“Know Your Customer” or KYC as it is popularly known in the banking circle is the very first activity that a bank performs when a bank onboards a new customer. In simple terms, a customer MUST prove his or her identity to the bank while opening any account, e.g. savings, current, credit or loan account(s). Traditionally, banks and other financial institutions have been doing such KYC by collecting various data about the customer via forms along with related supporting documents to prove those data. Examples of such documents are proof of Identity (e.g. National ID Card, Passport, Driver’s License, etc.), Proof of Address (e.g. an electricity bill addressed to the customer, etc.), Proof of Birth (e.g. birth certificate, etc.), and Certificate of Incorporation for companies, etc.
In addition to this, as per KYC norms, it is a common practice to keep updating the KYC records (i.e. data and documents) on regular intervals depending on a few transactional data about the customer. However, at the same time, it is a rare practice by the banks in Bangladesh to maintain customer static data when those data about the customer changes. Examples like when a passport expires then collecting new passport data, when a customer changes job then collecting new job data, etc. In essence, static data remains static and time-locked in bank records, most of which are hard copy of documents anyway. In other words, KYC data are not tracked or monitored.
Nevertheless, banks and other FIs spend a lot of resources (in terms of 4Ms or man, machines, money and materials) to maintain the physical copies of the records. At the same time, with the centralization efforts by the banks, such centralized record keeping in physical forms have created a burden for various departments of the banks who now don’t have access to these physical records. This also led to lots of unnecessary, cumbersome & time-consuming document retrieval processes when such documents require updates or needs to be sighted or needs to be audited.
For the customers too, for KYC and AML requirements, customers have to repeat the same process and provide the same information to every financial institution. Not only that, almost the same data and documents are required when the same customer applies for an insurance product at an Insurance company or applies for a VISA at an embassy or applies for higher education at a university or applies for a driver’s license at the roads and transport department or even when the customer applies for a rental accommodation. Banks need to start thinking of digitally engaging with the customer from the very first interaction and then support & collaborate with their customers all the way in everything they do, not only with the banks but also with the outside world.
If Bank A has already done KYC and verified the identity of Customer X, there is no reason as to why an Insurance company or an embassy, or a Telco or even another bank cannot use that verification of identity done by Bank A provided Customer X has consented to this. Of course, the insurance company or the embassy or the Telco or the bank needs to verify the person face to face, but this still negates the need for the customer to submit the same documents again and again.
Then came the digital revolutions!
Digital revolutions have transformed our lives and the way we do things. Such revolutions have also exponentially increased the sheer volume of data that are available to every stakeholders and made inroads into the banking sector and disrupting the way banks deal with their customers. Such revolution and the sheer volume of data are also changing the face of risk management as we know it & posing challenges the way banks do KYC & onboards customers while at the same time created enormous opportunities to digitally capture data and digitally manage and track such data about the customer.
The Australian Transaction Reports & Analysis Centre or AUSTRAC, the Australian Government’s financial intelligence agency to combat money laundering, organized crime, tax evasion, welfare fraud and terrorism, defines KYC under the AML / CTF legislation as “documentation which sets out a business’s approach to ensure that it can effectively identify, verify and monitor its customers and the financial transactions in which they engage, relative to the risks of money laundering and terrorism financing AUSTRAC duly responded to the digital revolution by allowing the banks and any other institutions or government departments to use digital means of verification, where “information” and / or “data” can be used in lieu of or together with digital document(s).
While online / digital Verification of Identity or VOI as it is known in short form is not new in the western world, however, digital KYC including digital VOI could be a real game changer for the banks in Bangladesh. Digitization will ensure not only the centralization of KYC, it will also help in removing bottle necks during Internal and external audits, customer on-boarding, transaction processing, digital collaboration with the customers and / or between staff and many more. With digital KYC, auditors including the central bank auditors would be able to conduct online KYC audits from the very comfort of their own desk and collaborate with the bank staff for any questions or clarification, all using digital means. This will also allow the auditors & the bank staff to get the 360 degree views of digital records, audit comments, staff comments, staff responses, etc. – all at the same time under a single view.
In the banking circles, when asked the question of ‘what digital means to them’, almost every response will talk about engaging their customers digitally offering services like online and mobile banking. For the same question, rarely anyone would talk about digital KYC or digital VOI. While there is nothing wrong in those responses, however, enhancing the way the customers do transactions by embracing more and more digital means without doing the same on the KYC / VOI side will create more and more distances between the banking front-ends (digital touch points) against the so called banking back-ends (like KYC data). It is really important to understand that this could be a real risk if the banks don’t bring the KYC related information at the same level as the digital touch points.
This is where digital KYC and digital VOI come to play a critical role. Failure to recognize the importance of digital KYC / VOI and then keeping the old fashioned way of paper based KYC record-keeping along with very sophisticated digital channels (for internet & mobile banking, etc.) may lead to systemic loopholes ready to be taken advantages by the unscrupulous customers or fraudsters. As more and more transactions are happening online, for example, how does a bank protect its customers for online Card Not Present or CNP transactions at a merchant site against frauds and chargebacks? Banks and financial institutions need to have systems to link payments with identity to safeguard their own customers from online impersonation based fraud threats!
