Digital identity verification - Risk vs. rules in compliance automation

What's the difference between a risk vs. rules approach to digital identity verification? A KYC process that enables better decisions, and one that avoid unconscious bias and financial exclusion.

Posted by: 
Christine Bailey
  |  
Aug 11, 2021

August 11, 2021

As a marketer, it’s hard to imagine a world without technology designed specifically for the marketing function. According to Scott Brinker’s well-known Martech landscape graphic, there are now more than 8,000 marketing technologies to choose from.  These technologies have been essential in helping us marketers understand and respond to customer behaviour, which has changed fundamentally in recent years and had a rocket put under it in the last 18 months!

If you were sitting in the compliance or risk function, it was a very different story.

For risk and compliance teams, the technology ecosystem was “on its way” and full digital transformation was potentially years away. Yes, things had changed, customer expectations were evolving, but there was a long way to go.

Serving a different master

The 1st wave of RegTech or Regulatory Technology was designed to satisfy regulators, not compliance professionals and certainly not their customers. It was about digitising access to datasets that governed the physical economy – relying on passports, business registers, government sanctions lists, etc.

The tech enabled compliance teams to onboard customers and manage their KYC and AML processes in a way that satisfied regulators.  

Then BOOM, along came COVID….

A dangerous revolution

When the pandemic hit, the world went from approx. 15% of the population working from home to more than 50% and this trend is set to continue, permanently. We have become internet citizens, online consumers and remote workers. A digital world needs a digital identity. Global businesses need to establish trust online and ensure the person they’re interacting with is who they say they are.

Because, unfortunately, financial criminals are also exploiting the disruption caused by the pandemic and are finding novel and sophisticated ways to commit fraud and launder money. Around one in five businesses have seen increased instances of fraud in the past year according to PWC.

The number of new regulations is rising accordingly – by August 2020, more than 1,330 COVID-19 related regulatory announcements had been made globally by different regulators. And a record $10.4bn worth of fineswere issued in 2020.

Imagine sitting in the shoes of the compliance team –having to work with technology that was designed to be on-premise, in a specific physical setting, and built to satisfy regulators, not their profession.

Computer says no

And what about the customers of these compliance teams, internal and external? They have high expectations of fast, digital, seamless and exceptional customer experiences.  Most financial services companies end up letting their customers down, from the onboarding stage, and that’s hard to recover from. According to Sales Cycle, 75% of applications for financial products are abandoned and 88% of consumers want more control over their data.

Competing forces – local vs global

Although the digital economy is global, in recent times the trend has been toward national protectionism -

  • Political influences have compounded this – Brexit for instance
  • Covid – yes it’s a global crisis but every country has responded locally
  • Local regs have been introduced – Corporate AML regs in the US and Canada

These local pressures and localised thinking have to be balanced or sit uncomfortably inside a global digital economy that doesn’t respect borders. There are new crypto currencies launching, booms in forex trading and an upswing in trading in physical commodities.

So how do financial services, and particularly compliance teams, balance these competing forces? Perhaps it’s time for a new approach to customer due diligence; one based on risk rather than rules?

Firms need to be sure their approach to KYC compliance supports the balance between offering personalised experiences and corporate demands; between competing on a global stage and operating in accordance with local regulations. It’s a tricky balancing act because there can’t be any compromise between customer experience and compliance.

Fighting unconscious bias

McKinsey estimates 3.4 billion people have some form of ID but have limited ability to use it in a digital world – and that includes the digital economy. A rules-based approach to KYC compliance could, unwittingly, take you down a path of compromise and unconscious bias.

Rules can be too rigid or restrictive when it comes to dealing with the complications of real people. Often rules fall short of accounting for complexities and all the variations associated with customers and what they do or how they behave – moving from place to place, getting married, taking new jobs.

Whereas a risk-based approach to KYC and verifying digital identities balances the need for compliance with local regs and customer expectations in a global economy

So, what are the components of a risk-based approach to KYC?

