KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations have existed in one form or another for the greater part of the last two decades. Launched to protect the financial system from being used to fund and conceal the profits from criminal activity, KYC/AML regulations originally came without standards specifying the types of information that should be collected or what actually constitutes adequate KYC compliance. As a result, it was up to individual banks to design their own KYC/AML procedures and requirements—many of which covered only the minimal requirements needed in order to avoid hefty fines.
In other words, KYC/AML existed as little more than an idea. As Veridium’s CTO (and early Evernym customer) Jack Callahan puts it: “KYC will be a great thing…when it works.”
Over the next decade, KYC/AML slowly took effect, with more and more countries imposing similar regulations and new standards emerging. And recently, a surge of new regulations around the EU General Data Protection Regulation (GDPR) has brought a renewed focus on identity verification over and above traditional KYC checks. Banks around the world now have the responsibility of not only collecting, storing, and maintaining customer data (KYC/AML), but to do so in a way that honors security, consent, and the right to be forgotten (GDPR).
GDPR, and coming regulations beyond the European Union, require institutions to collect increasing amounts of data from customers, which requires upgrades to infrastructure around onboarding and KYC/AML compliance. AS KYC/AML is further defined and financial service companies around the world work toward true compliance, here are five of the most important changes we see coming:
1. More politics, more regulation
Changes in KYC/AML compliance will continue to be driven by politics. From 9/11 to the release of the Panama Papers, major crimes draw attention to new vulnerabilities in the global financial system. The increasing prevalence of data breaches and identity theft in recent years has contributed to a consumer trust crisis. Politicians interested in bolstering their reputation for being tough on crime will take advantage of valuable opportunities to hammer companies that fail to protect their customers.
As public pressure mounts in the aftermath of these events, politicians jockey for political advantage by attempting to lead the development of new regulations. Whether advocating for new solutions that help consumers or against the businesses that bring harm to them, keeping up with crime will increasingly add new dimensions of regulatory complexity. Improved standards for KYC/AML compliance may help us deal with existing forms of financial crime, but opportunists will always find new and increasingly foreign ways to exploit the financial system.
2. Consensual data use
With the new regulations around data privacy, banks will no longer be able to rely on vague agreements with customers to provide consent over the use of their data. GDPR outlines six legal bases for processing personal data:
- Legal obligations
- Vital interests of the data subject
- Public interest
- Legitimate interest
For commercial banks and financial institutions, consent will be the primary route to legal compliance. Explaining how customer data will be used is necessary whether the data is collected as a matter of legal obligation (in the case of KYC compliance, for example) or otherwise. In order to be considered valid,
“the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.”
Consent now has an explicit definition, and businesses have to be able to provide customers with specific information about the data they keep and what they plan to do with it. Integrating tools to minimize the friction of onboarding and authentication for customers will empower banks dedicated to elevating their customer experience. Nobody likes being hassled for information, so banks will have to pay more attention to their digital offerings to minimize friction. Which brings us to our next change…
3. Accelerating technology adoption
Financial institutions have generally been slow to embrace digital offerings. The need to update KYC/AML procedures to comply with new regulations has forced banks to invest and increasingly focus their attention on the adoption of new technologies. Technology adoption may be a matter of necessity, but banks are quickly realizing how digital offerings can also be used to enhance their customer experience.
An October 2018 study by LexisNexis on the cost of AML for banks in the United States found that “those that use cloud-based KYC, shared interbank databases and machine learning/AI technologies complete due diligence faster.” From new data management solutions to AI-assisted validation of data, banks are seizing opportunities to make their operations more efficient and user-friendly.
One area that will have transformative effects on the customer experience is the development of tools for decentralized identity. Decentralized identity refers to a new class of technologies that use standardized protocols to enable anyone to manage their own digital credentials using any kind of smart device. Rather than being locked-in to any specific device or management system, tools for decentralized identity will allow individuals and organizations to create platform-agnostic credentials that can be validated without needing to contact the issuer.
Every digital interaction involves identity in the form of credentials, so decentralized identity will have widespread effects on the online experience. Being able to manage and share their own credentials will let employees and customers access web services and streamline the process of onboarding and KYC/AML compliance.
4. A world of haves and have-nots
Raising the bar for compliance is creating a landscape of haves and have-nots in the financial sector. Banks that proactively deploy new technologies are gaining a competitive advantage over those that have taken a reactive stance. Whether we’re talking about improving operational efficiency or the customer experience, the integration of new technology will go hand-in-hand with banks’ efforts to stay ahead of regulatory compliance.
Creating robust procedures to deal with changes in compliance is now just as important as having procedures for compliance. Adopting new technology can streamline the onboarding and authentication of customers and employees, decreasing tech support costs and improving convenience and productivity. The integration of mobile offerings continues to extend banking services to traditionally underserved communities and provide greater convenience for existing customers. Embracing a “digital-first” strategy is no longer a luxury; it’s a matter of necessity.
5. Rising KYC costs
The cost of compliance will continue to rise as the increasing complexity of regulations spurs investment in the integration of new technologies. A LexisNexis report on the cost of compliance found that “Firms with less than US$1 billion in assets averaged some US$850,000 in AML operational costs,” with mid to large-sized firms averaging $18.9 million a year. The costs are somewhat evenly distributed across the different operational elements involved with compliance, as the figure below demonstrates:
One World Identity’s 2018 KYB Market Report exploring the “Know Your Business” (KYB) subset of KYC compliance cites high costs due to regulatory complexity but also highlights potential savings from the adoption of new technology. Introducing technology to remove friction and improve security in KYC/AML procedures should help reduce certain costs associated with compliance. The report estimates that the market for KYC/AML compliance will grow at 16% a year to an $11.8 billion industry in 2022.
Automated behavioral analysis and screening to support the analytics process are already on the rise. Technology can improve the quality of customer education and employee training modules and decentralized identity will reduce the amount of redundant and wrong data being transmitted between disconnected data silos and costs associated with password recovery and authentication.
Compliance with KYC requires a delicate trade-off between the amount of friction imposed on customers and the ability to effectively detect and prevent fraud.
Embracing technology will allow financial institutions to elevate their customer experience and develop closer relationships with their stakeholders. Regulations will continue to evolve as consumers demand greater transparency and control over the use of their data. Banks that adopt technologies to increase automation and improve their data management systems will continue to gain significant advantages over those that do not.