Know Your Agent · KYA

Know Your Agent: The Compliance Framework for Autonomous AI

As AI agents execute financial transactions autonomously, financial institutions must verify not just who authorized the agent — but what the agent is, what it is permitted to do, and how every action traces back to a verified human or legal entity.

What KYA Addresses

KYC was designed to verify humans. KYB was designed to verify legal entities. Neither framework was designed for a non-human actor with delegated authority to execute trades, initiate payments, or submit regulatory filings without real-time human supervision.

KYA fills this gap. It is the verification and governance layer for AI agents operating in regulated financial environments. A functional KYA framework must answer four questions for every agent in its scope:

  • Who is this agent? — Identity: cryptographic identifier, issuer, version, and provenance.
  • What is it authorized to do? — Scope: defined action permissions, transaction limits, and operational boundaries.
  • Who is accountable for it? — Principal: the verified human or institution that controls and is liable for the agent's actions.
  • Is it behaving within its mandate? — Monitoring: continuous behavioral audit against declared parameters.

The KYA Stack

A complete KYA implementation spans three technical layers:

Identity Layer. Unique, persistent agent identifiers — cryptographic credentials that remain stable across interactions and organizational boundaries. Analogous to a legal entity's LEI, but for software agents. Agent credentials may include cryptographic keys, OAuth 2.1 client credentials, mTLS certificates, and on-chain attestations.

Authorization Layer. Granular permission scoping defines what an agent may and may not do. Best practices from the emerging compliance field include: narrow access scoping to avoid overprivileged agents; context-aware authorization based on transaction size or risk signals; time-bound access grants for the duration of a specific task; and human-in-the-loop checkpoints for high-risk actions.

Accountability Layer. Every agent action must be traceable to a verified principal — the human or institution behind the agent. This delegation chain is the foundation of KYA's regulatory defensibility. Without it, agent-initiated transactions have no clear liability owner: a condition that regulators and counterparties will not accept as the agent economy scales.

KYA and Existing Regulatory Frameworks

KYA is not yet a mandated regulatory standard. It is an emerging compliance framework being developed by identity verification vendors, standards bodies, and regulated institutions in advance of formal regulatory requirements. Relevant existing frameworks it will integrate with include:

  • EU AI Act — risk classification for high-risk AI systems, applicable to financial service agents.
  • NIST AI Risk Management Framework — governance and accountability requirements for AI deployment.
  • FinCEN AML/BSA obligations — existing human-subject rules that must be extended to cover agent-initiated activity.
  • FATF guidance on virtual assets — travel rule implications for agent-to-agent transactions.

Market Signals

Firms actively building KYA infrastructure include Trulioo, Sumsub, Socure, AgentFacts, and emerging platforms such as SemanticPay and Skyfire — purpose-built networks for agent-to-agent transactions. The World Economic Forum published KYA framework proposals in January 2026. PYMNTS Intelligence surveyed 350 global companies in early 2026 and found an average 3.1% annual revenue loss attributable to gaps in digital identity systems — a figure that understates the emerging risk from unverified agent activity.

Key Framework References

  • FATF — Guidance on Virtual Assets and Virtual Asset Service Providers
  • EU AI Act — Title III (High-Risk AI Systems)
  • NIST AI RMF — AI Risk Management Framework (January 2023)
  • FinCEN CDD Rule — Customer Due Diligence Requirements (2016, as applied to agent principals)
  • W3C DID Core — Decentralized Identifiers specification