Conversion is the problem. However, the solution is rarely “fewer risk checks.” More than 60% of fintechs have faced regulatory fines of over $250,000 due to missed vital Know Your Customer (KYC) checks while trying to expedite new customer onboarding processes.
Manual processes don’t help when nine in ten asset managers take over a month as they painstakingly onboard new clients manually. When you add this up, across financial services, an estimated 63% of potential new customers never finish signing up.
So, how do you get the best of both? Here are 11 practical tips.
Key takeaways
- Most new customers are low risk. McKinsey found fewer than 5% of applicants are high risk, so heavy checks on everyone just adds friction for the 95% who do not need it.
- A tiered, risk-based flow lets low-risk customers finish quickly and routes only the riskiest applicants into deeper verification.
- Small design choices move the needle: pre-filled forms, progress bars, and instant error messages all cut drop-off.
- You cannot improve what you do not measure. Track completion rate, time to verify, and false-positive rate side by side.
Where customers drop off in the KYC funnel
Onboarding is not one moment. It is a series of small steps, and customers can leave at any of them. The common drop-off points are easy to name once you look for them:
- Start: the customer opens the flow but never enters anything, often because they are not sure what they are signing up for yet.
- Personal info: they hit a long form asking for more than they expected to give a company they just met.
- Document upload: a passport or ID photo fails, and there is no clear reason why.
- Selfie and liveness: the step feels intrusive, or it loops without explaining what went wrong.
- Processing and wait: the screen spins, and the customer assumes something broke.
- Decision: a manual review holds a good customer in limbo.
You cannot fix a drop-off you cannot see. Most teams know their overall completion rate but not which step is leaking. That is the gap the strategies below are built to close. Before you change anything, find out where your customers are actually leaving, and why.
11 practical ways to optimize your KYC process
1. Adopt a tiered, risk-based approach to KYC
Not every customer or product line carries the same level of risk. McKinsey, for example, estimates that high-risk clients usually make up less than 5% of potential new clients applying for accounts. The remaining +95% of customers have lower levels of risk. Baking this into the strategy, one way to optimize the process is by segmenting applicants according to their risk profiles.
Instead of applying heavy compliance controls to every single new customer equally, one way to create smoother journeys for the majority is to only impose the extra checks on the riskiest.
This risk-based approach is an efficient use of compliance professionals’ limited time and helps convert most customers quickly. As of 2024, less than three in ten (29%) of asset managers use a tiering methodology. This is a great starting point for anyone who hasn’t already added.
Sardine builds this as progressive KYC onboarding, with custom waterfall onboarding flows that route each applicant on first-touch risk: low-risk users move through a streamlined path, medium-risk users hit step-up flows like document verification or selfie liveness, and the high-risk minority lands in enhanced due diligence. The waterfall is configurable in the no-code rule editor, so risk and growth teams can tune thresholds together. See how it works on Sardine's KYC onboarding platform
2. Consider bite-sized onboarding
This concept, known as Leverage Tiered Verification (LTV), takes only what's needed and when needed. At initial sign-up, the strategy is to gather only essential details. Further verification steps can be deferred or conducted in the background if the customer's activity and transaction patterns remain low-risk.
Employing a tiered risk-based approach in KYC verification reassures compliance veterans that stringent checks will still occur, but they will be strategically timed, reducing upfront friction.
For a deeper walkthrough of this layered approach, see Sardine's guide to progressive KYC.
3. Use smarter document verification that combines OCR and ML
OCR (Optical Character Recognition) is a process that converts an image of a document, like a passport or other form of identification, into machine-readable text. While not new, the quality of OCR has improved dramatically in recent years, thanks to Generative AI models. Firms can combine OCR with ML and Generative AI-based forgery or image generation checks to maximize effectiveness. Completing two tasks simultaneously helps to keep customers engaged with the process within the precious 19-minute window. It can make record-keeping cleaner and consistent.
4. Pre-populate onboarding forms with third-party data
Third-party data serves two purposes.
- It helps you screen out bad actors
- It helps create user delight as you autofill their information
Third-party sources include government databases, credit bureaus, or identity verification services. Not only does this make the process much quicker for customers, but it also reduces the risk of mistakes. One study found that miscommunications between employees and new clients account for 2-5% of form mistakes.
