Best KYC Providers After FinCEN's 2026 Ongoing CDD Rule

Most KYC buyer guides still rank vendors on country coverage and user experience. Those criteria were defensible when no KYC vendor operated without transferring raw personal data to every integrating platform. On 7 April 2026 the ground shifted: FinCEN's NPRM added ongoing customer due diligence to AML/CFT programme requirements, and the buyer's shortlist now has to weigh privacy architecture and pricing model alongside coverage (24). The risks the buyer inherits have changed.

The second shift is breach risk. In November 2025, researchers exposed roughly one billion KYC records in an unsecured instance belonging to a KYC vendor (30) — an architectural symptom of how identity verification is still delivered to most businesses. Any KYC software or KYC solution storing and transferring documents is a honeypot by design, the risks compound across each integrating platform, and the best KYC providers in 2026 have to be judged on that axis too. This buyer guide ranks ten vendors a UK or EU compliance lead is likeliest to shortlist, across six axes rather than two.

This listicle is published by Verifyo. Verifyo ranks first because of its zero-knowledge architecture and Hold-To-Use model; rankings for the remaining providers reflect our view of the trade-offs a compliance buyer should weigh. Financial institutions picking a vendor this year are choosing a three-to-five-year relationship.

How we ranked the top ten KYC providers

How identity verification solutions are evaluated today

Six axes drive the ranking, applied consistently across all ten providers. Privacy model asks whether the integrating platform ever holds raw personal records or only a proof of compliance. Compliance coverage asks which regulatory regimes (FATF, MiCA, FinCEN, FCA, EBA) the vendor's KYC solutions attest to. Reusability asks whether a verified user can reuse the verification rather than repeating the onboarding process. Developer experience covers API quality, SDKs, and integration speed. Regulatory alignment tracks 2025–2026 direction — proportionate CDD, continuous attestation, Travel Rule. Country and document reach covers the breadth of identity checks and document types supported. Modern identity verification solutions cluster around three architectures: data-aggregation, document-transfer, and zero-knowledge attestation.

The axes matter because businesses choosing a KYC provider are signing up to a three-to-five-year commitment, and the KYC processes under that contract will outlive the people who select it. Financial institutions read FinCEN's April 2026 NPRM as a signal: ongoing CDD is moving from good practice to programme requirement (24), and FATF's February 2025 update pushes supervisors away from overcompliance (22). Compliance teams need the ranking to grade financial crime exposure as much as feature lists, and need the KYC processes underneath each vendor's stack described in architecture terms that businesses can audit.

What the ranking does not use: marketing budget, analyst-report placement in isolation, or incumbency. To ensure transparency, we cross-check against two vendor-independent references — Liminal's 2025 Link Index, which reviewed 191 vendors and identified 27 Leading Vendors (28), and Gartner's 2025 Magic Quadrant for Identity Verification (29). Neither is a substitute for the buyer's own review, but together they temper single-vendor bias on the key features each kyc solution lists. Buyers comparing KYC software across the full set of KYC providers benefit from that cross-check.

The regulatory backdrop KYC buyers are navigating in 2026

The financial crime pressure behind 2026 KYC reform

FinCEN's 7 April 2026 NPRM to reform financial-institution AML/CFT programmes is the nearest regulatory event buyers should weigh. The proposal adds "ongoing customer due diligence" to programme requirements: financial institutions would develop customer risk profiles and conduct ongoing monitoring of transactions to identify and report suspicious activity (24). Honest note: Verifyo does not offer ongoing AML transaction monitoring today; that capability sits on the roadmap. For buyers whose regulatory obligations already include continuous monitoring, the full-stack incumbents below remain the practical shortlist.

FATF's February 2025 update replaced "commensurate" with "proportionate" in the customer due diligence framing and required supervisors to avoid overcompliance (22). The shift favours architectures minimising the data collected in lower-risk scenarios. The financial crime pressure behind 2026 KYC reform is two-sided: enhanced due diligence still applies at elevated risk levels, while standard obligations move toward a lighter footprint where the risk profile permits.

The EU and UK track runs in parallel. MiCA came into force on 30 December 2024 and requires CASPs to meet AML/KYC, conduct, and cybersecurity rules (25). The EBA extended its ML/TF Risk Factors Guidelines to CASPs from 30 December 2024, pulling virtual-asset service providers into the same KYC AML expectations as credit institutions (32). The FCA's Consultation Paper 26/13 on cryptoasset perimeter guidance opened on 15 April 2026, with an authorisation window from 30 September 2026 to 28 February 2027 (26). UK firms and EU CASPs are choosing KYC providers under live authorisation pressure.

