Most countries have well-established Know Your Customer (KYC) rules that specify identification, due diligence and risk assessment procedures for analyzing clients. However, many of these regulations are more appropriate for yesterday’s consumer.
Today’s digital savvy, mobile-first consumer expects to consume content and transact in real-time, therefore, requiring them to visit a retail store or branch to prove their identity in person will result in cart abandonment or loss of transaction to another merchant that can satisfy their expectations.
New KYC guidelines and regulations are required to keep pace with the reality of digital transactions. While modifying laws to make them more applicable is possible, many countries have established eKYC (electronic Know Your Customer) regulations for the digital and mobile realities of today.
The first step to creating an effective eKYC system is having secure, authenticated, government-issued electronic identification (eID). While there are solutions for companies or specific use-cases, a government eID guarantees widespread trust, use and layering up of new services and capabilities. From digital signatures to biometric verification, e-voting to accessing secure e-services, eID enables whole new capabilities that are impossible with traditional ID.
eID in Estonia
One country at the forefront of eID developments is Estonia. The small, Baltic country has had digital ID capabilities on its national ID card since 2001 and now the eID is embeddable in a secure, SIM card allowing a mobile phone to provide full identification capabilities.
Estonians can use their eID for over 600 government services such as driver’s license, healthcare, filing and paying taxes, and voting. The eID also provides full legal status for any interaction in Estonia that requires identity confirmation such as eCommerce, electronic Banking, and signing contracts. Other services piggyback on top of the digital infrastructure to enable seamless payments, loyalty programs and even riding the tram.
Besides consumer use, eID also offers a huge advantage for Estonian businesses; there are over 2,400 government e-Services available. What previously took days or weeks to do is now possible in minutes. For example, opening a business in Estonia takes approximately 18 minutes, and filing taxes, contributions and other business records can also be done entirely online.
Overall, the impact of eID on Estonia is dramatic. One element alone, digital signatures, saves two percent of GDP annually. And, they’re not resting on their laurels. The country has introduced an e-Residency program, where they provide eID to citizens of other countries. This allows people to enjoy various e-Services, including setting up an EU business from anywhere in the world — in one business day.
With the upcoming eIDAS identity framework enabling one EU Member State’s eID usable in all other Member States, Estonia is well positioned to reap the rewards of early adoption.
While Estonia was early in the game, other countries are introducing their own eID systems. There are 60 different countries that currently offer some form of eID. One of the most prevalent is India’s Aadhaar system, which has registered 1 billion people. Others are quickly coming online, with Malaysia soon launching their system.
According to Assistant Governor of the Central Bank of Malaysia Jessica Chew Cheng Lian, "Following this, the existing requirement for face-to-face verifications for onboarding new customers will be removed for companies that have received approval to conduct e-KYC."
Digital Due Diligence
While effective eID is the first step, it’s not the only requirement for a successful eKYC system. eKYC also require compelling due diligence, wherein affected companies need to undertake active and rigorous procedures to understand financial activities of the customer. Questions such as: What is the nature of their business? How do they get their money? Who are their customers? What is the volume of transactions? How much money do they handle? What countries do they do business in?
To make a proper risk assessment — the third aspect of effective eKYC — affected companies must ask probing questions and ensure the answers are trustworthy and satisfactory. They need to, in effect, play detective and investigate the true nature of the client’s financial structure.
The requirements for due diligence are becoming more strict as governments enact regulations to unveil complex ownership structures. These beneficial ownership rules, such as 4AMLD in Europe and the FinCEN Final Rule, specify specific requirements for determining who actually owns and runs the client company. Previously, ownership information was often obscured by convoluted paper trails by the use of shell companies, trusts, nominees and other legal fabrications.
Creating an effective eKYC regime will, therefore, need to include elements for electronically checking, analyzing, and verifying, ownership structure.
Paper trails that are slow, expensive and prone to errors make for excellent hiding places for corruption, tax evasion and other financial shenanigans. With eKYC, the speed and transparency of digital processes offers a way to onboard good customers and detect bad actors and prevent them from abusing an account.
Powerful and efficient eKYC promises a way to better protect governments, institutions, and individuals with rules that are more appropriate for modern digital financial processes.