Compliance: Deep profile check (Onboarding Screening) and transaction monitoring (Ongoing Monitoring)

The Onboarding Screening Process: Using Financial Institutions As Case Study

Getting to know your new customers is a very important step in any financial regulated structure. The onboarding screening process is aimed at getting to know various factors, circumstances, historical records amongst other unique information about your prospective customers.

This process of onboarding includes:

- Know Your Customer (KYC) procedures,

- Data collection,

- Identification checks,

- Document collection: onboarding risk evaluation, and,

- On occasion, face-to-face interviews with prospective clients.

The onboarding process must be completed successfully before a new client may open an account or conduct business with a financial institution.

A. The KYC Checklist

Financial institutions are mandated to adhere closely to Know Your Customer (KYC) & Anti-Money Laundering (AML) compliance laws. Two key structural requirements to ensure compliance to these laws are:

i. Customer Identification Program (CIP): CIP refers to the processes carried out to identify and confirm the identity of prospective customers.

ii. Customer Due Diligence (CDD): CDD is the process of onboarding the customer.

To complete CIP and CDD processes, the customer needs to supply specific relevant ID documents.

B. Data Collection: Requirements For Onboarding

Although, financial institutions may require or demand extra documents that may be needed for specific situations or transactions when necessary to clarify necessary information before onboarding a customer.

For example, necessary required documents may vary depending on either the customer is a business entity or an individual. It can also vary depending on the account type to be opened with the financial institution, or for the sake of extra security policy etc.

The following includes some of the relevant documents used in the CIP & CDD process.

● Utility bills

● Government-issued Identification number

● Government-issued IDs (e.g. driver’s license, passport, voters card, etc.)

● Trust instrument

● Partnership agreement

● Certified articles of incorporation

● Government-issued business license

● Financial statements

● Financial references

● Data from a public database or consumer reporting agency

C. Identification Checks: How Are Customers’ Identities Verified?

In reality, not everyone is genuinely transparent about their true identity. Hence, there’s need to dig deeper to confirm if prospective customers are indeed who they claim to be, or there’s more that needs to be unraveled as regards to their status, historical records or standing based on various important standards needed to be clarified.

Identity verification is a process aimed at achieving this. It’s involves the series of detailed checks carried out by an Organization on an individual or business with the main goal of confirming the identity of such intending customers before they can be allowed to gain access to use/get a service. This process can be done internally or outsourced to digital identity verification service providers such as Identitypass.

This process can be done physically or digitally. Although due to advancements in technology, the later is preferred in today’s world and is referred to as the online identity verification process. The online identity verification process is enabled to upload documents, and other required files digitally via the internet which allows for the capturing of the individual’s digital data that will be cross-referenced against an established government database.

Various Methods of Identity Verification

According to governmental compliance and regulations, in order to open an account with a bank, you need to provide valid identity cards.

The exact type of IDs accepted depends on the country you reside or the country you intend to initiate the financial service from. In Nigeria for example, you’re required to provide one of either NIN, National ID, or Drivers license. In India, an Aadhar card, PAN, or employers ID will be required. Also banks in America request a government-issued ID, social security number, and proof of address while European corporations demand similar documents.

The following methods are used to run checks for validity and more information about intending customers. These methods include;

● Facial verification

● Document verification through database checks

● Address verification

● Biometric authentication

● Two-factor authentication or multi-factor authentication (2FA or MFA)

● Consent verification

i. Facial verification:

For this, prospective clients might be requested to take a selfie and to also submit a document such as a valid ID card or passport photograph. These documents are processed by an AI software which compares similarities between significant points on our face taken through the camera in real time against the face on your submitted copies of documents. If similarities are close to threshold points accumulated from the analysis by the AI software, then you will be passed as verified. But if not, you might need to retry following specific recommended guidelines.

ii. Document verification through Database Checks:

This is usually processed by specialized and highly reputable identity verification services such as Identitypass. In the process of verifying KYC documents, relevant details such as serial number, date of birth, registration number etc. are extracted from submitted documents.