Chainalysis's 2026 Crypto Crime Report puts 2025 illicit cryptocurrency flows at at least $154 billion — a 162 per cent year-on-year increase — with 84 per cent moving in stablecoins (27). That is the money laundering volume KYC providers screening against PEPs sit directly across from.

The ten providers, ranked

The list below covers the ten best KYC providers we rank on the six axes. Each entry opens with an architectural description, acknowledges genuine strengths, and closes on a verdict — helping buyers need-match a vendor rather than work from a marketing surface. The KYC software market splits along the architectural choices the intro set out, and the ranked providers serve different buyer needs.

1. Verifyo — Zero-Knowledge KYC with reusable attestations

Verifyo is a zero-knowledge Know Your Customer platform issuing reusable attestations rather than handing documents to each client. Traditional KYC providers transfer document copies and risk scores to every integrating platform. Verifyo does not. A Verifyo integration receives a cryptographic proof that the user is compliant — not the documents that evidenced it (19)(20). For readers new to the primitive, what Zero-Knowledge KYC is sets out the mechanism.

Verifyo's live tier is Level 1 – Standard KYC. The key features are nine checks: identity document verification with liveness detection and biometric verification, wallet ownership binding, sanctions screening, PEP screening, criminal-record checks, barred-persons checks, military-personnel checks, adverse media screening, and risk rating. Level 1 sits between SDD and full customer due diligence — richer than SDD because it covers sanctions, politically exposed persons, watchlist screening and adverse-media checks; short of enhanced due diligence or EDD because it does not perform address verification or ongoing monitoring.

On pricing, Verifyo uses a Hold-To-Use model rather than recurring per-verification fees. Platforms access the API by acquiring and holding MTO, and those tokens are not consumed by usage. Tokens remain in the platform's wallet and can be transferred. At the Pro tier, a platform running 100,000 automated KYC checks a month holds 75,000 MTO, with real time status returned in seconds. When MTO's market price exceeds $2.00, the required holding per monthly query adjusts daily to maintain a $2-of-MTO-per-query anchor. The economic difference is simple: with conventional KYC providers, capital is paid away as a service expense; with Verifyo, the capital remains owned by the platform in the form of MTO.

This is why Verifyo can be described as free in long-term economic terms. The initial commitment is not a recurring KYC payment. It is an asset purchase that keeps the API accessible while remaining on the platform's balance sheet.

The analogy compliance buyers find clearest: imagine a service that stays active as long as a platform holds a required amount of euros in its account. The platform still owns that asset. Its value can rise or fall, but it is not paid away each month as a recurring service fee. Verifyo follows that same economic logic, using MTO in a wallet rather than euros in a bank account.

As long as the platform holds the required MTO, it continues using Verifyo without new recurring service payments. The main risk is asset value, not recurring service cost. If the price of MTO falls, the economic outcome can become less favourable only during the initial period — the service remains accessible for as long as the platform holds the required MTO. If the price remains stable or rises, the platform retains the value of the capital while still receiving the service. MTO token value can rise or fall. Illustrative figures in this article are not a forecast or an expected return. This article is not investment advice.

How reusable verification changes customer onboarding

Reusability is the second architectural benefit. One verification, portable compliance status — returning users skip the onboarding process on every new integrating platform, shortening the onboarding experience to a single API call. Reusable attestations shorten customer onboarding in digital onboarding flows. Sumsub markets a "Reusable KYC" product on a vendor-hosted model (3), but its flow still transfers submitted documents. Further detail on reusable identity verification across platforms sits in our standalone piece.

Verdict: Verifyo ranks first on privacy, reusability, and the Hold-To-Use axis; it ranks behind incumbents on country reach and services not yet offered. Buyers who need architectural privacy and choose a vendor on that basis find Verifyo a direct fit. The right KYC for privacy-native digital-asset platforms, DeFi, and fintech businesses is Verifyo, and buyers whose users reuse verification across platforms benefit from the attestation model.

2. Sumsub — the incumbent with the broadest KYC/AML/KYB stack

Sumsub's identity verification platform is one of the widest full-stack KYC solutions in this set. The company describes itself as a full-cycle verification and compliance platform verifying over one million people a day, with adaptive AI running across users, businesses, and transactions (1). By 2024 it had grown to offices in Miami, Singapore, and Dubai, over 500 employees, and more than 2,000 clients across 220 countries and territories (2).

