Fostering an innovative environment: a pragmatic guide to embracing innovative CDD technologies while effectively managing the associated risks

  • Josje Fiolet
  • Digital identityOnboardingKYCDigital Transformation

This article was first published in the legal journal Payments & FinTech Lawyer (04/04/18)

Fostering an innovative environment: a pragmatic guide to embracing innovative CDD technologies while effectively managing the associated risks

Financial institutions are investing heavily in technology to improve one of their initial interactions with new customers – the onboarding process. But as they digitally transform their processes, many organisations are struggling to accommodate risk and compliance on the one hand, and customer convenience and innovation on the other. The European Supervision Authorities, supporting new Customer Due Diligence technologies, provide a pragmatic guide for organisations considering how to strike the right balance.

On 23 January 2018, the European Supervision Authorities (ESA) delivered their opinion on the use of innovative solutions by credit and financial institutions in the Customer Due Diligence (CDD) process. The ESAs encourage competent authorities to support digitisation of the CDD process, especially where innovative solutions improve the effectiveness and efficiency of companies' activities for the purposes of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT).

Fostering innovation through standardisation

The ESAs aim to standardise concrete requirements rather than leaving them open to interpretation by competent authorities and companies, as is common practice today. When these requirements are technology-neutral and promote a risk-based approach, this has the potential to sponsor innovation, especially amongst the more established players which often veer on the side of caution when (re)designing their onboarding and CDD processes. Naturally, CDD processes which are well planned and executed by all players will help to maintain safety and security in the financial sector.

Broadly speaking, innovative solutions for identifying and verifying customers can be grouped into two categories:

  • Non-face-to-face verification of customers’ identity on the basis of traditional identity documents via mobile devices (commonly used techniques include: video identification, scanning the ID document, or reading the passport by Near-Field Communication).
  • Central identity documentation repositories (Know Your Customer utilities which allow customers to store their data in a single repository that can be accessed by financial institutions for CDD purposes). 

When implemented properly, these innovations enable companies to identify and verify customers with convenience, and also to instantly assess the risks associated with a business relationship by reviewing large volumes of data and information from various sources. By automating the identification and verification processes, companies can deploy their staff much more efficiently, and false alerts can be minimised.

Understanding the risks involved

Organisations should also be aware of the risks and challenges presented by these innovative solutions. It is important that companies can demonstrate to their competent authorities that they have identified, assessed and mitigated all relevant risks before introducing new solutions into their CDD process. Below checklist summarises each factor that needs to be considered: questions which competent authorities should ask (on the left), and guidelines for companies to consider when they supply their answers (on the right).

Screen Shot 2018 04 19 at 5.09.12 PM

Screen Shot 2018 04 19 at 5.09.31 PM

Screen Shot 2018 04 19 at 5.09.45 PM

Screen Shot 2018 04 19 at 5.09.56 PM

Screen Shot 2018 04 19 at 5.10.11 PM

By using these guidelines, financial institutions can more easily embrace digital opportunities, and quantify the risks and security aspects of using innovative solutions. It is no longer a question of whether to provide services online, but only how to do it in an effective way. Each question on the checklist should serve as input when considering new solutions and performing a risk assessment. Which is common practice anyway. The answers on the right should service as guidelines. The ESAs should remain technology-neutral; there are multiple technologies that can be fit-for-purpose, all depending on the risk profile of the organisation, the type of service and the prospect or customer involved. CDD processes should rely on a sensible combination of multiple technologies and mitigating measures.

Working with solution providers to foster innovation in a controlled way

Technology solutions and their providers should always fit the organisational context. At INNOPAY we believe that successful onboarding processes are modular. For each ‘building block’ in the process, suitable specialised solution providers can be integrated. The most successful companies are not those which build the entire solution themselves, but those which offer a seamless onboarding experience by connecting the right technologies and providers throughout the chain.

Redesigning onboarding and CDD processes are one of the challenges of the digital transformation journey. Our advice would therefore be to first try the solution within a smaller context, for example with one specific product or customer segment that is considered a low-risk category. This might be contradictory to one requirement referred to by the ESAs under ‘Quality and Adequacy of CDD measures,’ whereby the ‘new solution should be integrated with all existing workflows and legacy systems’. To enable quick and agile development, financial institutions sometimes have to put aside all current processes and go around them. It’s an ideal situation to aim for an holistic customer perspective, but in reality, it’s difficult to achieve in the beginning. The Digital Transformation journey requires a step by step approach.

Nevertheless, we welcome the ESAs' acknowledgement that third parties can be used for CDD purposes as long as organisations consider the associated risks and mitigate them properly. The ESAs also encourage competent authorities to engage with specialised solution providers and the companies which want to use them, to discuss the impact of these solutions. Greater knowledge and understanding will foster an innovative environment that improves both the security and the convenience of CDD solutions – and this can only be a positive development.

If you are considering how to improve your customer onboarding or related CDD processes, feel free to contact us. We are more than happy to think with you and determine how we can help.

〈  Back to overview