What is a digital identity and how can you check your clients’ digital ID?
Banks and Mortgage lenders are obliged to check their customers’ identities. This applies to existing customers as well as onboarding customers. But what does ‘identity’ mean in this context? What is a ‘digital identity’? And, how do you check your customers’ digital ID easily and securely? Ockto product specialist Ilyan Tonneman explains.
Digital identity
Many of us take our official identity documents for granted but, in some parts of the world, the notion of ‘identity’ is a luxury. Identity is the fundamental key that paves the way to opening a bank account, voting, driving, starting a job, accessing medical and government services, flying, and even selling products and services. A digital identity is an easy way for around a billion people, who don’t have an official ID, to acquire valid and usable proof of identity. So, for many, a digital identity is the first step to obtaining basic financial services.
But what is a ‘digital identity’? Technically, the ISO/IEC 24760-1 standard defines identity as a “set of attributes that are associated with an entity”. In short, a digital identity determines which set of digital attributes must be associated with an entity. At Ockto, we define a digital identity as a set of verified attributes originating from multiple data sources for the purpose of uniquely proving a person’s identity, whether it’s done online, offline, now, or later via a mobile device.
Digital identity solutions
The world is becoming increasingly digital and there is a growing need for digital identity solutions that are just as safe, secure, and reliable as face-to-face customer identification. In the world of mortgage lending and banking this topic is especially relevant because these institutions are obliged to know who their customers are. AML-legislation dictates that financial service providers must check that onboarding customers are who they say they are – a procedure that must be repeated every 5 years. To this end, financial service providers have developed Know Your Customer programs: performing checks by which fraud – and in the worst case terrorism – can be prevented and traced.
Although Know Your Customer tops the list of priorities, the ‘customer identification’ subject shifts to a larger arena that focuses on the enrichment of trusted or verifiable data about a customer. After all, the more you know about your customers, the better you can tailor your products and services to suit their needs. One way to enrich data is to learn more about someone’s living situation: does the individual still have a partner and if not, what can you as a bank or mortgage lender do to lower that client’s monthly costs? This proactive attitude increases the confidence customers have in your organization – an increasingly important cornerstone for successful financial service providers.
How do you check someone’s digital identity?
The financial sector has a growing need for digital identity solutions and customer data enrichment. The logical question here is: how can this be done securely and effectively? When it comes to establishing a digital identity, there is no single use-case and therefore no single answer. In this age of big data, a lot of information about people and their digital and non-digital activities is being collected. That means information can be obtained from the Employee Insurance Agency, Tax Authority, Pensions and other governmental websites. Which data set is most effective for increasing customer trust? Which data set offers the most security and protects personal identification information (PII)? And, which offers effective levels of risk mitigation as well as a seamless onboarding experience? To provide the right levels of confidence and assurance for doing business safely, a digital identity solution must be able to answer many different questions.
The future of digital identity solutions
Think of digital identity as a marketplace of hundreds of data attributes, verification processes, and tools that should work together to identify ‘who’ a person really is, regardless of his or her unique set of identity characteristics and risk profile. When you link those data sources together, you create something unique. The promise of digital identity is that it is easy for both customers and businesses to use. It’s secure and only allows legitimate users to access specific services. It ensures compliance. It builds trust online across the globe. The good news is that this ideal state of affairs for digital identity is closer than you might think. Smart companies such as Ockto are building it now. Soon, citizens around the world will have access to digital identities, and we will all be able to benefit from the opportunities that the future offers.
Know Your Customer programs can be much more valuable
Requesting personal data during and after the onboarding of new customers creates a lot of additional work for financial suppliers’ Know Your Customers programs. Robert Harreman explains how a modern, integrated approach makes customer management safer, more effective, and more valuable.
Knowing your customers is important. The more information you have, the better you can match your services and products with the demand. This applies to practically every industry, especially the financial industry. Banks, mortgage lenders, and insurers have an obligation to exercise due diligence so that they offer the customer a suitable product. They also want to ensure that a customer won’t default on his or her obligations over the long term, or even worse, turn out to be unreliable. Finally, over the last decade, regulators have been imposing stricter requirements on the onboarding process and subsequent periodic customer checks (known as ongoing due diligence). Taken together, all of these information checks constitute a sizable amount of work for the financial service provider, but also for customers. Isn’t it high time that we started handling customer management more effectively? Fortunately, this can be done by using the latest tooling and techniques intelligently.
AML legislation
Financial service providers are required to establish that existing customers are as reliable as they were when they first came onboard. Regulators are increasingly alerting financial service providers about this obligation by checking whether they are properly complying with AML legislation. This legislation is intended to ensure that financial service providers continually monitor the customer’s situation, in order to more quickly detect or even prevent fraud and terrorism. It’s a good idea on paper, but in practice this monitoring and review process doesn’t always work well everywhere. This isn’t just bad news for the justice system; failure to comply with AML legislation can lead to very high fines and damage to a company’s reputation. This has happened to a number of international banks in recent years.
Know Your Customer programs
Pressure from the regulators causes financial service providers to spend a lot of time setting up Know Your Customer (KYC) programs. This KYC principle is also known as Client Due Diligence (CDD) and refers to the steps that financial service providers must follow in order to establish a customer’s identity, understand the nature of the customer’s business, and assess the risks of money laundering and terrorism financing. This is why banks and mortgage lenders deploy a lot of staff who, often manually, have to establish customers’ identities and detect possible fraudulent transactions. This initially happens during the onboarding process and subsequently on a regular basis.
Two drawbacks and a missed opportunity
The current KYC programs have two major drawbacks. First of all, they are anything but effective. Much of the work occurs manually and piecemeal, so that checks take a lot of time and the customer’s interests come second. The second problem has to do with privacy. During the transmission of personal data, information that isn’t relevant to the financial service provider often accompanies the data because it is included on the same document as the requested information. To prevent this, customers would have to shield part of the data, which in practice would mean censoring their documents with a (virtual) black marker.
In addition to these two drawbacks, the current KYC approach also leads to a missed opportunity. Good customer management should go much further than what is legally required. Maintaining the customer relationship and establishing that the purchased products still fit the customer’s circumstances are just as important. For example, does a personal loan still match that client’s income? Or does a larger family indicate different housing needs? If banks and mortgage lenders could proactively deal with these changes, they could contact customers in order to propose a better product fit in a timely fashion. In this way they would observe due diligence, create upselling opportunities and improve the customer relationship.
How do you do it well? The financial APK
Effective customer management should mean that you and your customer establish, in a timely and integrated manner, whether the product fits their situation and also find out if the customer still meets the legal requirements. So, you manage KYC, due diligence, and the product fit all at the same time. For this purpose, the customer can agree to regularly submit a limited set of personal data which the financial service provider can then use to determine if the customer relationship is still completely suitable. This includes information such as address, income, employer, family situation, and major changes in assets and debt position. By sharing this information from reliable data sources, it becomes easy for the customer to submit it, and for the financial service provider to automate the process.
In this way, the time-consuming Know Your Customer program changes into a financial APK that can be regularly executed in a fully-automated, efficient, and secure way. The precondition is, of course, that this APK be executed with reliable and updated processes and tooling. Once you have this in order, you kill two birds with one stone: excluding risks while improving the customer relationship.