Request a Demo
See how 1000+ leading companies are screening against the world's only real-time risk database of people and businesses.
Demo requestMost financial institutions (FIs) understand the importance of taking a risk-based approach to compliance. But what this means when it comes to client risk management practices differs by sector, organization and channel.
Clients expect to be able to onboard and manage their finances remotely. Technological advances have accelerated this trend:
The Wolfsberg Group, an association of 13 global banks, recently published guidelines for FIs managing the shift to digital channels at three stages of the customer lifecycle: onboarding, dynamic risk assessment and ongoing due diligence. Here’s a summary of their advice.
FIs now have access to a much broader scope of identity attributes which complement basic details and help build a progressive identity. Some data points require consent, like location, but others are less intrusive, for instance the way a customer navigates an onboarding questionnaire or holds their device. These data points change over time, so they should be updated regularly.
Various public and private initiatives (and partnerships) have improved an FI’s ability to verify a customer’s identity by providing access to official sources such as government databases. In some countries, FIs can retrieve records from these databases by leveraging application programming interfaces (APIs).
Technology also allows the initial authentication event, where the customer proves they’re behind an application, to take place remotely. Facial recognition software confirms the person at the other end of a video call or in a video selfie is the same person featured in the official ID document submitted from the customer’s device. Older smartphones that don’t capture video shouldn’t be an obstacle, as FIs can rely on ownership factors to establish authenticity, such as cryptographic keys and knowledge factors like a password.
Digital client risk management helps FIs develop a deeper and real-time understanding of a customer’s risk profile. This capability means FIs can transition from periodic refresh cycles to a trigger-based approach to maintaining accurate customer data (discussed in the next section), while reducing their reliance on traditional factors like professional activity, country of residence and delivery channel.
Digital delivery channels become key to an FI’s ability to mitigate risk throughout the lifetime of the customer relationship for two reasons. Firstly, the initial authentication event determines the level of confidence about a customer’s identity from the start. If this step is weakened by a lack of facial recognition, it undermines the entire process, which the FI must address at a later stage.
Secondly, digital channels allow FIs to gather data from a customer’s device, such as a unique identifier known as an internet protocol (IP) address or global positioning system (GPS) data which tracks location. Of course, the customer can choose to deny consent by blocking permission on the FI’s app or using a virtual private network (VPN) to hide the device’s IP address and therefore its location.
To develop a trigger-based approach to maintaining customer data, FIs should consider breaking down each risk factor into a series of variables which they can use to measure for deviations from the norm. Variations against a threshold would prompt an FI to check for changes to the customer’s risk profile.
For example, if an FI establishes a customer’s country of residence using an IP address, an alert would be triggered by the customer spending a significant amount of time abroad. The FI can verify if the device has switched hands by monitoring whether the current owner holds it at a different angle or has started copying and pasting data into web forms. If so, the FI may need to carry out a low-level authentication event like asking the customer to re-enter a personal identification number. It can also use an API to check with government sources about changes to residency status.
Read the Wolfsberg Group’s guidance to uncover on a deeper level how technology can enable an FI to both meet customer expectations on digital engagement and prioritise resources in an effective, risk-based manner.
See how 1000+ leading companies are screening against the world's only real-time risk database of people and businesses.
Demo requestOriginally published 22 June 2022, updated 22 June 2022
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2023 IVXS UK Limited (trading as ComplyAdvantage).