SECTOR SPOTLIGHT: KYC in FinTech and Banking
SECTOR SPOTLIGHT is a monthly series on FinTechtris that explores a specific sector within the expansive FinTech space by defining its history, frameworks, business model, leading companies, and outlook.
Compliance in financial services is a complex area that both regulators and banks struggle with. Both parties can agree on protecting the banking ecosystem from illicit activity and fraudulent users, but the path to this goal of fraud prevention varies widely. Within the compliance sector, Know Your Customer (KYC) is a key battleground that users, fintechs, financial institutions, and regulatory agencies debate. About 12% of banks suffer financial losses due to KYC compliance issues. Banks can spend between $100M - $500M annually in this area.
This is a definite regulatory requirement of all banks and fintechs with banking activity, which historically was performed in person at a branch — a banker would ask for a customer’s physical government ID and info (such as date of birth, address, phone number, and social security). With the digital transformation of banking and migration towards neobanks and challenger banks, this is now done virtually on a mobile app.
The benefits of account opening digitally have truly changed financial services, but the ongoing challenges for companies and regulators stay constant. Fraudulent users can take advantage of lax standards, and abuse customer bonuses. The specific nature of digital banking requires an efficient onboarding of clients, while protecting the financial institution from unnecessary risk. For emerging fintechs without a track record, the challenge lies in building loyalty by making the enrollment and verification process fast and engaging.
Let’s take a look at KYC within financial services, specifically focusing on what’s required for adherence, common paths and tools used by fintechs, how regtech companies are innovating, and what’s next for the sector.
KYC for compliance in banking
KYC is an important piece under the umbrella of Anti-Money Laundering (AML). The Bank Secrecy Act of 1970 implemented by the U.S. Department of Treasury requires that financial institutions comply with rules to ensure that they are performing proper customer due diligence (CDD), keeping records of transactions over $10,000, and helping to prevent money laundering. Further enhancements have been made in the last 20 years, such as the US Patriot Act, that added requirements in customer screening. Financial institutions are also required to follow compliance guidelines set in place by the Financial Industry Regulatory Authority (FINRA) Rule 2090 in 2012, in addition to the FINRA Rule 2111 when making use of KYC technology.
Within AML, there are other anti-fraud initiatives such as Know Your Business (KYB), Know Your Transactions (KYT), and Enhanced Due Diligence (EDD). Fraud monitoring of clients and transactions is a constant process — a responsibility not only during onboarding but over the life of a customer relationship. Miscellaneous compliance controls for banks and fintechs outside of AML extend to PCI, PSD2, and data and privacy laws (which can vary by country and state, in the US). We covered compliance laws and oversight in the US earlier in the year (Sector Spotlight: FinTech Compliance).
When it comes to Know Your Customer, there’s a set of processes for financial services organizations to:
Identify applicants as true to their identity;
Identify users as listed on any sanction screening or criminal watch lists;
Give an approval for applicants to become clients on the given platform;
If a consumer or business fails to meet KYC requirements, account opening can be declined, Beyond initial user onboarding, companies must maintain ongoing reviews of users throughout the year to ensure no one was added to sanction lists. If this does take place, a financial institution can decide to end the banking relationship.
KYC programs typically break down into the following elements:
Customer policy, which can include a company’s definition of simplified due diligence (SDD) for low risk financial activity, customer due diligence (CDD) for standard banking use cases, and enhanced due diligence (EDD) that flag users for additional review.
Customer identification procedures (CIP) helps platforms define groups of users with specific requirements and controls (e.g. domestic vs. international customers);
Risk assessment and management that can be adjusted based on customer activity — actual user transactions are a clear indicator adding flexibility or more controls;
KYC technology identifies and verifies the identity of potential and existing customers, works to ensure the nature of a person's/business' relationship with a financial institution is in good nature, and regularly monitors the relationship to prevent money laundering.
So far the discussion has centered on consumers as users, but registered businesses and corporate entities are also customers. Properly capturing and reviewing registration documents, beneficial ownership structure, and a company’s good standing is a huge responsibility. Business banking solutions must be able to capture the same elements for small and medium sized enterprises.
the move to DIGITAL KYC FROM FINTECH
Traditional banks relied on bankers in local branches to review physical ID, confirm personal profile info was captured correctly, and submit the gathered data for review. In legacy banking systems, back-office processes would run the applicant’s information against databases and watch lists. A response about approval or decline would be generated in minutes and the account opening process would continue if approved.