5. Plant tripwires with behavioral biometrics
Behavioral analysis begins even before the potential client starts the onboarding process. “Every fraudster has a tell,” and often these include irregular typing speed, mouse movements, navigation patterns, context switching, hesitation, and tracking the number of distraction events.
It's ideal to pair this with always-on device intelligence. So, for example, if an account is being set up on an unrecognized device, in a different timezone, with unusual geolocation, mismatching IP address, or more, we can put extra checks or blocks in place.
Of course, not all anomalies signal fraud. This intelligence-driven, adaptive approach ensures customers who pose minimal risk enjoy a straightforward process while potential fraudsters encounter robust defenses early on.
One device signal in isolation is a guess. The same signal cross-checked against the Sonar consortium is a decision. Sonar pools real-time fraud consortium data across banks, fintechs, and crypto platforms, so a device that just tried to open three accounts at a peer institution shows up tagged before it hits your form. That cross-industry fraud intelligence feeds entity-level risk signals into the same flow that scores typing cadence and mouse drift. For more on this signal, see how behavioral biometrics prevents fraud.
6. Show progress bars and momentum
Knowing where you are as a user and feeling a sense of progress is half of the battle. Progress bars help you understand where you are in the journey. Less cluttered screens that are easy to “complete” create a powerful sense of momentum.
Compliance teams can lean into this natural psychology by adding a progress indicator. Along the same lines, instant feedback (for example, if a document upload fails) helps customers stay engaged. An excellent example is Duolingo, which quickly flags errors and rewards users with badges for correct answers.
7. Make customer service your differentiator
Fintech companies that excel in conversion, like Raise, Novo, or Chime, often report that upwards of 50 to 60% of new customers are organic and cost $0 in advertising to acquire. Customers can be your most powerful advocates, and a well-designed digital experience is the key to unlocking that “word of mouth” user growth magic.
The key, then, is to ensure good users don’t get stuck in manual review when they do try to onboard. Or if a customer hits support, they have a fantastic experience.
What we've noticed is that when repetitive and manual tasks are automated for support teams, it frees up employees to spend a lot more time supporting customers, adding value, and boosting the firm's reputation.
Our customer Raise was able to reduce manual reviews by 98% with this level of automation.
8. Identify and correct blocks in the KYC journey
A simple but powerful way of improving the onboarding journey is to pick out where the customers are dropping off and why. This sounds easy in principle, but can be tricky in practice. It could be common jargon or that customers don’t want to give their data to a new app they’ve never heard of before today.
Sharing data is a common blocker. Research uncovered that three quarters (75%) of customers will refuse to share data with a company they don't know if they can trust. At these junctures, compliance teams can consider if the data they are asking for is truly needed for low-risk customers, whether there is an alternative way of getting the same data, or simply offering a choice of different documents needed.
Firms should be able to easily identify drop-off points in the journey. If you would like someone to show you in more detail, we'd be happy to help.
9. Track conversion metrics and risk indicators
KYC conversion rate formula: KYC conversion rate (%) = (Users who complete KYC / Users who start KYC) x 100. Benchmarks vary by segment: consumer fintechs usually run higher completion than regulated banks, because banks carry heavier CIP and EDD requirements.
What doesn't get measured doesn't get managed. At a minimum, firms should track onboarding completion rates, average onboarding time, and user satisfaction. Keeping a close eye on this can spark ideas for improvements. Firms can also see if one influences the other, for example, if users are more satisfied when the process is faster.
Sometimes the results can be surprising. For example, certain clients are reassured by little friction during onboarding. We suggest closely examining what's working and what isn't.
To get the fullest picture, we also recommend cross-referencing these findings against risk metrics, such as the rate of false positives, SAR filings, and downstream fraud incidents. Getting a 360-degree view of the conversion journey helps to pinpoint weak spots and improve.
10. Modernize your KYC flows
It’s a cliche that regulations, fraud patterns, and risks “constantly evolve,” but it's also true. If your systems are static and not easy to upgrade, you quickly lose customers at onboarding and other points in their journey as your experience quality degrades.
Customers do not want friction at onboarding or when signing up for services that are linked to regulatory scandals. A bad headline can lead to fines and customer churn. The way to counter this is by continuously updating software for a smoother experience; firms should also have round-the-clock intelligence and regulatory checks.
