Reject the real customer or admit the fraudster — and the regulator fines you for the wrong one.
Fintech onboards without a branch, which means a model decides — from a selfie, an ID image, and a handful of signals — whether to admit a customer. Reject too readily and a real customer is excluded from finance; admit too readily and a launderer or a fraudster is inside. Both failures are the model's, and both are the fintech's to answer for.
Remote onboarding is the front door of digital finance and the point where customer due diligence is either done or skipped. A fintech verifies an applicant through a selfie matched to an identity document, a liveness check against spoofing and increasingly against deepfakes, a screen against sanctions and watchlists, and a risk score that decides whether to approve, review, limit, or reject — all in the time it takes to fill a form. The Financial Action Task Force accepts that a reliable digital-identity system with proper risk mitigation can be suitable for due diligence, and in some cases lower-risk than a face-to-face check. The capability is genuine. The exposure sits on both sides of the decision.
The regulators police both failures, and they are not symmetric in how they land. Admit a fraudster or a launderer and the fintech has an anti-money-laundering failure: Nigeria's Central Bank fined two large fintechs a billion naira between them for lax customer due diligence, and the financial-crimes authorities monitor the rest. Reject a legitimate applicant and the fintech has an inclusion failure — a real person shut out of finance — which in markets built on widening access is both a commercial loss and, increasingly, a fair-treatment concern. The model that is tuned only against fraud excludes the very customers the business exists to reach.
The data the decision rests on is among the most sensitive a person has. Biometric verification — facial recognition, fingerprint, voice — has become the dominant onboarding method across Africa, often replacing manual document checks entirely. That biometric and identity data is special-category personal data under every data-protection regime on the continent, and a fintech that captures a face and an identity document to onboard a customer is holding data whose misuse or exposure is among the gravest a regulator recognises. The richer the verification, the larger the data-protection exposure that comes with it.
Fraud is evolving precisely against this front door. Document fraud rose sharply year on year as generative tools made forged identities and synthetic faces cheaper, and criminal networks target remote onboarding because the channel is fast and the verification is unsupervised. A model trained on last year's fraud patterns will admit this year's synthetic identity with confidence, and the onboarding decision that looked sound at the time becomes, after the fraud surfaces, a decision the fintech has to explain. The flag that was cleared, or the synthetic face that was matched, has to be defensible after the fact.
The operational difficulty is the familiar one: the onboarding engine returns a decision but not a basis a regulator could read. When an anti-money-laundering examination asks why a particular customer was admitted, or a rejected applicant complains of exclusion, the fintech is left reconstructing the rationale from logs that recorded the outcome and not the reasoning. A due-diligence decision that cannot be explained is the weakest possible footing for either the fraud defence or the fairness defence the fintech may need.
The inclusion side of the failure is not a soft concern in these markets; it is the policy purpose. Financial inclusion is why the regulators license digital finance at all, and the applicant most likely to fail an automated check is precisely the one the system exists to reach — the thin-file worker, the holder of a worn or non-standard identity document, the face the liveness model was not trained on. As national digital-identity systems are wired into onboarding, the gap between a clean verification and a wrongful exclusion narrows to a modelling choice, and a fintech that cannot show why it rejected an applicant cannot show that it did not simply exclude the underserved by default.
Onboarding fails in two directions at once. A model tuned only against the fraudster shuts out the customer the business exists to reach.
Where each sits.
Akki governs the onboarding data and screening sources and logs what each decision rested on, so the fintech can state precisely what verified a customer and what screened them — and reproduce the decision when an examination or a complaint asks. The walk-back from an admitted customer or a rejected applicant to the basis of the decision is a query, not a reconstruction.
Solva structures the onboarding decision and produces the basis underneath each approve, review, limit, or reject — the verification evidence, the screening result, the risk factors, and the confidence the evidence warranted. Where the signal is too thin to admit a customer, or too thin to reject one, it surfaces what is missing rather than forcing the decision silently. The due-diligence decision the fintech makes against the regulator's expectations carries its reasoning, so neither the fraud defence nor the fairness defence has to be reconstructed.
This is a strong home for SyniSense. The biometric and identity data of onboarding is anonymised at the perimeter before the verification and screening models reason over it, and re-identified inside only to issue the decision and meet the record-keeping obligation. The model assesses the applicant without the identifiable face and identity document being held off-platform, which is what the special-category status of biometric data demands.
For the onboarding and compliance lead, the decision is defensible in both directions. An admission rests on verification and screening that is recorded; a rejection rests on a basis that can be shown not to be arbitrary — so the anti-money-laundering examination and the exclusion complaint are both answered from the record.
For the data protection officer, the most sensitive data the fintech touches is governed. Biometric and identity data is reasoned over without leaving the perimeter in identifiable form, which is the standard the special-category provisions of the data-protection regimes set for exactly this data.
For the excluded-but-legitimate applicant, the protection is real. A rejection is made on a basis that has been reasoned rather than on a model's unexamined score, so the customer the business exists to reach is less likely to be shut out by a fraud control tuned without regard to inclusion.
For the financial-inclusion mandate the regulators are pursuing, the onboarding model stops quietly working against it. Because a rejection is reasoned rather than reflexive, the underserved applicant — the thin-file worker, the non-standard document — is admitted where the evidence allows rather than excluded because the model found them unfamiliar, which is the outcome the licensing of digital finance was meant to produce.
For the regulator, the fintech presents an onboarding process that is both effective against fraud and fair to applicants, with the due-diligence basis on the record. That is the posture that turns a billion-naira lesson into a control the regulator can rely on.