How well do you know your customer? The financial industry has been changed by the emergence of new technologies, new players, new regulations and new markets. Financial institutions must embrace a digital transformation strategy or risk becoming obsolete. Therefore, in this ever-evolving, digital-first economy, it’s important to know who really is behind the screen.
As our online activities and transactions surge, so too do fraudulent schemes. In the face of this rising risk, financial institutions must balance their obligations to KYC compliance with innovative, digital identity verification that can protect against the latest, sophisticated fraud trends without impacting customer experience.
But, before we dig in, let’s take a step back to better understand the process of Know Your Customer (KYC) and what KYC compliance means when it comes to identity verification in this digital-first economy.
What is KYC verification?
Simply put, KYC verification is a mandatory requirement set to ensure a business can verify a customer’s identity and assess their risk level at onboarding. The ultimate aim of a KYC check is to prevent the following:
- Identity theft and financial fraud
It has been estimated that some 86% of online shoppers have become victims of identity theft globally, with the rates of identity theft scenarios increasing dramatically in 2023. This is especially the case across APAC, where one in four consumers have fallen victim and 61% of merchants report instances of identity theft.
Meanwhile, recent reports into financial institutions of all sizes, have found that fraud rates have increased year-over-year, with 70% of respondents within the industry claiming their company fell victim to at least $500K in fraud in the past 12 months and one in four falling victim to breaches that resulted in seven-figure losses. Furthermore, the projected total cost of financial crime across financial institutions worldwide is $274.1 billion, which is an increase of $60 billion in a span of only two years.
KYC verification requires individuals to provide proof of their identity, making it harder for a bad actor to access a platform or open an account.
- Money laundering and terrorist financing
Money laundering is the illegal act of transferring large amounts of money generated by criminal activity and “laundering” it through a dummy account, so it appears clean. Terrorists often launder money, as well as open multiple accounts to fund their operations. Cases of both money laundering and terrorism financing are on the rise, especially post COVD-19.
In partnership with anti-money laundering (AML) policies, KYC verification makes it harder for criminals to set up these supposedly clean accounts. Furthermore, because KYC verification must match the names of people trying to open an account against a watchlist, suspected terrorists can be blocked before they can use a financial service.
What is involved in a standard KYC verification procedure?
An effective KYC program requires the following elements:
- Customer acceptance policy (CAP)
The CAP process in KYC is important, especially for banks who require documentation that defines the basis on which a financial institution can enter into a relationship with its customer. Without it, a bank can be exposed to serious compliance risks, not to mention legal and reputational risks.
- Customer identification procedure (CIP)
Ultimately, KYC identity verification mostly falls under the CIP component of KYC. Indeed, it is often the very first stage of KYC. The procedure is exactly as it sounds; the act of checking a customer’s identity by collecting and verifying their information before allowing them onto your platform, providing your services and/or doing business with them. The “customer” in question can be a person or a business – either way, the process is the same. At a minimum, know the answers to the following:
- Date of birth
- Identification number
Or, in the case of verifying a business entity, the following:
- Government-issued business license
- Articles of incorporation
- Trust agreements
- Partnership deed
After going through the CIP process, a business must be satisfied that:
- An individual customer is who they say they are
- A customer who is not an individual is a real entity (or business) that actually exists
It’s important to note that while in the process of a CIP risk assessment, verification of the account holder happens “within a reasonable time.” And, because CIP should include both documentary and non-documentary methods, financial institutions need to ensure they have gathered enough information before they start the verification process. Given the increasing transaction volume, it is prudent that companies come up with an internal procedure to fast-track the process (without sidestepping due diligence). This will prevent delays in onboarding new customers. Of course, in the case of suspicion of fraud, a full-scale CIP should be conducted.
- Transaction monitoring
All organizations, but especially financial institutions, need to be on the lookout for suspicious activity via ongoing transaction monitoring. It is particularly essential for businesses that fall within the remit of money laundering regulations. In short, banks need relevant documentation such as the source of funds and the recipient and sender information. However, the exact process of transaction monitoring will depend on a few factors, including the following:
- Corporate culture
- Customer profile
- Size, sector and complexity of the company
- Associated operational risk
Effective transaction monitoring requires a precise combination of processes, technology and human expertise that enables the successful separation of risky transactions from good transactions.
