The core principle of anti-money laundering (AML), and financial service as a whole is Know Your Customers (KYC). However, KYC regulations and an evolving technology landscape make it difficult for financial services firms and other organizations to keep up with the changes happening around KYC and AML.
What is KYC?
KYC, simply put, is the task of confirming the identity of a customer. We’ve all participated in a KYC process when we’ve presented an ID at the DMV, doctor’s office, bank, or even at a liquor store. While there are varying degrees of risk involved in each of those businesses, the main idea is that you’re using a trusted source to confirm you are who you say you are. In the digital age, however, this becomes a trickier process.
Criminals have always sought ways around the KYC process, but technology and the rise of digital banking have made it far easier to launder money. This is why advanced technology is needed today to not only confirm the identity of a customer but regularly verify that identity when transactions are a large size or suspicious nature are made. To this end, many nations and controlling bodies are updating their KYC regulations in the 21st century.
KYC Regulations Revamped
From the European Union to Mexico, KYC and AML regulations are the targets of serious revisions to include evolving technologies, from smartphones to blockchain, as part of the KYC process. Today, financial institutions are required to not only verify the identity of a customer when they open an account, but also maintain detailed records of that customer’s activities, question suspicious transactions, use out-of-band mechanisms to authenticate the customer, and, when in doubt, report problems to the relevant regulatory body.
It’s also essential to remember that your organization isn’t only affected by the regulations where it’s located. You also need to comply with the regulations of where your customers are. This means US businesses with German customers need to comply with GDPR, UK firms with US customers have to comply with the OFAC, and so on.
Of course, all of this has to occur in a way that doesn’t interfere with the customer experience, particularly if they aren’t doing anything wrong.
Simplifying Identity Verification in KYC
For modern banks, the majority of their customers, if not all, will have a smartphone. This provides a particularly useful tool in KYC. Many banks currently send a push notification to a customer when calling customer support to verify they are who they claim to be, but this only goes so far. Customer identification procedures need to be as fool-proof as they can be to avoid being bypassed. A basic paper or digital check using a code or an official ID provides a baseline, but it also creates a pressure to be able to verify the authenticity of that ID or code. This creates a cycle of proving identity that needs to be simplified.
Many banks are beginning to turn to biometrics as a way to verify the identity of their customers, but this presents another obstacle – enrollment.
Identity and Enrolling Biometrics
In order to utilize biometric authentication to confirm customer identity as part of the KYC process, one of two scenarios is necessary.
- You have a government biometric database to compare captured fingerprints against.
- You capture the customer’s biometrics upon account creation, after verifying their identity, and use them for future authentications.
Both of these scenarios provide a significantly improved user experience than traditional KYC methods but require significant setup on your part to integrate them.
Capturing fingerprint data during customer onboarding, either to match against a federal database or to match against later on for transaction authentication, can simplify KYC, but can also be costly. On the other hand, it provides additional identity verification beyond a paper ID or other form of authentication. If you’re matching against an existing database, you’ll need a solution that can export the data to the same format. If you’re creating a database, you’ll need a cost-effective way to capture and securely store the data for matching later.
Ultimately, a mobile-based biometric system, like Veridium’s 4 Fingers TouchlessID, provides the tools necessary to deploy biometric identity verification and authentication for any bank or organization looking to improve its KYC processes. Just remember that biometric authentication alone doesn’t provide KYC, it needs to be integrated with your existing KYC systems and optimized using one of the above scenarios.