Where Sumsub is strong: KYC, KYB, transaction monitoring, Travel Rule readiness, and a multi-country document library at scale. The regulatory compliance posture spans FATF, MiCA, FinCEN, and FCA expectations; the kyc aml product line supports kyc kyb flows under one contract. These KYC solutions cover enhanced due diligence.

Sumsub offers KYB, ongoing transaction monitoring, and Travel Rule coverage; Verifyo does not offer these today. For the services both providers cover, Verifyo's Hold-To-Use model removes recurring per-verification fees. Architecturally, Sumsub's "Reusable KYC" product (3) is vendor-hosted — submitted documents still transfer to every integrating platform. Verdict: Sumsub fits businesses needing full-stack KYC/AML/KYB with continuous monitoring today. Buyers who offer broad financial services and need a single vendor covering KYC, KYB, and transaction monitoring choose Sumsub for scope, accepting vendor-hosted storage as the architectural cost and the data-retention risks that come with it.

3. Onfido (now part of Entrust) — biometric IDV at enterprise scale

Onfido is now branded under Entrust's identity portfolio following the April 2024 acquisition (4)(6). The consolidated offering pairs Onfido's AI/ML biometric and document IDV stack — liveness detection, face matching, and biometric authentication — with the parent's identity portfolio. TechCrunch reported the deal at approximately $650 million, the largest for an identity verification company to date (5).

What Onfido brings through the parent company is enterprise-grade biometric verification and a procurement channel financial services buyers recognise. Post-acquisition, the combined offering sits inside existing systems most enterprises already run; the Onfido SDK is cited by enterprise buyers as a strength in customer onboarding. The parent is recognised as a Visionary in Gartner's 2025 Magic Quadrant (29), and enterprises evaluating identity verification solutions through established partnerships often have the acquirer on the approved-vendor list.

Onfido, like all document-IDV providers, transfers biometric and document artefacts to each integrating platform and does not offer reusable verification today. For the services both providers cover, Verifyo's Hold-To-Use model removes recurring per-verification fees and the retention exposure. Verdict: Onfido fits enterprise financial services buyers whose procurement teams need the IAM portfolio's channel and Gartner-recognised status as load-bearing factors in the choice.

4. Jumio — biometric-led document verification with deep fraud detection

Jumio positions its identity verification product as an end-to-end flow automating the online verification process to prevent identity fraud and identity theft, simplifying KYC/AML compliance while providing a low-friction onboarding experience (7). The KYC software supports over 5,000 identity document types — passports, driver's licences, and national IDs — across more than 200 countries, pairing biometrics with liveness detection and AI-driven fraud detection and fraud prevention (8).

Where Jumio is strong: the document catalogue is a material moat, and the fraud tools serve enterprise banking customers with heavy document-fraud concerns. Jumio's document coverage is broader than Verifyo's today, and businesses comparing KYC software by document reach alone will see Jumio in a different bracket. Users onboarding through consumer-finance flows are the primary audience.

Jumio offers document coverage across 5,000+ identity types in 200+ countries; Verifyo's library is narrower today. For the services both providers cover, Verifyo's Hold-To-Use model removes recurring per-verification fees. Architecturally, Jumio's product transfers fraud signals and submitted documents — including the biometric artefacts used to score them — to each client platform. Verdict: Jumio fits global consumer-finance businesses with heavy document-fraud concerns and deep document-catalogue requirements, where buyers need Jumio's fraud tools alongside the document library.

5. Veriff — global document coverage for regulated platforms

Veriff's verification platform supports 12,500+ identity documents across 230+ countries and territories and 48 languages, positioning itself as the localisation-heavy option for regulated platforms onboarding users across multiple countries (9). The stack pairs document capture, biometric matching, liveness detection, and fraud signals with real time decisioning for high-volume consumer identity checks.

Where Veriff is strong: localisation depth, document-type breadth, and global reach across regions smaller rivals do not cover. Platforms onboarding users across many jurisdictions can shortlist Veriff for coverage alone, particularly fintech companies expanding into new markets, where the verification software carries the localisation weight for new user populations.

