Flooded by banking, investment, crypto apps and their sleek designs, it’s easy to overlook user onboarding. How do banks and fintech platforms truly decide which users are able to open an account?
For those outside of the financial services space, acronyms such as KYC, KYB, AML and policies for identity verification and user screening are unknown. Multiple processes form a necessary function in complying with regulation, building trust (between user and platform), risk mitigation, and the ability to transact digitally.
It was only 15 years ago when online account opening and mobile banking started to take off. Before 2008, banking was in-person at a bank branch — with a personal banker or teller. Working in bank branches for the early part of my career (2006 - 2019), I was very familiar with all the steps. Presenting a government ID (Driver’s License, State Identification Card, Passport), full Social Security Number (SSN), and credit score checks were the norm. Today, we balk at apps even asking us for the last 4 digits of our SSN!
Here’s a deep dive on why existing standards are in place for digital financial services, what’s taking place at time of account opening, the obligations in bank & fintech relationship, and what platforms need to balance in regards to user onboarding.
WHY BANKS & FINTECHS CARE ABOUT PROPER ONBOARDING
Just because user onboarding became increasingly digital in the last 10-12 years doesn’t mean required checkpoints went away. All banks (from traditional to neobanks) have the same compliance obligations when it comes to banking access, as part of functioning within the US financial system.
Know Your Customer (KYC) is a necessity for financial services firms in establishing (a) customer identity AND (b) identifying risk from that customer. Regulatory bodies first started to enforce procedures that combat financial crimes (such as money laundering) with the Bank Secrecy Act (BSA) of 1970. BSA listed requirements for recordkeeping and reporting by private individuals and institutions conducting transactions.
KYB (Know Your Business) follows similar goals in identifying & validating business entities, beneficial owners (aka UBOs), and controlling persons — especially individuals with over 20% of ownership control and/or a decision-making capacity.
Other laws took initial BSA obligations further:
Money Laundering Control Act (1986);
Anti-Drug Abuse Act (1988);
Annunzio-Wylie Anti-Money Laundering Act (1992);
Money Laundering Suppression Act (1994);
Money Laundering and Financial Crimes Strategy Act (1998);
Uniting and Strengthening America by Providing Appropriate Tools to Restrict, Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act);
Intelligence Reform & Terrorism Prevention Act (2004);
Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010 (“CISADA”);
Iran Threat Reduction and Syria Human Rights Act of 2012.
For modern day financial services, the USA PATRIOT Act (following the 9/11 attacks) drives the most impact. Title III requires all financial institutions to meet two critical components for KYC: Customer Identification Program (CIP) for onboarding new users, Customer Due Diligence (CDD) for ongoing monitoring of existing users. CIP and CDD programs help reduce:
Identity Theft: by establishing proof of a customer’s legal identity. Validating personal user details prevents bogus account opening and account abuse from identity theft;
Money Laundering: by organizing criminal groups who often use bank accounts to receive funds from drug & human trafficking, racketeering, etc. and disperse to multiple accounts as a way to legitimize money movement via large purchases OR small dollar cash deposits & withdrawals (see graphic above);
Financial Fraud: preventing other fraudulent activities such as account takeovers and fake loans being processed;
Regulatory Action: lack of compliance with mandatoryanti-money laundering(AML) guidance minimizes the likelihood of fines and reputation risk to financial institutions and bank partners.
Financial technology companies (without licensing or national charters) work with banks to offer the banking, savings, crypto, and credit apps we see today. Complying with BSA and other regulatory guidelines and reducing financial losses from fraud and criminal activity are paramount for both sides, especially in launching and maintaining a sustainable program.
While requesting full user details upfront helps reduce the above areas of risk and non-compliance, there’s an increase to user friction. New customers and program providers are looking to speed up the account opening process by asking for less information and a rapid approval response.
For digital-only firms, customer experience is the first (and possibly only) opportunity to win over new clients. It sets the stage for what a user can expect in working with a new platform. Both efficiency and ease from this initial interaction can build confidence with a customer to form a primary banking relationship (in which the majority of income and payments take place).
If users must undergo a lengthy process, go through multiple screens asking for personal information, and wait 1-2 days for account approval, there’s a high likelihood the onboarding process will be abandoned. Fintechs and companies offering embedded banking or finance must balance requirements to collect required user info and deliver a seamless account opening experience.
UTILIZING BANK-APPROVED VENDORS
Behind the majority of today’s financial services platforms are banks and financial institutions providing user accounts, holding deposits, facilitating payments, and issuing debit or credit cards.