Following the extraction of data is the process of cross-referencing. Cross-referencing checks are carried out by checking if extracted data from submitted documents corresponds with government-established database. If data corresponds with all information in the government-established database, then the onboarding process proceeds. If not, prospective clients might be advised to show-up in person for more clarifications.

Some of the databases that are checked for more information for historic and recent reports about the identity checked includes:

● Credit bureau database

● National apex bank records/reports

● Criminal records/reports

● Adverse media reports

● Politically Exposed Persons (PEP) List

● Global sanction database

● Amongst other sanction list records locally and internationally

iii. Address verification Methods:

Proof of Address evidence are very important to the onboarding process, this can be done through different ways. First, is by running extracted information about customer’s location from submitted KYC forms/documents such as Utility bill ID, National Identification Number, BVN, Tax bill, Bank statement, Credit card bill, Tenancy agreement, Employment letter etc. against database records of credit bureaus, utility companies, government agencies and various other data sources. Consistencies are checked and if match is not detected, it’s flagged.

Another way this is further verified is through physical visits by agents from the financial institution or that of online identity verification service providers such as Identitypass. Their mission is to find out in person if truly such address exist and if truly the prospective customers are who they claim to be and are located in addresses that are real.

IP addresses are part of metadata also detectable when customers fill online KYC forms. This data is also a good point from which customer’s location can be detected and crosschecked against with other sources of data, but this might not always be correct as customers might be using VPNs to change the geographic location from which they’re been hosted from. In such cases where the use of VPN is detected or clarification is questionable, the use of MNO data comes into play.

MNO which fully means Mobile network operator data is available with GlobalGateway MobileID. It is considered to have some of the most reliable address information because consumers are more likely to keep their mobile phone billing information accurate and up to date than other billing sources.

Another layer of location data is geolocation. This involves using geolocation information from GPS or MNOs which is difficult to forge or alter by customers. Geolocation information offers a proximity indication which is generally precise to within 125 meters. Geolocation also gives a solid signal that helps to understand the precise location which deters efforts of potential fraudsters or out-of-area applicants from ever becoming a customer.

Proof of Address evidence that a person has an actual physical address that matches their stated address is of key importance to ensure costumers are in compliance with regulatory laws. This is most efficiently verified through the use of address verification software from identity verification services such as Identitypass.

iv. Biometric authentication:

Some natural/biological features are unique to every individual such as your fingerprints, voice, typing behavior, facial features, iris structure, including the shape of the hand.

v. Two-factor authentication or multi-factor authentication (2FA or MFA):

This is likened to be a two-layered verification process. It requires prospective customers to provide a code sent to their personal email or phone number.

2FA is used to verify customer’s personal contact information for example, the use of emailage helps to verify the ownership, genuineness, existence, and screens potential threats related to the email provided by onboarding candidates. Tokens or secret codes are also used in creating a multi-factor authentication process used to verify ownership of certain accounts or ID.

vi. Knowledge Based Authentication:

In addition, verification process may also include the generation of certain questions which answers would be known only by the intending user based on the data submitted in the applicant’s credit file.

Examples of such questions include personal related queries such as “What’s the name of your favourite Uncle?”, “what’s your mother’s maiden name?”etc. These questions also come in helpful during ongoing monitoring verification/authentication process.

viii. Consent verification:

This entails the use of an intending customer’s consent in agreement to terms and condition which stipulates that the intending customer is aware and agrees to be held responsible for legal implications should anything go wrong as regards to failure in compliance to the terms and use of services.

D. Document Collection: Onboarding Risk Evaluation & Assessment

Upon onboarding screening, data extracted from KYC documents is further checked to know the qualifications of applicants based on level of risk value and suspicion of irregularities in information.

Based on the values and policies set in the Customer Identification Program (CIP) of organizations, the findings gathered are awarded points which then gives clarification as to which category of risk levels respective applicants fall into.

