Adapting to the constantly changing compliance requirements is a pressing priority for organizations, especially in the financial sector. The Reserve Bank of India (RBI) has recently introduced amendments that have far-reaching implications for businesses. In this blog, we explore the shifting attitude towards compliance, challenges of digital onboarding, implementation of CKYC, emphasis on face-to-face verification and VKYC, leveraging technology for risk assessment, managing high-risk customers, contact point verification, and AML efforts.
The Shifting Attitude towards Compliance:
Compliance, once perceived as a burdensome cost, has undergone a significant transformation and is now ingrained in the way business is conducted. This shift in attitude is driven by stricter measures imposed by the Reserve Bank of India (RBI) and the consequences of non-compliance.
Previously, non-compliance penalties were regarded as a necessary expense of doing business. However, the repercussions have now evolved into more severe forms, surpassing financial penalties alone. Organizations now face impediments to conducting business effectively, jeopardizing their reputation and incurring legal and operational risks. This realization has prompted a reevaluation of compliance strategies.
To ensure enhanced compliance and regulatory measures, new amendments have been introduced, necessitating organizations to adopt more robust strategies to meet the evolving regulatory landscape. Regulators have learnt from past experiences and identified various typologies of financial fraud. These typologies include multi-level marketing schemes (MLMs) and money mule accounts, which have been identified as common sources of illicit financial activities. By recognizing these patterns, regulators can proactively address emerging challenges and implement preventive measures.
With the approaching deadline of June 30th for re-KYC pendencies, organizations are diligently working to meet these requirements. Re-KYC procedures ensure that customer data is accurate and up to date, reducing the risk of fraudulent activities and enhancing compliance with regulatory guidelines.
Challenges in the Digital Onboarding Journey
The COVID-19 pandemic accelerated the adoption of digital onboarding processes, revolutionizing the account opening experience from days to seconds. However, this rapid transition also introduced potential vulnerabilities, as shortcuts were taken to facilitate quick onboarding. Financial institutions must address these challenges to mitigate risks and prevent fraudulent activities from entering the system.
To mitigate risks, the Reserve Bank of India (RBI) emphasizes measures like tagging high-risk customers and conducting re-KYC for non-face-to-face KYC processes. Financial institutions must prioritize compliance to prevent fraud, money laundering, and identity theft. Adhering to regulatory guidelines and implementing robust risk management strategies will help maintain the integrity of the digital onboarding process.
Efficient completion of the digital onboarding journey relies on various technological factors, including reliable connectivity, adequate bandwidth, usage of low-end devices, accurate liveness detection, face recognition capabilities, and precise geotagging. However, these aspects present challenges. For example, low bandwidth environments can result in blurred document images or audio transmission issues, necessitating redoing the process.
Video KYC (VKYC) emerges as a viable alternative to in-person KYC procedures. VKYC proves effective but encounters certain hurdles, such as candidates continuously rescheduling video calls. This delay not only lengthens the user conversion time but also escalates operational costs. Additionally, manually verifying all onboardings through agent-conducted video calls becomes an overwhelming task, particularly when dealing with a high volume of customers. Consequently, this manual onboarding process may lead to an increased number of customer drop-offs, as scaling becomes a challenge.
Another general challenge faced by regulated entities (REs) is that agents often have individual quotas to fulfill. In an attempt to meet these targets, agents may unknowingly accept fraudulent documents, making it difficult to achieve a foolproof system.
Financial institutions are currently confronted with the dual challenge of safeguarding against fraud while delivering a seamless customer experience. They are actively striving to strike a balance by integrating technology effectively to enhance customer satisfaction, all while adhering to regulatory requirements.
CKYC and its Challenges:
CKYC aims to eliminate the need for redundant KYC processes by allowing entities to access a centralized registry to verify a customer’s identity. By relying on previous KYC verifications, CKYC seeks to streamline customer onboarding and reduce duplication. Penny drop verification can help confirm the active status of previously opened accounts, reducing the need for repetitive KYC processes.
However, the implementation of CKYC has encountered various challenges.While the concept of CKYC remains unchanged, new regulations have introduced additional conditions that entities must meet. The CBDT, RBI, SEBI, PFRDA, and IRDAI regularly convene to evaluate the effectiveness of CKYC and make necessary improvements. This ongoing assessment ensures the adaptability and efficiency of CKYC processes.
One significant concern associated with CKYC is the presence of inaccurate or low-quality data in the centralized registry. Upon downloading the data, only a fraction is deemed usable, which is approximately 25%. This data quality issue undermines the trust of the RBI in the reliability of CKYC data. The presence of blank pages and incomplete or inconsistent information contribute to the loss of confidence in CKYC. To combat this, an alternative solution might work: utilizing CKYC as a central repository for obtaining necessary documents from individuals, while incorporating a selfie and liveness check, along with name-matching procedures, to enhance the overall process. The primary objective is to deliver instant, simple KYC at the lowest possible cost.
In response to inquiries from financial institutions last year, the RBI clarified that CKYC is considered as full KYC rather than minimum KYC. However, recent developments indicate that even CKYC is now regarded as minimum KYC. This classification categorizes customers going through the CKYC process as high risk, requiring financial institutions to apply appropriate risk mitigation measures.
Leveraging Technology for Enhanced Customer Risk Assessment:
KYC processes have evolved beyond document collection, prompting banks to explore alternative methods for understanding customer behavior and assessing risk. Banks should leverage technology to analyze customer data patterns over time, enabling them to gain valuable insights into customer behavior. By incorporating data scrubbing techniques and alternative data sources, such as analyzing spending patterns, banks can develop a deeper understanding of their customers and identify potential risks or opportunities.