Since many of these organizations now extend beyond directly serving their own users toward supervising 3rd party fintechs offering banking services, separate (non-bank) compliance programs must be approved and monitored. In other words, most bank partnerships do not include the BSA/AML program of the bank — companies must outsource vendors to build their own framework for identity verification, KYC, CIP, CDD, and data retention.
Financial institutions pre-vetted lists for fintechs to choose from. Using these vendors would be a condition of working with a bank, who has confidence in their capabilities and services meeting regulatory obligations. Companies wouldn’t be able to bring their own vendor or a proprietary compliance program since this would require bank partners to run a new, in-depth review and approval. An exception would be if a Banking-as-a-Service (BaaS) provider built and maintains its own compliance tech stack, which has approval from integrated financial institutions.
Here’s a list of recognized players in the space that are commonly listed by bank partners:
Alloy — global identity decisioning platform for onboarding and transaction monitoring; helps solve for fraud, compliance, and credit underwriting needs;
Jumio — end-to-end identity verification and eKYC platform with ‘identity proofing services’ that cover account opening to ongoing transaction monitoring;
Trulioo — identity platform focused on businesses; delivers regulatory compliance and verification services; comes with KYC, KYB, and watchlist screening;
Onfido — AI-powered identity platform that fulfills KYC and AML requirements by region, which helps banks and businesses working in multiple countries;
Persona — all-in-one platform with reporting, workflows, and verifications for companies in fintech, crypto, education, and healthcare;
Incode — offers a fully automated, end-to-end orchestration dashboard with built in biometric checkpoints;
As regulatory scrutiny increased over the last year, bank partners are looking for fintech & embedded finance platforms to go beyond minimum onboarding requirements and implement rigorous policies for user screening, monitoring, and fraud mitigation. When its all said and done, these platforms own and manage the user relationship and experience. The activity from customers is the responsibility of companies that are customer-facing (not banks or white-labeled BaaS solutions).
Many KYC vendors provide additional services for compliance oversight and risk controls. Adherence to AML protocols, improved screening for quality users, and continuous monitoring helps platforms sustain their banking programs and strengthen partnerships with banks.
Key learnings in Customer Onboarding
When it comes to balancing a smooth onboarding experience that fulfills both KYC and identity verification requirements, here are some best practices:
KYC
Keep it simple: provide clear instructions and minimize steps (and screens);
Mobile-first: optimize the process for mobile since most users are quick to download an app as a first step;
Rapid response: send real-time updates & feedback on user progress in the onboarding process;
User options for verification: allow customers to choose from a list of authentication methods & resources;
Ease of use: especially important in providing required documents — upload files or perform ‘liveness’ checks off of camera-enabled device;
Identity Verification
Multi-factor authentication: email, text, voice, and facial recognition should be options for users to choose from;
Security: personal user details need to kept secure at all times — sensitive information (such as SSN, date of birth) should be stored as encrypted until the point of verification;
Automation: processes can automatically run in parallel to other KYC checkpoints (ex. verifying SSN while also reviewing watchlists) to expedite the whole process;
In both KYC and identity verification, the user experience can be enhanced. With personalization, info collected on the user during onboarding can go towards tailored products and rewards. Making the entire process as seamless as possible is the overall goal. Platforms should periodically check required checkpoints are being met and user abandonment rate kept minimal.
WHAT’S NEXT for digital onboarding in financial services
For modern fintech apps, the balancing act still needs to be made between user experience (less friction) and regulatory thoroughness (more friction). As regulators become increasingly concerned about bank partnerships and effective oversight of 3rd parties, the emphasis is leaning towards comprehensive checks. The risk exposure to financial loss, regulatory action, and suspension is too high in supporting poor controls and user screening policies.
As more users establish banking relationships online, the vendors behind authentication and verification compile data warehouses of ‘good’ and ‘bad’ users. Analytics on this data can help predict which customers are more likely to participate in fraudulent activity resulting in losses for banks and fintech platforms. Reducing the likelihood of fraud and prevention costs means more runway for companies (especially early-stage startups) to grow their program. Companies in the KYC and ID verification space are looking to collaborate with one another toward this goal.
In the not too distant future, identity details of a user can be securely stored in a global repository with customer controls in deciding which companies can access. This setup can enable faster onboarding, lower the risk of data compromise, and level up the entire process. Blockchain networks and protocols come to mind in this type of discussion (i.e. ‘ID on Blockchain’) — however, the effort needed to pull it off needs to come from a combination of technology providers, regulators, and government databases.
