Digital KYC (Know Your Customer), eKYC, automated KYC – whatever you call it, the power and convenience of using automated, digital measures to fulfill KYC requirements can’t be contested; the speed, accuracy and cost advantages are transformative in their approach to Anti-Money Laundering (AML) compliance.
Yet, for all the inherent benefits of electronic processes, many institutions are still wary of using the “new” technology. Why are some companies resistant to it and what can be done to dispel their reluctance?
Who makes the decision? People, culture or business needs?
For many early-adopters, any new technology is new and novel; it is thus attractive for that reason. For laggards that are staid and conservative, new technology excites little interest until it becomes an industry standard.
The concept of transformation, however, implies a willingness to consciously deviate from the norm, not out of cultural and personal attributes, but based on what is best for your business. As Genpact CEO Tiger Tyagarajan, who advises enterprises on digital strategy, says “it starts with the business outcomes and the new business models you’re going after and working backwards from there.”
Depending on your current customer due diligence (CDD) processes, the volume of transactions and the countries you cover, manual KYC techniques might be fine for your needs. It makes little sense to choose digital KYC for the sake of going digital; rather, the question that compliance professionals should ask themselves is, will a digital process improve productivity? Will it improve the customer onboarding experience while fulfilling regulatory requirements more effectively and easily?
If you have a low number of transactions and operate only in one market, perhaps manual verification methods might do the job for you. On the other hand, if you want to scale to new markets or increase the number of customers in your existing market, opting for digital, low-touch and scalable methods is inevitable. Digital KYC and other electronic processes, once set up, create a framework for speed and adaptability.
For many executives, transformative processes have a downside risk; security, integration and operations all require strategizing, vetting, implementation, and often, these processes can be daunting and bear all the negative connotations of change management.
In this era of massive data breaches, protecting customer data throughout the customer lifecycle is of utmost importance. In that context, what are some effective steps to consider when vetting third-party vendors?
Does the vendor have certification, such as ISO 27001? Ensuring the vendor is serious about information security and has adopted international best practices designed to mitigate risks while meeting regulatory and legal compliance requirements is a simple check.
What does the vendor do with the KYC information that they collect? Are they adding it to their own database, creating yet another data-breach point? Or, do they purge the data, minimizing the risk that stems from customer information falling into the wrong hands? Are they prepared for security audits? These are essential questions.
Ease of integration
Another pain point for adopting new technologies is the integration with existing technology. Almost everyone has a personal horror story of getting a new tech toy which, despite the promise of being instantly up-and-running, requires a deep dive into manuals, documentation, and a greater reliance on tech support, just to get started.
What tech resources will be required? How long will it take? How much valuable dev time will be eaten up on what often is a non-core requirement?
Consider how much time the initial setup will take: Is there proper documentation? Is the API developer-friendly? Beyond the first connection, how easy is it to adapt, add sources to, change configurations? The digital world is changing fast, so getting a technology stack that can easily change in accordance with new offerings, markets and changing requirements, will save enormous time and effort in the long run.
Every tech provider will say their API is plug-and-play, but is it really? Will it work with your systems? Is there enough customer and technical support to help you on your path? While the quality of support is difficult to analyze beforehand, asking pointed questions will help you determine what you are signing up for.
Initial analysis of the competitive landscape will surface several providers that are secure and have effective integrations. What factor, however, will be the decisive one, when it comes to digital KYC?
Simply put, the quality of identity data is the single most important factor when it comes to delivering compliance, fraud prevention and a seamless onboarding experience:
- If the vendor doesn’t have the data for that country, or the data type you require, then digital KYC is ineffective
- If the data is out-of-date or otherwise inaccurate, no match is possible, making automation a non-factor
- If the data can’t be corroborated amongst different sources, the trust is potentially questionable
- If the data can’t be quickly gathered and run through match rules, then customers are left waiting before they abandon the sign-up process
The process of transformation is not easy. It requires a careful analysis of business needs, careful vetting and a leap of faith into a new way of doing things. Upon completion though, you’ll wonder why you didn’t do it earlier. Digital KYC might be an unknown, and new in some organizations, but the real risk is choosing to abstain from using processes that are proven to be effective and beneficial, because they are new.