML compliance solutions for financial institutions, legal service providers, and fintech platforms worldwide. Built with a zero-trust security model and edge-computing architecture, iComply helps clients reduce compliance costs by up to 90%, while meeting or exceeding global standards such as SOC2, ISO27001, GDPR, and PIPEDA.
CE Corner is a trusted education platform for Canadian professionals across law, accounting, insurance, and financial services. It offers accredited, high-quality training programs to ensure professionals stay compliant, competent, and competitive in fast-changing regulatory environments.
Looking for more than awareness?
iComply also offers advanced AML compliance training programs for clients and partners. These 10-hour programs blend self-directed learning and live instruction to deliver actionable education that maps to your regulatory obligations.
Contact our team today to explore training options and technology solutions tailored to your business.
With MiCA implementation and FATF enforcement gaining momentum, VASPs in the EU must now implement transaction-level monitoring (KYT) and comply with the Travel Rule. This article explores how combining edge-secure KYC with smart KYT can enable full compliance while preserving user privacy and minimizing operational drag.
For Virtual Asset Service Providers (VASPs) operating in the European Union, 2025 is a regulatory inflection point. The EU’s Markets in Crypto-Assets Regulation (MiCA) has taken effect, and enforcement of the FATF Travel Rule is no longer theoretical – it’s here.
VASPs must now verify the identity of senders and receivers, screen transactions for risk, and transmit originator and beneficiary data across platforms and jurisdictions. At the same time, they must do so without compromising user experience or exposing themselves to privacy risks.
It’s a tall order – but it’s achievable with the right technology architecture and compliance strategy.
The Travel Rule in the EU: What’s Required
The FATF Travel Rule (Recommendation 16) and the EU’s corresponding measures require VASPs to:
Identify both the sender and receiver in crypto transactions above a certain threshold (typically €1,000)
Transmit originator and beneficiary information to the receiving VASP
Screen transactions for sanctions, PEPs, and suspicious activity
Retain records and provide them to regulators on request
In many EU jurisdictions, this is now mandated under national transpositions of MiCA and AMLD.
Key Compliance Challenges for VASPs
1. Identity Verification in Real Time VASPs must verify natural persons and legal entities at onboarding—often within seconds—to avoid losing users. Traditional KYC platforms relying on cloud processing introduce latency and risk.
2. Transaction Monitoring (KYT) Legacy AML platforms weren’t built to analyze blockchain transactions. VASPs need tools that:
Detect patterns of smurfing, mixing, or structuring
Flag anomalous wallet behaviour
Correlate on-chain events with user profiles
3. Privacy and GDPR Conflicts Transmitting user PII to third-party platforms or across borders can violate GDPR unless encrypted and consented properly. Many VASPs lack infrastructure to ensure compliance.
4. Cross-Platform Interoperability Ensuring data integrity across exchanges, custodians, and wallet providers requires consistent formatting, encryption standards, and interoperability with protocols like TRISA or OpenVASP.
The iComply Solution: Edge KYC + KYT
iComply offers a hybrid approach to compliance that protects privacy and enables full regulatory alignment:
1. Edge-Based KYC Verification
Identity documents, biometrics, and user data are processed on-device before being encrypted and transmitted.
Prevents unnecessary data exposure and supports GDPR, MiCA, and national data residency laws.
2. KYT with On-Chain Intelligence
Monitor wallet behaviour in real time
Risk-score transactions using blockchain analytics and off-chain KYC data
Detect structuring, layering, and high-risk flow patterns
3. Protocol-Agnostic Travel Rule Compliance
Integrate with TRISA, OpenVASP, and other compliance messaging protocols
Validate counterparty information and log communication trails
4. Unified Case Management
Combine KYT alerts, KYC data, and screening history into a single dashboard
Document decisions, escalate suspicious cases, and export reports
Case Insight: EU-Based Crypto Exchange
An exchange in Germany deployed iComply to integrate KYT screening with their existing KYC workflow. Within 60 days:
Drop-off rates in onboarding fell by 22% due to faster edge-based identity checks
High-risk wallet activity was flagged 3x more accurately
The firm passed a BaFin audit with recognition for its Travel Rule implementation
Regulatory Outlook for 2025
MiCA Phase-In: Stablecoin issuers and exchanges are now subject to enhanced due diligence requirements
TRP Adoption: The Travel Rule Protocol (TRP) is becoming the common standard across Europe
Supervisory Convergence: National regulators are aligning enforcement expectations across the EU
Take Action
For VASPs in the EU, 2025 is not just about avoiding penalties—it’s about proving maturity, privacy protection, and regulatory leadership.
Contact iComply to see how our KYT and edge-secure KYC platform helps VASPs comply with the Travel Rule, automate risk controls, and scale with confidence across Europe.
A cross-disciplinary research team from the University of British Columbia (UBC) conducted an industry study spanning the compliance, assurance, and technology requirements that financial institutions, legal and accounting firms need to see in place before digital assets can be used at scale in their sectors. Hundred of hours of interviews with industry experts across 13 leading financial jurisdictions explored the past, present, and future state expectations that are blocking the industry adoption of digital assets, security tokens, tokenized payments, and digital identity from diverse perspectives.
iComply Investor Services Inc, in partnership with the Government of Canada, Mitacs, and the University of British Columbia commissioned the study in order to better understand the challenges that token issuers face to meet the regulatory standards for issuing and tracking digital assets. Currently, these projects face significant barriers that result in trade-offs – hindering the true potential of blockchain managed assets. The research collaboration was supported by Mitacs’s Accelerate Program.