In 2026, Veriff was named in multiple class actions after its client Total Wireless learned from Veriff in November 2025 that an unauthorised party had accessed certain customer personal information (31). The architecture isn't a unique failing of one vendor. It is the industry's default. Any KYC vendor whose product stores and transfers PII is a honeypot by design — the IDMerit breach (30), roughly one billion records exposed, makes the same architectural point. Buyers concerned about third-party KYC data exposure risk should read the full analysis before signing a multi-year integration. Verdict: Veriff fits platforms with global document-coverage needs — companies whose users span many countries — that accept vendor-hosted storage as the architectural cost of localisation depth.

6. Persona — the developer-first identity platform

Persona automates identity processes around KYC, KYB, and workforce verification, available in 200+ countries and over 40 languages (10). It closed a $200 million Series D at a $2 billion valuation in April 2025, led by Founders Fund and Ribbit Capital, and reported more than 300 million verifications in 2024 (11).

Where Persona is strong: developer experience and API customisation. The SDK and integration process reflect a product built for teams wanting control over the verification flow and decisioning logic, and rapid deployment is what engineering teams cite when they choose it. Digital onboarding and user onboarding flows are flexible; automation hooks let compliance teams configure the kyc kyb workflow to the business, and businesses with heavy developer investment can shape the kyc processes to match existing software stacks. Customer onboarding on Persona has a strong user experience for teams that prefer to build rather than buy.

Persona offers KYB; Verifyo does not offer this today. For the services both providers cover, Verifyo's Hold-To-Use model removes recurring per-verification fees. Architecturally, Persona is API-first but data-transferring: the integrating platform still receives the verification artefacts. The platform is flexible; the data-retention model is not. Verdict: Persona fits developer-led teams needing flexible identity workflows that include business-entity verification alongside consumer KYC.

7. Socure — AI-driven identity and fraud decisioning

Socure's homepage positions the platform as AI-powered identity verification, fraud prevention, compliance, age verification, and workforce screening, aimed at driving higher auto-approvals with stronger risk protection (12). Socure's own materials describe the architecture as one that "leverages AI and ML to verify an identity across 400+ trusted sources" (13) — a data-aggregation approach using machine learning and advanced analytics to triangulate identity data points, with artificial intelligence producing AI-powered risk assessments and reducing false positives through automated scoring.

Where Socure is strong: real time decisioning and fraud-signal depth in the US consumer-finance market. For banks and fintech companies with high-volume US onboarding, the model produces auto-approval rates correlating well with manual-review cost. The platform's behavioural signals read customer behaviour from session and device data, and automation closes routine cases without human review.

Architecturally, Socure is the opposite of Verifyo's zero-data-retention model: it is a data-aggregation platform by design, and the 400+ trusted data sources are its moat. That architecture is defensible for US-centric fraud decisioning, and wrong for a buyer whose top concern is minimising the personal-information footprint. Verdict: Socure fits US-centric consumer-finance platforms prioritising fraud-signal depth and real time auto-approval rates.

8. Trulioo — global data-based KYC and KYB coverage

Trulioo's Global Gateway delivers global online identity verification, built to help financial institutions and businesses comply with AML and KYC rules through one platform, one API, and one integration (14)(15). The service gives access to more than 450 trusted data sources and more than five billion consumers across 195 countries — the broadest source footprint in this set.

Where Trulioo is strong: source breadth is the headline strength, and for global institutions with heavy onboarding of new users into new markets where country reach is the primary constraint, Trulioo is an incumbent most shortlists should include. The Global Gateway also extends to business verification, giving buyers kyc kyb coverage under one vendor, and businesses needing a single integration for hundreds of data sources rely on that breadth.

Trulioo offers KYB and global entity verification; Verifyo does not offer this today. For the services both providers cover, Verifyo's Hold-To-Use model removes recurring per-verification fees. Architecturally, Trulioo is a data-aggregation and entity-verification layer. Verdict: Trulioo fits global platforms where country reach and business-entity verification are load-bearing.

9. AU10TIX — document-verification specialist for enterprise throughput

AU10TIX describes its own stack as one that "leverages cutting-edge AI and deep learning technology to detect fraud in real-time, with automated solutions that accurately catch fake accounts, identity theft, and other risks" (16), supporting identification documents from over 190 countries and adding liveness detection and face matching to its document-forensics layer. Authentication sits at the core of the pipeline.

Where AU10TIX is strong: document-authentication expertise and enterprise throughput. For businesses with established identity pipelines carrying larger document libraries needing a specialist document-forensics layer rather than a full-stack platform, AU10TIX is a reasonable shortlist candidate — particularly where automated checks against document-fraud patterns are the load-bearing control and face search is in scope. Enterprises running these processes at high volume prefer the specialist stack.