Modernization is not a rip-and-replace. It’s buying back analyst time. Sardine’s AML Agents are purpose-built to handle routine KYC review, address-match checks, document re-requests, watchlist disposition, and sanctions hit triage, so human analysts focus on the edge cases. The agents work inside the same case management dashboard your team already uses, with full audit trails for the exam. See how teams automate enhanced due diligence checks with Sardine.
11. Implement continuous customer feedback loops
Collecting customer feedback throughout the KYC process can help identify pain points and areas for improvement. Implement surveys or follow-up interviews to better understand the customer experience. By actively seeking user input, organizations can make data-driven decisions to refine their KYC procedures, ensuring they meet customer expectations while still adhering to regulatory requirements.
Services like Sardine provide this as standard.
The 11 strategies at a glance: Metric, risk, and signal
Here’s how each of the 11 strategies maps to the conversion metric it moves, the risk it mitigates, and the Sardine signal that powers it.
Strategy | KYC conversion metric it moves | Risk it mitigates | Sardine signal |
1. Tiered, risk-based KYC | Approval rate at onboarding | Over-friction on low-risk users | Progressive KYC waterfall flows |
2. Bite-sized (LTV) onboarding | Time to first value | Pre-funding drop-off | Step-up flows on activity triggers |
3. OCR plus ML doc verification | Document-step completion | Synthetic IDs, forged docs | Document verification with selfie liveness |
4. Pre-populate with third-party data | Form-completion rate | Manual-entry errors | Integrated identity and bureau data |
5. Behavioral biometrics | Pass rate on low-risk sessions | Account-opening fraud, bots | Behavior biometrics plus Sonar consortium |
6. Progress bars and momentum | Mid-journey abandonment | Drop-off from perceived length | UX layer on the Sardine SDK |
7. Customer service | Manual review queue size | Good users stuck in review | Sardine Agents on routine review |
8. Fix drop-off points | Conversion lift per fixed step | Friction without risk return | Funnel analytics in one dashboard |
9. Track conversion and risk | Conversion plus false positives | Downstream fraud | Unified KPI and SAR dashboard |
10. Modernize KYC flows | Time to decision | Stale rules, regulatory drift | Sardine Agents plus rule updates |
11. Feedback loops | Onboarding satisfaction | Silent abandonment | In-flow surveys and session signal |
Common KYC mistakes that quietly cost you conversions
Good onboarding is mostly the absence of avoidable mistakes. The ones below are quiet. They rarely trigger a complaint, because the customer simply leaves. Here are the most common, written out so you can check your own flow against them.
- Asking for everything up front. Long forms at sign-up ask low-risk customers to hand over data they do not need to give yet. Defer what can be verified later in the background.
- No sense of progress. Without a progress indicator or instant feedback, customers do not know how close they are to done, so they give up.
- Dead-end error messages. “Upload failed” tells the customer nothing. A clear, specific reason and a next step keeps them moving.
- A form that is painful on a phone. Most customers onboard on mobile. Tiny tap targets, awkward document capture, and forms that do not fit the screen quietly kill mobile conversion. Test every step on a real phone, not just a desktop browser.
- Treating every user as high risk. Heavy checks applied to everyone punish the +95% who are low risk to catch the few who are not. A risk-based approach reserves the friction for the cases that warrant it.
- No drop-off instrumentation. If you are not measuring where customers leave, you are guessing. What doesn't get measured doesn't get managed, and a single view of where each step leaks is what makes the rest of this list fixable.
None of these require a rebuild to fix. Most are a matter of seeing the problem and addressing the one step that is leaking the most.
Deepfakes and synthetic identity:The new onboarding threat
The fraud you are screening for has changed. The hard part is no longer just a stolen ID. Synthetic identity fraud, where a criminal stitches together real and fake details to build a person who does not exist, is now what the Federal Reserve reports to be the fastest-growing type of financial crime in the United States, accounting for billions in losses each year.
Generative AI has made it worse and faster. Deloitte's Center for Financial Services predicts generative AI could push US fraud losses to $40 billion by 2027, up from $12.3 billion in 2023. The threat is not hypothetical. In February 2024, a finance worker at a firm in Hong Kong paid out millions after joining a video call with what turned out to be deepfaked colleagues.