The technology employed by banks should aim to identify and verify the true identity of customers accurately. This can involve utilizing advanced identity verification technologies, biometric authentication methods, and robust data analytics to establish a reliable and comprehensive customer profile.
Effective customer risk assessment requires a holistic approach, considering various factors beyond customer profiles. Banks should evaluate a customer’s financial behavior, transaction history, risk indicators, and other relevant factors to determine whether the customer will be an asset or pose potential risks to the business.
Risk categorization has evolved to include subjective factors such as geography and others, reflecting the changing regulatory landscape. Regulators have provided flexibility in the master direction, enabling banks to assign risk levels based on various factors. This adaptability allows banks to tailor risk assessments according to their unique circumstances and regulatory requirements.
Managing High Risk Customers:
Customers who undergo non-face-to-face modes of Know Your Customer (KYC) verification, such as Aadhaar OTP based KYC, Digilocker, CKYC, etc., are initially classified as high-risk customers until they undergo in-person verification or Virtual Customer Identification Process (V-CIP).
Financial institutions should conduct re-KYC every two years for high-risk customers, according to the recent amendments. However, this categorization poses challenges, including the need for regular monitoring, heightened alerts, and increased costs for anti-money laundering compliance.
Financial institutions face a dilemma between the initial cost of incurring customer onboarding and the potential consequences that may arise later. Swift identification of fraudulent customers who were initially granted various services such as accounts and cards is crucial to avoid significant costs to the bank. The evaluation of technology’s ability to predict future customer risks within a specific timeframe becomes essential. The question arises as to whether technology can accurately assess the future risk associated with a customer within a specific timeframe. It is important to assess the progress made in this regard.
Financial institutions aim to avoid having a significant number of high-risk customers on their books. Therefore, they ultimately need to address these accounts through face-to-face verification methods. Non-face-to-face verification is now considered a temporary step preceding in-person verification. This transition also has implications for cross-selling opportunities. Ultimately, for a bank, it all boils down to the liabilities side of business. Therefore, it is important to meet customers at least once during their journey, both during the onboarding process and before concluding it. This personal interaction helps mitigate potential risks and ensures a more comprehensive understanding of the customer’s profile. For banks, it is important to distinguish between liability and asset perspectives when considering risks. Compliance is the primary focus from a liability standpoint, while different considerations come into play when assessing risks from an asset perspective.
Contact Point Verification:
Contact Point Verification (CPV) is an essential part of the verification process; however, it may not always guarantee foolproof results. There is a possibility of establishments turning out to be fraudulent. Recognizing this, financial institutions should seek additional methods to ensure greater certainty in the verification process.
For entities, capturing information about the nature of their business and taking photographs of their premises can provide some level of assurance. However, challenges arise when the establishment is leased, rented, or shared among multiple businesses. In such cases, it becomes difficult to track the duration of the establishment’s operation, and discrepancies may arise between the business name and the actual entity operating from the premises.
Digital CPV has emerged as a solution to address the limitations of traditional CPV methods. It utilizes geotagging technology to enhance verification processes. Geotagging provides valuable insights into the physical location and authenticity of an establishment, offering a more comprehensive understanding of the customer.
Strengthening AML Efforts and On-Going Monitoring:
Effective Anti-Money Laundering (AML) measures require ongoing monitoring to detect potential risks and suspicious activities after customer onboarding. However, to enhance AML efforts, the application of predictive analytics on user data can prove valuable. While credit risk is often assessed using scores and business rules, similar approaches can be employed to identify potential AML risks.
When dealing with customers from high-risk countries, continuous monitoring becomes even more essential. Allocating resources for ongoing monitoring can be justifiable for large customers, but for smaller retail customers, the cost involved may be prohibitive.
With the introduction of new AML lists, there have been positive changes, but certain caveats need to be considered, particularly regarding the UAPA (Unlawful Activities Prevention Act). This list relies solely on names without considering other identifiers, which can lead to misidentification and result in a high number of false positives.
Reducing false positives in AML monitoring is a critical objective. The current ratio of Suspicious Transaction Reports (STR) to alerts is typically between 0.5% to 1.5%. This means that for every 100 alerts reviewed, only 1 STR is filed, leading to a substantial requirement for human resources. Efforts should be made to reduce false positives, enhancing the efficiency of preventive fraud monitoring and AML surveillance.
To navigate the recent amendments introduced by the Reserve Bank of India (RBI) and ensure compliance, organizations must adapt to the changing compliance landscape, leverage technology for risk assessment, address verification challenges, and strengthen their efforts against anti-money laundering (AML). By embracing these changes, organizations can not only meet regulatory requirements but also foster a secure and compliant business environment. With a proactive and adaptive approach, organizations can successfully navigate the complexities of compliance and establish a robust framework for sustainable growth.
Why is KYC required by NBFCs and banks?
KYC is required by NBFCs and banks to prevent fraud, money laundering, and comply with regulatory guidelines.
What are the consequences for non-compliance with KYC regulations?
Non-compliance with KYC regulations can lead to penalties, reputation damage, suspension of operations, or license revocation for NBFCs and banks.
What measures can NBFCs and banks take to streamline the KYC process and enhance customer experience?
NBFCs and banks can streamline the KYC process and improve customer experience by adopting digital solutions like e-KYC, biometric authentication, and online document submission.
What are some common challenges faced by NBFCs and banks in the KYC process?
Common challenges in the KYC process for NBFCs and banks include managing a large volume of applications, verifying complex business structures, and staying up to date with changing regulations.