How WhyAML Works · Technical Brief

    The architecture adapts to the customer it meets. The customer never adapts to the architecture.

    If the Witness Model brief set out the architectural shift, this brief sets out the mechanism. The WhyAML platform runs two concurrent streams of evidence, converges them at the threshold, and composes a verification path proportionate to what it has learned - without ever expanding what it collects.

    Two concurrent streams · evidence + assessment·Dynamic task composition · path adapts to confidence·The path as audit trail · proportionality made evidential
    01

    What this brief is for

    Mechanism, not philosophy

    The AML Paradox set out the cost of the current verification model. The Witness Model brief set out the architectural shift the existing legal framework already supports. This piece picks up where both end: what does the witness model actually look like in operation, when a real customer arrives at the platform?

    The mechanism matters because it is the part most often misunderstood. Read at a distance, confidence-accumulation verification sounds like a checklist - three proof levels, run each one, issue a certificate. That description is not accurate. What actually happens is more interesting, and is the reason the architecture can be both lighter-touch for clearly-verified customers and substantially deeper for ambiguous ones - without ever collecting more documents than the customer themselves chose to put on a public record.

    This brief describes the architecture at the level a regulator, an underwriter, or an interested professional reader needs to understand it. The deeper technical description sits in the WhyAML technical documentation set; the patent applications cover the implementation.

    02

    Two concurrent streams at the threshold

    What happens when a customer arrives

    When a customer begins a verification, the platform runs two streams of evidence-gathering in parallel. They are independent of each other in source, in method, and in what they evidence - and they run simultaneously, not sequentially. The customer experiences a single guided process; what is actually happening underneath is two parallel investigations, each one drawing its conclusions independently.

    Foreground stream · DVS-lite identity triangulation

    Who the customer demonstrably is

    The customer interacts with this stream directly. It triangulates the declared identity against multiple independent public and semi-public sources: dynamic knowledge-based questions drawn from the customer's own observable history, cross-references against previous residential addresses, alias and previous-name lookups, and a Companies House lookup for the individual's own public footprint - the directorships and officer appointments recorded in their name. This is used solely to confirm the individual against the public record; WhyAML does not verify companies, nor assess beneficial ownership.

    The point is not to inspect any document. The point is to build a converging picture of who the customer demonstrably is across independent public records - without taking anything new into custody. Documents are not collected; signals are gathered.

    Background stream · G-RADE™ (confidence scoring)

    What their institutional relationship demonstrably looks like

    The customer does not see this stream running. While they are working through the foreground, G-RADE™ evaluates the institutional relationship the customer has authorised - drawing on on-chain activity (today, for Tier 2 crypto-asset firms) or the read-only Open Banking signal (in Phase 1, for Tier 1 banks via WhyAML's RAISP registration).

    The evaluation produces a seven-dimension behavioural picture and assigns the customer to a behavioural archetype. None of this is disclosed to anyone - the behavioural detail is sealed cryptographically. What is used downstream is only the convergence-strength of the picture, not its content.

    By the time the customer has completed the foreground stream, the background stream has its initial reading. Two streams, two independent pictures, ready to converge.

    Why this matters

    Two independent streams produce more than either could alone.

    Each stream is structurally resistant to the failure mode that affects the other. The DVS-lite triangulation cannot be defeated by someone who has compromised an institutional account but does not match the public record. The behavioural assessment cannot be defeated by someone who matches the public record but has no real institutional relationship. The architecture's strength is in the convergence, not in either stream alone.

    03

    Convergence - what the two streams together produce

    Why the meeting of streams is itself evidence

    The platform reaches the end of Proof Level 1 with two independent pictures of the same person. In the cleanest case, both streams agree strongly: the customer's declared identity matches their public record completely, their institutional relationship looks active, ordinary, and consistent with the declared profile, and the two streams reinforce each other. The threshold for institutional connection has effectively been crossed before any additional proof has been requested.

    In the less clean cases, the streams disagree, or converge weakly, or one stream is rich while the other is thin. A customer with a strong civic record but a very recent or thinly-populated institutional relationship; a customer with a deep institutional history but inconsistent address triangulation; a customer whose answers to the dynamic knowledge-based questions are correct but slow, or correct but unusual. The system can read each of these patterns. None of them is a failure; each is a signal about which path through the remaining proof levels makes sense.

    The convergence picture at Level 1 is what determines what the remaining proof levels actually do. The same architecture, meeting two different customers, will move differently through Levels 2 and 3.

