logo
Banner
Banner

Sumsub doubles down on continuous verification to secure digital finance

Sumsub doubles down on continuous verification to secure digital finance
Author
Written by Nanda Lakhwani
  • Oct 13, 2025
  • 7 min read

As digital assets scale, identity is moving from one-off checks to continuous verification. In a recent interview at TOKEN2049 Singapore, Sumsub’s chief growth officer Ilya Brovin explains how AI, orchestration and regulated digital-ID schemes such as Europe’s eIDAS 2.0 are defining the future of digital trust.

As digital assets enter the mainstream, they are reshaping how financial institutions verify identity and build trust — moving beyond static “know your customer” (KYC) to dynamic, behaviour-based verification that preserves a seamless user experience, Ilya Brovin, chief growth officer at Sumsub. A former investor at Hellman & Friedman, Eton Park and Morgan Stanley, he joined the company in 2021, bringing a capital-markets lens to compliance technology.

Overseeing growth and strategy at Sumsub, Brovin has helped position the company — serving around 4,000 clients (about half from the crypto sector) — as a bridge between AI innovation, regulation and digital-identity infrastructure. Beyond onboarding, its platform also supports verification for corporate clients (“know your business,” or KYB), transaction monitoring and Financial Action Task Force (FATF) Travel Rule compliance — part of a broader shift from document-based checks to integrated, end-to-end risk management.

The company now integrates with electronic-identity (eID) systems across markets such as India, Singapore and Europe, strengthening security and interoperability.

For Brovin, tokenisation and AI represent the next frontier, requiring trust to be built into financial architecture itself through human oversight, machine intelligence and regulatory cooperation. “Identity,” he added, “is becoming the fabric of the Internet and financial systems.”

AI and the evolution of digital fraud

If blockchain has decentralised money, “AI has democratised fraud,” he explained. He noted that deepfake and synthetic-identity incidents have surged — rising 233 percent year-on-year overall in APAC alone and by 1,500 percent in Singapore and 1,900 percent in Hong Kong in the past year — as generative tools make it easy to forge documents or mimic identities.

“It’s a tug of war — what we call ‘fighting AI with AI,’” he said. The company’s response is a multi-layered defence with multiple checks spanning device, location, network and behavioural signals, supported by human analysts and an internal lab that generates deepfakes and synthetic documents to train its detection systems. “There’s no single silver bullet,” he said. “It’s about how these layers interact — device, behaviour, network — together they make identity far harder to fake.”

From static to perpetual KYC

Static KYC was built for an analogue era. In digital markets, Brovin argued that identity must be dynamic and contextual — evolving from a snapshot to a stream. Perpetual KYC replaces periodic reviews with continuous monitoring that flags anomalies in real time while preserving a seamless experience.

“You still have to be secure at onboarding,”he said, but Sumsub’s own data show that about 76 percent of fraud occurs after onboarding — through account takeovers, money-mule activity and phishing. This illustrates why verification must continue throughout the customer lifecycle.

Institutions, he explained, are increasingly analysing device, behavioural and network data to detect anomalies in real time and trigger extra checks only when risk signals emerge — a model of continuous, data-driven compliance now standard among fintechs and gaining traction with banks.

Orchestrating layers of verification

Financial institutions are orchestrating what he called a “waterfall of trust” — layering verification methods to balance assurance and experience. He compared it to payments orchestration — a “last-mile” layer that integrates multiple verification methods so institutions can build their own trust flows.

He said Sumsub’s “workflow-builder” orchestration platform integrates document, biometric and electronic-identity (eID) verification, enabling clients to assemble and test step-by-step “waterfalls” of checks and fallbacks aligned to their risk appetite and customer profile. A user might start with a national eID, then fall back to document-based or biometric checks if needed. He said the approach is about “covering everyone without adding friction.”

Rather than choosing between speed and security, banks, according to Ilya, should design journeys that balance both. He contrasted the instant-onboarding culture of crypto firms — which can complete checks in around 30 seconds — with the one- to two-minute process typical of banks.

