4 min

How digital KYC is transforming business

Formerly used to combat money laundering, “know your customer” (KYC) is expanding its scope and recurrence to become cyber-resilient. Previously a characteristic of the financial sector alone, its process and regulatory requirements are gradually being extended to other activities: real estate, crypto-assets, IT…

Marc Auxenfants

Freelance journalist based in Luxembourg, Marc has been covering topics including economic, finance, new technologies and startups for international media since 2003. He holds a Master’s degree in economic sociology, a Master's degree in journalism and a Master's degree in European economics and law. He began his career as a sociologist and worked in finance and communication before entering journalism by the back door.

View all posts

In order to remain competitive in the face of growing cybercrime and ever-expanding regulation, businesses must digitalize their processes: from customer onboarding to document collecting and monitoring, from environmental and economic risk analysis to regular compliance reviews.

What solutions does eKYC provide? Why is it transforming the organization and economic activities of companies? What role does digital identity play in such an approach?

Expanded scope and frequency

By integrating the criminal liability of legal entities in terms of money laundering, the 6th EU Anti-Money Laundering Directive (AMLD6), which came into effect on December 3, 2020, harmonizes the list of offenses and holds companies to higher than ever standards in the fight against criminal activity (temporary ban on operations, judicial supervision, even permanent closure of the entity).

In the eyes of legislators, KYC and reasonable due diligence have an increasingly significant role to play in the fight against cybercrime.

“If processes are weak, or if staff is poorly trained, monitoring turns out to be ineffective,” highlights the “Follow the Money” report (from BAE Systems and Swift) on large scale money laundering. “Furthermore, there have been instances where an insider, whether an accomplice or under duress, helped forego or reduce the close inspection of compliance teams performing KYC and due diligence checks during account openings.”

“In order to be compliant and follow good practice, organizations must therefore digitalize their KYC, to make it recurrent and more flexible in the face of ever-changing regulation, while remaining responsive in case of an embargo”, explains Guy de Felcourt, a Public Affairs consultant specialized in digital identities and payment. “Good practice must become long term, all the while making customer experience more flexible.”

By gaining in permanence, customer knowledge also becomes recurrent, the cofounder of the ID & KYC Forum continues: “The business must monitor its risks, which means knowing how to detect a number of signals (artificial intelligence will often be used), and transitioning from a test at the start of the relationship to regular monitoring of customer and provider situations.”

A “transformational” KYC

By reinforcing remote verification of personal and professional data, the AMLD5 and 6 are strengthening the connection between digital identity and KYC, the expert believes: “Every business today needs identity to structure the bonds it intends to make both within the organization and in its external spheres of influence. And these bonds must, as much as possible, be ergonomic and trustworthy.”

In terms of customer information, this connection requires the business to adopt new organizational and technological approaches (secure components, smart data, application layers, biometrics, crypto…) in the structuring, management and securing of data and dataflow.

“For the company this entails a need to realign its businesses, activities and organization in order to be compliant. The company must also review the management and processing of information, and work with trustworthy and certified data. In order to do so, it must integrate database and detection tools, and big data and artificial intelligence technologies.”

According to him then, combining KYC and digital identity is fundamental in the context of the European Anti-Money Laundering package announced for 2024: “These new KYC requirements will extend to covering the players involved (such as crypto-assets), the frequency of checks and the use of knowledge of customer attributes (FICOBA, registers of beneficial owners, etc.),” he explains. “There is therefore cause for significant joint effort between the two projects, which would allow real collaboration in regard to the regulated private sector”.

Digital identity: a social impact

According to him, combining KYC and digital identity also redefines customer relations, which is no longer solely based on direct contact: “The concept of identity refers to how we establish relationships, how we function in society, how we organize our economy,” he notes. “In putting remote relationships at the center of our new societies, which is a direct consequence of the health situation everyone can observe today, it is no longer possible to ignore the question of digital identities.”

“Electronic and digital relationships are made in such a way that they must be based on three levels: onboarding (identification), authentication and authorization. Digital identity is used to manage the attributes of the entities (or persons) involved in order to be able to establish these three basic relationships, and to optimize and consolidate them”, states Mr. de Felcourt.

This social transformation is also becoming an issue of sovereignty, highlighting the importance of “consolidating European digital identity vis-à-vis American and Asian alternatives that have so far prevailed among the general public”.

But is eKYC reliable? Certainly, artificial intelligence makes the process faster, simpler and cheaper. But machines can also make biased decisions. “Using machine learning means that companies would rely on closed databases that don’t easily allow seamless integration with other platforms,” ​​points out Rainbird Technologies’ Oliver Gudgeon.

“Algorithms that are overly compatible with past models and blind to current issues, just as staff that no longer monitors the complete customer lifecycle, can leave companies unable to explain automated decisions.”

Furthermore, in order to achieve effective operational compliance, he recommends integrating Anti-Money Laundering e-KYC into broader digital transformation plans, “rather than into new closed off machine learning approaches.”

Customer knowledge engineering therefore has a bright future ahead of it, at the crossroads of expanding anti-money laundering practices, the reworking of customer relations around digital identity, and artificial intelligence in risk detection and information monitoring.

Send this to a friend