Building digital trust into your onboarding tech stack

As the threat of financial crime grows, with fraud costing nearly $500 billion in 2023 and global flows of illicit money exceeding $3 trillion, banks and other financial institutions are at the vanguard of preventing fraud and tackling money laundering. With so much at stake, it’s no wonder that anti-money laundering (AML) regulations, beneficial ownership rules, and other legal requirements are extremely stringent and keep tightening over time.

Compliance with customer due diligence (CDD) and know-your-customer (KYC) obligations is a major undertaking — one that banks and financial institutions cannot afford to get wrong. Having well-documented, robust, and consistent procedures for the entire customer onboarding process and all ongoing transactions is essential. It’s up to banks and credit unions to make sure people are who they say they are and spot any red flags in their background checks that could indicate the potential for criminal activity — whether that’s validating an individual’s identity; screening for, assessing, and monitoring risk; or investigating any concerns.

Considering the growing complexity of criminal activities — including identity theft, synthetic IDs, money mules, and scams — financial institutions must enhance their strategies to detect and effectively prevent potential fraud and money laundering. Here, one cannot underestimate the role of tech tools specifically designed for this purpose.

Carrying out manual internet searches to find critical information is both time consuming and open to the risk of a “false positive” outcome or a vital piece of the puzzle getting missed. Implementing a robust tech stack provides a solution: empower risk and compliance professionals to access the intelligence they need — quickly, accurately, and comprehensively — all in one place, ensuring that the latest security features underpin all onboarding operations and transactions.

In this white paper, we explore how banks and other financial institutions can build “digital trust” into their onboarding processes and transaction procedures via a fit-for-purpose tech stack and what value this adds to their compliance activities in terms of effectiveness and efficiency.

The role of digital trust in onboarding

Criminals are exploiting digital technology, including artificial intelligence (AI), to perpetrate convincing frauds. Banks and credit unions must fight fire with fire. Customers and regulators must be confident in their bank’s ability to verify their transactions and always protect their personal data. Using advanced tech tools, they can mitigate risk and build trust by demonstrating that they have high-level safeguards in place. This way, they can embed digital trust into the onboarding process and throughout their operations.

What is digital trust?

Digital trust refers to an organization’s activities to provide a safe environment for customers’ digital interactions by protecting users against suspicious account creation, unauthorized access, and fraud — while delivering a secure way to execute transactions.

For financial institutions, digital trust includes:

Security

The ability to carry out a digital transaction safely protects both the institution and its customers from potential threats.

Privacy and data integrity

It is essential to conduct transactions in a way that does not expose or misuse an individual's personal information, thereby maintaining the confidentiality and integrity of data.

Identity protection

Safeguarding the authentic identity of users prevents identity theft and fraud by ensuring that only legitimate users can access their accounts.

Risk management

Financial institutions must be able to promptly identify and address cyber risks, preventing potential security breaches before they can cause harm.

Accountability

In the event of fraud, institutions must take immediate responsibility and take corrective actions to rectify the situation and prevent future occurrences.

Digital trust takes the concept of “know your customer” and extends it to mean “know your user” so bad actors can be spotted and blocked before they have a chance to commit a crime. It means taking all possible steps to verify the information you have using the most comprehensive and up-to-date sources to check.

It means staying alert to risk throughout the customer lifecycle with proactive, ongoing risk monitoring and tools to detect if people’s credentials have been stolen or faked. These tools can also determine if individuals' circumstances have materially changed — for example, new names, addresses, adverse media coverage, arrests and charges, etc. Digital trust also means carefully considering how to secure data in your onboarding tech and implementing robust security measures to prevent malware or phishing attacks.

In this way, institutions can build credibility and enhance the customer experience.

Building a tech-enabled onboarding framework

The law requires financial institutions to carry out a customer identification program (CIP) to verify the identity of individuals wishing to conduct financial transactions with them and to identify the “beneficial owners” of companies opening new accounts. But their responsibilities don’t end there.

To keep up with — or ahead of — criminals, institutions need a well-stocked toolkit of anti-fraud capabilities to deploy the right tool for the job at each step of the onboarding process.

As banks and financial institutions build and maintain their onboarding frameworks, they must consider what risks could emerge at each stage and what questions they need to ask — and answer — before proceeding to the next stage. For example:

• Is this a real person?
• Is it the right person?
• Is it one person?
• Does this information correspond to them?
• Have there been any significant changes to their details recently?
• How risky are they?
• What does their background look like?
• Have they ever been accused of — or associated with — fraud?

Where are they going to get this information? The reality is that it could come from a plethora of sources — something which has both positive and negative implications. Positive because it’s likely that the truth is out there somewhere in the vastness of the internet; negative because finding it using web browsers could be like looking for a needle in a haystack.

