Can biometrics fix Know Your Customer?

Know Your Customer (KYC) is an important effort in preventing criminals from accessing the international banking system. Its anti-money laundering (AML) requirements – banks verifying customers’ identity, confirming they’re not criminals, and assessing their risk factors – are remarkably straight-forward.  

Unfortunately, the law creating it doesn’t provide an explicit standard for what types of information are acceptable when verifying customers. Regulators may have done this on purpose, believing if banks get clear guidelines on what constitutes adequate KYC they will only do enough to meet the requirement and nothing more. This has created a situation where each financial institution, operating in fear of massive fines, has its own procedures and requirements for conducting due diligence.

Here, specifically, are some the problems this is causing.

1. Increased customer friction

For businesses KYC has made opening a new account, once relatively straightforward, into a long, complex process. A 2017 survey by Thomson Reuters found customer onboarding time increased 22 percent in 2016 and was expected to increase by another 18 percent in 2017. The result: banks take an average 24 days to complete the customer onboarding process.

In addition to the time involved, customers also resent having to provide all the information requested of them. While some may have something to hide, many balk because they find it overly intrusive and believe (sometimes correctly) other banks aren’t requiring the same amount of documentation.

These problems don’t end with the onboarding. Account holders may receive recurring requests for KYC data, providing the same information to separate departments within a single institution. Financial institutions are losing customers because of this. The Thomson Reuters survey also found that 12 percent of companies said they had changed banks as a result of KYC issues.

2. Ever-increasing compliance costs

• Some major financial institutions spend up to $500 million annually on KYC and customer due diligence, according to Thomson Reuters.
• 10 percent of the world’s top financial institutions spend at least $100 million annually on it.
• Average annual spending (including labor and third-party costs) is $48 million.
• KYC is driving up the costs of customer onboarding. 2017 saw 19 percent increase compared to 2016, with a 16 percent increase is expected in 2018.
• More than half of all banking salespeople are spending 1.5 days each week onboarding new client organizations.

If AML costs continue to increase they may become too high for banks to handle. A study by Bain & Co. estimates that governance, risk and compliance costs account for 15 percent to 20 percent of the total “run the bank” cost base of most major banks.

3. Verification isn’t portable

Whether you’re 21 or 75, if you purchase alcohol in the U.S. there’s a huge likelihood you will be asked to present proof of your age. This is a significant change from even a decade ago and has come about with few complaints from consumers. Why? Because wherever you go, you can use the same government issued ID, be it a passport, driver’s license or non-driver ID card, to verify your age.

That is the exact opposite of KYC identity verification. The documents needed vary from nation to nation and bank to bank. These can include the passports, utility bills and bank statements of all account signatories. For corporations it can mean directors’ information, including names, addresses and dates of birth, as well as tax and legal documentation. It all depends on Central Bank policy and/or the bank’s own compliance requirements. Treasury Today reports that Cyprus now requires each bank relationship manager to have a face-to-face meeting with each beneficial owner.

There is a solution

Unfortunately, as long as KYC/AML uses current methods of ID verification all these problems are only going to get worse. For example, nearly none of the current procedures are scalable: An increase in demand will also increase cost, time, and inconvenience.

There are solutions to all of this, but they require change – something regulators and large corporations have a hard time with. “This works well enough” is lousy security but it fits in well with bureaucratic inertia.

The most important is the adoption of biometrics identification systems. Biometrics use intrinsic data, allowing for definite identification and verification of people. They are portable, easily made user-owned, should be system agnostic, and standardized. Data collection is fast and simple. Further, the variety of biometrics – fingerprint, voice ID, facial recognition, iris scans – provide MFA that is far more secure than knowledge-based assets like passwords, personal information or PINs.

There’s no question about the need for KYC or the fact that it isn’t working. Change isn’t easy but continuing the way things are going will lead to disaster.