Meet AML / KYC requirements in digital banking
Financial institutions (FIs), digital banks and FinTechs are in a hurry to meet growing consumer demand for streamlined, interactive and reliable online banking services. As in-person onboarding procedures and account access give way to digital interactions, new security concerns have arisen, including increased risks of identity theft and online fraud.
“Technological innovation always brings new opportunities and new risks,” said Tom Curran, chief risk and compliance officer at Upgrade, a San Francisco-based FinTech that provides affordable credit to mainstream consumers. “While the opportunities created by mobile banking and online lending are clear in terms of ease of use and access to affordable credit, there are new risks of fraud, [such as] synthetic identity theft, which must be dealt with.
In a recent interview with PYMNTS, Curran explained the security challenges inherent in online banking innovation and how FIs and FinTechs are responding to the growing need to mitigate identity theft and online fraud while still complying. in combating money laundering (AML) and knowing your customer regulatory requirements (KYC).
“Innovation [such as] [peer-to-peer (P2P)], real-time payments and digital wallets like Apple Pay, for example, have created new challenges, ”Curran said. “With online fraudsters highly capable of covering their tracks, FinTechs and FIs need sophisticated real-time methods to identify [bad] actors within their environment.
Adapt AML / KYC practices to meet customer growth
Upgrade has adapted its AML / KYC practices to meet the increased security requirements of its growing digital and mobile banking platform.
“Our fundamental approach to meeting our AML and KYC obligations has remained similar,” said Curran. “But as we increase our customer base and the complexity of our products, we’ve added additional layers of fraud detection and prevention. “
Curran said that since the inception of the company, Upgrade has taken advantage of the fraud mitigation credit underwriting data sources that are built into their KYC process and can be used as non-document sources to clear data. Client Identification Program (CIP) deviations.
By refining its custom rule sets, it has achieved efficiencies in leveraging Internet Protocol (IP) and device data, both in onboarding and Enhanced Due Diligence (EDD) reviews. .
“There are situations where third party fraud procedures are satisfied, but we are always interested in taking a closer look for KYC purposes,” Curran said. “We have also come to rely on data elements such as email address, phone number, IP address and device data, which can provide information throughout the cycle. life of the customer, not just when applying for credit. “
Although FIs already adhere to AML / KYC requirements, best practices exist for businesses. Yet the big question is how effective they are in tackling today’s online challenges. Curran said Upgrade has in place a robust banking secrecy law (BSA) / AML and sanctions program that mitigates its financial crime risks while helping its banking partners meet their regulatory requirements.
“Our program uses a traditional approach of the BSA pillars while using innovative solutions where appropriate,” he said. “For example, we have a traditional automated transaction monitoring system with scenarios, rules and alerts, but we also use AI to identify abnormal behaviors in larger patterns on our platform… and focus on the suspicious activities to be investigated. “
The Benefits of Biometrics and Data-Centric AML / KYC
Upgrade uses data-centric AML / KYC methods and biometric technologies to strengthen its fraud defenses more proactively.
“We use a large set of data [that includes] conventional CIP / KYC data, other IP “metadata” and device data [and] biometric identifiers such as voice and speed / manner [when] adding customer information into the application process, ”Curran said. “[This] helped us to be more proactive.
Curran also recognized that the perceived protection against security and fraud plays a vital role in the customer experience, as does making transactions simple and easy. This means that the online procedures for verifying clients should be secure, but transparent.
“We take a risk-based approach in terms of adding friction to the customer experience, and generally try to create behind-the-scenes controls and processes where possible,” he said. “For example, while some customer-related requirements, such as [multifactor authentication (MFA)] are table stakes for online access, having reasonable rules [for] cookie devices, when appropriate, improve the overall customer experience.
According to Curran, Upgrade leverages internal customer data, including payment history and declined / failed transaction data, to remove friction on customer transactions and applications – and, conversely, introduce friction when anticipates fraud or the risk of account takeover is higher.
Like many digital banking providers, Upgrade must strike a balance between leveraging enhanced security to mitigate fraud and provide consumers with a seamless online experience. Having the tools to manage this process is essential to maintaining customer trust and engagement.