However, with the right solutions to help you unearth what you need and make the information gathered usable and meaningful, you won’t be overwhelmed by reams of data — both valuable and worthless — which you must sift through and evaluate.

Tools for ID validation may need to mine public records to match up names with Social Security numbers, birth dates, and addresses or be able to verify documentation. Ensuring an individual is not subject to any sanctions, is not a politically exposed person (PEP), or checking if they have been in the news for any nefarious reasons will require thorough screening and a trawl through global media. Determining whether a new customer relationship falls within your organization’s risk tolerance levels will often require complex risk scoring.

Once a relationship is in place, monitoring those issues on an ongoing basis takes constant vigilance. Being alerted to changes around sanctions or criminal charges, analyzing digital activity to flag potential threats, or facilitating the investigation of suspicious activity are all vital.

You need tools that give you complete, relevant information that’s up to date. Just as importantly, the solutions you use should be able to integrate seamlessly so all the information you require is joined up and easily accessible in one place.

Case study: Streamlining CIP 

A prominent financial services firm that regularly handles business accounts needed to enhance its customer identification program and significantly reduce time-consuming and labor-intensive manual investigation efforts.

Thomson Reuters Risk & Fraud Solutions provided the firm with a way to verify critical information for a large list of businesses all at once and easily assess the risk level for each with a calculated risk score. By automatically processing a large proportion of the accounts, its CIP process was 65% more efficient within two months. The firm went from spending over 12 hours per day manually reviewing new business accounts to just four hours.

These time savings freed the firm’s investigators to focus on those accounts that required more complex scrutiny. By saving eight hours of work a day, the firm estimated that cost savings were equivalent to the salary of a full-time analyst. Along with efficiency gains and resource optimization, the risk of compliance violations has also been reduced.

Verifying IDs and mitigating risk: How to secure data in your onboarding tech

The statistics are shocking: there were 15 million victims of fraud last year — a threefold increase from 2020 — and ID fraud resulted in a loss of $43 billion. From account takeover attempts to money mules, impersonation fraud, stolen credentials, malware attacks, phishing, and social engineering scams, the range of tactics deployed by criminals is vast and ever growing.

It’s worth noting, however, that while fraud is costly, so too is turning away genuine customers or blocking legitimate transactions due to false positives, leading to lost business and damaging customer loyalty.

That’s why advanced ID verification and investigation technologies must sit at the heart of financial institutions’ anti-fraud strategies. In the face of scams that can fool even the savviest of us, technology adds layers of extra security to help confirm suspicions or give the all-clear.

Digging deep into public records

One way to do this is to employ tools that thoroughly search the latest public records, including credit statement headers, bank headers, and vehicle registration databases. This method is likely to be far more effective than any internet search.

Such tools should be customizable so that you can filter and target searches as required and provide scope for enhanced capabilities if further due diligence investigations are necessary. For example, you might find it helpful to receive alerts on new death records, changes in sanctions listings, or redundant Social Security numbers, as well as having the ability to verify identities internationally. It can also be valuable to have the tool provide you with a risk score to help you make decisions about the scale of a potential threat and whether to proceed with a new account or transaction.

Enhanced ID verification

Given how sophisticated many criminals are, it can be difficult to tell if a subject is truly who they say they are and if their ID documentation — like a driver’s license — checks out. What if you had an identity verification tool that allows a subject to take a photo of their ID and a selfie and then runs checks to ensure both match and confirm that the ID and selfie are authentic? If it deploys biometrics, conducts thorough forgery checks, and can electronically verify thousands of different document types — including those from other countries and in other languages — all the better.

Advanced protection against sanctioned and risky individuals 

Verifying ID is one thing, but understanding who an individual really is goes beyond that. If someone seems like a potential risk, you’ll want to know more about them. Is there any media coverage about them online, and is it positive or negative? Are they subject to any sanctions, and are there any political affiliations or connections you should know about?

A comprehensive customer screening solution can deliver live adverse media results so you can see up-to-date coverage of particular individuals you’re interested in. It also monitors sanctions, politically exposed persons (PEP), and state-owned entities (SOE) lists broken down by country and alerts you if anyone you have flagged is added.

Preventing digital ID fraud

Digital fraud is a major issue: a third of U.S. adults have been victims of account takeover (ATO) attacks, when criminals gain control of their bank accounts, while 95% of synthetic identities — where criminals create fictitious identities to open accounts — go undetected during the onboarding process.

Digital fraud is more likely to be detected by digital means. Solutions that leverage device data, behavioral analytics, and malware detection can stop online attacks in real time and prevent account takeover by looking at patterns, identifying suspicious anomalies, and delivering intelligence on potential threats. For instance, they can look at when a user’s activity seems off, such as logging on from a different location or at an unusual time of day. They can even analyze keystroke patterns, mouse movements, or app behavior, as well as check for blacklistings.