Financial institutions were known to add a credit scoring review as a decision factor, which was not required per AML standards but served as further risk mitigation. Many prospective customers with low or no credit scores were then excluded from having a bank account, becoming part of growing group of “unbanked” in the US and abroad.
Digital banking and fintechs have taken the entire process virtual, increased the response time, and widened the scope of approval. With the boost from technology, new tools and ways to bank have evolved:
Prospective customers can open and access banking from anywhere with their ID, camera in their phone, and facial recognition.
New security measures for access are also including voice recognition for an additional layer of protection;
Banking’s back-office of reviewing and managing databases has improved through machine learning and helped reduce human error;
Reviewing criminal registries and denying fraudulent users access based on data is done through artificial intelligence;
Enhancements to outdated processes through technology is an exciting trend throughout banking and fintech, with no signs of slowing down. The caveat is that the efficiency and speed still needs to gather the required data and perform the necessary review. Especially with FinTech companies, KYC requirements get muddled between what’s required and what’s optional, and why certain firms (especially industry giants) seem to ask for less. All financial services organizations should ensure they meet or exceed what’s federally required for their platform’s long-term benefit (in deterring fraud and illegal activity) and the bank partner they work with (who has their banking license on the line).
KYC challenges in today’s banking landscape
As inclusive as neobanks and challenger banks have been to expanding banking services for the world’s unbanked and underbanked, there are still challenges that these companies (and financial institutions) face with KYC. Overall, there’s no standard, uniform offering that satisfies the goals of regulators and need for fintechs to reduce friction. Here are the critical industry issues facing platforms:
Outdated infrastructure: Many established banks lack the infrastructure to support the most up-to-date tech. Most concerning is that technology and data for AML is considered the most outdated for financial institutions (per CEB);
Ongoing maintenance: For financial services organizations that have the latest infrastructure, the maintenance and compatibility of their system is still a concern. Regulators have modified existing rules frequently to address changes in financial crimes. The best-in-class software and solution can reduce the time in updating to new processes, but there still needs to be changes properly reflected.
Poor customer experience: For FinTech firms looking to offer a seamless account opening process, this is where their main concern lies. As an industry, new customer onboarding time is trending up from an increase in 2017 of 18% (per Thomson Reuters). The same report showed banks can spend up to 3 weeks to complete their review process. Overall, about 90% of users have a poor KYC experience, causing about 12% to switch to an alternative provider. When there was a user under extended review, firms communicated poorly about current status (only 30% of the time);
High costs of non-compliance: Penalties and fines from government agencies continue to increase globally for banks and fintechs missing required guidelines. In the EU, non-compliance can cost $4M annually. Aside from financial burden, companies will also suffer reputational risk throughout the industry and may lose market share in their existing client base;
For institutions that operate in multiple countries, international compliance brings an added layer of complexity with cross-border KYC and new guidelines for AML.
Within user experience itself, KYC challenges that negatively impact onboarding are manual completion of various data fields, and numerous verification steps and pages that reduce the likelihood of users getting to the end. Added friction (or tasks that make the process longer or more difficult) reduce the growth and scale of a company by causing a lackluster first impression. For startups, the first months of being launched are the most critical — a process that’s more difficult than it should be can lead failure. Customers making comparisons between companies with similar offerings would choose the option that requires the least amount of information. A new segment with the FinTech compliance sector focuses exclusively on KYC onboarding and monitoring for banks and fintechs, bringing speed and robust program support.
