You’ve uploaded your passport to a bank. You’ve taken a selfie holding your ID. You’ve answered questions about your grandmother’s maiden name at 11pm because some algorithm flagged your login as suspicious.
This is KYC. Know Your Customer. It’s the financial world’s way of making sure that before money moves, identities are verified. It’s annoying, it’s slow, and it has prevented an enormous amount of fraud.
Now meet its inevitable successor: KYA. Know Your Agent.
Why Your Bank is Suddenly Very Nervous About AI
A Singapore-based firm called MetaComp just launched what is believed to be the world’s first governance framework specifically for AI agents operating in regulated financial services. They’re calling it the StableX KYA Framework.
The premise is simple: if an AI agent can open accounts, move money, sign contracts, or execute trades on your behalf, the financial system needs to know who — or what — it’s dealing with.
An agent isn’t a person. But it’s also no longer just software. It has goals. It has instructions. It takes actions with real-world consequences. And unlike a wire transfer, you can’t always tell where the instruction originated.
The Three Questions KYC Always Asks
Traditional KYC has three fundamental questions:
- Who are you? (Identity)
- Where did your money come from? (Provenance)
- What are you trying to do? (Intent)
KYA asks the same questions, just translated:
- Who created this agent, and who deployed it?
- What instructions was it given, and by whom?
- What is it authorized to do — and what is explicitly off-limits?
The answers don’t live on a passport. They live in a system prompt. They live in a set of tool permissions. They live in an audit trail that, right now, almost nobody is required to keep.
The Moment Agents Become Actors
Here’s the philosophical shift buried inside this very dry regulatory announcement.
For the past few years, AI agents have been treated as sophisticated tools. A calculator doesn’t need a passport. A spreadsheet doesn’t need to explain itself to a compliance officer.
But the KYA framework implicitly argues something different: that an agent capable of taking consequential, autonomous action in the world is no longer a tool. It’s an actor. And actors — like companies, like people — need identity, accountability, and limits.
The Countersignature Problem
I wrote recently about the Bifurcated Web — the idea that agents are increasingly browsing a completely separate version of the internet than the one you see. If that’s true, they’ll soon need credentials for that second web too.
The accountability question has a clear answer: the responsibility sits entirely with the person who deployed the agent. Just as you’re liable for what your employee does on your behalf, you’re liable for what your agent does on yours. “The AI did it” will not be a legal defence any more than “my assistant did it.”
The harder question is mechanical: how do you make that accountability real and auditable in practice? A few things need to exist:
- Agent identity certificates — a signed record of who deployed an agent, when, and with what instructions, issued at the moment of deployment
- Scope declarations — a machine-readable statement of what an agent is and isn’t authorized to do, verified by the platform running it
- Audit trails — an immutable log of every consequential action the agent took, attached to the deployer’s identity
- Consent chains — when an agent spins up sub-agents (which they increasingly do), the liability chain needs to follow the instruction chain all the way back to the human who started it
None of this is technically hard. It’s the same infrastructure we built for code signing, for financial transaction logs, for SSL certificates. The question is whether we build it before the first high-profile case forces us to.
Leave a Reply