- Risk management
KYC risk management means establishing a centralized process for coordinating policies and procedures that not only comply strictly with relevant laws and regulations, but also identify, monitor and mitigate risk. A company’s board of directors must be fully committed to an effective KYC program by ensuring the effectiveness of this process.
What are the consequences of non-compliance?
Because KYC verification protects not only the operations of the financial institution conducting the review but also their customers and the national and global economy at large (from identity theft, money laundering and other financial crime), failing to comply can have serious consequences. For example:
- Heavy fines
One of the highest issued fines in recent years for KYC and AML compliance failure was handed to Goldman Sachs, where the fine reached nearly $3 billion. That same year, fines amounting to $10 billion were given to financial institutions worldwide.
- Reputational damage
As seen above, the big fines make the news. When it comes to banking, consumers have more choices today than ever before. Reputation matters.
- Fraud increase
Once a bad actor gets onto your platform with an account, they can do serious damage. Recent studies suggest that because neo-banks are often reported to have weaker KYC and AML practices, they have become greater targets of fraudsters.
- Banking license revoked
In an extreme case, if a financial institution fails to comply with KYC verification checks, it could lose its banking license.
How do KYC processes differ around the world?
Each and every country has the authority to establish its own KYC laws and regulations. For this reason, global KYC laws can vary significantly, causing some confusion; especially pertaining to the documentation required and how customer information must be stored and secured.
As financial crime knows no borders, many international organizations have come together to establish recommendations to guide the development of a global standard of KYC guidelines. One such example is the Financial Action Task Force (FATC), which has listed 40 recommendations thus far for those member states and also offered model legislation to enable the setting of new laws.
Electronic KYC verification (eKYC)
As of 2022, 78% of adults across the US preferred to bank online and an estimated 93% of Brits were using online banking in the past 12 months. Meanwhile, of the estimated 250 digital banks worldwide, 20% are in APAC. All this to say, electronic KYC (eKYC) is the future of KYC. In fact, the digitization of the KYC process is officially here.
There are multiple reasons why companies need to embrace the automated, online and paperless process that is eKYC:
- It’s much faster.
Naturally, the moment a process is automated and digitalized, it becomes faster. When KYC verification once took days, or even weeks, to manually process, it now can take minutes.
- It’s more secure.
Not only is eKYC faster, but it is also more secure due to its enhanced due diligence. By pulling from a broader variety of data and signals, the digital process offers a fuller picture of who a potential customer is; more so than was made traditionally available via regular KYC verification. This enables a more accurate detection of potential risks.
- Improved conversion rates.
A faster, more secure process means a faster, more secure experience for the end-user which means – you guessed it – an increase in conversion rates.
- Improved customer experience.
Naturally, customer experience scores typically improve when a process becomes more targeted and streamlined online.
- Improved employee satisfaction.
Finally, digital automation frees up employees from the often tedious and time-consuming tasks of manual KYC verification. A more efficient employee is a more satisfied employee. Win-win.
How digital identity solutions boost KYC compliance.
Despite the digitization of KYC compliance, the process of KYC verification is still a significant burden for many institutions. In fact, a recent global study suggests millions of dollars are spent every year by financial and corporate institutions inefficiently onboarding and maintaining clients, with more than half of financial institutions stating 31-60% of their KYC review tasks are still being completed manually. Staggeringly, the survey also found that over half are spending up to $3,000 to complete just one KYC review!
To build a risk management and fraud strategy only around legacy systems and traditional KYC and AML processes is to not only accept eye-watering costs (it has been said banks spend an average of $60 million annually on KYC compliance) but to also open the doors to synthetic identities, promotion abuse of new digital products and account opening fraud.
Furthermore, if organizations wish to remain essential in today’s digital economy, they need to boost their comprehensive online capabilities, bridging the gap between their services and the customer’s needs. Specifically, to stay relevant within a global industry, financial institutions must focus on providing a seamless customer experience from the very first touchpoint – account creation.
To discover more about how your business can implement more sophisticated onboarding strategies focused on identity verification that goes beyond KYC compliance, get in touch with an Ekata expert today.