The evolution of KYC technology has revolutionized the financial sector, enabling institutions to conduct more accurate customer due diligence while enhancing user convenience and meeting stringent regulatory requirements.
KYC requires identification and verification of customers, their sources of income or funds, the purpose of the account, the ultimate beneficial owner (UBO) in case of legal entities, etc.
The lack of maintenance of relevant risk profiles of customers have caused significant fines being imposed on the financial institutions. The imposition of heavy fines and penalties caused institutions to consider smart and tech-based KYC processes and controls, to avoid onboarding criminals, such as money launderers and terrorists. The evolution of digital KYC required institutions to obtain and maintain good quality KYC data from customers at the onboarding stage and thereafter, for appropriate and risk-based customer due diligence (CDD) and KYC of customers.
Financial institutions have come a long way in the evolution of know-you customer (KYC). The traditional rule-based processes of KYC are now considered as immature, slow, human-dependent, and too risky to continue.
In most of the financial institutions the digitalization efforts undertaken to improve the CDD and KYC processes are in the initial phases and the institutions are discovering the potential benefits of digital Artificial intelligence (AI) and Machine Learning (ML) based KYC data identification and verification.
Institutions are facing difficulties in maintaining the balance between customer convenience and the implementation of robust AI and ML based AML compliance processes considering applicable regulatory requirements.
The Evolution of KYC Technology
Business and AML/KYC security leaders in the digital identity space constantly look for better and safer grounds to maintain the balance between the user convenience and consistent AML/KYC compliances. Advancements in AI and ML technologies present a smart way out of this current imbalance. The identity verification process of KYC has reached the next level where user convenience and AML/KYC compliances are combined as complementary to each other.
There are different key factors related to authentication and AML/KYC compliances, including performing CDD, which are:
Customer control: It includes performing identification and verification using something that the user has, such as authentication by a credit card or the smartphone of the user.
Customer knowledge: It includes performing identification and verification using something that only the customer knows such as authentication by a password or personal identification number (PIN).
Use of biometric technology: It includes performing identification and verification using customer related factors such as performing KYC by facial recognition or using some unique physical characteristic of customer such as customer’s fingerprint.
Authentication by either user possession or user knowledge alone is risky because both can be stolen and misused by criminals, such as money launderers and terrorists. To address this non-compliance risk, the financial institutions turn on the multi-factor authentication mechanism of customer and customer data, which requires customers to identify themselves by more than just a username and their passwords. In other words, by using more than just customer knowledge-based authentication, the KYC process is further enhanced for detailed identification and verification.
There is a delusion that the multi-factor authentication process involves diverse steps of authentication, such as asking for a customer username, password, and asking some set security questions, however, this is not actually the multi-factor authentication, because all the steps are just testing the customer’s knowledge.
The multi-factor authentication process requires testing a customer against at-least two different KYC components or factors such as the two-factor authentication process may include the money withdrawal from an automated teller machine (ATM), where only the correct combination of a bank or financial institution’s card that customer has and a personal identification number (PIN) that customer knows allows the transaction to be processed and completed.
The evolution of the tech-based KYC process enhanced the process of matching the internal and external customer data and building the relevant risk profile based on verified customer credentials, such as full and exact name matching against sanction lists or negative lists, date of birth, jurisdiction, nationality, source of income, purpose of account, etc.
AI and ML algorithms demand use of real-time current customer data for correct identification, and building relevant risk profiles, therefore financial institutions must ensure that they build effective and smart KYC controls to obtain and maintain current customer information, for CDD/KYC screening and verification.
Final Thoughts
The advancement and evolution of KYC processes in financial institutions underscore the pressing need for stringent, effective, and efficient customer due diligence. As traditional, rule-based methods become outdated and risk-prone, the embrace of digital AI and ML technologies offers a promising alternative. These systems are capable of seamless, real-time identification and verification, enhancing customer convenience without compromising on AML/KYC compliance.
With multi-factor authentication gaining momentum, institutions now recognize the importance of diversifying verification methods, emphasizing a blend of customer control, knowledge, and biometrics to thwart malicious actors. Yet, while the potential of these digital transformations is vast, the challenge lies in striking a balance between advanced technology and ever-evolving regulatory requirements. Achieving this balance will undoubtedly reshape the KYC landscape, optimizing both security and user experience.