White Paper
Integrating ID verification with API technology for financial institutions
For financial institutions, the ability to verify that customers are who they say they are is crucial. An increasingly complex financial regulatory environment demands that firms be assured that they aren't working with illicit enterprises, or people with ties to illicit activity. Increased scrutiny is all but guaranteed in the wake of high-profile money-laundering scandals, but revelations need not be earth-shattering in order to impact a company's bottom line. For example, so-called synthetic identity fraud – where a criminal uses a completely fake persona to acquire credit, leaving investigators chasing a ghost – costs banks as much as $6 billion per year, according to the Auriemma Group.1
At the same time, prospective customers want their financial services providers to make onboarding as easy and seamless as possible, despite the fact that banks and regulators want significant assurance that these customers can verify who they say they are. Effective deployment of technology that can ingest and process a range of data sources is crucial to provide a smooth customer onboarding experience while meeting regulatory requirements.
Implementing FinCEN AML rules with API technology
In July 2018, the U.S. Financial Crimes Enforcement Network (FinCEN) implemented new rules around Customer Due Diligence for Financial Institutions under the Bank Secrecy Act. The stated goal of the regulatory update was to patch a hole in existing law; regulators noted that prior to the act, firms had no obligation to know the identity of beneficial owners of their customer – that is, the people who own more than a quarter of their prospective client company.
"This enables criminals, kleptocrats, and others looking to hide ill-gotten proceeds to access the financial system anonymously," FinCEN wrote in its announcement of new customer due-diligence requirements. The organization also advised four "core elements" that were required as part of anti-money laundering rules:
- Customer identification and verification
- Beneficial ownership identification and verification
- Understanding the nature and purpose of customer relationships to develop a customer risk profile
- Ongoing monitoring for reporting suspicious transactions and, on a risk basis, maintaining and updating customer information 2
Fortunately, advances in data and analytics technology make it relatively easy for financial institutions of all sizes to meet regulators' demands without being too onerous for customers. In the blink of an eye, organizations can access information from a wide swath of sources from public records, private records, and governments. These include phone records, credit bureaus, DMV information, arrest records, utilities, court records, and business data, which can be accessed via application programming interfaces (APIs) during the customer onboarding process. Getting quick access to information that confirms an applicant's identity makes closing a customer easier and faster. In addition, APIs allow access to cleaner data and more accurate identification, thus helping to mitigate risk such as monetary fines and reputational damage that can go along with false identification.
However, for ID verification, adoption of this technology has been slow. According to the Digital Banking Report's 2017 Account Opening and Onboarding Benchmarking Study, "ID verification and signatures/supporting documentation 'at the branch' are still required by the majority of organizations" even if much of the other required work to open accounts is done online. This is especially true for smaller institutions. According to Jim Marous, co-publisher of The Financial Brand and publisher of the Digital Banking Report, "there are many providers of services to improve the digital account opening process. These firms can help remove friction, increase engagement and improve customer satisfaction." 3
Integrating API to ease the onboarding process
The use of APIs has exploded over the past several years as governments and other institutions have digitized records, and financial firms have attempted to tap into that data to make the process of identifying prospects easier. In 2014 there were more than 10,000 public APIs available for use, according to Deloitte – but with the right partners, financial institutions can access more than just public data.4
In an API-driven world, financial institutions can perform the dual goal of meeting ID verification rules also while providing a better onboarding experience for the customer. An increasing number of firms are growing comfortable with public cloud and software-as-a-service (SaaS) offerings, which allow them to scale up and down as their data needs ebb and flow.
PricewaterhouseCoopers notes in its report, "Financial Services Technology 2020 and Beyond: Embracing Disruption," that an increasing number of financial companies "turn to SaaS for ‘point solutions’ on the fringes of their operations, including security analytics and KYC [know your customer] verification." Firms are even able to automate a good portion of the data verification.5
This can be applied to all sorts of customers, including businesses, in the case of commercial banks. Bain & Co. estimates that new regulations related to ID verification have driven customer-acquisition costs in commercial banking as high as $5,000 per client in some cases. The firm also notes that as firms have had to change their onboarding processes, that has led to delays in acquiring customers of up to 90 days, causing a substantial amount of lost revenue – sometimes as much as $25,000 per client.
To make onboarding easier while retaining records for regulatory audit requirements, Bain suggests banks:
- Identify what data and information the organization truly needs to ensure compliance
- Align globally by creating a common set of ID verification questions across locations, simplifying the onboarding experience
- Enable customer self-service through an intuitive digital portal that allows data to be pre-populated based on API calls
- Dedicate specialist teams that are responsible for governance across the organization and ensure that procedures match changing regulations
- Create global centers of excellence that concentrate on onboarding in local regions 6
Of these tips, API-enabled automation specifically helps the first and third. Integrating ID verification into the onboarding process using API technology means that banks no longer have to choose between an optimal customer experience and regulatory compliance. Once organizations identify the specific data they need, they can match that to the wealth of available APIs and get information quickly and efficiently, enabling them to serve customers throughout the entire customer lifecycle, boosting retention, and keeping the legitimate business as a customer for years to come.
1 http://www.acg.net/synthetic-identity-fraud-cost-banks-6-billion-in-2016-auriemma-consulting-group/
2 https://www.fincen.gov/resources/statutes-regulations/federal-register-notices/customer-due-diligence-requirements
3 https://www.digitalbankingreport.com/dbr/dbr249/
4 https://www2.deloitte.com/content/dam/Deloitte/us/Documents/financial-services/us-fsi-api-economy.pdf
5 https://www.pwc.com/gx/en/financial-services/assets/pdf/technology2020-and-beyond.pdf
6 http://www.bain.com/publications/articles/for-commercial-banks-a-better-route-to-all-aboard.aspx
Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.