How technology improves compliance, detects fraud and eliminates legacy channels in the KYC/KYB process
As part of our KYC/KYB campaign, we spoke with Carlyne Gibb, Independent Identity Verification expert, to discuss all things KYC and how technology can play a powerful part in improving compliance and, more importantly, detecting against fraud.
Carlyne regularly acts as an advisory to clients in the financial services, defence and security, and public sectors. She has led multiple fraud penetration-tests of biometric technology, identifying key vulnerabilities in capabilities across a range of providers, as well as driving research into digital identity, physical and behavioural biometrics, and new verification technology.
What are the advantages and disadvantages of the accelerated use of technology in KYC compliance?
There are significant advantages in using technology in KYC compliance - not only does it provide optimised processes which allow for a better experience for both customers and back-end users, but it can take away the challenges that can be seen with traditional manual methods. This is particularly true from a fraud perspective where, quite simply, from a human standpoint, we would be unable to identify potentially fraudulent documents. The increased use, for example, of behavioural biometrics and behavioural analytics can help to provide further red flags and additional data points which can assist in the identification of customers and any bad actors.
The use of technology also ensures that there is a consistent approach to KYC - so where in previous methods you may see inconsistencies with employees using different methodologies or having a different appetite to the KYC journey, by using one solution, customers are forced down the same journey with the same threshold settings – making it less likely that a bad actor may be able to bypass some part of the journey through human interaction and manipulation.
There can be some disadvantages to technology use, but this normally concerns how the technology is set-up and embedded. Should the technology be too user experience focused, there is potential for thresholds to be unsuitably low as such when implementing any new technology significant consideration should be given to the organisation risk appetite, customer profile and wider financial crime controls. It is also important to choose any KYC technology carefully, with appropriate testing of the solution to ensure that fraud controls meet regulatory requirements.
What are the main threats and trends in global financial crime?
In my personal opinion, fraud isn’t taken seriously enough and KYC - robust KYC -can significantly aid organisations in deterring against fraud. Fraud is not a victimless crime. Too often, we look at financial crime as white-collar crimes.This is simply not true. Fraud does not fund orphanages. It is also often the starting point for bigger financial crimes – money laundering, terrorist financing, drug trafficking, human trafficking. The reality is that this initial gateway opens a multitude of opportunities for bad actors.
How effective have AML regulations been?
AML regulation is constantly evolving, and I think, particularly in the UK, we have started to make bigger steps towards building a more secure society. Again, coming back to fraud, more interesting to me has been the introduction of theEconomic Crime Act which represents a significant shift in attitudes. The new failure to prevent fraud offence is also particularly interesting and will mean that firms will “be liable where a specified fraud offence is committed by an employee or agent, for the organisation’s benefit, and the organisation did not have reasonable fraud prevention procedures in place”. Per our discussions here, this should really encourage organisations to take a look at their financial crime controls (in particular, their KYC controls) and perhaps take into consideration the use of KYC technology!
What should a financial services firm consider when choosing IDV technology?
There are a number of different aspects which should be considered. From a financial crime perspective, starting with basics – does the solution actually detect fraud? It is often easy to take an out-of-the-box approach and to omit the testing of the solution to identify any vulnerabilities or weaknesses. This can often happen when standard thresholds are used and when no consideration is given the individual firm’s risk profile and tolerance. Secondly, from an operational point of view (particularly given DORA), it is important to look at the operational resilience of the solution – third party risk management, concentration risk, cloud security, SLA adherence, etc. are all vital to ensure that not only the solution is functioning as requested, but that firm’s meet wider regulatory requirements.
What is the future for IDV technology and how does this contribute towards tackling financial crime?
I think we will see an increased interest in IDV and wider digital identity technology (for example, digital identity wallets which we are starting to see elsewhere in the world). We are living in a digital world where every single part of our lives has the potential to be stored as a digital data point. A sour attitude to data privacy develops, this will significantly impact on IDV solutions and it will be interesting to see how this forces change.
I have always seen effective IDV as the gateway to preventing financial crime: preventing bad actors from being able to even establish a relationship with a financial services institution is, quite simply, paramount in preventing financial crime. I do think, however, that in order to make this work, there is an education piece required to the public as to why KYC / CDD checks aren’t as quick as they’d like – helping them to understand that user experience is important but more important is the reason behind these checks. I think if we can develop really robust IDV technology which balances this line with operational effectiveness, firms could really start to be a force for good in the fight against financial crime.
Nivo offers Verified Identity Messaging to streamline communication between financial service providers and customers. With bank-standard security, biometric identity verification and integrated messaging, Nivo simplifies KYC projects, resulting in increased productivity, reduced costs, and heightened customer satisfaction. The technology is designed with strong security, control, and audit threads at its core, providing a secure and efficient alternative to legacy channels.
Find out more about Nivo's Verified Identity Messaging in our new eBook here!