Digital KYC, a cross country comparison
With the innovation in FinTech and virtual banking internationally, customers’ expectancy of absolutely virtual experiences has accelerated to each nook of the economic offerings realm. To reflect this shift, over the past few years regulators have been slowly introducing new e-KYC regulations to permit financial institutions to do KYC checks and allow customer applications electronically.
Contrary to popular belief, the Covid-19 pandemic is proving to be a further catalyst. The Financial Action Task Force also issued a statement stating “the use of technology, including Fintech, Regtech and Suptech to the fullest extent possible” so that social distancing measures can be undertaken for digital customer onboarding too.
On national levels, many countries have already issued revised regulations on remote customer verification so that financial institutions can continue operations smoothly and onboard clients during lockdowns. For example, in New Zealand reporting entities will be accepting scanned copies of documents instead of originals and will perform electronic verification to avoid physical contact with customers. Similarly, the Securities and Exchange Board of India has started allowing foreign portfolio investors to provide scanned versions of the required documents during registration. In another set of events, the Philippine central bank has temporarily restricted the presentation of a valid ID card during customer onboarding (however this only applies to small transactions).
The Bangladesh Financial Intelligence Unit (BFIU) also released new guidance instructing financial institutions to take a risk-based approach to e-KYC. According to the risk associated with the customer, either simplified or regular e-KYC procedures should be followed. The regular e-KYC involves more steps of information gathering. Both simplified and regular procedures should follow one of two biometric-based models, either using fingerprint-matching or face-matching technology.
There are different types of similarities and differences between existing e-KYC schemes around the world. So, to simplify it for you let us do a cross country-wise differentiation to see which rule is followed in which part of the world.
Identity Authentication & Matching: The Hong Kong model
Previously e-KYC regulations were a little vague. In Spite of specific technologies or guidance, there was a general regulation for all. Specific procedures can be approved or rejected by financial institutions on an ad hoc basis.
In this regard, Hong Kong is an interesting example. Hong Kong has an Anti-Money Laundering Ordinance and Counter-Terrorist Financing Ordinance (AMLO). It was first published in 2011 and is the city’s principal piece of legislation that takes care of customer due diligence and record-keeping requirements. It has some special requirements for when clients are not physically present for identification purposes but maintains a somewhat high-level approach.
In February 2019 the Hong Kong Monetary Authority released an updated circular on “remote onboarding of individual customers”.
This circular did not talk about a specific checklist of actions to be followed but mentioned the technology to be adopted for virtual onboarding. This technology should cover identity authentication/verification and identity matching (e.g. facial recognition, liveness detection). This technology embraced the new age RegTech solutions thus stating how Hong Kong practices its commitment to innovation without mandating overly restrictive limitations on what software to be used or such procedures to be followed.
This Hong Kong model can also be found in Malaysia as in 2019, Bank Negara Malaysia issued draft requirements for financial institutions looking to implement e-KYC such as the use of biometric technology, fraud detection and liveness detection.
The advantage of this flexible regulatory model – that depends on identity documents as well as liveness detection – is that it leads to a broad ecosystem of solutions that is not prone to anyone attack that could work across the whole financial system. A demerit will be the uncertainty that these requirements pose for the responsible compliance teams that want to adopt innovative new technologies.
Video Verification: The German model
One more traditional way to prevent fraudulent personification during the e-KYC process is to conduct two-way video calls rather than a face to face meeting.
One of the first countries to adopt a video verification approach was Germany. BaFin, the German regulator, finally responded to the demands for more convenient onboarding processes in a 2014 directive that was updated in 2017. It finally enabled customer verification and identification via a two-way video call with a compliance professional.
Even the Reserve Bank of India announced in January 2020 that it will give the option of a video-based KYC to establish the customers’ identity. In India, the financial industry has always avoided performing video KYC because of the high costs of physically reaching out to customers, especially the ones in remote locations. Similarly, in 2018, the MAS (Monetary Authority of Singapore) openly supported the idea that real-time video conferencing can be a suitable model for customers’ verification and might replace and be “comparable to face-to-face communication”.
Video verification can easily prevent some versions of identity theft. It is usually thought of as simply a digital version of traditional face-to-face onboarding by regulators and financial institutions alike. However, it places a huge burden on the team that is managing the series of incoming video calls. Also, it does not have any upper hand in scalability as compared to traditional in-person onboarding.
