Most countries have well-established Know Your Customer (KYC) rules that specify identification, due diligence and risk assessment procedures for analyzing clients. However, many of these regulations are more appropriate for yesterday’s consumer.
Today’s digital savvy, mobile-first consumer expects to consume content and transact in real-time, therefore, requiring them to visit a retail store or branch to prove their identity in person will result in cart abandonment or loss of transaction to another merchant that can satisfy their expectations.
New KYC guidelines and regulations are required to keep pace with the reality of digital transactions. While modifying laws to make them more applicable is possible, many countries have established eKYC (electronic Know Your Customer) regulations for the digital and mobile realities of today.
One method to creating an effective eKYC system is having secure, authenticated, government-issued electronic identification (eID). While there are solutions for companies or specific use-cases, a government eID guarantees widespread trust, use and layering up of new services and capabilities. From digital signatures to biometric verification, e-voting to accessing secure e-services, eID enables whole new capabilities that are impossible with traditional ID.
eID in Estonia
One country at the forefront of eID developments is Estonia. The small, Baltic country has had digital ID capabilities on its national ID card since 2001 and now the eID is embeddable in a secure, SIM card allowing a mobile phone to provide full identification capabilities.
Estonians can use their eID for over 600 government services such as driver’s license, healthcare, filing and paying taxes, and voting. The eID also provides full legal status for any interaction in Estonia that requires identity confirmation such as eCommerce, electronic Banking, and signing contracts. Other services piggyback on top of the digital infrastructure to enable seamless payments, loyalty programs and even riding the tram.
Besides consumer use, eID also offers a huge advantage for Estonian businesses; there are over 2,400 government e-Services available. What previously took days or weeks to do is now possible in minutes. For example, opening a business in Estonia takes approximately 18 minutes, and filing taxes, contributions and other business records can also be done entirely online.
Overall, the impact of eID on Estonia is dramatic. One element alone, digital signatures, saves 2% of GDP annually. And, they’re not resting on their laurels. The country has introduced an e-Residency program, where they provide eID to citizens of other countries. This allows people to enjoy various e-Services, including setting up an EU business from anywhere in the world — in one business day.
In the EU, the eIDAS identity framework is intended to enable one EU Member State’s eID to be used in all other Member States. The goal is to create a modern identity framework that can perform electronic identification and trust services for digital transactions.
In its current form, the framework requires Member States to create their own rules and notify other Member States, who in turn must accept the ID scheme when allocating public services. However, only 15 of 27 Member States currently offer eIDAS and “it is not possible today to identify online with a single, secure, convenient and trustworthy eID … business opportunities remain untapped and secure identification costs remain excessive.”
As a result, there’s a new ‘European Digital Identification’ initiative that should be ready by mid-2021. Member states hope that an EU-wide e-ID will be especially useful for cross-border digital services, a market expected to grow in the digital economy.
Global eID systems
While Estonia was early in the game, other countries are introducing their own eID systems. There are over 60 different countries that currently offer some form of eID. For example in Malaysia where, according to Deputy Governor of the Central Bank of Malaysia Jessica Chew Cheng Lian, "following this, the existing requirement for face-to-face verifications for onboarding new customers will be removed for companies that have received approval to conduct e-KYC."
One of the most prevalent is India’s Aadhaar system, which has registered over one billion people. Aadhaar-based eKYC allows financial service providers to verify the identity of Indian consumers electronically — reducing both the paperwork required and time spent. A recent World Bank report cites an estimate that moving to eKYC reduces the average cost of verifying customers from $23 to $0.50. Similarly, most estimates suggest that customer verification can be done in seconds using eKYC compared to five to seven days when done manually.
One main goal of Aadhaar is to help financial inclusion by creating verifiable identities for India’s poor. With India still being primarily an agrarian economy, a large amount of its population still resides in remote and rural regions. High levels of illiteracy, combined with poor access to government services, meant that members of this section of the population did not have an official identity. Aadhaar aims to give this large subset of Indians an identity for the very first time, along with creating a mega data source of identity information which can then be used to verify identities.
Another electronic method to perform KYC is by video. Video KYC is a technique “through which customer-provided videos of themselves are compared against the images on their ID documents.” It’s a lot harder to falsify moving images as compared to still images, such as selfies. Add in a liveness factor, ensuring that the video hasn’t been prerecorded by requesting a certain word or action be displayed on the video, and the risk of falsification drops even lower.
Technical considerations come into play such as available signal bandwidth, lighting and other factors to take and submit a proper live video. On the verification side, it’s necessary to have properly trained experts available, and as the ingenuity and tools of fraudsters increases, these experts will have to become ever more discerning.
It’s important to note that in Germany, where video KYC is permissible, “video identification may only be carried out by appropriately trained employees of the obliged entity or of a third party to which the obliged entity outsourced the customer identification requirement.” Although it does enable remote verification, with the requirement of trained individuals to perform the KYC, does it classify as electronic?
Using electronic methods to verify existing ID documents is another technique to perform eKYC. An image capture of an ID document enables a quick determination that an ID document is real and authentic.
This process can recognize different identity documents and performs comprehensive algorithmic-based checks on thousands of global document types. It can also check for unique enhanced security features available in some ID formats (such as US Drivers Licenses), and analyzes and decodes these advanced security functions. When you get a positive match on the ID, you then have the confidence to determine the document is real and not a forgery.
A real document, however, doesn’t automatically imply identity verification. Someone could have a forged document with false identity information. It’s vital that the identity information itself be properly vetted.
Digital Due Diligence
While effective ID verification is the first step, it’s not the only requirement for a successful eKYC system. eKYC also requires compelling due diligence, wherein affected companies need to undertake active and rigorous procedures to understand financial activities of the customer. Questions such as: What is the nature of their business? How do they get their money? Who are their customers? What is the volume of transactions? How much money do they handle? What countries do they do business in?
To make a proper risk assessment — the third aspect of effective eKYC — affected companies must ask probing questions and ensure the answers are trustworthy and satisfactory. They need to, in effect, play detective and investigate the true nature of the client’s financial structure.
The requirements for due diligence are becoming stricter as governments enact regulations to unveil complex ownership structures. These beneficial ownership rules, such as 4AMLD in Europe and the FinCEN Final Rule, specify specific requirements for determining who actually owns and runs the client company. Previously, ownership information was often obscured by convoluted paper trails by the use of shell companies, trusts, nominees and other legal fabrications.
Creating an effective eKYC regime will, therefore, need to include elements for electronically checking, analyzing, and verifying, ownership structure.
Paper trails that are slow, expensive and prone to errors make for excellent hiding places for corruption, tax evasion and other financial shenanigans. With eKYC, the speed and transparency of digital processes offers a way to onboard good customers and detect bad actors and prevent them from abusing an account.
Powerful and efficient eKYC promises a way to better protect governments, institutions, and individuals with rules that are more appropriate for modern digital financial processes.
The traditional onboarding process for new clients is a time-consuming, labor-intensive, manual process that can lead to frustrating delays. Find out how electronic identity verification enables financial institutions to comply with tough industry regulations without burdening customers.
This post was originally published on Sept 28, 2017 and updated to reflect the latest industry news, trends and insights.