The very recent case of UK’s FCA (Financial Conduct Authority) fining Bangladesh’s Sonali Bank UK’s operations to the tune of GBP 3.3 Million highlights the importance of keeping KYC data for appropriate governance and controls. The FCA gave reasons for the fining saying “Sonali Bank failed to maintain adequate anti-money laundering (AML) systems between 20 August 2010 and 21 July 2014… This meant that the firm failed to comply with its operational obligations in respect of customer due diligence, the identification and treatment of politically exposed persons, transaction and customer monitoring and making suspicious activity reports.”(source: https://www.bbc.co.uk/news/business-37630901).
However, Bangladesh is already making huge progresses on the digital KYC fronts. Almost any bank in Bangladesh can now digitally verify a customer’s identity via the Election Commission’s very sophisticated National ID (NID) database. However, by doing such ID verification digitally and then keeping all KYC data in paper form defeats the very purpose of digitally verifying against the NID database in the first place. Nevertheless, this is an excellent first step towards digital KYC and digital VOI in Bangladesh.
More and more banks in Bangladesh are now offering internet & mobile banking platforms for their customers to transact digitally and such transactions are also allowed by the Central Bank of Bangladesh. This means Bangladesh Bank is recognizing the fact that transactions can happen using digital signatures using online and mobile or any other digital channels. While the customers are accessing their online or mobile banking using an ID along with a password and a 2nd factor authentication, all such online and mobile banking platforms are using digital certificates behind the scene. The same is true when a customer buys anything online using his or her credit card.
The UK Financial Conduct Authority (FCA) has stated that ‘in order to enable effective competition and promote innovation, it is important that technologies that help firms better manage regulatory requirements and reduce compliance costs are supported.’
So when Bangladesh Bank is supporting online and mobile transactions by the banks, it is very important that the central bank also recognizes doing KYC & verification of a person’s identity using digital means.
The Reserve Bank of India (RBI) has recently given a fresh spur to India’s financial inclusion drive by allowing payments banks and small finance banks to use digital banking to open bank accounts while streamlining their risk mitigating norms to make the experiment of differentiated banking a robust one. The central bank has also permitted mobile phone users to open bank accounts with the payments banks promoted by telecom companies seamlessly, provided all the KYC (know your customer) formalities are already met. RBI also said that both small finance banks and payments banks can open accounts without a wet signature, relying completely on the digital signatures and digital verification, which makes on-boarding of customers easy for geographically distant places where opening a physical branch might not be viable.
One of the key factors for innovations in Financial Services (FS) is the evolution
of the regulatory agenda. Regulators in many countries are becoming increasingly willing to engage with the FS industry and partnering with them to drive innovation. From the AML / KYC perspective, the regulators need to understand that the current regulations were built or developed in a pre-digital age so therefore by definition, they do not allow the user to use online digital systems or methods in the area of KYC especially in the area of verification of identity. Things are changing with the regulators now and regulators or regulating bodies like the FCA in the UK, AUSTRAC in Australia and the Monetary Authority of Singapore (MAS) in Singapore, etc. – all of which have specific innovation agendas and that they are showing tremendous interest to partner with the wider financial service industry.
Bangladesh Bank has also recently given permission to Agency banking to promote Financial Inclusion. This has been a great step towards inclusive finance. However, for any bank to do agent banking, they are to follow strict guidelines and all AML compliances and that banks shall have to follow KYC format issued by the Bangladesh Financial Intelligence Unit (BFIU) of Bangladesh Bank for the agents and customers. This will make it very expensive operationally to have all such KYC done in a remote village in Bangladesh. However, Bangladesh Bank also advised the banks to develop IT based automated system to identify suspicious activity / transaction report before introducing the services. But no such advice offered if the banks could use digital technologies for KYC & VOI.
Interestingly, when it comes to digital KYC or digital VOI, it seems to be the understanding in the banking circle in Bangladesh that for KYC and VOI, the banks must maintain paper documents. However, while Bangladesh Bank has very strict guidelines for KYC & VOI, it is indeed a matter for Bangladesh Bank worth clarifying whether digital KYC & VOI can be done as no KYC related circular issued by the central bank till date either recommends digital KYC / VOI or even prohibits digital KYC / VOI!
The online world is moving rapidly and Bangladesh needs to move rapidly as well. Trying to catch up won’t work in the digital age as those who want to only catch up just can never be able to catch up as ‘digital’ is moving at a scale & speed that ‘catch-up’ speed can never match.
Author: Tarique A Bhuiyan
Tarique A Bhuiyan is the Founder, Chairman & CTO of Hashkloud Pty Ltd, a Sydney, Australia based Blockchain Technology focused FinTech start up.