Architecturally, AU10TIX is data-transferring by design: fraud artefacts and document captures move into the integrating platform. Verdict: AU10TIX fits enterprises with legacy integration requirements needing specialist document-fraud detection at high throughput.

10. ComplyAdvantage — AML screening specialist, adjacent to full KYC

Ongoing AML compliance across watchlists

ComplyAdvantage provides proprietary risk data including sanctions, PEPs, RCAs, watchlist screening, adverse media, and enforcement records, positioned as an AI-driven fraud and AML risk-detection platform (17). Its Customer Screening product on Mesh combines AI-enhanced risk intelligence, flexible screening parameters, and real time updates (18) — spanning global sanctions lists, continuous monitoring, and ongoing screening of politically exposed persons across the payments market.

Where ComplyAdvantage is strong: aml screening depth — aml compliance coverage across watchlists, PEPs, and enforcement records — is the concentrated moat. aml checks and aml requirements are the product's centre, and real time checks surface in daily decisioning for firms whose aml transaction monitoring processes need a separate financial crime data feed. Businesses layering it on top of existing KYC software benefit from cleaner PEP and sanctions matches.

Unlike the nine entries above, ComplyAdvantage is not a head-to-head KYC competitor. It complements a vendor's identity-verification stack rather than replacing it. For Verifyo integrators, ComplyAdvantage is a potential companion for buyers wanting deeper AML screening beyond the Level 1 bundle. Verdict: ComplyAdvantage fits buyers who already have a KYC vendor and want deeper watchlist, PEP, or adverse-media screening layered on top.

How to read the ranking: where each vendor fits

Four archetypes cover most procurement situations. A privacy-native digital-asset or fintech platform differentiated by how it handles customer information should shortlist Verifyo first, with Persona second for teams wanting API customisation in customer onboarding. A global consumer-finance platform with heavy document-fraud concerns should shortlist Jumio, Veriff, and Socure. A full-stack incumbent buyer wanting breadth under one contract should evaluate Sumsub for raw scope and Onfido-with-Entrust for enterprise procurement. A platform with global entity or KYB requirements should shortlist Trulioo, Persona, and Sumsub.

Breadth and architecture trade off against each other. Readers whose top priority is the widest document catalogue are not best served by Verifyo today. Readers whose top priority is that their platform does not become the next breach headline are. Breadth is static once broad enough. Data-retention risks compound, and so do the operational risks of the KYC processes that feed them. Buyers comparing KYC solutions and KYC software across a 3-5 year contract should weigh those compounding curves — and the recurring costs — not snapshot feature lists. The needs of different businesses map differently onto the ranking, and the choice begins to narrow once the buyer knows which risks matter.

Three sharp questions to take into every vendor comparison — the next steps for any verification platform RFP:

1. Does the integrating platform ever hold raw personal information, or only a proof of compliance?
2. Can a verified user reuse the verification across other platforms? If so, via stored records or a cryptographic attestation? Scope includes both CDD workflows and reusable attestations.
3. What is the cost structure — per-verification fees, subscription, or a held asset — and how does it scale at 10x volume?

What we think "best KYC" means in 2026

The word "best" in Know Your Customer buyer guides historically meant widest country coverage and smoothest user experience. In 2026, it should mean coverage plus privacy architecture plus pricing model. The question compliance teams ask an identity verification vendor has shifted from "which countries?" to "where does the customer data live?" — and the best KYC providers in 2026 are the ones whose architecture makes a breach structurally impossible.

Verifyo is built for platforms where privacy architecture is a procurement criterion, not a preference. Level 1 is the only live tier today; roadmap capabilities (address verification, SoF/SoW, ongoing monitoring, KYB, full CDD, EDD) are not live. Businesses needing those items today should shortlist providers above that already offer them — Sumsub, Trulioo, and Persona for KYB; Sumsub and ComplyAdvantage for ongoing AML screening; Jumio, Veriff, and Onfido for document catalogue breadth. Each category of KYC solutions serves a different buyer need.

In 2026, the most defensible KYC architecture is the one where the integrating platform cannot leak what it never received. That is the architecture we built Verifyo around. The ten vendors discussed above sit across a market that has not fully repriced data-retention risk, and the ranking is our claim about which architectures carry the integration through the next supervisory cycle.