top COMPANIES with KYC SOLUTIONS
As regulatory compliance standards evolve, tech companies have built tools to help financial institutions stay up-to-date. Startups across the world have created solutions that reduce the burden of building an in-house compliance division. Here are some top firms in the US and abroad:
Alloy helps firms in decision-making with quality data via a single API. Their proprietary dashboard manage identity verification from onboarding throughout the customer lifecycle, and mitigate afainst fraud and financial losses;
Jumio created KYC and AML solutions for financial institutions based on AI, which cover, ID verification, authentication, transaction monitoring, AML screening, and fraud detection;
Beam Solutions caters to financial institutions, banks, clearing houses, and any regulated entities that utilize blockchain. With its API-based SaaS platform, platforms can reduce false positives, boost transaction monitoring, and gain additional support for AML, KYC, and SAR (Suspicious Activity Reporting);
Onfido originated in 2012 from a group at Oxford University, who focused on disruption in running background checks. As an experienced private global tech company, their team has expanded to provide multiple compliance solutions as a trusted partner;
IDnow provides KYC solutions and electronic signing solutions for the financial services industry. Offers AI-powered solutions, that provides real-time customer's data and automates the customer onboarding process. Features include person verification, database verification, identity verification and e-signature. Also serves automotive, digital contract management, e-commerce, telecommunications industries.
Socure leverages digital and social checkpoints to help platforms better verify customers as being valid against the info provided at onboarding. Their social biometrics program is utilized for KYC onboarding to reduce potential losses from fraud, customer friction, and further overhead burden for companies;
Trulioo has its international GlobalGateway solution for electronic identity verification (eIDV) to help companies adhere to AML and KYC rules. Within insurance, e-commerce, and finance, Trulioo helps with risk mitigation and compliance globally;
KYC Global Technologies launched in 2016 with screening and data analytics software that focuses on banking, money services, insurance, accounting, real estate, and securities. Over 700 companies and agencies are part of its client base;
Sumsub is another compliance company with an AI-based platform that covers fraud and ID verification with automation for anti-fraud, data storage, and regulatory support;
Trunomi provides tools for KYC, customer data, and onboarding. TruHub is their premier solution for enterprises — TruMobile is the customer-facing app for institutions and end-users to control their own PII (Personally Identifiable Information);
AU10TIX automates capture, validation, and generation of digital records of government docs (e.g. passports, identity cards, driving licenses). The company helps detect ID fraud with effective KYC compliance — replacing outdated manual processing, and increasing speed and efficiency with risk management;
ANTI-FRAUD MEASURES AND RISK MITIGATION
KYC and being in compliance are not one-stop destinations for financial services organizations. The behaviors and controls play a daily part in reducing fraud in the banking system. Fraud prevention measures that many KYC providers include or internal compliance teams have built:
Compiling data on user behavior for analysis of suspicious patterns in transactions, which can lead to chargeback fraud; transaction monitoring may be required by regulators for certain companies that offer securities/investments, to track source of income and flow of funds;
Continuous monitoring of suspicious activities from customers on a platform;
Adding reviews of criminal profiles and other databases against existing users to prevent potential bad actors;;
Enable anti-spoofing that covers IP address, phishing, caller ID, and facial spoof attacks;
Ability to flag deep fakes that use stolen or fake photos identities, and other docs submitted online;
Once a company has a strong grasp of its KYC and anti-fraud program, it can focus on platform specifics of customer profiles, allowable transaction limits, how funds will move in and off the app, and prohibited user behavior.
FUTURE OUTLOOK for KYC
Know Your Customer (and compliance overall) in financial services will continue to be a hot topic globally. Regulators are constantly updating measures to minimize illegal activity and criminal networks of fraud. Banks and fintechs building a reputation virtually need a seamless, fast onboarding process to build early trust and loyalty. Both sides struggle to find a middle ground that’s a win-win.
In a sign of collaboration, The US Financial Crimes Enforcement Network (FinCEN) has recently asked for feedback on a multiple AML changes under consideration. FinCEN is reexamining the framework for BSA based on innovation from FinTech that have added compliance complexity. Modernizing regulation in the US would be a welcomed change towards consistent and transparent standards.
As KYC vendors and providers enhance their solutions, banking companies can outsource their compliance programs and focus on user growth and acquisition. New models and tools will be created that meet government requirements with minimal user friction. The industry would be in a better place when it comes to fraud prevention and reducing losses — all at a lower cost for compliance.
Enjoyed the article? Please comment and share below.
Feel free to join our community @FinTechtris for industry content & discussions (includes trends, deep dives, and sector analysis)
Signup for our newsletter today —>