KYC. KYB. AML.
Compliance, of course, has its own alphabet.
And anyone who’s in compliance knows that the trick is to pick out some of the most important letters from the alphabet and attend to them – namely, dotting every I and crossing every T. Doing all that crossing and dotting can be a bit time consuming, and costly. If not done well, enter the government, and the levying of fines, and it all becomes costlier.
In an interview with PYMNTS’ Karen Webster as part of the latest Data Drivers, Anatoly Kvitnitsky, vice president at Trulioo, said that KYC can pose a challenge for financial firms when onboarding customers, particularly when the customer is a corporate entity that wants to open an account and open the door to accepting payments. Easier said than done in an environment where data breaches abound and regulation is on the rise.
Data Point One: 30 Percent
This is the percentage of corporate respondents queried by the firm who said that the time to onboard new customers exceeds two months, and 10 percent say the process takes in excess of four months.
Said Kvitnitsky, the long and winding road starts when a business opens its doors and wants to take payments. The ensuing back-and-forth of paperwork, emails and phone conversations stretch across those months (especially outside the U.S.), until companies finally get clearance to accept payments from the bank.
But tech-savvy payments processors have whittled that down to mere minutes, said the executive, naming firms such as Stripe, PayPal and Braintree.
“It all starts with KYC upfront,” said Kvitnitsky, noting two routes to onboarding: one plodding, one streamlined. The bank may scan an applicant’s driver’s license or pbadport, and then opt to use manual processes for verification. Conversely, a tech-focused company (like Trulioo) can offer online access via API for verification, thus getting firms up and running to take payments with speed.
The firm supports the ongoing investigation of the company once onboarded, said Kvitnitsky – an especially important feature given that in Europe, verification has to take place one to two times annually. Trulioo is also adding monitoring features, with an eye on adverse media and other conduits of reputation that can alert financial firms to fraud or suspect activities.
But, as Webster asked, regardless of technology, how is it possible to know if someone really is who they say they are? They may have everything in the arsenal, such as names and dates of birth and Social Security numbers, but according to Kvitnitsky, they may not have the pbadport or government-issued ID of the victim.
Thus, Trulioo offers a selfie-focused solution, where the applicant matches pictures against official IDs. This is an additional line of defense against even comprehensive fraudulent attempts. Kvitnitsky said his firm has also been adding carrier data to match addresses against phone numbers and names for added layers of security.
Data Point Two: Eight
This is the number of individual, unique interactions between a bank and customer in the onboarding process, as both sides of the relationship strive to get all the documentation in place. But with digitally focused firms, all this is completed with what Kvitnitsky said is “a single touch point, all done electronically” in one fell swoop across name, address and date of birth – all verified instantly.
Would-be corporate customers are asked to enter their company registration details, with the movement toward making sure that the bank knows the signatory is one of the primary beneficiaries, and that the company is indeed up and running operationally.
Data Point Three: $60 Million
Talk about sticker shock. This is the lower end of the typical financial firm’s cost of compliance, where they need to make sure that enterprise customers are who they say they are – and, as Webster noted, that figure is on the low end. The tally can run into the hundreds of millions of dollars for some huge players in the financial services arena. This is largely the result of the fact that they have yet to automate the onboarding processes, and costs mount well beyond reams of paper and printer ink.
Where there’s lack of automation, when it comes to compliance, fines lurk. As an example, Kvitnitsky noted PayPal. Between 2010 and 2013, the company was fined $7 million – on transactions worth less than $30,000. Thus, the multi-million-dollar budgets tied to compliance are simply “the cost of doing business,” said Kvitnitsky.
Global KYC is also important as firms expand reach, he said, pointing out that emerging markets have a vast number of underbanked individuals who want to conduct the most basic transactions – yet they, too, need to be verified, especially in countries where credit bureaus are not well established. But in countries like China and India, government data and documents – in addition to mobile device-related information (with the devices serving as a key conduit to eCommerce) – can help identify more than 90 percent of the population.
The KYC process extends beyond onboarding typical payments and commerce-related endeavors to activities such as ICOs. Kvitnitsky said that companies operating in decentralized environments also have KYC liabilities, which exist any time money changes (individual or corporate) hands.
In the cryptocurrency realm, there’s the need to know that accredited investors are ponying up the funds and their identities, whether they are investing one dollar or one million.
“We’ve been seeing a lot of new companies coming to us – as many as two, three, four, five a day – that need KYC help doing an ICO,” he said.