Global KYC Registries: Good Idea or Bad Idea?
As the need for reliable due diligence checking continues to grow in a world with increasingly strict anti-money laundering (AML) and know your customer (KYC) regulations, some national governments have risen to the challenge. In India, where its Aadhaar project has provided secure biometric identification to most of the country’s citizens, the Indian finance ministry announced in August 2015 that a central KYC registry will be created to allow financial institutions to simplify the customer onboarding process. Commercial banks in Bangladesh are also now able to verify customer identities using that country’s national ID database thanks to a recently-signed agreement between the banks and the national Election Commission that manages the database.
Are international KYC registries the way of the future for due diligence checks? What are some of the benefits and concerns?
In countries like India, where most people still do not have access to basic financial services, the ability for banks to quickly verify new and existing customers is groundbreaking. Currently, Indians must go through a KYC check each time they wish to open a new account, even if they already have an existing account at the institution.
For banks and telecommunications companies in Bangladesh, a national registry was something that they had been demanding for years. Not only will fraud will be reduced, but bank executives expected other windfalls to occur.
“Providing mobile banking services will be easier as many people open accounts with fake NID cards,” said Abul Kashem Mohammad Shirin, deputy managing director of Dutch-Bangla Bank. “We will get genuine information from the Election Commission as its NID database is 99.7 percent accurate.”
National registries, like any other personal information database, can be susceptible to identity fraud. Take, for example, Pakistan and its Computerized National Identity Card (CNIC). A Pakistani who returned after studying abroad was surprised to discover that someone had stolen his identity by requesting a new CNIC with his information but with the fraudster’s photo.
In order to address the issue of identity theft and fraud, Pakistan’s National Database and Registration Authority (NADRA) launched a more secure version of its identity document, the Smart National ID Card (SNIC). Added security features include an embedded chip to prevent forgeries or modifications, live identification of fingerprints, and the use of state-of-the-art encryption technology.
Central KYC Hub for Banks Worldwide
However, it’s not only national governments that are getting in on the KYC registry game. Several private companies and groups are also working on their own shared KYC solutions, including the Society for Worldwide Interbank Financial Telecommunication (SWIFT), Thomson Reuters, DTCC, and Markit/Genpact. Each vendor has a different target market, but all of them share a common goal: to reduce the amount of time and money spent by financial institutions on KYC due diligence.
“The existence of a central hub to which a bank would only be required to send any single piece of information once—instead of today’s infinite number of times—would represent a significant efficiency gain for the industry,” said Luc Meurant, SWIFT’s head of banking markets and compliance services.
Greater data consistency
Another existing issue that can be addressed with KYC registries is a lack of standards for document collection and submission. A recent research study has shown that 30 percent of financial institutions surveyed reported that poor data quality and accessibility was a serious issue in their KYC programs. All customer data that is submitted to central KYC registries must conform to the same standardized format to ensure consistency and reliability.
Too much choice?
In many cases, having a wider variety of options may be an advantage, but when it comes to KYC registries, this may actually pose a problem. Compliance experts interviewed by FinOps Report that ideally, there should be no more than two or three registries at most. Higher numbers of registries could run the risk of actually increasing costs and administrative burdens for banks, since they may end up needing to use multiple registries to share data with different institutions.
Tight data security must be ensured whenever large amounts of sensitive personal information are stored in one database. Internationally-recognized digital identity thought leader and consultant, Dave Birch, raised some concerns.
“I have a slight worry that if you build a big database of this stuff, it becomes a single point of failure or compromise,” said Birch. “The case study I would use for that is [South] Korea, which decided to build a big database with everybody’s IDs. The database was compromised by criminals and the whole thing had to be scrapped.”
Strength through collaboration
Nonetheless, industry observers believe that banks are now more willing to share, talk, and be more transparent in areas such as financial crime compliance, where it is in their collective best interest to work together on joint initiatives. In addition to reducing compliance workloads by eliminating duplication of effort, internationally standardized solutions can unlock economies of scale as well, bringing substantial cost savings to all stakeholders.
“Banks that want to expand their presence worldwide need to think outside of their office walls and even beyond national borders,” said Jon Jones, President of Trulioo. “Rather than frustrating customers with repeated due diligence paperwork, KYC registries can provide both streamlined compliance processes and an exceptional onboarding experience.”
Do you think global KYC registries are a good idea? Why or why not?