    04

    Dynamic task composition at Levels 2 and 3

    The path adapts to what the architecture has already learned

    Proof Levels 2 and 3 are not single fixed tests. Each level holds multiple tasks of different evidential weight: at Level 2, a DKIM-validated institutional communication, a live two-factor authentication on the institutional account, or both, in different combinations; at Level 3, a Transaction Anchor (evidence of a regulated-threshold transaction with the institution within the lookback window), a Natural Transfer (an upcoming routine transaction observed in real time), or where immediate proof is required, a small transfer from the selected institution within a defined window.

    What the platform actually requires from any given customer is composed dynamically from these available tasks, based on the convergence picture the two streams produced at Level 1. A customer whose streams converge strongly may complete on the lighter task at each level; a customer whose convergence is ambiguous is routed through additional or harder tasks until either the institutional-connection threshold is reached or the path concludes with a NO determination.

    PROOF LEVEL 1TWO STREAMS · CONVERGEPROOF LEVEL 2DYNAMIC TASKSPROOF LEVEL 3DYNAMIC TASKSForeground streamDVS-lite triangulationBackground streamG-RADE™ assessmentCONVERGEconfidence picturestrong convergence →DKIM validationsingle taskTransaction Anchorsingle task · threshold reached- routing decision -ambiguous convergence →DKIM+ live 2FAAnchor + Transfertwo tasks · deeper proofSAME ARCHITECTURAL OUTCOMEBroker Compliance CertificateEVIDENCE OF PROPORTIONATE SCRUTINYThe path each customer takes is recorded: what was required, what was completed,and what could have been required but wasn't - because confidence was reached earlier.The same architecture, two customers, different routes. Both arrive at the same standard.strong-convergence pathambiguous-convergence path- illustrative; not exhaustive of available paths -
    The same architecture, routed by what the convergence picture says. Two illustrative paths: one for a customer whose streams converged strongly at Level 1; one for a customer whose convergence was ambiguous. Both reach the institutional-connection threshold; one took fewer tasks to get there.

    The dynamic composition is what makes the architecture both proportionate to risk (low-risk customers complete quickly) and rigorous when the situation demands (ambiguous customers face deeper proof). Crucially, the proportionality is not negotiated by the customer or the firm. It is determined by what the architecture has already learned from the convergence at Level 1 - and is recorded.

    05

    The path itself is the audit trail

    Why proportionate scrutiny becomes provable, not assumed

    Every verification produces a Broker Compliance Certificate. The Certificate records, among other things, the timestamped flow of the verification - which tasks were applied, which were completed, and at what point the institutional-connection threshold was reached. The proof path each customer took is, in this sense, the customer's own audit trail.

    This is what makes the Regulation 33 enhanced due-diligence argument concrete rather than asserted. A regulator examining the firm's compliance can read, on the face of the Certificate, that a customer who presented elevated signals was routed through additional proof - and that a customer with strong convergence was not put through scrutiny disproportionate to their risk profile. The proportionality required by the risk-based approach is not the firm's claim; it is visible in the record.

    This is also what makes the architecture defensible when the next AI-driven evolution arrives. Synthetic documents defeat the document-centric model in part because every customer is put through the same brittle checkpoint. The witness model, with dynamic task composition, has no single checkpoint to defeat - each customer's verification is composed from independent streams and tasks that strengthen each other, and the composition itself is calibrated to what the convergence picture shows.

    A note on what the customer experiences

    None of this asks the customer to adapt to the architecture.

    The customer experiences one guided process. They answer the questions they are asked, upload the institutional communication the platform requests, and complete the transaction proof if required. They do not see two streams converging. They do not see the routing decision. The architecture adapts; the customer does not. From the customer's side, the only visible difference between paths is the number of steps - and shorter paths are the system's recognition that strong evidence has already been gathered, not a reduction in scrutiny.

    Where this brief leaves the picture

    Proportionate scrutiny, made evidential. The architecture meets each customer where they are.

    The witness model is the architectural shift; the confidence path is how the shift moves when it meets a real customer. Together they describe a verification regime that is lighter where lightness is defensible, deeper where depth is warranted, and recorded throughout - without ever expanding what is collected or held.

    The deeper technical description of the architecture, including the structured documentation that supports regulator and underwriter review, sits in the WhyAML document set and is available on request.

    ← The AML Paradox← The Witness ModelSee the platform →
    WhyAML · Financial Crime Intelligence · How WhyAML Verifies - Inside the Confidence Architecture · 2026