Global regulatory regimes have been increasingly adopting a Risk-Based Approach (RBA) to compliance, stipulating that financial service providers – whether they are traditional Financial Institutions (FIs) or Virtual Asset Service Providers (VASPs) – adopt the method in their Anti-Money Laundering (AML) and Know Your Customer (KYC) processes.
In parallel, FIs and VASPs have been using the RBA to optimize and streamline their customer onboarding systems, while also mitigating the risk that their platforms and services are exploited by criminals.
In this article, we’ll take a look at why the RBA is needed, what it involves, and how it can help companies to scale and grow while remaining compliant.
RBA and KYC
As innovative projects and companies continue to develop new digital services, there is a growing challenge to balance compliance with the ability to scale.
For platforms that offer access to financial or other gatekeeper services – from banks to crypto companies, DeFi platforms, precious metal traders or even real estate – the need to comply with global regulatory regimes can present significant obstacles to growing customer bases.
In simple terms, traditional forms of KYC compliance have involved teams of human compliance teams running manual checks on prospective customers or service users. This approach has meant that onboarding large amounts of customers has either taken a large amount of time and/or resources.
However, for smaller companies looking to leverage the power of the internet to scale and reach new markets, investing in permanent compliance teams can simply be unfeasible.
By using automated KYC technology, companies can quickly and effectively vet potential customers in multiple global jurisdictions, ensuring that they remain compliant with regulations while preventing their services from being exploited by money launderers and other financial criminals.
One of the most powerful approaches that is leveraged in automated KYC is the Risk-Based Approach (RBA) to Identity Verification (IDV).
The RBA approach allows platforms and companies to make more informed decisions on who they onboard, as well as providing a more robust toolkit for understanding potential customers.
By implementing the RBA, fintechs and other VASPs can optimize their compliance resources, while also establishing a documented rationale for compliance checks that can be used to justify decisions to regulators.
Companies that implement the RBA will have clear proof of why certain decisions were made in an onboarding process, which can then be furnished in the event of a regulatory audit.
They will also be able to carry out progressive profiling on potential customers during the onboarding process, optimizing the amount of checks applied to each customer.
Using the RBA to IDV essentially involves classifying potential customers – whether they are an individual or a corporate – according to their risk profile. Depending on an applicant’s risk profile, they are then subjected to varying levels of compliance checks, ensuring that enhanced due diligence (EDD) checks are only applied to higher risk applicants.
In parallel, risk profiles are in a constant state of flux: from the evolution of technology that creates new opportunities for financial crime, to updated watch and sanctions lists and the new financial behavior of clients – a company’s KYC processes need to be able to consistently assess whether a customer’s risk profile has changed after they have been onboarded.
In order to do this, having a dynamic and adaptable KYC system is essential.
Diverse verification tools
There are various approaches that can be used to verify identities as part of an RBA:
IDV – Technology such as OCR extraction can efficiently analyze uploaded ID documents, extracting their data and verifying their authenticity through algorithmic checks against verified databases. Passive Liveness can be used to check ID documents against a submitted or captured selfie image.
Digital Identity – checking the submitted identity documents (whether it is a passport/ID for an individual or corporate registration certificate / number for a company) against verified sources such as government databases and corporate registries.
Biometrics – Scans of fingerprints, voice, face or other physical markers can be used to verify an individuals’ identity.
Each of these processes presents certain benefits that are relevant to different scenarios. For instance, certain low-risk service providers may only need to carry out IDV checks in order to provide access to their services.
Companies that are providing lower-risk services (or dealing with lower risk customers) can therefore choose to expedite access to their services through streamlined KYC processes – while remaining compliant with regulations.
However, criminal ingenuity is not to be underestimated – it is far from impossible for determined fraudsters to circumvent the above checks if just one of them is relied on.
For higher-risk services, such as those that involve access to funds or assets, it’s important to have layered verification approaches that apply a combination of IDV, digital identity and biometric checks in order to minimize the risk of the system being compromised – whether it’s through counterfeit or stolen ID documents, or advanced deep-fakes that emulate a live person.
This is important both from a regulatory perspective – as well as for fraud-prevention.
The Risk and Efficiency Sweet Spot
Companies that are able to dynamically apply KYC checks on current and prospective customers through a RBA can minimize the friction of onboarding to only what is necessary – maintaining compliance while offering seamless and faster onboarding for prospects.
With automated KYC onboarding solutions, this is achieved through the design of customized workflows that are able to seamlessly guide different risk profiles through varying levels of compliance checks.
Integrating a dynamic and comprehensive KYC onboarding solution allows growing companies and platforms to tailor their onboarding process for potential customers according to their risk profile.
By using customized and automated KYC processes that apply the specific verification methods demanded by unique risk profiles, customers are subjected to nothing more and nothing less than what is needed for them to access a company’s services – ensuring a seamless and effective onboarding experience that builds trust and avoids unnecessary frustration and abandonment.
Looking for the right automated KYC solution for your business? Get in touch and we’ll be happy to start a conversation on how KYC-Chain can make it happen.