Most countries have well-established Know Your Customer (KYC) rules that specify identification, due diligence and risk assessment procedures for verifying identities. But many KYC guidelines and regulations don’t reflect the reality of digital transactions.
While modifying laws to make them more applicable is possible, many countries have established electronic Know Your Customer (eKYC) regulations to match digital and mobile realities. In general, eKYC refers to fully digital processes that use identity verification solutions or digital ID systems. In India, for example, eKYC is a consumer term referring to identity verification through the Aadhaar system.
Effective eKYC systems often have secure, authenticated, government-issued electronic identification (eID). A government eID guarantees widespread trust and ladders up to new services and capabilities, such as digital signatures, e-voting and accessing secure e-services.
Leveraging digital ID systems
Estonia is at the forefront of eID developments. The small, Baltic country has had digital ID capabilities on national ID cards since 2001. The eID is embeddable in a secure SIM card, giving mobile phones full identification capabilities.
Estonians can use their eID for more than 600 government services, such as healthcare, filing and paying taxes, and voting. The eID also provides full legal status for any interaction in Estonia that requires identity confirmation, such as eCommerce, opening accounts at financial institutions, and signing contracts.
The ID system also offers an advantage for Estonian businesses. More than 2,400 government e-services are available. What previously took days or weeks is now possible in minutes. For example, opening a business in Estonia takes approximately 18 minutes.
Overall, eID has had a dramatic effect on Estonia. The country in 2014 took it a step further by introducing e-Residency, which provides eID to citizens of other countries, allowing them access to various e-Services.
In the European Union, the electronic Identification, Authentication and Trust Services (eIDAS) identity framework is intended to enable one EU member state’s eID to be used in all others. The goal is to create a modern identity framework that can perform electronic identification and trust services for digital transactions.
In its current form, the framework requires member states create their own rules and notify others, which must accept the ID scheme when allocating public services. But not every EU country has implemented eIDAS yet.
A more recent initiative, the European Digital Identity Wallet, is designed to provide an EU-wide eID that can be used for digital onboarding for cross-border services.
Global eID systems
While Estonia joined the game early, there are now more than 60 countries with eID systems. Others are creating digital identity frameworks and gathering feedback for eventual implementation:
- Australia - Trusted Digital Identity Framework
- Canada - Pan Canadian Trust Framework
- New Zealand - Digital Identity Services Trust Framework
- UK - UK digital identity and attributes trust framework
Those frameworks are works in progress and require buy-in from various government and corporate agencies, as well as the public.
India’s Aadhaar system is one of the most prevalent, registering more than 1.29 billion people. Aadhaar-based eKYC allows financial services providers to verify the identity of Indian consumers electronically, reducing paperwork and time.
A World Bank report cites an estimate that Aadhaar moving to eKYC could reduce the average cost of verifying customers from $23 to $0.15. Many estimates also suggest that customer verification can be done in seconds using eKYC compared to five to seven days when done manually.
An Aadhaar goal is to help financial inclusion by creating verifiable identities for those who struggle to gain access. With India still primarily an agricultural economy, a large population resides in remote and rural regions. High levels of illiteracy, combined with poor access to government services, makes it difficult for many people to have an official identity.
Video KYC is a technique “through which customer-provided videos of themselves are compared against the images on their ID documents.” It’s much harder to falsify videos than still images. Add in a liveness factor, which ensures the video hasn’t been prerecorded, and the risk of falsification drops even lower.
On the verification side, it’s necessary to have properly trained experts to offset fraudster’s evolving techniques.
It’s important to note that in Germany, where video KYC is permissible, “video identification may only be carried out by appropriately trained employees of the obliged entity or of a third party to which the obliged entity outsourced the customer identification requirement.”
Although it enables remote verification, the use of trained people performing the KYC raises questions as to whether it qualifies as electronic.
Verifying ID documents electronically is another eKYC option. Image capture of an ID document enables a quick determination of its authenticity.
That process can recognize different identity documents and performs comprehensive algorithmic-based checks on thousands of global document types. It can also check for unique enhanced security features available in some ID formats, such as U.S. driver’s licenses, and decodes those advanced security functions. A positive match provides confidence the document is genuine.
An authentic document, however, doesn’t automatically imply identity verification. The identity information itself must be appropriately vetted.
The importance of Digital Due Diligence and eKYC processes
Effective ID verification is the first step, but it’s not the only requirement for a complete eKYC system.
KYC also requires compelling due diligence, which requires companies undertake rigorous procedures to understand the customer’s financial activities. Those procedures include getting trustworthy answers to questions such as: What is the nature of their business? How do they get their money? Who are their customers? What is the volume of transactions? How much money do they handle? What countries do they do business in?
To make a proper risk assessment, companies must, in effect, play detective and investigate the true nature of the client’s financial structure.
The requirements for due diligence are becoming stricter as governments enact regulations to unveil complex ownership structures. Those beneficial ownership rules specify requirements for determining who owns and runs a company. Previously, ownership information was often obscured by convoluted paper trails through shell companies, trusts, nominees and other legal fabrications.
Creating an effective eKYC regime includes elements for electronically checking, analyzing and verifying financial activities and risk assessments.
Paper trails that are slow, expensive and prone to errors make for excellent hiding places for corruption, tax evasion and other financial shenanigans. With eKYC, the speed and transparency of digital processes offer a way to onboard trusted customers, detect bad actors and prevent account abuse.
Powerful and efficient eKYC promises a way to better protect governments, institutions and people with rules that are more appropriate for modern digital financial processes.
This post was originally published on Sept 28, 2017, and updated to reflect the latest industry news, trends and insights.