Why KYC Compliance is Crucial for Fintech’s Growth in Sub-Saharan Africa

As the Fintech industry across sub-Saharan Africa with Nigeria continues to grow exponentially, one issue that has quickly plagued the sector is Identity authentication and verification of users. It has become increasingly evident that this is one of the most significant risks to Fintechs creating a great product. Without a doubt, this is an issue to be taken seriously from inception. Many great products die because of a lack of proper identity/risk framework to mitigate risks and ensure they offer solutions to the right person. This ultimately increases the chances of fraud if specific steps are not implemented for identity authentication.

This process falls under a Compliance Framework. The framework may include documents such as compliance programs, policies, procedures, guidelines, work manuals or instructions, registers, and templates. Business systems, information technology and other relevant systems that support compliance monitoring, reporting, and risk management are also included.

Setting up a new startup can be very expensive. Still, it’s far more costly if a Compliance framework is not developed and compliance processes, including the identity/ know your customer (KYC) procedures, are not adequately captured. KYC procedures are critical for assessing customer risk and a legal requirement for complying with Anti-Money Laundering (AML) laws. Effective KYC entails understanding a customer’s identity, financial activities, and the threat they pose.

Different elements to consider in designing and implementing an effective KYC program include creating a customer identification process, a due diligence program and an ongoing monitoring system.

The Customer Identification process addresses the question — How do you know if someone is who they claim to be? Identity theft is a big issue around the world. Every Fintech should determine the level of risk and policy for each customer account, making risk assessment a critical component for a successful customer identification process.

For example, what is the minimum requirement to open an individual account? What information do you collect, such as Name, Date of Birth, Means of ID, and Address — most importantly, the information must be verified to verify the account holder’s identity. Verification includes collecting the required documents from the customers and comparing the documents with other databases such as government databases, reporting agencies, etc.; a combination of both is vital for proper identification.

You would also need to consider both the regulatory and corporate policies. Therefore, the specific policies to be adopted may depend on Fintech’s risk-based approach, which should consider factors such as type of account, method of opening an account, type of identification information and location & customer base, including the type of product and services offered.

Customer due diligence, one of the critical questions it addresses is — Is my customer trustworthy? Can you trust this potential customer? Performing Due Diligence on your customer is essential to effectively manage your risks and protect yourself from criminals, terrorists, and Politically Exposed Persons (PEPs) who may pose a threat. You need to create a risk profile for all your customers. It’s a regulatory and corporate compliance process that should be implemented and tested continuously.

There are three (3) main due diligence levels, levels 1–3, varying from simplified to enhanced due diligence based on the risk associated with a customer.

Key elements to include in your Due Diligence program include

• Determine the identity and location of the potential customer, as well as a thorough understanding of their business operations.
• Classify a potential customer’s risk category and define what type of customer they are before storing their information digitally.
• You must follow the proper procedures when determining whether enhanced due diligence is required. This can be an ongoing process as the existing customer risk level changes over time.
• Keep records of all due diligence performed on each customer or potential customer in case of a regulatory audit.

This could be tough and costly, but it’s not enough to check your customer once. You need to have a program to monitor them on an ongoing basis. This function includes supervising financial transactions and accounts based on risk thresholds established as part of a customer’s risk profile. Some monitoring factors may include a spike in their transactions, unusual activities or transactions, negative media mentions or inclusion of people on the sanction list.

The process will vary for each Fintech based on your product or service type. However, it’s worthy of note to ensure that these processes are put in place to avoid issues in the long run.

In conclusion, I would like to dwell on the MTN momo issue that made the news a few weeks ago. The court suit filed by MTN will enable them to access bank customers’ accounts that received money either wrongly or fraudulently, as this wasn’t clarified. The approach by MTN is the standard approach regulatory-wise since you cannot access someone’s banking data unless the customer authorises or they receive the right through legal approval for the banks to give access. As devastating as this can be, it’s one of the issues faced by Fintechs today, and there is no proper legal process for retrieving such funds. It’s worth noting that an adequate identification program will go a long way in recovering such funds from existing users.

Before approval is received from the court, the money has moved so many times and is sometimes difficult to trace. How do you mitigate against such risk? This issue is why experience must be shared within the ecosystem for new and existing players to learn from and not fall over and over into the same trap that could be avoided. Indeed, different platforms have designed algorithms with varying cases of use built-in that mitigate this risk. How can we share information more efficiently, and how can the ecosystem grow to leverage the experience of others? This is an important question to be answered.

What is immediately evident is the need for a means to identify and verify customers for the sector’s integrity. Else we risk everything burning down.