For onboarding teams, this creates a trap. The instinct is to add more friction for everyone: more documents, more selfies, more manual review. But that tanks conversion for the good customers who make up the vast majority of applicants, and a determined fraudster with a generative AI toolkit will often pass the extra checks anyway.
The better answer is signal that works quietly in the background. Sardine combines device intelligence and behavior biometrics in one Risk SDK to catch synthetic or stolen IDs, mobile emulators, virtual machines, and generative AI impersonation, with deepfake detection that does not slow the honest customer down. Document verification (DocKYC) adds a selfie-likeness check, and our Sonar consortium shares fraud signals across the industry so a pattern seen elsewhere helps protect you here.
The goal has not changed. Catch the fraud without punishing the good customers who are just trying to sign up.
11 KYC optimization strategies, one mission
The tension is clear. Fraud, AML, and risk management are getting harder as the KYC experience becomes ever more streamlined and low-friction. Customers want excellent KYC experiences, not 19 minutes of painful signup. Finding the balance requires constant vigilance.
For those who succeed, the benefits are immense. They can enjoy increased retention rates, repeat visits, and word-of-mouth referrals. But for those that fail, the consequences can be fatal for business.
We've pulled together ten meaningful steps firms can take to improve KYC and onboarding. Some are simple but powerful, like adding a progress bar. Others require infrastructure changes, like adopting tiered risk approaches. While others come down to customer service and staff training.
While these strategies are intended to be helpful, they are generic. Creating tailored solutions is what we do, so that every unique need is met. If you'd like a personalized analysis of how to bring your onboarding journey to the best level, we'd love to hear from you.
Frequently Asked Questions:
Will optimizing for conversion rates compromise regulatory compliance?
Not when it's done correctly. Using a risk-based approach ensures higher-risk cases still undergo robust checks. Efficiency gains come from reducing unnecessary friction for low-risk applicants, not removing key controls.
How can we measure improvements in both conversion and compliance quality?
Track onboarding completion rates, time-to-complete metrics, user satisfaction surveys, false-positive rates, SAR (Suspicious Activity Report) filings, and any subsequent fraud losses. A balanced dashboard helps ensure gains in efficiency don’t erode your risk management posture.
Are advanced technologies like OCR and behavioral analytics challenging to implement?
Integration requires planning, vendor due diligence, and some technical investment. Start small with pilot programs. Many institutions find that these tools significantly streamline processes once integrated and pay off quickly in reduced manual work and improved user experience. For us, it's our bread and butter. We do this every day.
How often should we reassess our KYC process?
Regularly, at least annually or whenever new regulations, technologies, or significant shifts in customer behavior arise. Continuous improvement keeps your process aligned with both market expectations and compliance requirements. At Sardine, we can do this for you with constant updates and suggestions for improvement.
Can a more seamless KYC process strengthen customer trust?
Yes. Users who feel that the verification process is secure and efficient perceive your institution as competent and customer-centric. Clear communication and timely approvals reassure them that their trust in you is well-placed.
What is a good KYC conversion rate?
It depends on your segment and product. Consumer fintech flows tend to run higher than regulated banking or asset management flows, where the checks are heavier by design. Rather than chase a single number, track your own completion rate over time and watch it next to your fraud and false-positive rates. A high completion rate paired with rising fraud is not a win.
Why do customers abandon KYC verification?
Usually for one of a few reasons: the form asks for too much too early, a document upload fails without a clear reason, or the customer does not yet trust the brand enough to share personal data. Research cited above found that 75% of customers will refuse to share data with a company they do not know and trust. Fixing abandonment starts with finding the exact step where it happens.
How long should KYC verification take?
For a low-risk customer, the automated decision can return in seconds, and the whole flow should feel quick. Higher-risk cases and business onboarding take longer because they involve more checks. The number worth watching is not the average time but where customers give up, so keep them engaged with progress cues and instant feedback.
How do you reduce KYC drop-off without weakening compliance?
Apply a risk-based approach. Route the roughly 95% of low-risk applicants through a streamlined path and reserve the heavier checks for the minority who warrant them. You reduce friction for most customers without removing any control, because the controls still fire where the risk actually is.
Does behavioral biometrics add friction for good customers?
No. Behavioral biometrics and device intelligence work in the background, reading signals like typing and navigation patterns without asking the customer to do anything extra. Low-risk users get a straightforward path, while the signals quietly flag the sessions that need a closer look.