A FinTech Start-Up’s Guide to ID Verification (and Why It’s So Important)
2 Jan 2022
As technology disrupts the financial sector, the issue of identity verification has taken center priority. With data breaches and hacks leaving customers vulnerable to identity fraud, regulatory organizations are taking a firm line on identity verification.
Our current manual systems of identity verification seek to prevent criminal activity, protect customer data, and reduce risk. Anti-money laundering (AML) regulations provide an umbrella of tactics to tackle these issues. These include Know Your Customer (KYC) and Customer Due Diligence (CDD) processes. For service providers, this means identifying customers using official documentation and verifying this via a third party.
The problem is that slow processing, expensive intermediaries, high frequencies of clerical errors, and increasing fraud make this manual identity verification method inefficient and costly.
The costs of identity verification are growing as regulations tighten. Cutting corners on compliance can be tempting. While this may save money in the short-term, outlandish fines are being dished out to non-compliant companies all around the world.
Fortunately, getid.ee is providing an affordable solution for performing KYC checks. Our innovative technology cuts out intermediaries, speeds up processing, and decreases costs. Thanks to getid.ee’s dynamic solution, customers and FinTech service providers can easily create, store, and distribute digital identities. This enables secure access to KYC services without exorbitant costs.
Still unsure why it’s so important to get your KYC ducks in a row? Here’s why.
KYC/AML for Startups
Anti-Money Laundering Regulations or AML is the broad term given to the set of standards for financial organizations to protect against criminal activity.
One of these processes is Know Your Customer or KYC. KYC checks are compulsory for each new customer. This means customers have to repeatedly complete this procedure. In a KYC check, customers submit official documentation identifying them by their name, date of birth, photo, and address.
Multiple third-party organizations are employed to verify this data. These intermediaries check customers are who they say they are, and that there are no red flags on their account.
Firstly, these companies try to match the applicant to their documentation. Next, they search for terrorist history, criminal activity, political exposure, or governmental sanctions. This prevents enabling financial instruments from being put in the wrong hands.
While the cost of these compulsory checks may seem high for financial organizations, the impact of not complying can be worse.
Take the example of Wachovia ( now part of Wells Fargo) back in 2010. Caught short with poor KYC and AML policies in place, Wachovia was fined $150M after Mexican cartels managed to launder roughly $360 billion through their US accounts. Alternatively, consider the $1.5 billion fine Barclays had to pay for inadequate anti-money laundering procedures that allowed an estimated $7 billion to illegally wash through their system.
It’s not always the case that the hammer comes down after big crime has been uncovered. In fact, banks like Standard Chartered receive harsh fines without large-scale criminal activity being identified. Instead, Financial Conduct Authority (FCA) audits found that AML policies had unforgivable shortcomings and fined the bank $125M.
The costs of retroactive compliance are shocking. The U.S. Government Accountability Office estimates that $15.2 billion was paid in non-compliance fines between 2016-2017; a $10.2 billion rise from the previous 6 years!
And it’s not just retroactive fines and money laundering that startups need to be aware of. One of the major components of the AML/KYC stipulations is that all personal data must be stored securely and correctly. In this sense, companies need to sufficiently secure against data breaches to prevent identity theft.
Inappropriately storing data on insecure internal servers makes those repositories a target for hackers. Unfortunately, financial organizations tend to create single points of failure by storing all their data on central servers. In other words, hackers can unlock one central server and access everything at once. This is much like a caterpillar worming its way into a cabbage and devouring the whole thing from the inside.
Thus, if companies don’t have tight security measures and store customers’ data on central servers, investors’ assets and personal data are vulnerable to malicious attacks.
The cost of cyber breaches is no laughing matter, both in terms of repairing the mess and loss of investor assets. Equifax’s financial reports showed that their 2017 data breach cost $1.4 billion to remedy. In other cases, head-on hacks have seen customers lose funds directly from their accounts.
In this sense, the early, efficient implementation of AML/KYC process is integral to FinTech startups. It ensures the safety of customer assets and personal data and prevents future remedial costs and non-compliance fines.
Why Is Identity Verification So Important?
Identity verification is important to protect you and the customer.
Regulation aside, identity verification procedures are in place to protect companies and their customers from criminal activity. A person’s identity is integral to procuring goods and services. The fraudulent use of this personal information can be harmful to companies and their customers.
By verifying the identity of customers, financial institutions and businesses can manage risk better. A customer’s history gives financial entities risk indicators based on previous behavior. This helps to determine how likely a customer is to harm the organization or its customers, based on their previous behavior.
