There is typically an imbalance between the amount spent to combat financial fraud and the losses incurred from fraud – the costs are high, and the preventative ability is still too low. In addition to the monetary costs, the user experience of Know Your Customer (KYC) processes is overall fairly negative, marked by long processing times, manual and in-person document checks, questionable privacy practices around data capture and storage, and repetition.
When we consider the reason for the existence of KYC – preventing international financial crime through assessing the risk a potential customer poses to a financial institution – it should come as little surprise that successful KYC Utilities are not more common. The goal is to determine the level of risk that would be incurred by the bank onboarding the customer, not the risk to the international banking community. The orientation is on the individual institution, and so it is only logical that common platforms that share information and reduce repetitive processes are far and few between.
A new model for conducting KYC processes should be considered, and the KYC Utility – a platform approach to doing KYC – has made its debut. It enables financial institutions to access a single platform for KYC information on (potential) customers. Financial institutions also may input customer information into the database for use by other institutions. The KYC Utility leaps from protecting a single financial institution from risk to protecting the community by sharing valuable insights and reducing the costs to provide additional protection.
It goes almost without saying that data standardisation and alignment on international KYC requirements are essential for success. There are a small number of functioning KYC Utilities, typically limited by region and the participating financial institutions such as in the Nordics and in Singapore, which offers advantages. But rather than focusing on these limited capacities of today, KuppingerCole Analysts suggests considering the potential of tomorrow: a reusable, verifiable identity.
Cross-institutional KYC with trust and collaboration between banks has been a barrier to successful KYC Utility services. Much of that is the unwillingness to accept the risk of relying on the decisions of other institutions for one’s own KYC responsibilities – be it accepting the decisions of other banks, or from the multiple third-party vendors that could make up a managed KYC utility solution. But the challenge of standardising international requirements and lack of quick and affordable verification has up until this point been a hindrance.
But the status quo is changing: imagine an example of KYC Utility that could soon become reality; one that is immutable, reusable, verifiable, and connected by common standards. Banks onboard and conduct KYC on their incoming customers. From here, multiple technological methods emerge: the customers receive verifiable, reusable credentials which they hold, or their bank acts as an identity provider for other relying parties. In both the decentralised and federated scenarios, the customer can present those credentials to other financial institutions and undergo a rapid verification which confirms that the verifications done earlier are still valid. These solutions cover the identity verification aspects of KYC and make huge strides to reduce the workload and cost of repetitive actions, and they can be combined with ongoing transaction monitoring and other Anti-Money Laundering controls.
A new customer onboards with a bank and undergoes a remote identity verification of their documents and person. The results are stored as a Verifiable Credential, an emerging standard that issues a tamper-evident claim that can be cryptographically verified can be linked to a Decentralised Identifier (DID), and includes proof of who issued it. The customer is now equipped with their Verifiable Credentials and can share them with the financial institution to access the services they need.
When an interaction between a customer and a bank – any bank – triggers a KYC process, the customer is prompted to share the credentials with the bank. The bulk of the verification steps have already been completed at onboarding, so this interaction only requires verification that the Verifiable Credentials are still valid, and any security uplift that the bank decides the customer needs.
GAIN is an international collaboration to leverage the trusted identities issued by financial institutions for reuse in any industry. This means it could be used between banks as the identity verification aspect of a KYC Utility. Users can access their verified identity from financial institutions and use it to authenticate with other organisations that they interact with to government entities, employers, service providers, health providers, and more. It is a network to provide trust in identity transactions; to ensure that individuals are who they claim to be while interacting digitally.
The benefits of such a KYC Utility are many. The credentials are easily and quickly verified without consuming resources to collect and check paper documents against public sources. The costs of verifying and onboarding customers are drastically reduced due to the reusability of the credentials issued to customers. The common standard allows banks to onboard and accept the verifiable credentials issued by other institutions and adjust to their own risk capacity by security adding uplifts. This is a privacy-preserving method that is in contrast with current methods of sending hard copies, emailed scans, and other semi-digitalised methods of proving an identity. Minimal data collection and sharing are possible, protecting the individual and banks from the risk of a data breach that normally accompanies KYC Utilities initiatives – where a honeypot of personal data is created, not just from a single bank, but from many. Duplication of work is also reduced and time to onboard new customers is saved, and potential dropout from too much time lost until access to services granted is reduced.
Decentralised and federated identity verification and reuse may solve the KYC business requirements better than other options, becoming an enabler of KYC Utilities.
This editorial was first published in our Financial Crime and Fraud Report 2022, which showcases the innovation and development of the best practices and instruments used by financial institutions in their fraud prevention activities, to improve the digital onboarding process of their customers while fighting against financial crime.
About Anne Bailey
Anne Bailey works as an analyst for KuppingerCole Analysts covering emerging technologies such as decentralised identity and artificial intelligence, as well as information protection topics including privacy and consent management. Her current research can be found at kuppingercole.com.
About KuppingerCole
KuppingerCole, founded back in 2004, is a global, independent analyst organisation headquartered in Europe. We specialise in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM, Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now