Digital ID Schemes: The Swedish, Singaporean and Indian models
One of the most unique and radical approaches to e-KYC is the creation of either federated digital IDs or centralised KYC utilities. This model actually creates a trustworthy official source of information. However, it is not always backed with the government laws – that financial institutions can refer to when checking the identity of a prospective customer.
India, with its Aadhaar e-KYC system, was one of the forerunners of the centralised variety of this model. It was launched in 2009 and is seen as the global eID archetype. Aadhaar now boasts of more than 1.21 billion users. To put it simply, Aadhaar is an individual identification number issued by the Unique Identification Authority of India (UIDAI) for establishing a unique identity of every subscribed individual.
However, a centralised scheme is more exposed to huge risks from hacking attacks or implementation faults. Recently, a report by a cybersecurity firm Recorded Future Inc stated that Chinese state-backed hackers might have broken into the Aadhaar database.
In Singapore, the government introduced a virtual personal data platform called MyInfo in May 2016 to streamline identity verification during online transactions. With this platform, Singaporean financial institutions have access to a customer’s MyInfo data. Now, they do not need to obtain any additional documents to verify the customer’s identity. Singapore has even been successful in protecting the MyInfo user data by coming up with a highly secure system that works without distributing said data in multiple places.
Sweden is another interesting example of the different varieties of digital ID schemes. There is a federated digital ID scheme first introduced by banks. However, the eIDs created in this way are now accepted as a form of identification by government authorities too. A group of large Swedish banks like Danske Bank, Länsförsäkringar Bank and Swedbank introduced the BankID system in 2003. However, it has become very popular in Sweden now. In this scheme, the identity data stays with the bank of the user. Unlike India, it is not in a centralised place and is, therefore, less exposed to hacking attacks or insecure implementations.
Enhanced vs Simplified Due Diligence: The UK model
Most KYC schemes and AML requirements take a risk-based approach that advocates for different levels of scrutiny based on the potential risk associated with a prospective customer. The Financial Conduct Authority in the UK is also on this line.
The Joint Money Laundering Steering Group (JMLSG) is the body responsible for guiding and assisting financial services providers with their obligations in terms of UK AML/CTF legislation.
Under the current JMLSG regulations, low-risk customers can take up Simplified Due Diligence (SDD). Under SDD, financial institutions can verify their identities by simply collecting their name, date of birth and residential address information and verifying them against official sources like electoral registers, court judgements, credit institutions.
Under JMLSG guidelines, the criteria for verification is called 2+2. This is because it requires financial institutions to match the 2 data points given by the customer to 2 data points from an official source. For instance, the name of the person plus their date of birth, or the name plus their address. These sets of regulations are probably the easiest of them all.
The 3 Steps KYC Compliance Framework- EU
A three-step compliance framework is followed in the EU. It includes:
1. Customer Identification
The first step in the KYC process is to identify the customer. This is a process that is most effectively performed digitally. For example, ID Proof is a tool that can be part of the online KYC procedures. It can be used to verify customers via electronic identity, NFC chip reader or a Passport/National ID card selfie check. It depends on the territory they are based upon.
2. Customer Due Diligence (CDD)
Customer due diligence requirements are concerned with verifying the potential customer and checking if there is black and grey lists for potentially criminal behaviour against them.
If they prove to be low risk, according to the compliance experts, they can perform simplified due diligence, although most clients require standard CDD. However, the high-risk customers should undertake enhanced due diligence (EDD).
3. Enhanced Due Diligence (EDD)
Enhanced due diligence can be activated by a number of factors. It can be that the UBO of the organisation is a PEP, or the customer deals with persons or entities in countries under FATF blacklist or greylist or the client has a history of complex or unusual transactions or another troubling finding.
Upcoming KYC methods
1. The Blockchain KYC Process
The process of using Blockchain for KYC is a multiple staged process that takes place in a Distributed Ledger Technology.
The use cases of the decentralized technology in KYC is not just a Blockchain in Fintech offering. There are a number of areas where Blockchain development companies are exploring this technology.