While regulators haven’t been prescriptive around the risk models FinTechs implement to control compliance, there are key parameters or factors to consider, and these are dictated by law. These are the factors that will be important in ensuring firms onboard legitimate customers, while excluding fraudsters and money launderers.

A risk model will be bespoke to each FinTech.

The risk model will be built up depend on whether an individual or institution is being onboarded; what products are being sold; where they are being sold; the appetite for risk; the countries of operation…and the list goes on.

It’s vital to exclude financial crime and equally important to give genuine customers access to financial products. There are a lot of nuances to consider in making evaluations about whom to onboard, and a risk-based approach helps deal with that complexity.

Let’s give an example - You get an application from an individual who has a Syrian passport. With a rules-based approach, that individual is likely to be rejected, as Syria is a country that’s on your ‘no’ list. Wait a minute, though. The applicant has a Syrian passport, but they have lived in the UK for 10 years. Then you might be making a different decision.

This is the beauty of a risk-based approach to compliance automation; it allows for greater flexibility and nuance. The risk-based approach to compliance allows for more subtlety. It concedes complexity in people and what may require a human eye for true judgement.

Going back to our earlier example, a machine might make the decision to say no to someone with a passport from a particular country, but it might be better to kick that over to an individual who can review the application, trigger additional tasks, and complete enhanced due diligence.

A risk-based approach to KYC helps you to make better or fairer decisions.

A risk-based approach

If the risk-based model enables you to make better decisions, it also enables you to build a picture of a customer and have a dynamic KYC process. You can do more progressive profiling during the due diligence process.

Taking a risk-based approach enables FinTechs to make the best use of their compliance resources. It means decisions can be justified to regulators – you have clear reasons and proof why certain decisions were made. And it helps prevent unconscious bias in a digital economy where people need access to financial products online.

All the while, financial services forms are ensuring they create trust with real customers and can deliver better customer experiences. If risk factors have been modelled correctly, based on a company’s risk policy, automation can remove much of the friction from the process.

The 2nd wave of RegTech

This is where RegTech, designed for the digital economy, comes into its own. Automation bears the load for compliance teams, helping them make risk-based decisions with no compromise between compliance and great customer experience.

A risk-based approach to KYC compliance automation means you can onboard at scale and across a global theatre. You don’t have to waste time and resources checking high volumes of low-risk applicants – let them go through STP. But bring compliance professionals into the process for medium or high-risk cases – or simply when judgement is needed.

The most important thing is to allow flexibility into the digital processes because the world is constantly changing. You can’t “set & forget” a compliance process because things will always be different a year from now and skilled people will always be critical to success.

To automate or not to automate?

Certain tasks can and should be automated:  For example:

  • Data entry
  • Data collection
  • Automatic escalation
  • Dynamic forms to ask more questions

The weight of compliance activity can then fall on technology automation, instead of on the compliance team – or worse still, the customer.

Automating tasks with RegTech enables compliance people to focus on critical thinking, building trust and creating better experiences, using their skills, judgement and expertise to add value.

For FS customers there is less waiting, fewer touch-points, less friction in the onboarding and due diligence process. Faster engagement with real customers can only be a good thing. They want to interact with your products, not your KYC process after all.

In summary

Be open to the second wave of RegTech, which is designed for compliance teams, their customers and the digital economy – not just built to satisfy regulators. And don’t let the computer say NO just because someone has the wrong passport.  

FS firms don’t have to compromise when it comes to compliance and customer experience when they choose a modern SaaS RegTech solution. It’s possible to have both regulatory compliance and fantastic customer experiences at the speed of the digital economy. Don’t settle for less.

Get in touch

The team would love to talk to you about your approach to digital KYC and what you want to achieve. Please get in touch any time!

...

Related Articles

Get in touch!

We would love to show you what PassFort can do.
Please get in touch anytime to book a demo or keep reading to discover more about how PassFort can help you.

BOOK A DEMO