BANDAR SUNWAY – With how E-KYC is positioned within the marketplace, readers may assume that it is merely an extension of the legal and compliance team, or perhaps even a replacement for it. Some banking institutions may even view E-KYC as a compulsory checkbox — another step to comply with Bank Negara Malaysia (BNM) regulations.
In truth, E-KYC plays a much more fundamental role than that. In a 2018 research paper, the European Banking Institute (EBI) highlights the role identity plays within the financial world at large, and the challenges faced in migrating the identification process from analogue to digital.
Why is identity important in the first place?
In a digitalised world, user anonymity is a feature and not a failing of the Internet. Gone are the days of customers conducting banking transactions in physical bank branches and ATMs. With rapid increases in online transactions, it is now increasingly difficult to verify an online user’s identity and authenticate large transactions.
Pin codes and two-factor authentications have replaced wet signatures — signatures affixed to hard copies and physical documents. But is this switch enough? From a strictly business standpoint, a deep understanding of the clients’ identities is needed to combat fraud and financial crimes. From a risk management and regulatory perspective, identity is essential to uphold and maintain the integrity of the financial markets as a whole.
Since the 2008 financial crisis, no financial institutions could accept more than 10% of customers registered under false names. But in 2018, Facebook reported that 270 million of its accounts could be fraudulent or duplicates. Are banking institutions indeed without risk in this regard?
Even today, many banking institutions rely heavily on brick and mortar processes to serve their customers, especially for those in developing countries and regions. These institutions need to adapt quickly, now more than ever.
The Identity Challenge
In short, much of the challenges lie in balancing due diligence requirements whilst promoting financial inclusion and economic growth. Verifying customers with greater scrutiny generally leads to more restricted access to financial services.
On the one hand, institutions need to be strict in their compliance, to ensure that customers are adequately authenticated, verified and well-documented. On the other hand, such stringent measures exclude a large portion of the underserved market, particularly underbanked segments in both rural and urban areas.
The combination of conflicting business objectives and regulatory frameworks of transparency, privacy and financial integrity makes customer identification a particular challenge under the financial context.
The case for e-KYC
By and large, analogue KYC resolves many identification challenges but leaves plenty of gaps that can be further improved upon. Traditionally, a bank will perform its legal KYC when a client opens up an account — providing documents such as passports or company registration details.
After that, banks would only know their customers from a transactional standpoint, capturing payment, investment or insurance data. Combining this with identification databases, the bank can create a creditworthiness profile of the customer. It is at this stage where the gaps in analogue KYC start to surface.
Banks can only capture identification and transactional data, which puts them at a disadvantage compared to their tech-driven counterparts. FinTech startups today can capture even behavioural, and even overall business data, while offering much safer transaction authentication options.
For instance, a data-powered firm can capture the way a person holds their phone through built-in gyroscopes, and even how often the user enters their password. These additional variables can act as second-factor authentication methods.
These behavioural capture abilities can even extend further — understanding how often a customer cancels their orders, how often they engage in risky activities (skydiving, rock climbing), and even their lifestyle habits (fast-food consumption and purchasing history). These variables can help banking institutions create better-targeted insurance and banking products.
Migrating from Analogue to e-KYC
There are many ways banking institutions can approach e-KYC, many of which may differ depending on local regulations and existing identity infrastructure. Take for example India’s national identification system Aadhar. Banking systems are able to tap into the existing repository of identification data to create an e-KYC platform.
For Malaysia, it is perhaps more appropriate for banking institutions to enforce their e-KYC policies separately, at least until a national-wide Digital ID is fully established. It means establishing systems for the following processes:
Capture customer name, contact details, home addresses etc.
Capture and extract information from passports and identification documents
Matching the identification documents to the applicants itself
Prevent criminal attempts to open accounts using stolen identities through spoofing methods
Matching all captured data to existing databases, such as tax information or credit rating agencies.
Cross-checking retrieved information to existing flagged databases of suspicious accounts related to criminal or terrorist activities.
A low-effort, yet secure method to authenticate large transactions or updates to account details.
Transforming an existing analogue KYC process to e-KYC can be a daunting process. This does not take into account the IT infrastructure needed to support such a system, and how customer data is captured and integrated within the banking system’s business intelligence system as a whole.
Thankfully, WISE AI has a team of experts dedicated to this role. With a long series of case studies serving Banking, financial services and insurance (BFSI) institutions, we are well placed in the industry to address any of your e-KYC needs. For more information, please visit this link!
Is it truly worth the effort spending efforts and resources beefing up cybersecurity for an attack that may never happen? Well, statistics from Sophos states that three in five companies are likely to be hit with a ransomware attack in the near future.
If a ransomware attack were to occur, the damage may be more than just the monies paid to the cybercriminals. It may even damage the company’s reputation, threaten employee privacy, and even a potential legal lawsuit. Not to mention, it is not uncommon for hackers to leverage an existing victim’s network to penetrate IT infrastructures of suppliers, vendors and customers as well.
Perhaps the risk of not opting for cybersecurity measures is greater than implementing them in the first place. Regardless, WISE AI understands the breadth and depth of the sensitive information we harbour within our servers, and we take great precaution to ensure that the data on our hands remain safe and secure, from now and onwards.
WISE AI is an award-winning Artificial Intelligence company specialised in digital identity technologies. We develop world-class emerging deep tech that is adopted by the government and multiple industries. Our AI-powered solutions include EKYC, digital ID, digital signature, and blockchain. Our technology is optimised for the recognition of ASEAN faces.