It’s been a busy year for Financial Institutions worldwide. And even though the regulatory landscape began to clear due to ongoing dialogues between regulators, examiners, and businesses, financial organizations still have challenges to face when it comes to bridging the gap between their brick-and-mortar operations and the newer digital channels.
With that in mind we recently hosted a webinar titled Top AML Challenges for Banks and MSBs in 2017: FinCEN’s CDD rule and Digital KYC, with Kathy Tomasofsky, Director at Money Service Businesses Association, David Landsman, Executive Director at National Money Transmitters Association, and David Schwartz, CEO at Florida International Bankers Association.
In it we discussed how banks and other covered financial institutions should prepare for May 11, 2018 (the compliance deadline for FinCEN’s CDD Rule), how this rule affects the relationship between banks and money services businesses – both generally, and specifically in the context of de-risking – and reviewed the requirements of “The Fifth Pillar” of BSA as enacted in the CDD Rule.
Because of time constraints we couldn’t offer you the breadth and depth of content we had prepared explaining some of the challenges of KYC in Digital Environments. So instead of selling you short, we’ve put together this blogpost to walk you through what we had planned, and to answer some of the questions that were asked during the webinar.
What is the difference between online and onsite KYC?
Face-to-face (F2F) Know Your Customer (KYC) has no shortage of challenges, but these challenges are known. However, Compliance and Risk professionals must now meet regulators’ expectations, for F2F as well as Non F2F KYC across jurisdictions worldwide.
Most KYC regulation was written with F2F interactions in mind and exporting existing policies to a digital environment can be a challenge. Doing so in a way that is not detrimental to your customer’s experience is an even greater challenge. After all, this is the Twenty-first Century and a frictionless seamless UX is something customers expect. This is where the fun part begins, no pressure.
KYC processes and procedures are subject to the same set of laws and regulations, whether digital or F2F. That means your obligations, as a regulated institution, are the same, and examiners won’t be more lenient in an online setting. In fact, because you and the potential customer are not at the same physical space, you need to be more careful as the risk is higher.
A digital environment for your product/service will bring about many benefits, and we’ll discuss them shortly, but setting up your business for online channels will also create a new set of requirements both your Compliance and Product teams need to think about in terms of operations, cost structure and user experience. Now, let’s take a look at the challenges.
Challenge 0 – The Cultural Predicament
A common misconception is considering Digital KYC a technology-only issue, when it is also a cultural challenge. The digital transformation journey is long, but necessary to meet your customer’s expectations. Thus, understanding the two dimensions of this cultural challenge can make a profound difference on the outcomes of your innovative change initiative.
The cultural challenge starts with internal and external push and resistance. Going digital requires a cultural change within your organization, from business models and human resources, to operational processes and employee incentives. Change costs money, and Senior Management needs to grasp the importance of this investment in the long term, as a way to secure the future of the institution.
Redesigning your KYC processes and procedures for a true omni-channel customer experience will require a close partnership between Risk & Compliance, Product and IT functions. Historically, Financial Institutions are siloed and fragmented, both on a human resources level, and on a data and technology level. Bringing down data siloes, integrating different data management systems, normalizing data taxonomies, and building effective cross-functional teams is an “all-hands-on-deck” exercise, that beyond management’s buy-in, will also need organizational support.
This functional integration is the difference between cosmetic changes, with no real impact on your bottom-line, and a true digital transformation that translates to revenue growth. Simply put, digital transformation is not about offering your current products and services (designed for branch locations) online, or about introducing a new digital capability at the front-end, while on the back-end you still have a paper-heavy inefficient process.
Externally, it is a social and generational challenge. The reactions and behaviors of different markets towards branch or digital solutions are inherently part of the social fabric. Some will be more wary of digital channels than of branches, and vice-versa. The reasons are varied: corruption, distrust of foreign providers, etc; but this means you need to adjust your onboarding and KYC processes to match customer preferences on-top of remaining compliant with the specific regulatory framework. This analysis is necessary to inform how you roll-out different offerings, and how products and services are phased-in or phased out.
The generational challenge is something we’ve all read about in the past two years, specially in terms of “the rise of the millennial generation”. And even though much has been said about this topic, it is an important point when analyzing customer wants, needs, and expectations. As a general rule of thumb, you need to stay relevant to your current customers, while becoming an attractive alternative to potential ones. Older generations that are used to the speed at which things are done in branches will be more tolerant with longer “time-to-transact” timeframes. They are also more suspicious of online services if they don’t understand how they work. As we mentioned before, change is difficult for people to accept. On the other hand, younger generations expect instant gratification, and might therefore be less willing to complete an onboarding process online if they perceive it as long.
