How We Won the Deriv AI Hackathon with an AI-Powered KYC Pipeline

My team won the Deriv Low-Code/No-Code & AI Hackathon — with Fasih Ali Naqvi and Shuvo Habib — by building something deliberately unsexy: an automated Know Your Customer (KYC) pipeline. No generative art, no chatbot demo. Identity verification, the most operationally painful workflow at any regulated company, automated end to end.

This post is about why that pitch won, how the architecture fit together, and what shipping under a hackathon clock teaches you that normal projects don't.

Why KYC

Deriv is a trading platform, and every trading platform burns enormous manual effort on the same loop: a user uploads an ID document and a selfie, a human compares them, checks the document isn't tampered with, transcribes the fields, and approves or escalates. It's slow, it doesn't scale with signup spikes, and humans get worse at it as volume grows — vigilance decays; fraud doesn't.

That made it the perfect hackathon target: a real bottleneck the judges' own organization felt daily, with a measurable before/after. The best hackathon idea isn't the most novel one — it's the one where the judges can already see the line item it deletes.

The architecture

Three layers, each doing the thing it's genuinely good at:

Amazon Rekognition handled the perception layer. Document analysis extracts text and structure from the uploaded ID; face APIs detect the face on the document and run CompareFaces between the ID photo and the user's selfie, returning a similarity confidence. This is exactly the kind of task you should never hand-roll at a hackathon — battle-tested perception is an API call away.

OpenAI handled the judgment layer. Raw OCR output and confidence scores aren't a decision. The model took the extracted fields and signals and did what previously needed a human: cross-checked the extracted name and birthdate against the application data, flagged inconsistencies (expired documents, mismatched fields, anomalies suggesting tampering), and produced a structured verdict — approve, reject, or escalate to a human with a stated reason. The "with a stated reason" part mattered: a compliance workflow can't be a black box, so every automated decision carried its evidence.

OutSystems was the assembly layer — the workflow engine, the review UI, the data model, the integrations, built visually in hours instead of days. This is where the low-code premise earned its place: none of the orchestration around an AI pipeline (upload flows, case queues, status dashboards, audit history) is intellectually interesting, but all of it is mandatory before the demo looks like a product. Low-code compressed exactly the part that didn't deserve our weekend.

The pipeline end to end: document upload → Rekognition extraction + face match → OpenAI decisioning with reasons → auto-approve / auto-reject / human escalation queue, every step logged.

What the clock teaches you

Demo the failure path. Everyone demos the happy path: clean document, matching selfie, instant approval. We also demoed a mismatched face and a tampered document getting caught and escalated with the reason attached. For a fraud-adjacent tool, the rejection is the product — that's the moment we saw the judges lean in.

Buy perception, build judgment. The differentiating layer wasn't the OCR or the face match — those are commodities. It was the glue: what the system does with imperfect signals, how it explains itself, where it routes uncertainty. That's where our actual engineering time went, and it's a good heuristic far beyond hackathons.

Automation with an escape hatch beats full automation. We never pitched "replace your compliance team." We pitched "let the machine clear the unambiguous 80% and hand the ambiguous 20% to humans with the evidence pre-assembled." Partial automation with honest uncertainty handling is both the responsible design and, it turns out, the more convincing pitch.

Low-code plus AI is a real multiplier at the edges. I write code for a living, and the instinct is to dismiss visual development. But a hackathon makes the economics blunt: every hour spent wiring a CRUD screen is an hour not spent on the layer that wins. The combination — low-code for the orchestration shell, real AI services for the core — let three people ship what would honestly be a multi-sprint project. (That experience is also why I later went and got the OutSystems Associate Developer certification — when a tool wins you a hackathon, it deserves a proper understanding.)

The takeaway

Pick a boring, expensive problem. Buy the commodity layers. Spend your time on judgment, explanations, and the failure path. Then demo the rejection, not just the approval.

The announcement post is on LinkedIn — and the win now sits in the Recognition section of this site, which feels like the right place for it.