Trust is the foundation of any healthy relationship. A professional business-oriented relationship between various parties is no exception to this rule. Unfortunately, the harsh reality is that trust is not an explicit value and cannot be taken for granted. Trust needs to be earned through careful verification and maintained over time. Therefore, Know Your Customer (KYC) was brought to life as a practice carried out by companies to build a proper level of trust between them and their clients in the light of prevailing laws and regulations.
KYC is often wrongly perceived as a pure operational burden that delays the moment when real business can begin. The fact is that KYC serves both as the facade of, and an important starting point for, all further interactions. The quality of that facade may determine and set the context for the entire lifespan of the developing relationship. KYC is not only a process for a particular company to verify its client, it is also an invaluable moment when a client can find out whether offered services have a chance of meeting high-quality modern standards. Therefore, KYC is a process of gaining mutual trust: from the perspective of potential clients, it is extremely hard to believe that an offering relies on cutting-edge technology when their very first interaction turns out to be manual, ineffective and disappointing.
What is more, KYC is not a one-time activity, but rather an ongoing process. Regulations are here to stay and they will only grow more and more demanding over time. Ongoing monitoring requires proper planning as well; KYC processes need to adapt to an ever-changing world without the need for major redesigns. Every single shortcut and inefficiency made at the initial stages (e.g. using outdated data storage formats) will result in more complex maintenance and higher cost of compliance with new directives.
Know Your Technology
Interestingly, despite being such an important process, KYC is still, in many cases, performed mostly manually and uses paper as the primary data exchange medium. Thus we end up with a complex process required by regulators that tremendously affects a business and its relationships with clients, yet is performed in an old-fashioned and suboptimal way. Fortunately, such an environment is ideal for modern technologies and software architectures to shine. And contrary to today’s world, which is full of technical buzzwords trying to convince us that out there exists a panacea with a fancy name, we should rather focus on combining various compatible technologies to deliver a meaningful outcome. However, it is worth underlining that technology itself is not enough to make a difference. Technology is only a tool (albeit a powerful one) that helps us change our way of thinking about business and processes.
Proper capture, storage and processing of information are the foundation of today’s data-driven economy, and have a significant impact on how modern business processes, including KYC, are designed. A lack of high-quality data that can be easily analyzed affects every single step in the business process. In the case of KYC, information can be obtained either directly from a client (e.g. using application forms) or indirectly by leveraging various trusted data sources. Both methods should be combined to achieve a seamless experience. There are multiple publicly available and commercial data sources exposing required information through well-described APIs. Therefore, a modern KYC system should be designed in a way that enables easy interaction with the external world. At the same time, data and functionalities offered by the system should be easily accessible and useable as well. This goal can be achieved by following the API-first design principle supported by the OpenAPI Specification. OpenAPI is especially helpful, as it allows for discovery and understanding of the capabilities of the service without time-consuming interactions.
Nonetheless, some aspects of data gathering and processing are more complex than others. A good example is identity verification, usually based on ID or passport analysis. Such verification, important for both individuals and corporate parties, can be vastly improved by using image or video analysis and text extraction tools supported by machine learning. Solutions like Amazon Rekognition, Amazon Textract, Azure Cognitive Services or Google Vision AI can be used to build tailor-made processes responsible for real-time extraction of data from documents (from both machine-readable sections and free text), face-matching, liveness detection and more. Building such features has never been easier.
Though essential, simply capturing and storing data is not enough. A system needs to understand the meaning of data to be able to perform educated decisions. This is why the representation of data is so important – a scan of an ID is inferior to pure data extracted and classified from that document, even if both formats capture exactly the same information. Data enriched with additional meta-information allow for building of custom logic and the sophisticated rules around it, for example, related to risk assessment. Proper data classification enables simple simulation of different behaviors without major changes to the system. For instance, we can ask the system to simulate how the overall distribution of risk would change in the light of an upcoming regulation. Furthermore, there is always hidden value in data. Machine learning is ideal for identifying patterns that are not clearly visible at first sight, such as in the area of ongoing monitoring. Analysis of a potentially irrelevant flow of unrelated transactions may result in the detection of a major anomaly. Specific tools (e.g. TensorFlow) and more generic machine learning platforms (e.g. Amazon SageMaker, Azure Machine Learning Studio) are gaining more and more traction in the areas dominated previously by classic rule-based systems.
Ultimately, all the aforementioned technical aspects must result in an exceptional user experience. User experience is an extremely complex topic, but two of its commonly overlooked aspects are performance and resilience. In the era of cloud computing, users expect fast response times and 100% uptime. Such demands simply cannot be met by outdated software architectures. The system should always respond in a timely manner and stay responsive in the face of failure or varying load. These general principles are critical for systems responsible for such essential and important processes such as KYC. Therefore, so called reactive architecture promoting componentized services is the primary choice for such systems because they enable them to auto-scale and self-heal.
The next big step
APIs, advanced interconnectivity, a data-driven approach, machine learning and reactive architecture can already be utilized today. The future is even more thrilling: biometrics and AI are becoming increasingly visible in our day-to-day life. The moment when we will be able to ask our personal digital assistants to invest money for us is not far away; it is no longer a matter of if it will happen, but rather when. In China, you can already pay using face scan technology without taking out your smartphone. Recently, Amazon introduced their Connect Voice ID service, which uses machine learning to authenticate customers who dial into call centers. Our smartphones store information in fingerprints and detailed 3D scans of faces. At the same time, regulators are trying to keep up with technological innovation and leverage the power of shared data. For instance, the Fifth AML Directive requires EU members to maintain interconnected, publicly available national UBO registries. Unfortunately, the data stored in those repositories is still not easily accessible. We are on the verge of a breakthrough into a new era, where every person and every company will have a unique digital identity. The delivery of an adaptive and connected KYC system will enable businesses to seamlessly transition into this future.
To conclude, technology is not a cure-all. However, a combination of the proper mindset and the right technical choices can bring even the rustiest processes to the next level – KYC included. We already have all the tools necessary to bring this to fruition.
By Piotr Laskawiec, software architect at Metrosoft
© 2021 funds europe