eIDs for KYC: no silver bullet yet, but golden potential
Opportunities for existing and new market players to bridge the gaps
The ever-increasing regulatory burden is giving financial institutions a hard time these days. As part of their digital transformation, they strive to deliver customer friendly onboarding experiences. But they are also faced with increasing compliance costs, amongst others due to Know-Your-Customer (KYC) obligations [i]. Recent Innopay research [ii] for Signicat – a leading provider of electronic identity solutions – shows that national electronic identity (eID) schemes offer great potential for financial institutions to streamline their KYC-processes. Still, there are quite a few issues to be solved before we can reach a fully automated, eID based onboarding experience. This blog elaborates on the opportunities this offers for financial institutions and Digital Identity Service Providers.
Knowing-Your-Customer: now more important than ever
To further prevent the use of the financial system for money laundering purposes and the financing of terrorism, governments have established stricter Anti-Money Laundering (AML) and Counter Terrorism Financing (CTF) legislation in recent years. And although AMLD4 has just been implemented by the EU member states, AMLD5 is already underway. But KYC is easier said than done, and requires major organisational expenditures. At the same time, competitive pressure is increasing in the financial sector due to the innovative use of digital technologies. Attracting new customers has become a major challenge, as they demand a smooth and customer-friendly onboarding experience, enabling them to establish a business relationship with financial services providers within a matter of minutes.
A major challenge for financial institutions is then: how to meet KYC-obligations while minimising the cost of compliance and at the same time maximising the inflow of new customers? To answer this question, Innopay analysed the digital identity landscape for seven European countries [iii] and looked at what role eID schemes can play in meeting KYC-requirements that AML/CTF legislation imposes on financial institutions.
Characteristics of eID schemes limit usability for KYC-purposes
During the Innopay analysis, 13 digital identity schemes were identified. They all can – at least to a certain extent – be used to verify the identity of the customer, but still gaps exist between what the schemes can offer and what financial institutions need to comply with KYC-requirements:
Most schemes can only provide part of the information that financial institutions require to verify the customer's identity to the institution relying on them. Moreover, some of the national eID schemes can only be applied in a customer-to-government context, which makes that they cannot be used for KYC-processes. And some schemes cannot offer the appropriate level of assurance with regard to the customer's identity, so that financial institutions relying on them would not have enough certainty on who they are dealing with. Finally, the analysis showed that eID schemes are very much oriented towards their own national territory, which limits their usability in a cross-border context.
So, although the use of eID solutions has the potential to drive down compliance costs and on-boarding abandonment rates, in most European countries there is quite a bit to do before financial institutions would only need a customer's digital identity for fulfilling KYC-obligations. But despite these gaps, the implementation of AMLD4 may well promote the use of digital identities for KYC-compliance.
AMLD4: more room for remote onboarding of new customers
With technological development advancing, the use of digital techniques has become common place when identifying new customers and verifying their identity. This will be further promoted by the fact that, contrary to its predecessor, ALMD4 no longer qualifies the customer's absence as a high-risk factor by itself. Although depending on the AMLD4 implementation of individual member states, this creates more room for onboarding new customers via online channels and the re-use of digital identities from eID schemes [iv].
The fact that AMLD4 allows financial institutions (and other obliged entities) to outsource (parts of) the KYC-process could further promote the use of eIDs for onboarding purposes. Outsourcing may be done either to a fellow obliged entity that needs to comply to all AML requirements itself, or to an external party that is not covered by AML legislation. For outsourcing to the latter, additional prerequisites apply. This makes that schemes operated by banks, such as Giropay-ID (Germany) and iDIN (Netherlands), can offer an advantage over other schemes for relying on digital identities for KYC-purposes.
Opportunities for DISPs and other players to bridge the gaps
To conclude this blog, the use of eIDs for onboarding has promising potential, especially now AMLD4 leaves more room for the use of eIDs for the verification of a new customer's identity. But considering that most eID schemes cannot provide all information needed to comply with KYC-requirements, where do you go to collect the missing attributes to complete the customer's identity verification? And how do you combine information from national eID schemes, traditional ID documents and other different sources?
This is exactly where Digital Identity Service Providers (DISPs) [v] such as Signicat, can play an important role. As new market players, these DISPs are specialised in aggregating information from different identity sources to one verified digital identity. DISPs can also facilitate cost-efficient and cross-border interoperability between eID schemes and other identity verification methods in a differentiated European market for digital identity solutions.
Banks can play a role here as well. Given the aforementioned advantage of bank operated schemes, other obliged entities can rely on the verified identity information that can be disclosed through these schemes. This offers banks the unique opportunity to capitalise on the effort they put in creating a database with customer identity information. Why not develop new business models for the re-use of your information by other obliged entities?
Want to learn more about how to fulfil KYC-requirements and what role eID schemes, DISPs and other market players can play in this? Please contact us for more information!
[i] KYC and associated processes cost the average financial firm $60m annually, according to a Thomson Reuters survey (https://www.thomsonreuters.com/en/press-releases/2016/may/thomson-reuters-2016-know-your-customer-surveys.html)
[iii] The seven European countries that were analysed are: Austria, Belgium, Germany, Luxembourg, Switzerland, The Netherlands and United Kingdom
[iv] See our earlier blog Banks are not using the regulatory potential for digital onboarding for more information
[v] A company that enables a relying party to gain access to various digital identity solutions