Traditionally, using a risk-based approach to find potential issues, applicants are placed under different levels of monitoring or management, while some applications may also be turned down. The various customer risk identity profiles are divided into four;

● Low Risk Identity Profiles: Customers whose identity and information are easily verifiable and pose low amount of risk to unwanted and illegal activities fall into this category.

● Medium Risk Identity Profiles: In this case, such customers have higher risk points than the average customer. This category of customers may require further due diligence checks and monitoring.

● High Risk Identity Profiles: This category of customers require close monitoring and some level of enhanced due diligence checks. Identities such as individuals who are politically exposed are found under this category together with people who are in delicate situations which makes them prone to being accused of been involved in illegal activities.

● Prohibited Identity Profiles: For this category, such identities have strong indications of suspicious behavior and involvement in risky, illegal transactions or records in the past. Banks and financial institutions avoid these identities in order to be safe from been implicated.

E. On Occasion, Face-To-Face Interviews with Prospective Clients:

In cases where online identity verification process proves unsuccessful or needs more than just submission of KYC documents online, applicants are required to have face-to-face interviews with respective authorities in charge of verifying such documents which will be needed before such intending client is finally granted access to use/get service from the financial institutions.

The Transaction Monitoring (Ongoing Monitoring) Process:

The screening doesn’t stop with the onboarding process. Reason being that, humans and daily events change from time to time, hence periodic reviews needs to be run on existing verified account to keep them in line with compliance regulations, policies and also to verify certain factors are justifiably accounted for as regards to the expectations relating to the profile level of accounts.

What Triggers Transaction/Ongoing Monitoring ?

i. Compliance Regulations:

The need to stay compliant with regulatory laws helps firms stay free from getting implicated and sanctioned for illegal activities. Part of such measures as some of the responsibilities by firms to stay compliant reflects in policies and regulatory laws like regulation 28(11) of the MLR 2017 states that

“The relevant person must conduct ongoing monitoring of business relationships, including -

(a) scrutiny of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds) to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, the customer’s business and risk profile;

(b) undertaking reviews of existing records and keeping the documents or information obtained for the purpose of applying customer due diligence measures up-to-date.”

ii. Unusual Activities Different from Expected Behavior based on Customer’s Identity Profile:

Upon onboarding, certain factors such as location, expectations based on age range of identities behind the ownership of accounts have specific thresholds for which each accounts falls under. A shift in the expected behavioral pattern based on a firms existing knowledge of that customer and respective peer group can trigger need to reassess in order to find out and reconcile details as to why such changes have occurred.

Customers can undergo a number of changes in their lifespan such as name and address changes, changes of ownership or if a new sanction or embargo becomes applicable.

How are Transaction/Ongoing Monitoring Checks Done?

Methods used to ensure ongoing monitoring includes:

i. Profiling:

This process involves comparing customer’s account and transaction history to their specific profile information and that of the relevant peer group they belong to, in order to clarify the genuineness of customer’s recent activity.

ii. Rules based parameters:

This has to do with fixed pre-set thresholds to point out unusual/suspicious activity, such as an abnormal size or frequency for specific customer or peer group, or geographic destination.

Importance of Transaction/Ongoing Monitoring

i. To ensure up to date report and documentation of customer’s activities

ii. To ensure accounts are followed up with necessary upgrades, appropriate measures and sanctions applicable to their categories

iii. For the identification of compliant, non-compliant and dormant accounts

iv. To ultimately avoid sanctions and implications of firms’ participation of assisting illegal activities

Conclusion

To stay compliant in a disjointed system with so many database to reconcile information with, such as in today’s reality of the cooperate world, it’s best to integrate online automated software handled by professionals just like in Identitypass, with eye for details when it comes to ensuring compliance with respect to regulatory and policy standards.

A deep profile check for identity verification from onboarding, and constant ongoing transaction monitoring are the best measures dedicated to resolve and suppress problems with financial fraud, and most reliable results for accountability, as this guarantees aversion of sanctions and prevents loss of public trust in firms who uphold these standard practices with profound approaches to issues that pertains to compliance.