KYC On-Boarding Technologies - Solutions in the APAC Financial Services Industry (PART II)
This is the second part of the KYC On-Boarding Technologies article. In the first part of the article, the KYC utility model has been introduced. The benefits and key constraints of the model were discussed. In part II of the article, mobile KYC on-boarding solutions will be discussed.
Part II: Mobile KYC on-boarding
Mobile KYC on-boarding aims to minimize the effort to identify and verify customer’s identity by using a bundle of innovative solutions, for example, biometric data and IP verification. It also aims at reducing the amount of manual work during the KYC on-boarding process. Figure 1 and 2 show the differences between traditional KYC on-boarding and mobile KYC on-boarding:
As illustrated in figure 1, the traditional KYC on-boarding model requires manual processing, including scanning, verification and storage of information like ID Card and address proof. These manual processes make the on-boarding workflow not efficient. To address this, mobile KYC uses a different approach in customer on-boarding. As illustrated in figure 2, by using an on-boarding mobile application, customers will need to scan his/her ID and address proof using mobile devices. Then, customers may need to provide biometric data (e.g. fingerprint and voiceprint are common). After providing the information, the mobile application will then automatically conduct verification. For validating ID, the application will use face detection technology to compare the photo on the ID card and the customer uploaded file; matching threshold would be pre-defined for validation. For validating address proof, the application will use IP detection technology to compare the IP address against the address proof. For validating biometric data, the application will seek out a 3rd party biometric database (most likely the government database) to verify customer identity. The video recording function of the application can also obtain other required customer information and convert that information into text. After the verification processes, the mobile application will automatically store customer information in a centralized database or KYC utility. Examples of existing mobile KYC products are:
- TruMobile provided by Trunomi
- Smart Process Mobile Apps for KYC provided by IDmission
- IDscan Mobile provided by IDscan
KYC on-boarding using mobile applications have the following benefits:
Benefit #1. Reduce manual work and human error
KYC on-boarding mobile applications automate the identity verification and data storage process. Unlike the traditional model that solely based on manual eye-ball checking on ID card and address proof, by using biometric data, Financial institutions (FIs) can easily verify customer identity by matching the provided biometric data with the 3rd party biometric database. This allows the whole process to be automated and thus reducing the manual workload as well as the discrepancies due to human error.
Benefit #2. Reduce customer on-boarding time
In the traditional model, the process of collecting and verifying KYC documents usually takes a long time, especially for large corporations. The mobile KYC model reduces the time to collect and verify those documents. For corporations, instead of sending emails chasing outstanding KYC documents, they can just ask their beneficial owners to use the apps to scan the required KYC documents. The mobile KYC model also transforms manual verification into automatic verification, which can greatly reduce the on-boarding time. The overall service standard of KYC on-boarding due diligence process is therefore appraised and thus deliver a better customer experience.
Constraint #1. Collection of biometric data
Given that mobile KYC on-boarding involves the collection of biometric data, regulators may have concerns about data privacy. In some countries, there are regulations on the collection of biometric data. FIs can collect biometric data from an individual only if certain requirements are met. In Hong Kong, for example, the “Guidance on Collection and Use of Biometric Data”, published by the Office of the Privacy Commissioner for Personal Data, requires a privacy impact assessment before an institution can collect biometric data.
Constraint #2. Storage of biometric data
Storage of biometric data has become a very sensitive topic. This is because of the uniqueness of the data which may lead to unauthorized re-identification of individuals or impersonation in the case of data leakage. Thus, some regulators may concern for the data security issue. For example, both Hong Kong and Singapore regulators have technology risk management guidelines to regulate FIs on the collection and storage of biometric data, by issued Policies of Information Security and Data Privacy.
Constraint #3. Availability of third party database
One of the major issues that FIs will face when implementing the mobile KYC on boarding is the availability of third party biometric databases. In some countries, like India, the government has established a biometric database. As a result, the third party verification of biometric data can be easily conducted. However, not all governments have that kind of database establishment. In that case, FIs will have to spend extra effort to reach an agreement with regulators and other institutions.
Looking further: Blockchain-based KYC
Although mobilizing the KYC on-boarding process can ease and automate the data collection and input, reducing the customer on-boarding time, the information security risk remains a key concern. As a solution to balance out the benefits and the risks, significant development efforts are currently being put into KYC solutions powered by blockchain technology.
Blockchain is a decentralized or distributed digital record of data that is shared across all participants of the network, applying a consensus mechanism, for the transparency of data and for safeguard against unauthorized access and tampering. Simply put, if someone wants to add or change data on the blockchain, validation from all members of that network must be obtained.
Blockchain technology enhances the KYC utility model by ensuring reliability and validity of KYC data, as well as by providing transparency. Blockchain principles also address the potential data privacy issues of shared data within a network. How blockchain KYC works is shown in figure 3:
As illustrated, the KYC information will be stored in a structure called “block”. Each block is linked to the previous block with a hash, forming the chain. Tampering with any KYC information contained within the block will result in a change of the hash, and thus the block will be reject by other members of the network. Once a block is created, FIs may act as a gatekeeper to verify the block of KYC data. When the KYC information has been completely validated, only then will the KYC block be recorder into the blockchain network to be shared among the members of the network.
Data privacy of the client can be maintained through data encryption and private key cryptography, wherein the client has full control over what KYC data to share and with whom to share it.
Blockchain KYC is definitely an upcoming trend of KYC on-boarding, and FIs would gain benefits and at the same time obtain prudent risk control by giving this appropriate attention.
Conclusion: KYC on-boarding – Shifting from a data collection exercise towards risk management
KYC on boarding processes need to be reformed. The intention of KYC on-boarding is to help FIs to manage their money laundering / terrorist financing (ML/TF) risk. However, in traditional approach, the focus of KYC on-boarding has shifted to the execution of data collection and processing. FIs have invested millions of dollars every year into KYC on-boarding and remediation; however, most of the investment has been used for hiring staff to manually perform due diligence and data collection as there is a considerable non-digital data to handle. Only by using suitable technologies and KYC models, FIs are able to reduce or even mitigate the manual processes and human errors. As a result, they can refocus their resources of KYC on-boarding back to ML/TF risk management.