The importance of data analytics

Tools should deliver not just data but data analytics. They should be able to sort and prioritize the critical information; track trends; look for emerging patterns, irregularities, and repetitions; and be capable of putting the information they give into context to put you in the best position to identify risk.

In this way, data analytics plays a vital role in continuously improving onboarding processes by flagging areas of weakness or highlighting which threats are most prevalent so appropriate action can be taken.

Preventing financial crime with robust KYC and CDD protocols

As critical components of financial crime prevention mandated by law, KYC and CDD rules are effectively two sides of the same coin. So, it’s essential that the frameworks financial institutions use to ensure compliance work well together.

KYC requires financial institutions to know who their customers are and verify their identities by checking that their documentation is legitimate, that their details — names, dates of birth, addresses, and Social Security numbers — are correct, and that they correlate.

CDD requires financial institutions to evaluate and monitor the potential crime risk of customers by looking into their backgrounds, such as business dealings, associates, court actions, arrests, media coverage, and their financial and political activities, in order to create and maintain an accurate risk profile.

Both KYC and CDD can present a hugely challenging task. Common pain points include knowing whether information is accurate, complete, and current, along with the difficulty of distinguishing between real results and false positives, such as finding information about the wrong person or miscategorizing a transaction as suspicious.

When it comes to KYC, tech tools should not only be able to locate, analyze, and check the information, but they should also be able to connect the dots and create a clear picture of an individual or business, sifting out old or irrelevant data and highlighting factors that suggest everything is — or is not — as it seems.

Regarding CDD, it should not be a static exercise. Customer due diligence is an ongoing obligation that requires financial institutions to keep an eye on customer activities over time, at a frequency based on their risk profile. Therefore, solutions that utilize the latest records, conduct thorough searches, and provide alerts for any changes are essential.

Whether it’s KYC or CDD, technology solutions should be adaptable to keep up with crime trends and regulatory changes and remain innovative to enable organizations to effectively maintain compliance at all times in a highly efficient manner.

In the future, we can expect to see greater deployment of artificial intelligence and machine learning in KYC and CDD solutions for even greater accuracy, wider and deeper data sourcing, and faster results. Indeed, we are already at the forefront of incorporating robust, reliable AI in our suite of risk and fraud solutions.

Case study: The value of consolidating AML processes

A top 10 domestic bank recognized the need for a robust solution that could expedite its AML processes without compromising the quality of due diligence. Its traditional methods were time intensive and prone to errors. It was using three different platforms to perform adverse media screening and enhanced due diligence, requiring much back and forth between them.

To streamline these processes, the bank chose to deploy Thomson Reuters Risk & Fraud Solutions, which comprise adverse media screening and enhanced due diligence capabilities all within one platform. This unified solution eliminated the need to purchase from various providers and shortened the previous seven-step process to just three steps, improving workflow efficiency.

The bank experienced a significant boost in the accuracy and comprehensiveness of its risk detection capabilities. With Thomson Reuters Risk & Fraud Solutions, it realized:

• A 35% increase in the percentage of quality alerts
• 12,725 fewer false positive results per month
• 434 hours saved per month on alert investigations
• $500k of time savings per year, enabling the bank to allocate resources to higher-value tasks

Overall, the bank was able to respond more promptly to potential threats, mitigate vulnerabilities, and robustly demonstrate its commitment to compliance and due diligence.

Conclusion

Given that U.S. commercial banks hold more than $23.4 trillion in assets and credit unions have around $2.2 trillion, they have a vital role to play in the fight against fraud and money laundering to protect customers and other victims of crime — and themselves. After all, the financial, regulatory, and reputational risks could be severe.

Ensuring compliance can be extremely challenging. As global markets, digital currency, and information security continue to outpace traditional systems and structures, the financial world is becoming increasingly complicated, and hidden threats are harder to spot. Against this backdrop, building layers of vigilance and embedding trust into your systems is essential — and increasingly, financial institutions are relying on smart tech tools to achieve that.

We understand the business-critical imperatives you’re facing to meet regulatory requirements to prevent financial losses and reputational damage caused by criminal activity and avoid costly fines for compliance failures. We also recognize that streamlining processes — like onboarding new clients and optimizing resources — can add significant value to your bottom line.

Thomson Reuters Risk & Fraud Solutions empower you to take back control and sharpen your focus so you can adapt to ever-changing fraud tactics and stay ahead of emerging threats with continually updated and comprehensive data you can trust.

Learn more about how Thomson Reuters Risk & Fraud Solutions can benefit your organization and request a free demo.

Disclaimer: Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a “consumer report” as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning; establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing; or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.