Build vs buy KYC: when does in-house pay?
Vendor blogs argue buy. Consultant blogs argue build. The honest crossover sits at roughly 250,000-500,000 onboardings a year for a single-jurisdiction fintech, lower for multi-jurisdictional, materially higher for low-EDD retail. Hybrid is usually the right answer.
Buy TCO at 50k onboardings: £15-£35 per customer | Build MVP: £200k-£800k + 25-40% maintenance
The decision frame.
Three honest variables determine the answer: annual onboarding volume, internal engineering capacity, and regulatory complexity (multi-jurisdictional, multi-product, high-EDD population). Cost only follows from those three. A 100,000-onboardings UK-only retail challenger has a different answer to a 100,000-onboardings multi-jurisdictional crypto exchange, even though both have the same headline volume.
The hybrid model has emerged as the dominant pattern for scale fintechs precisely because it splits the decision: buy where vendors have meaningful scale advantage (identity verification, sanctions data), build where workflow and decisioning logic create competitive differentiation. Pure-build is rare; pure-buy has friction at scale.
Buy: TCO at three volume points.
| Component | 50k onboardings | 250k onboardings | 1M onboardings |
|---|---|---|---|
| Vendor platform + per-verification commercials | £90k - £200k | £280k - £550k | £700k - £1.4M |
| Sanctions / PEP / adverse media data feed | £40k - £80k | £90k - £180k | £180k - £350k |
| Ongoing monitoring add-ons | £30k - £60k | £90k - £160k | £280k - £500k |
| EDD module (where licensed) | £15k - £40k | £35k - £70k | £70k - £120k |
| Integration / SI cost | £25k - £80k | £50k - £120k | £80k - £180k |
| Ops labour (alert review, EDD case work) | £200k - £550k | £950k - £2.6M | £3.5M - £9M |
Vendor commercials reflect typical enterprise contract levels at each volume tier; ops labour reflects industry-typical FTE sizing. Multi-jurisdictional or multi-product builds add 30-60% to each line.
Build: what it costs at scale.
One-off engineering build
Annual recurring
The crossover threshold.
For a single-jurisdiction UK fintech with a sub-10% EDD population, build TCO drops below buy TCO at roughly 250,000-500,000 annual onboardings, on a three-year horizon. Multi-jurisdictional or multi-product books move the threshold materially down because vendor commercials include per-jurisdiction premiums that build can absorb at the workflow layer. High-EDD books move the threshold up because EDD case-work labour dominates either way; build adds engineering cost that does not pay back in EDD-heavy ops.
The crossover is rarely the right framing. Most scale fintechs settle on hybrid (buy identity verification, buy sanctions data, build workflow plus decisioning plus case management) precisely because the hybrid TCO sits below both pure-buy and pure-build above the threshold.
Hybrid is usually right.
Buy: identity verification
Document, biometric, network ID. Vendor-side scale economics dominate; build rarely beats commercial APIs.
Buy: sanctions / PEP / adverse media data
World-Check, Dow Jones, ComplyAdvantage. Data quality is the moat; in-house list management is regulatory exposure.
Build: workflow / decisioning
Risk scoring, EDD trigger logic, journey orchestration. Differentiation lives here; vendor workflow rarely fits exactly.
Build: case management
Analyst console, audit trail, escalation queue, MLRO sign-off. Operational integration matters more than vendor breadth.
Build: ops tooling
Triage queues, SLA monitoring, QA sampling, manager dashboards. Vendor offerings here are inconsistent.
Hybrid: ML triage
Build where volume justifies; buy where it does not. The 100k onboardings break-even on adverse media triage applies.
Vendor due diligence cost.
A small but real line. Most KYC platforms a UK or EU fintech evaluates are SaaS providers, which means their own SOC 2 Type II report becomes part of your vendor due diligence file. Where that overlaps a fintech's own SOC 2 budget, see soc2certificationcost.com. Per-vendor annual review cost is typically £2,000-£8,000 of internal compliance and engineering time, but the cumulative line across the wider compliance stack is material at a 15-vendor footprint.
Crossover tool.
Three inputs return a buy / build / hybrid recommendation with three-year TCO for buy and build. Indicative only; the assumption set is the model in methodology.
Build vs buy questions
Should fintechs build or buy KYC?+
How much does it cost to build an in-house KYC system?+
Is KYC outsourcing cheaper than in-house?+
When is bespoke KYC worth the cost?+
How does maintenance cost work on a built system?+
Should we factor SOC 2 of our vendors into the budget?+
Sources cited on this page
- Industry RFP benchmarks for KYC platform contracts (2025-2026)
- Fenergo KYC Compliance For Banks series
- Standard industry maintenance benchmarks for bespoke compliance systems (25-40% annual)
- soc2certificationcost.com - SOC 2 Type II cost reference for KYC vendor due diligence