Knowing your customer electronically: Guidance on digital ID acceptance
Know your customer (KYC) regulations are designed to ensure that providers of financial services know their customers’ identities, the risks attached to providing services to different customers, and that customers are using services for legitimate purposes.
KYC regulations play a key part in combatting money laundering and the financing of criminal activity.
But with more and more users taking up financial services online, KYC verification tools are also moving online to keep pace.
The Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog, has developed technology-neutral guidance to help governments, financial institutions, virtual asset service providers and other regulated entities determine whether a digital identifier is sufficient for KYC or due diligence purposes. Digital IDs, like any form of identification, must confirm your customers are who they say they are.
Dependable digital verification
According to FATF, reliable digital IDs can make individual customer verification easier, cheaper and more secure. They can also help providers meet transaction monitoring requirements, and largely avoid risks of human error.
“We highlight the benefits of digital ID in terms of reducing costs, increasing convenience to the consumer, but also to the private sector, whilst not compromising on security,” says Shana Krishnan, Policy Analyst at the FATF Secretariat.
With systems evolving rapidly, FATF advises governments, financial institutions and other stakeholders to understand the assurance level possible with each ID solution and then assess the reliability of any given technology and governance combination to monitor transactions and detect illicit financing.
The risk-based approach
FATF cautions against a one-size-fits-all approach to KYC, recommending a risk-based approach tailoring KYC measures to the risks associated with different customers. “A risk-based approach impacts the intensity and the extent to which customer and transaction information is required and the mechanisms we use to ensure that these [FATF] standards are met,” says Krishnan.
The best systems can simultaneously strengthen customer due diligence (CDD) and broaden financial inclusion, according to FATF.
Risk-based approaches are intended to ensure that low-income users are not excluded from accessing financial services – an overly rigid approach to CDD and electronic KYC verification could effectively exclude many would-be banking and finance customers, points out Fredes Montes, Senior Financial Specialist at the World Bank Group (which has FATF observer status).
eKYC regulation in Bangladesh
Bangladesh has adopted basic biometric fingerprint and face recognition, hosts financial services on local servers, and encourages two-factor and multi-factor authentication and e-signature use.
“The digital KYC regulation guidelines in Bangladesh recommend a risk based and threshhold approach,” explains Masud Rana, Joint Director of the Bangladesh Financial Intelligence Unit.
The government recently introduced Porichoy, which enables financial organizations, online businesses, financial technology (fintech) companies and government entities to digitally onboard their customers or partners via
an instant application programming interface.
While the national identity database is accessible only to financial institutions and government agencies, Porichoy is open to all government agencies, banks, financial institutions and fintech companies, explains Rana.
With relatively limited products and services, the country needs relatively low electronic KYC regulation. But flexibility is essential to ensure financial inclusion.
“If a person does not have an ID card or digital ID, they can obtain a certificate from the public service and can open a low-risk account,” Rana says.
eKYC regulation in Jordan
Jordan’s government has started to build a unified digital identity solution to give all citizens reliable, verifiable ID for multiple services, not only in the financial sector, explains Mohammed Al-Duwaik, Head of Digital Financial Services at the Central Bank of Jordan.
“Any government-approved identity is going to be stronger and more reliant for finanical institutions than a non-government approved one,” said Al-Duwaik.
While Jordan’s regulations also encourage a risk-based approach, “each financial insitution, given their differences, needs to understand their own products and clients,” says Al-Duwaik.
The Central Bank of Jordan allows service providers to come up with solutions for risks and then come to the regulator as needed for additional guidance. Each financial institution must make sure it knows its clients and that they have answered the relevant questions and provided suitable documentation.