Identity verification procedures protect against:
- Fraudulent documents
- Identity theft
- Internal-server hacks
- Tax evasion
- Trade of illegal goods
- Terrorist funding
- Political corruption
- Market manipulation
- Gang funding
- Drug trafficking
- Human trafficking, and so on
This broad spectrum of illicit activity is now compounded by the raging tide of technological advancement. With all this to contend against, AML regulations have become more stringent. AML and data compliance standards begun to step up worldwide. This can be seen by the EU’s introduction of the General Data Protection Regulation (GDPR) in 2016.
Protect Yourself Before You Wreck Yourself
Compliant identity verification procedures protect FinTech startups and businesses in two ways.
Sorting ID processes early means avoiding pricey non-compliance fines or future costs of retroactive compliance. Better still, you steer clear of being shut down, like ParityICO Passport Services — A promising digital identity blockchain project, ironically.
Equally, you’ll be ahead of the curve on protecting your clients. Your security builds the foundation for your FinTech startup. Shoddy foundations will only lead crumbling walls later. In the same regard, poor identity verification practices leave your company vulnerable to brand sabotage. Fraud, hacks, data breaches, and criminal activity can all shake the bedrock of even the strongest companies.
Figures show that cyber hacks and corporate attacks lead to a loss of investor confidence and tarnished company integrity. Just look at Facebook. An attack on its servers saw 50 million accounts hacked, leaving users at risk of identity fraud. The announcement of the breach caused share prices to fall by a notable 3%.
Moreover, studies show that reputation damage following breaches ripples into your future success. On average, sales growth drops by 3% for most industries, and 5% for the retail sector. Debt also increases while your company’s credit rating takes a plunge.
Thus, instilling identity verification procedures protects your brand from hacks and data breaches. This, in turn, protects your brand’s integrity and reputation.
Thankfully, gone are the old days of archaic paper trails, expensive middlemen, and KYC backlogs. getid.ee has solved the KYC bottleneck. By using automation technology, our platform cuts out intermediaries, stores transparent, immutable records, and secures data on local devices.
In doing this, your customers now only have to create their digital ID one time. Once verified, this can be accessed by you and other service providers in a secure, intuitive environment. That way you and your customers are protected by ID verification procedures that meet all regulations, while far-surpassing current security standards. And for you and your company, you’ll find your KYC costs slashed without cutting your company’s integrity.
Choosing a KYC / AML Compliance Technology
If you’re worried about the outrageous costs of KYC and identity verification processes, you should be. But you should also be wary of the even more scandalous fines for non-compliance.
With these things in mind, it’s probably time to consider a KYC/AML compliance technology that handles the whole operation for you. But what exactly should you be looking for?
A Compliance Technology That Lowers the Cost of KYC
The major costs in the KYC process come from manual processing and a lack of specialist staffing. First off, manual processing is slow and cumbersome. This is because multiple intermediaries need to verify each application. This constant changing-of-hands makes the procedure extremely error-prone. In turn, you’ll be subject to wait times and extra costs to remedy these mistakes.
Secondly, stricter regulations mean that companies need to employ more compliance staff with specialist training. A sudden industry-wide need has led to a shortage of staff, which has driven up the average salary, as demand far outstrips supply. Both in-house compliance staff and external third-party verification companies now charge sky-high rates.
Your compliance technology should target the two most poignant pain points: manual processing and costly compliance personnel.
Start by exploring solutions that address manual processing. getid.ee harnesses autonomous technology to shorten the KYC workflow, dropping unnecessary expensive actors from the system. At the same time, the technology cuts out clerical errors, eradicates wait times, and protects against costly hacks.
A Technology that Speeds Up the ID Verification Process
Manual processing slows down the ID verification process due to errors, snail-mail, and general workplace lethargy. Having to go through a circus of third-party verifiers, long processes often lead to onboarding abandonment.
A Thomson Reuters study showed that the time it takes to complete KYC applications had increased 18% for commercial customers. This had led to 12% of companies changing banks due to KYC friction.
Not only that, customers have to fill in KYC applications every time they apply for new financial instruments. This practice is increasingly spreading to other goods and services. This constant repetition is not only tedious, but it’s also slow.
Getid.ee has found that the best way to speed up the KYC process is to cut out third parties, automating as many steps as possible. By leveraging automation technology, service providers simply pay to access already-verified data. That way customers only have to create a digital ID and have it verified once, easing the onboarding process for every company they use.
