RegTech, Biometrics and Due Diligence
To protect against fraud, money laundering and terrorist financing, the finance industry obtain key customer details known as Customer Due Diligence (CDD) before engaging in business. The majority of organisations still use human intensive, paper based methods such as an in-person comparison between an individual and their passport or the use of certified copies. However the development of Biometric Technology, which allows individuals to better represent their identity through a combination of unique identifiers, offers the potential to reinvent the industry. So are we about to see a seismic shift?
The cost of meeting ever-increasing regulation and fines can be proactively avoided by creating a diligent CDD foundation for your firm. A recent global survey revealed the average international financial firm spends $60 million annually to cover basic CDD, with the biggest banks spending up to $500 million.
Can developments in technology reduce a company’s risk and costs?
Identity verification has come a long way from presenting a birth certificate. Innovative firms are creating regulation technology solutions, known as Regtech, to tackle the problem.
One of these solutions is true Electronic Identity Verification (EIV), which combines information about the individual, their physical features, the documents they possess, and the devices they use to make an accurate determination about the legitimacy of that individual and the transaction they’re involved in. Early adopters of this technology were primarily taking advantage of more efficient processing. However, further advances have allowed for the use of Optical Character Recognition (OCR) on a document which automates some aspects of identity data collection and verifies the authenticity of the document itself, for example, that the data was being extracted from a legitimate passport.
Verification then moved into the self-help space, allowing us to take advantage of the details about the device used to carry out the transaction. Technology detected indicators of suspicious activity such as multiple transactions from a single ip address or use of known fraudulent identities. Verification became something which combined the details of the individual, the document authenticity, and the legitimacy of the means used to conduct the transaction.
In-person presentation is still deemed the gold standard in verifying an identity. Unfortunately, humans are actually quite poor at facial recognition of individuals they do not already know.
Electronic verification methods are not precluded in the regulations governing financial businesses. In fact, Jersey/Guernsey regulators have been consulting on including specific advice for electronic verification methods, soon to be known as E-ID.
Then along came Biometrics, which introduces the capability to better identify an individual than in-person presentation. Multiple biometric factors are unique to an individual, such as their face or voice or fingerprint. Detecting the subtle differences in these identifiers is difficult for humans, however computers have greater success, using sophisticated algorithms to determine if a biometric measure is unique to an individual. Computers can also determine the difference between a biometric which is captured live and one which is recorded, preventing fraudsters from using video or audio to fake identifiers.
Biometrics are now incorporated into Electronic Identity Verification systems to further reduce the fraud risk. For example, an individual captures a photo of their photo ID and provides a selfie as proof that they are the individual depicted and are the person requesting the verification. Biometric verification identifies an individual as well as assuring that the individual being verified is the one conducting the transaction. It may be possible to falsify any one of those identifiers, but the unique combination of multiple identifiers (photo ID, accounts, documents, biometrics) is very difficult to fake and therefore very difficult to steal.
Modern EIV provides a level of fraud risk prevention for organisations as well a long-term reduction in costs and a degree of protection against identity theft for individuals.
Recently Jersey Finance highlighted that finance and technology are no longer mutually exclusive sectors, if they ever were, and the future of the banking review has already identified the digitisation of banking as a strategic priority. So it seems it’s time for Regtech… and yes, another acronym to blog about!
 Thomson Reuters 2016 Know Your Customer Surveys
Input from: Deborah Cross, Project Officer VIX Verify International PTY Ltd. Clive Busby, Head of Sales, UK and Offshore Markets
VIX Verify International PTY Ltd.
Director of Regulatory and Compliance at Baker & Partners
Originally published in Connect August 2017