Creating a true omni-channel experience that allows customers to shift seamlessly between channels is therefore of great importance to overcome the external cultural challenges, because it allows maximum personalization and value delivery without raising your customer acquisition costs over their lifetime value.
Challenge 1 – Verification and Authentication
These are the first two steps of your online onboarding process:
Step 1) Verification: collecting information to verify that people are who they say they are.Step 2) Authentication: validating the verified information and granting customers access to the product/service.
Both verification and authentication have you request information from the potential customers. This process is very standard in face-to-face settings. Once potential customers have taken the time to go to a physical branch and begin onboarding, they are less likely to quit. Otherwise, they would have to physically go to another place, wait in line again, etc… In other words, they are invested.
This isn’t true in online environments. Your online onboarding process can have a “make-or-break” effect on conversion rates, which are tied to the amount of friction found in the user-experience. The more information you request, the more friction you create, and the more likely potential customers are of abandoning the onboarding process. However, the information you are requesting is necessary to remain compliant with applicable laws and regulations. The challenge is then finding the right balance between what you request from your users and the value they get in exchange.
Many of our clients use what is known as a risk based approach. In essence this means that the scrutiny of your onboarding process gets more strict as the perceived risk of the user being onboarded is higher. The risk can be informed from many perspectives, but in essence it comes either from the data presented at the time of onboarding, from the business model itself, or from the digital environment of the user that is onboarding.
Challenge 2 – Manual Reviews
Because of the very nature of online channels, your compliance and fraud teams will need to manually review some applications submitted by potential customers. Having a high rate of manual reviews is bad for business. They raise your costs and also delay the approval process [of the potential customer], thus diminishing the online user experience.
Growing your business and online presence means keeping the balance between high online customer acquisition rate and compliance with the applicable regulation. In this sense, manual processes are a hindrance to scalability, and a money pit, but sometimes necessary. The question is then, how do you reduce manual review volume and time spent per case, while maintaining the balance between customer acquisition and regulatory compliance and risk?
The answer, simply enough, is automation through technology.
A very successful client of ours has been able to almost automate 100% of the onboarding process. They have grown in the past two years they have been working with 100th fold and have been able to do so with minimal growth in the their risk and compliance teams. In compliance, not everything can be automated but there is plenty that can.
Digital Identities for better KYC
The value and potential of Digital Identities have, for years, been taken for granted. But no more. A digital identity is the combination of an individual’s digital footprint and physical-real-world information, their transaction history, and their behavior. It validates that individuals are who they say are, AND, from the identity risk perspective, are acceptable to work with.
Addressing the cultural challenge with digital identities creates a perfect segue for tackling the other two challenges next. Of course, the cultural challenge is more subjective in nature, but adopting the right technology solution can have a good impact both internally and externally. Digital identities create an integrated data environment that gives you a broader view of each customer to better understand and analyze them, furthermore, these data points are programmed as inputs to your processes and risk models, allowing you to create smooth and efficient onboarding processes.
Digital identities can be a key ally in creating a great UX so that you can onboard more customers. By leveraging digital identities during the onboarding process, you can personalize the UX to match the risk associated with the user or transaction. And using different stages of KYC, that are informed by the assessed risk, allows you to place friction points only where necessary. Making the authentication and verification processes not only seamless, but also less painful for the potential customer, and reducing the “time to transact” – one of the main reasons for abandonment during an onboarding process.
As for manual reviews, the approach is twofold:
- Lowering the amount of applications that your team needs to manually review,
- Reducing the amount of time they have to spent per case.
Businesses need to pay close attention to their manual review rates, as they can become an ever-increasing source of operational costs – with minimal value associated with it. Digital Identities give you the ability to operationalize risk, by automating the review process, presenting the data so that you can quickly and efficiently evaluate transactions. Moreover, using digital identities gives analysts a relevant picture of the historical behavior of a user, as well as the historical performance of different types of transactions. This data adds context to the specific case, helping the analyst make a more accurate decision in less time.
These challenges are just a small example of the applicable situations for digital identities in online financial transactions. At IdentityMind Global, we’ve been working on digital identities for the last eight years, building technology that can help organizations grow and scale, delivering better products and services to their customers, while eliminating security threats and lowering compliance and regulatory risks.