How onboarding processes have been impacted by COVID-19

A rising need for better remote and secure digital onboarding processes

For most businesses and Financial Institutions, attracting and retaining customers has become a top priority, if not a survival issue. In this regard, Onboarding has become, even more so in the context of Covid-19, one of the most crucial issues. Indeed from now on, businesses and Financial Institutions need - where they could have avoided before - to be able to make contact remotely and provide a time efficient and flexible remote digital onboarding experience to their customers.

As a matter of fact, Signicat stated in recent published reports that customers have stopped accepting poor experiences and are now breaking free. For instance, in 2020, 63% of customers have abandoned digital bank applications. Among the reasons why, we can quote that customers felt the onboarding was longer than expected (33%), some have been deterred by too many requirements (24%), while some simply changed their mind (22%). 

As a reply, firms must have a simple, secure, seamless and frictionless process, providing an attractive user experience which retain customers attention from product/service selection to confirmed purchase. All the more so as digital services availability has been reinforced because of governmental measures, encouraging people to stay home and closing most of the shops and counters. By enabling remote digital onboarding, businesses and Financial Institutions also gain in addition, a flexible way to get services to hard-to-reach locations and remote communities.

This disruptive way to make contact however shows some limits among which the fraud is one of the top issues.

Identity fraud is on the rise

The industry that is growing up around trustworthy digital identities has risen out of the pressing need to make online interactions and transactions safer and more secure. Digital identity solutions are transforming online businesses by adding an important layer of trust and security to the digital realm. However, global fraud figures reveal a darker side of the digital onboarding process and account-based fraud now makes up one of the most pressing threats to businesses today.

To fight the fraud, KYC systems have been developed to verify customer identity. KYC stands for Know Your Customer. The documents required are of two types: Proof-of-Identities and Proof-of-address. These POI documents must include a photo of the customer. There are a variety of IDs that are allowed to be used for POI purposes, which are acceptable and where is determined on a jurisdictional basis: Passports, National Identification Cards, Driving license, and in some countries Voter ID card and Health Card. The proof of address KYC document is often vaguely defined, anyway most POA documents require an issue date in the last 3 months: utility bills such as line telephone bills, gas bill or electricity bill, bank account statement proof of residence issued by a notary public or a government authority.

Many international KYC standards require financial institutions to take a risk-based approach to customer due diligence. This means that those customers that potentially pose a higher risk will be subject to enhanced due diligence processes. Differing levels of due diligence will be applied depending on the nature of the customer’s relationship with the bank and their risk profile.

Customer due diligence is the process used by financial institutions to collect and evaluate relevant information about a customer or potential customer. It aims to uncover any potential risk for the financial institution of doing business with a specific organisation or individual by analysing information from a variety of sources. These include the customer themselves, who needs to provide certain information in order to do business with the financial institution, sanctions lists published by governments or territories, and public data sources, such as company listings and private data sources from third parties. The main risks that customer due diligence aims to mitigate include money laundering, terrorist financing, fraud and sanctions busting.

Regulation is adapting in the Financial Services Industry

The regulation on electronic identification and trust services for electronic transactions - "eIDAS" Regulation n°910/2014/EU - is a single standardized regulation that applies to all EU Member states and ultimately provides a consistent legal framework for the admissibility of electronic identities and signatures. It also recognizes the validity of electronic stamps for commercial entities. With the entry into force of this regulation, a real race to dematerialize business processes is underway for European companies. by offering three levels of reliability and guarantee for the electronic signature: simple, advanced and qualified.

In order to comply with eiDAS, specific regulations have been adopted within EU countries. As an example, in France, the ANSSI published the requirements framework for remote identity verification providers, introducing a new certification of services for these providers. The providers of such services are now striving to get their product certified by complying with the requirements

What does this regulation change? It allows a hybrid identity check, that can be automatic or human. Customer onboarding is done with the assistance of agents that guarantee more security to the process, in either a synchronous or asynchronous way. Through a video stream and facial recognition tools, the agent helps the customer and completes the required fields in the app which sends the data to the company’s system. To verify identity, the provider creates an account and sends an SMS text with the credentials to the customer. The new customer makes a deposit, which then activates the new account.

This process, now digitized, can be done completely online and remotely from any device with a camera. Thanks to specific and exhaustive technical and security controls, companies can incorporate new customers and users from anywhere, at any time and through any channel with security and regulatory support. This whole journey can take less than 5 minutes.

AML5 is the new community rule standard for prevention of money laundering and terrorist financing. AML5 entered into force on July 9, 2018 at community level, with effective application at national level on January 10, 2020. AML5 gives financial companies the possibility to provide services in a single digital market with 508 million consumers. It erases barriers in doing business where there used to be a high fragmentation by regulation. With regulations such as PSD2, AML5, eIDAS or GDPR, Europe is being a global pioneer in financial regulation, allowing businesses to take advantage of the opportunities that bring the disruption of the financial system.