Know Your Customer (KYC) has always been a fine balancing act between security, regulation, advancing technology, and customer experience. However, with the ever increasing resolution and variety of sensors within our mobile devices (cameras, fingerprint scanners) does digital biometrics meet all our goals at once by offering a single, secure, and convenient sign up process across multiple devices?
The FSA defines the two main purposes of KYC as to help firms to manage effectively their money laundering risks; and to help firms meet their reporting obligations. This process allows the bank to lower fraud, prevent ID theft, and identify any criminal or illegal activity that may be occurring. In today’s age robust KYC comes down to three core principles of verifying someone is who they say they are:
- Something they have (mobile phone, passport),
- Something they know (password, their favorite breed of dog), &
- Something they are (fingerprint, voice recognition).
However, KYC compliance comes at a cost – both in direct dollar terms and to customer experience. A Thomson Reuters poll found that on average the cost of KYC compliance for banks is $60m per year, with some banks spending up to $500m per year. The same poll also found it is taking over 2-months to onboard 30% of corporate customers, with 10% of corporate customers claiming the onboarding process is taking over 4-months. As the KYC process is one of the initial interactions a customer has with the bank this leads to poor customer experience and customers finding alternative solutions.
Digital biometrics relates to an individual's unique physical characteristics (fingerprints, facial recognition, the structure of blood vessels within the retina) or behavior traits (typing speed, sentence structure) imaged and stored within the digital world. These unique traits prove a reliable method of identifying individuals. In 2016, the FCA released a report stating that biometrics will be a new direction for Regtech allowing for 'more efficient and/or robust ways to verify identity'. There are already a number of startups and growth stage companies operating in applying digital biometrics for KYC compliance (Bioconnect, M2SYS).
Globally government agencies have also begun collecting this sensitive personal information that can then be shared with trusted third parties by extremely secure methods. Access to these databases will allow companies to easily and securely sign up new customers to platforms and services. An example where this is happening is India with the introduction of the Aadhaar platform.
Aadhaar is a national ID that comprises both biometric and standard information. This ID is linked into e-KYC and is already being used to instantly approve new mobile connections, and from December 2017 will be required to open any new bank account or to transfer any amount over Rs 50,000. A study by MicroSave estimates that the e-KYC program will save banks and telecoms over Rs 10,000 crore within the next 5 years.
The Aadhaar program shows the value that can be gathered by creating such a central database of biometric information. However, as this is extremely sensitive information it is up to us as a community to best integrate this new and exciting technology into our KYC process in such a secure way that it does not pose any additional risk to the customer, whilst still achieving our goals of a seamless user experience.