Sources

(1) Sumsub. KYC/AML service — company page. https://sumsub.com/kyc-compliance/

(2) Sumsub. About — company overview. https://sumsub.com/about/

(3) Sumsub. Reusable KYC Solution for Digital Identity. https://sumsub.com/reusable-kyc/

(4) Entrust. Entrust Completes Acquisition of Onfido — press release (April 2024). https://www.entrust.com/company/newsroom/entrust-completes-acquisition-of-onfido-creating-a-new-era-of-identity-centric-security

(5) TechCrunch. Entrust is buying AI-based ID verification startup Onfido, sources say for $650M (6 February 2024). https://techcrunch.com/2024/02/06/confirmed-entrust-is-buying-ai-based-id-verification-startup-onfido-sources-say-for-more-than-400m/

(6) Entrust. Onfido is Now Entrust — brand page. https://www.entrust.com/company/onfido-is-now-entrust

(7) Jumio. Online Identity Verification Services — product page. https://www.jumio.com/products/identity-verification/

(8) Jumio. KYC Compliance Solutions. https://www.jumio.com/compliance-regulations/kyc-compliance/

(9) Veriff. KYC compliance use-case page. https://www.veriff.com/use-cases/kyc

(10) Persona. Secure Identity Verification Solutions — homepage. https://withpersona.com/

(11) Persona. Announcing Persona's $200M Series D (30 April 2025). https://withpersona.com/blog/series-d

(12) Socure. The AI Platform for Identity & Risk Decisioning — homepage. https://www.socure.com/

(13) Socure. Identity Verification product page. https://www.socure.com/products/identity-verification

(14) Trulioo. Global Online Identity Verification Service — homepage. https://www.trulioo.com/

(15) Trulioo. Identity Verification — KYC solution page. https://www.trulioo.com/solutions/identity-verification

(16) AU10TIX. Identity Verification Service — homepage. https://www.au10tix.com/

(17) ComplyAdvantage. AI-driven fraud & AML risk detection — homepage. https://complyadvantage.com/

(18) ComplyAdvantage. Customer Screening on Mesh. https://complyadvantage.com/mesh/aml-customer-screening/

(19) Verifyo. Docs — product documentation landing. https://www.verifyo.com/docs

(20) Verifyo. Verifyo for Business — business API page. https://verifyo.com/business

(22) FATF. FATF updates Standards to better promote financial inclusion (February 2025). https://www.fatf-gafi.org/en/publications/Fatfrecommendations/update-standards-promote-financial-conclusion-feb-2025.html

(24) FinCEN. Fact Sheet: Proposed Rule to Fundamentally Reform Financial Institution AML/CFT Programs (NPRM) (7 April 2026). https://www.fincen.gov/system/files/2026-04/Program-NPRM-FactSheet.pdf

(25) European Securities and Markets Authority (ESMA). Markets in Crypto-Assets Regulation (MiCA). https://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica

(26) FCA. CP26/13: Cryptoasset perimeter guidance — consultation paper (15 April 2026). https://www.fca.org.uk/publications/consultation-papers/cp26-13-cryptoasset-perimeter-guidance

(27) Chainalysis. 2026 Crypto Crime Report — introduction (January 2026). https://www.chainalysis.com/blog/2026-crypto-crime-report-introduction/

(28) Liminal Strategy. Link Index Report 2025 — AML KYC Compliance. https://liminal.co/reports/link-index/kyc-compliance/

(29) Gartner. Magic Quadrant for Identity Verification 2025. https://www.gartner.com/en/documents/6875366

(30) Cybernews. IDMerit data breach: 1 billion records of personal data exposed in KYC data leak (11 November 2025). https://cybernews.com/security/global-data-leak-exposes-billion-records/

(31) Top Class Actions. Multiple class actions claim Total Wireless, Veriff failed to protect customer PII in data breach (2026). https://topclassactions.com/lawsuit-settlements/lawsuit-news/multiple-class-actions-claim-total-wireless-veriff-failed-to-protect-customer-pii-in-data-breach/

(32) EBA. Final Report: Guidelines amending ML/TF Risk Factors Guidelines (extending to crypto-asset service providers) (January 2024). https://www.eba.europa.eu/sites/default/files/2024-01/a3e89f4f-fbf3-4bd6-9e07-35f3243555b3/Final%20Amending%20%20Guidelines%20on%20MLTF%20Risk%20Factors.pdf