"Your identity is your most valuable possession. Protect it"
– Elastigirl, The Incredibles
The European Banking Authority released its guidelines on remote customer onboarding. These apply to both credit and financial institutions. At the same time, they set the standards within the EU for developing sensible CDD processes.
The EU has developed these guidelines in the context of its 2020 Digital Finance Strategy, emphasizing managing risks related to remote onboarding and using third-party tools.
While digitalization was fully underway within the Financial Services and Payment industries before, the COVID-19 pandemic outbreak drove a much faster transition to remote customer interaction and onboarding. There's no way back to a more face-to-face onboarding environment within a more conventional CDD approach, but the challenges the industry and technology face is not in the future. They are right at our doorstep.
The guidelines require entities to adopt a risk-based approach and draft relevant policies to describe the processes related to remote onboarding (RO) and CDD and a general description of the solutions in place to collect, verify and record information throughout the onboarding process.
Additionally, FIs are requested to define those situations where RO can be used, product and customer categories are eligible, and which steps are fully automated or still require human intervention.
Interestingly, the guidelines apply to both Fraud and AML, which diverges from the mainstream approach of considering the former a business and the latter a compliance risk, hence treating them separately.
Data Collection & Authentication
While the guidelines define standard requirements, it clearly outlines the need to stop any onboarding process if the related technology is non-functional or offline. This again highlights the importance of resilience for non-presential processes.
The guidance on biometric data collection emphasizes using accurate algorithms that enable positive customer identification. If uncertainty persists, the EBA advises reverting to face-to-face processes. In this respect, there's very little room to manage the risk, like Sanctions Risk.
The Guidelines also offer some additional solutions that FIs should take according to the AML/CFT risk identified by them, as shown below.
The guidelines set a minimum requirement for legal entities to establish whether the customer is publicly registered. However, the recent ECJ ruling prevents public access to company registries throughout the EU, which is at odds with FIs' ability to gather and validate this type of data.
Currently, the EU doesn't have a digital identity requirement. But there is a proposal for a European Digital Identity Wallet which can be a game-changer for remote customer onboarding.
Understanding how qualified trust services or digital identity issuers work and analyzing and authenticating these new forms of ID might soon become fundamental to CDD procedures in the EU.
Without prescribing or advising on any specific type of technology, the guidelines strongly emphasize the use of technology and how algorithms should be consistent, robust, and reliable. The encouragement from regulatory bodies for FIs to fully embrace remote onboarding using advanced technology solutions is not new. Other regions and markets have already taken the same approach. As of December 2020, the Central Bank of Malaysia (BNM) issued a formal policy document to support the use of eKYC in onboarding.
Within the current economic downturn, it's tempting to cut costs and allow a business' onboarding verification requirements to expedite customer onboarding and reduce operational costs. However, this might also open opportunities for fraud.
It is now when advanced technology solutions can make a difference, along with the rollout of integrated, more secure, and sophisticated digital compliance products that use the latest biometric, artificial intelligence, machine learning, and blockchain technologies.