Brovin explained that banks and traditional financial firms understand customers value security, and even though a thorough check typically takes about one to two minutes, which results in customers’ peace of mind — the time cost is small but the gain in assurance and trust is substantial. “Banks tend to prioritise trust over speed,” he said. “But if the experience is well designed, people understand what’s happening — it doesn’t have to feel intrusive.” The goal, he added, is to make identity “invisible when it works” — a silent operating layer protecting users and institutions alike.

Identity as infrastructure

As tokenisation expands from assets to payments, the boundary between traditional finance and Web3 is blurring. Stablecoins, tokenised deposits and central-bank digital-currency (CBDC) pilots are testing what happens when regulated money becomes programmable. He called identity “the missing piece” of this transformation. “If you’re represented on-chain by a wallet, how do you prove who you are?”

Europe’s forthcoming Electronic Identification, Authentication and Trust Services (eIDAS 2.0) regulation marks a major step in that direction — defining how digital identity will anchor the next phase of finance. The framework introduces government-issued, cross-border credentials stored in certified digital wallets that users control directly — a concept Brovin said could “redefine digital sovereignty” and set the blueprint for global trust infrastructure.

Sumsub’s private pilots on Layer-1 and Layer-2 blockchain networks reflect this same shift. Brovin said the company had conducted pilots with Solana and Linea (a Consensys blockchain), issuing on-chain attestations — identity credentials linked to users’ wallets that prove traits such as human uniqueness and completed KYC verification. “We’re close to seeing solutions that will be recognised and widely used,” he said, referring to the emerging ecosystem of on-chain identity and attestation models.

Regulation as collaboration

Across jurisdictions, regulators are shifting from enforcers to collaborators. “Some are very invested,” he said. “They give both providers and institutions a place to experiment and prove the case.”

Singapore’s Monetary Authority of Singapore (MAS) Sandbox Express supports biometric-verification pilots through SingPass; the Hong Kong Monetary Authority and Securities and Futures Commission back remote-onboarding trials; Abu Dhabi’s Digital Lab fosters co-development of e-KYC utilities; and the UK’s Financial Conduct Authority sandbox continues to shape digital-identity standards.

He explained that regulatory approaches across the globe vary widely — some, such as Germany’s Federal Financial Supervisory Authority (BaFin), still require live video-ID interviews, while others permit photo-based verification and newer digital methods.
To bridge gaps, Sumsub works with agencies such as Interpol and the UK National Crime Agency, sharing methods to detect and respond to biometric spoofing and AI-facilitated crime such as deepfakes.

“We need to help regulators understand what’s available and why it’s secure,” he said, adding that greater regulatory awareness unlocks value for the very institutions under supervision, enabling them to innovate with confidence. He viewed these partnerships as a model for how compliance and regulation can co-evolve, replacing adversarial oversight with co-development of shared trust standards that enable safe innovation.

Asia and the future of digital trust

Asia Pacific has become the fastest-growing region for KYC and compliance innovation, fuelled by regulation, rapid digitalisation and a tech-literate population. Brovin said the region “isn’t weighed down by legacy systems,” making it more open to innovation and faster to adopt new models.

He observed that regulators in Singapore and Hong Kong were among the first to implement comprehensive digital-asset frameworks — covering licensing, capital requirements and anti-money-laundering (AML) compliance — helping the region move quickly from regulation to adoption. This, he said, sets Asia Pacific apart and underpins its rapid growth.

For Brovin, these developments reflected a broader shift in how financial trust is built — from procedural compliance to a foundational layer of digital interaction. “It’s not just about KYC and AML,” he said. “It’s about knowing who you’re dealing with — building the trust needed to interact safely across digital and financial spaces.”

“We used to believe what we could see. Now we have to prove what we can trust,” he said, positioning digital identification as part of the Internet’s fabric — a universal trust layer underpinning both financial and social interactions. Looking ahead, Brovin said the company will remain focused on bridging the Web2 and Web3 worlds, bringing compliant identity on-chain through attestations to strengthen trust and enable real-world financial transactions.