Distributed data collection
The introduction of blockchain in KYC allows data on a decentralized network to be accessed by parties after permission has been given to them. Also, the technology provides efficient data security as the data can only be accessed after permission has been given by the users. So instances of unauthorized access are eliminated.
Better operational efficiency
The advantages like an unhackable digital process and sharing user information on a permissioned network can highly decrease the effort and time needed in the early stages of KYC. This also decreases the customer onboarding time and the regulatory and compliance costs.
Validation of information accuracy
KYC Blockchain systems allow transparency and immutability. This in turn lets financial institutions validate the trustworthiness of data present in their platform. This decentralized KYC process is like a streamlined way of having secure and swift access to up-to-date user data. This also decreases the labour-intensive efforts that an institution puts behind gathering information.
Real-time updated user data
Every time a KYC transaction takes place at a financial institution, the information is shared within a distributed ledger. This Blockchain technology KYC system also allows other institutions to access real-time updated information. However there is a guarantee that every time there is a new addition in the documents or there are any modifications, they will be notified.
2. The AI KYC Process
Artificial intelligence can easily extract risk-relevant facts from a huge volume of data. Thus it makes the process of identifying high-risk clients even easier. It can also track the changes in regulations around the world, identify gaps in customer information stored by the financial institution and provide KYC alerts to perform regulatory outreach to customers to collect the outstanding information. Here are five key ways in which AI can help improve KYC and client onboarding processes:
1. AI can automatically create and update the client risk profile and match this against the classification process (i.e., high-, medium- and low-risk). It can easily ensure continued compliance throughout the client life cycle. It can also make the process of identifying high-risk clients much easier.
2. AI can “read” vast amounts of data (including unstructured text) and derive meaning. This can help in producing comprehensive, accurate and auditable risk profiles on companies and individuals in a matter of minutes. It can prove highly beneficial to compliance teams who have to weave through complex webs of data on shareholders, beneficial owners, directors and associates. It will enhance their ability to draw accurate conclusions for a risk-based approach to compliance.
3. When AI is applied to workflow automation, it can transform the generation of documents, reports, audit trails and alerts/notifications thus improving client onboarding and document management automation.
What is the future of Digital KYC?
These days it appears that regulators’ understanding and willingness to adopt RegTech on a large scale has increased vastly.
Familiarity with technologies like facial comparison, AI-powered ID verification and liveness detection has increased. As a result, references to such innovations are being explicitly included in regulations around the world. Digital KYC regulations not only leads to the smooth functioning of business organisations, and financial institutions but also improve relations among countries. It was visible in the case of the EU that also accounts for FATF blacklist or greylist. If one country is following strict digital KYC rules to avoid being a negative part of such lists, then the other countries will also account for their technology.
Want to learn more about Identity Tech – Digital KYC?
To have a good understanding of Identity Tech – Digital KYC, you should check out what we have for you.
Why should you enroll in this GFA Course?
Global FinTech Academy aims to make the knowledge behind Financial Technology available to all. We offer a range of courses that make the understanding of Technology easier for you. You can use this to strengthen your career, knowledge, disrupt the FinTech market with new and innovative product/s that are full of potential, or for literally anything. The good news is you get to learn all this in an easy language and from ground zero. Our aim is to deliver the best knowledge to you in the easiest way possible.
In this business-oriented overview course, we will talk about
UIDAI
Aadhaar which is the world’s biggest digital identity programme
e-Estonia
Blockchain-based identity (just an overview)
Future of identity
Grievance redressal in digital identity. We will further add the Bank ID programme and new happenings in Digital Identity.
Identity is the base of any individual to claim the government and private sector benefits. We got it easily so we take that for granted, think of those who do not have a formal identity. They struggle day in and out to prove who they are to get different basic needs. It’s tough for them to open a Bank account, get a mobile SIM, get any financial services, can’t buy properties etc. For these people the cost of getting an identity is also too high, they need to do and spend a lot to get identity proof.
Digital identity also reduces the cost of acquisition for an institution and hence serves their customer profitability at a low cost. Further, an identity issued by any formal institution is important to establish citizenship, ownership of property and many more.
You can also get this on Udemy, get it here.
See you on the other side of the course.
To keep yourself updated on the go, subscribe to our social media handles.
Linkedin, Twitter, Facebook, Instagram, Quora, Newsletter, The Fintech Reporter