The Findings:
The use of blockchain technology allows token issuers to efficiently gain access to global customers, partners, and capital.
Key Challenge: The burden of the cost of regulation
Challenges broadly stem from the cost of complying with regulation. In 2017 there was significant ambiguity surrounding whether and how digital assets were regulated, and many issuers neglected this dimension altogether. While a large number of issuers were well-intentioned, others could not resist exploiting the prospect of unlimited access to global investors. Early offerings could often raise more with savvy marketing than a well-reasoned project plan, and a large number of early token offerings were little more than Ponzi schemes. Today, regulatory clarity and enforcement are essential if tokenized securities are to become a safe and legitimate fundraising mechanism.
The study found that issuers currently face a compliance trilemma, whereby they can realize only two of the following three goals in their token offerings:
Cost-effectiveness
Widely distributed investors
Regulatory compliance
While we focus here on ICOs, the compliance trilemma also holds more generally for other decentralized finance practices involving cryptoassets including ICOs, STOs, TGEs, and IEOs.
To date, issuers have adopted various approaches to address the trilemma:
Sacrificing compliance by directly defying regulators and hoping to fly under the radar
sacrificing the scope of investment by restricting token sales to a limited group of investors
Compromising on all three dimensions in a hybrid approach
Forgoing a token offering entirely until this becomes more cost-effective
However, each of these current approaches is sub-optimal, and a solution is needed to the compliance trilemma.
The study also explored how industry experts expected the compliance trilemma to be resolved and found that the majority tended to advocate new regulatory rules and definitions that could relax what they see as the “burden” of compliance on issuers. Such an approach places the onus squarely on regulators, who would need to coordinate within and across jurisdictions to reach a coherent regulatory framework that appeases the challenges and costs of compliance for issuers. However, we argue that holding regulators solely accountable for the compliance trilemma is incomplete and misguided, and that other approaches are needed to reduce the costs and uncertainties of regulatory compliance.
About iComply Investor Services Inc. iComply Investor Services Inc. (iComply) is an award-winning software company focused on reducing regulatory friction in the capital markets. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost and complexity of multi-jurisdictional compliance to effectively access new markets. Learn more: iComplyIS.com
In today’s rapidly changing digital landscape, data privacy and security are more crucial than ever for compliance teams. As regulations tighten and cyber threats evolve, businesses must prioritize innovative solutions. Enter edge computing, a game-changer for KYC,...
KYB requirements are tightening worldwide. This guide helps regulated firms navigate evolving AML expectations and shows how iComply streamlines compliance with secure, scalable software.
From complex ownership to offshore funding, real estate is high-risk for money laundering. This guide shows how iComply helps brokers, lawyers, and lenders simplify AML compliance across jurisdictions.
Nonprofits face growing AML obligations. This guide explains how to verify donors, partners, and grantees while maintaining trust and operational focus using iComply.
“Chandy,” is a technology and risk expert with executive experience at Boston Consulting Group, Citi, and PwC. With over two decades in financial services, digital transformation, and enterprise risk, he advises iComply on scalable compliance infrastructure for global markets.
Thomas is a global tax and compliance expert with deep specialization in digital assets, blockchain, and tokenization. As a partner at MME Legal | Tax | Compliance, he advises iComply on regulatory strategy, cross-border compliance, and digital finance innovation.
Thomas is a renowned identity and cybersecurity expert, serving as CTO of Connection Science at MIT. With deep expertise in decentralized identity, zero trust, and secure data exchange, he advises iComply on cutting-edge technology and privacy-first compliance architecture.
Rodney is the former President of ADP Canada and international executive with over two decades of leadership in global HR and enterprise technology. He advises iComply with deep expertise in international service delivery, M&A, and scaling high-growth operations across regulated markets.
Praveen is a serial entrepreneur and technology innovator, known for leadership roles at Lucent Bell Labs, ChargePoint, and the Stanford Linear Accelerator. He advises iComply on advanced computing, scalable infrastructure, and the intersection of AI, energy, and compliance tech.
Paul is a Canadian RegTech leader and founder of Maple Peak Group, with extensive experience in financial services compliance, AML, and digital transformation. He advises iComply on regulatory alignment, operational strategy, and scaling compliance programs in complex markets.
John is a seasoned business executive with senior leadership experience at CIBC, UBS, and Accenture. With deep expertise in investment banking, private equity, and digital transformation, he advises iComply on strategic growth, partnerships, and global market expansion.
Jeff is a former CFTC official and globally recognized expert in financial regulation, fintech, and digital assets. As founder of Bandman Advisors, he brings deep insight into regulatory policy, market infrastructure, and innovation to guide iComply’s global compliance strategy.
Greg is a seasoned investment banker with over 35 years of experience, including leadership roles at BMO Capital Markets, Morgan Stanley, and Citigroup. Greg brings deep expertise in financial strategy and growth to support iComply's expansion in the RegTech sector.
Deven is the former President of S&P and a globally respected authority in risk, data, and capital markets. With decades of leadership across financial services and tech, he advises iComply on strategic growth, governance, and the future of trusted data in AML compliance.