A Compliance Technology That’s User-Friendly
As noted above, clients get antsy when applications take too long or are too complex. Instead, look for a compliance solution that’s easy for your customers to get on board with. Instead of the traditional method of filling out multiple applications, find a technology that allows customers to easily create a digital identity. Ensure users can have their data verified quickly and maintain it with very little effort.
What’s more, you’ll cut back staff training costs by deploying a compliance technology that’s simple to learn. Try to eradicate the overbearing costs of expensive compliance officers and specialist training. Your chosen technology should provide instant access to verified customer data without a fuss.
Thanks to getid.ee, you can satiate all your KYC needs in one user-friendly place.
Three Overlooked Examples of Fintech Non-Compliance
If you don’t take AML regulations and data compliance seriously, you could be on a collision course. Not only are you putting yourself at risk from regulatory admonishment, but you’re also gambling with investors’ futures. Both of these outcomes endanger your company’s reputation and livelihood.
However, it’s not always cut and dry. That’s why it’s integral to brush up on your compliance knowledge regularly to ensure you’re covering all the bases. Here are a few non-compliance examples that are often neglected.
Picture the profound effect that data breach would have on your company’s reputation. To prevent a dip in customer trust, keeping quiet about any breaches may seem like a good idea; especially if they’re only small. Buying yourself some time would allow you to remedy the problem before customers and regulators realize your error.
However, the GDPR requires that all data breaches are reported within 72 hours. Companies who try to flout this rule are met with severe sanctions. Marriott provides a stellar example of this. The hotelier was fined a whopping $100M following the failure to report a breach within 72 hours.
While some companies may claim that they were unaware of such shortcomings or illicit activity, this is no excuse. Instead, it seems shrewd to source a compliance solution that prevents breaches from slipping under the radar.
Thankfully, getid.ee’s innovative application of automated technology means that breaches never go undetected. Rather, the system flags any tampered records instantly. This is broadcasted to the entire decentralized network. Hackers are immediately shut out, while the system draws your attention to a breach, avoiding hefty non-reporting fines.
Theft of Customer Data
Imagine that your high-level colleague, Karen, decides to leave the company and start her own firm. Having parted on good terms, you wish them well. Later you discover that many of your customers are switching to your Karen’s firm. You realize that Karen has taken personal data from internal servers without authorization.
Not only is this an entirely unethical and immoral business practice — Shame on you, Karen — It’s also highly illegal and counts as a data breach by GDPR standards. Karen has committed a criminal offense under The Data Protection Act 2018.
What does it mean for your company? First and foremost, your company is liable for data breaches caused by employees. Secondly, if you don’t report it in 72 hours, you are also in violation of data compliance regulations.
Heed Revolut’s 2019 Warning
Revolut felt the true brunt of retroactive compliance this year following a glitch in the system. For three months in 2016, Revolut turned off an automated system that was designed to prevent its platform from being used to bypass international sanctions. Following reports from a whistleblower, it seems that the CEO would not listen to the compliance team.
Reports note that the system, which was used to identify illicit transfers, was shut off because it had wrongfully blocked harmless transactions. Having reactivated the old system in 2018, Revolut has since designed a whole new system to replace this buggy original. It would appear that the system was closed down to fix the error.
This isn’t Revolut’s first brush with non-compliance, however. Back in 2018, the neobank was forced to report suspicious activity to the National Crime Agency and the FCA. This led to pointed questions regarding the robustness of Revolut’s onboarding verification methods.
Fines haven’t been issued yet, but they’ll likely be huge. Revolut has already stepped forward to manage the issue. They have announced plans to hire a flock of compliance staff to iron out the trauma.
Watertight identity verification processes are integral for FinTech startups. Not only do these measures protect your company’s brand and secure your customers’ assets, you also avoid the costs of non-compliance. With the GDPR in full force and the FCA on a warpath, retroactive compliance and data breaches are becoming a costly affair.
Luckily, automated solutions like getid.ee relieve pressure on the system. Getid.ee cuts out the costs, wait times, and inaccuracies of intermediaries. Furthermore, by securing data on local devices across decentralized systems, users and service providers are protected against breaches. At the same time, the costs of storage are eradicated.
If you’re looking for an affordable identity verification solution with robust next-generation technology and impregnable security, getid.ee has it all wrapped up for you on our intuitive digital ID platform.
Speeding up KYC and ID verification processes, getid.ee cuts out costly intermediaries, eradicates data storage needs, eases onboarding for your customers, and opens up instant access to verified personal data for your company.
Want to know more? Head over to GetID website to find out how we can save you time and money on KYC processes today.