Regulators have been critical for the adoption of improved verification technology such as biometrics, according to Ashim Banerjee, CEO at IDMission.
Know-Your-Customer (KYC) has dominated the RegTech space, with every country having their own specific requirements for identity verification. Its importance is highlighted through the fact that of the total $10.9bn to be invested into RegTech between 2014 and 2019 Q1, companies developing KYC solutions have received 32.2 per cent of this, RegTech Analyst data shows. KYC is leading the pack in terms of funding, with the second highest space being AML, which boasts a respectable 26.5 per cent of investment capital. KYC and AML often come hand in hand and identification technology is helping companies solve improve compliance of the two.
IDMission‘s Ashim Banerjee explained that the reason why KYC has remained at the top of financial institutions’ priority lists is because the digital revolution has paved the way for many new risks of false identity. He said, “The digital revolution has allowed people different ways in which they can access financial transactions and these add enormously to the convenience for the customer, but they also add greatly to risk. The risk comes in the shape of money laundering, fraud, terrorist financing, and all kinds of undesirable things. You let these into the system as well as you let regular people in the system using very convenient digital techniques and technologies. So, the know your customer part of it becomes very critical. You’ve got to know who it is that’s doing the particular transaction and you’ve got to know it unambiguously.”
This is not saying that previously, a bank did not have to worry about validating the customer, it’s just the digital world has just made it easier to mimic someone or find ways of accessing things that are meant to be private. This is where KYC and biometrics can ensure necessary safeguards are in place. A financial institution can implement solutions that can quickly check whether a person is banned from certain transactions, such as being on certain watchlists, or and whether the information is even valid. There are so many more ways a KYC solution can uncover any qualms towards fraud, money laundering or terrorist financing. The human alternative cannot even keep up with the speed, let alone match accuracy.
A human may be very capable at conducting KYC reviews, as they have been for many years, but they take time to train. When they initially start working, they are not able to easily spot a fraudulent document or recognise differences between people and photos. During their career, it will become second nature, but that’s over the course of years. People move on or businesses grow, which means you need to train new people or hire larger KYC teams and training begins again. On the other hand, a KYC solution can be trained in minutes and scaled a lot quicker and cheaper, Banerjee said.
Digital is not an option anymore and you cannot do business without establishing identity, he continued. The only real way of doing this successfully is through biometric technology.
Banerjee explained that there are three factors of identity. Firstly, it is something that you know, for example, a username, password, or security number, and so on. Another factor is something that you have, this can be a credit card, or a phone. The final one is something that identifies you unique as a person, or in other terms your biometrics, and that can be either a fingerprint or a facial scan. Implementing an identity system which uses all three of these factors is obviously going to be the best at safeguarding systems and users.
“If you look at the ways we have access to our financial services right now, it’s a username and a password. These are two things that belong to the same factor. These are both some things you know. So, if you want to get into higher and higher security, what you want to try to do is use two factors of authentication.” ATMs are a good example of two-tier authentication, as you need to have your card but also know your PIN. For mobile banking is a little harder to implement an authentication that requires you to have something specific, and so biometrics can easily be used for two-tier authentications, which is now required in Europe under PSD2. On banking apps, many places now require you to have a username but also use biometrics alongside this, he said.
Talk around PSD2 has largely been directed to the opening of financial institutions and the nurturing of collaboration with third-parties. But two-tier authentication is another aspect of the regulation and is just as crucial for compliance teams to implement. Under the regulation, all electronic payments will now need to use a two-tier authentication system. While this might not seem as challenging to implement as the overhaul of systems other parts of PSD2 requires, it is just as important and can lower instances of fraud and unauthorised payments.
Regulators around the world are supporting this change towards improved KYC and biometric solutions. They have been encouraging it through the traditional manners, either in regulatory updates or as part of a goal in its sandbox environments. But quite surprisingly, they have been the ones driving the change and in certain jurisdictions, even been forcing businesses to go digital.
“To begin with, they were very unsupportive and I’m talking about maybe six or seven years ago, but over the last five years, I’ve seen them to be very supportive. Not only supportive but I would say that in many countries or many jurisdictions, the regulators have actually driven the businesses. They have forced people to get off paper and to go digital and to incorporate biometrics into it. A really good example of that is Mexico with first the pension regulator digits. Up until 2016, everything was done in paper and on 1st January 2016, everything became digital with biometrics attached. Same thing now the banking regulator in Mexico has come up with a very similar way and as of the middle of next year, banking in Mexico will become totally digital.”
Biometric technology is universal and can be used in any country – we’re all made of the same stuff. But Banerjee has noticed certain regions have different preferences. Financial institutions always need to tailor towards what their customers demand and must implement the technology stacks their customers would be comfortable using. For example, in the EU and US, biometrics is predominantly through facial recognition, such as taking selfies, while in Latin America and South East Asia, fingerprints are more widely used. Obviously, companies in each region will use either of the technology, but customers will have a preference and gravitate towards one. If a business wants to improve customer experience, they have to find out what they are comfortable with.
There has been a growing appetite for biometrics around the world. A recent study by Veridium found that 70 per cent of US consumers wanted to see this type of technology used more. Going north, the Canadian Bankers Association is taking active steps for adoption, with its CEO calling for the country to implement blockchain and biometrics to improve identification capabilities.
This year alone has been filled with companies launching new biometric solutions or raising funds to develop the technology even further. Financial institutions have been among those involved with the action. Natwest recently launched the pilot test for its biometric-enabled payment card, the first in the UK, and earlier in the year, Mastercard teamed with Edenred to launch a biometric card in Mexico and support financial institutions in the country.
IDmission is helping financial institutions meet their digital identity needs. The RegTech supplies them with the Software Development Kit (SDK) which can be integrated with existing mobile infrastructure and can capture all required data for KYC. The company can support mobile customer acquisition by capturing necessary information on documents and validating the data. By using live-face detection, IDmission can guarantee the user is alive and not just using an image of someone else to gain access to a system – it can then compare the selfie with the ID document. IDmission also supports biometric validation, letting clients add fingerprint, face, voice and iris data to their own identity databases to ease future KYC checks.
Copyright © 2018 RegTech Analyst
