the imf says agent payments break kyc. they're right.

april 22 - the imf published a note titled 'how agentic ai will reshape payments'. the core claim - ai agents executing payments expose gaps in kyc and mfa, both of which rely on explicit human action.

when a central bank publication says it, that's the thesis going mainstream.

why the existing rails break

kyc verifies a human at onboarding. mfa verifies a human at transaction. an agent is neither - it's a process running under credentials a human delegated to it. the human isn't there to push the second factor.

the industry's first response was 'just have the agent forward the otp to the human'. that turns every legitimate agent transaction into friction and every illegitimate one into social engineering bait.

the alternative - reputation, not verification

verify the agent itself. score it on its transaction history, its operator's track record, the consistency of its behavior across runs. if the score is high, accept the payment. if it's low, escalate to the human.

that's agent fico. mnemopay ships it.

a concrete flow

const score = await mnemopay.reputation(agent_id);
if (score >= 720) return acceptPayment();
if (score >= 580) return requestOperatorMfa();
return rejectAndLog();

the agent's reputation is portable, signed, and queryable in <100ms.

why this matters now

banks read imf publications. the conversation in their compliance teams is happening this quarter. the answer is reputation infrastructure that already exists, not a new mfa flow that doesn't.