Join our community @FinTechtris for more industry content & insights (including deep dives & sector spotlights).
As a bonus, access our subscriber-only resources for evaluating and building the next generation of financial services. Signup today —>
User Onboarding in Banking and Fintech
User onboarding is a crucial process in the banking and fintech industry. It involves determining which users are eligible to open an account and ensuring compliance with regulations, building trust, mitigating risks, and enabling digital transactions. While the banking industry has traditionally relied on in-person account opening at bank branches, the advent of online account opening and mobile banking has shifted the process to a digital platform.
Compliance Obligations and User Screening
All banks, including traditional and neobanks, have compliance obligations when it comes to granting banking access. One of the key requirements is Know Your Customer (KYC), which involves establishing customer identity and identifying the associated risks. KYC procedures were first enforced with the Bank Secrecy Act (BSA) of 1970, which aimed to combat financial crimes like money laundering.
KYC is not the only acronym associated with compliance in the financial services industry. Other acronyms include Know Your Business (KYB) and Anti-Money Laundering (AML). KYB focuses on identifying and validating business entities, beneficial owners, and controlling persons. AML refers to the measures taken to prevent money laundering and other fraudulent activities.
Various laws and acts have further expanded the obligations of financial institutions in terms of compliance and anti-money laundering efforts. These include the Money Laundering Control Act, Anti-Drug Abuse Act, Annunzio-Wylie Anti-Money Laundering Act, Money Laundering Suppression Act, Money Laundering and Financial Crimes Strategy Act, USA PATRIOT Act, Intelligence Reform & Terrorism Prevention Act, and Comprehensive Iran Sanctions, Accountability, and Divestment Act.
The USA PATRIOT Act, enacted after the 9/11 attacks, has had a significant impact on modern-day financial services. It requires financial institutions to meet two critical components for KYC: Customer Identification Program (CIP) for onboarding new users and Customer Due Diligence (CDD) for ongoing monitoring of existing users. These programs help reduce identity theft, money laundering, financial fraud, and regulatory action.
Importance of User Onboarding for Banks and Fintechs
Proper user onboarding is essential for both banks and fintech companies. While the process has become increasingly digital, the required compliance checkpoints have not disappeared. Banks and fintechs need to strike a balance between collecting the necessary user information and delivering a seamless onboarding experience.
For digital-only firms, user experience is crucial in winning over new clients. The onboarding process sets the stage for what users can expect from the platform. If the process is lengthy, complicated, and time-consuming, there is a high likelihood of user abandonment. Therefore, fintechs and companies offering embedded banking or finance services must find ways to streamline the onboarding process while still meeting compliance requirements.
Utilizing Bank-Approved Vendors
Many financial services platforms partner with banks and financial institutions to offer banking services. These banks provide user accounts, hold deposits, facilitate payments, and issue debit or credit cards. However, compliance programs for identity verification, KYC, CIP, CDD, and data retention are often outsourced to bank-approved vendors.
Banks provide pre-vetted lists of vendors for fintechs to choose from. These vendors have the necessary capabilities and services to meet regulatory obligations. Fintech companies cannot bring their own vendors or proprietary compliance programs without undergoing a new review and approval process by bank partners. However, exceptions can be made for Banking-as-a-Service (BaaS) providers that have built and maintain their own compliance tech stack.
Best Practices for User Onboarding
To balance a smooth onboarding experience with KYC and identity verification requirements, several best practices can be followed:
- Keep the onboarding process simple and minimize the number of steps and screens.
- Optimize the process for mobile devices since most users prefer mobile apps.
- Provide real-time updates and feedback on user progress during onboarding.
- Offer users multiple options for verification, such as email, text, voice, and facial recognition.
- Ensure the security of personal user details by encrypting sensitive information until the point of verification.
- Automate processes to run in parallel, expediting the overall onboarding process.
By enhancing the user experience and personalizing the onboarding process, platforms can build confidence and minimize user abandonment rates.
The Future of Digital Onboarding in Financial Services
As regulators become increasingly concerned about effective oversight of third-party fintech partnerships, the emphasis is shifting towards comprehensive checks. Financial institutions and fintech platforms are looking to collaborate and implement rigorous policies for user screening, monitoring, and fraud mitigation.
In the future, securely storing user identity details in a global repository with customer controls could enable faster onboarding, reduce the risk of data compromise, and improve the overall process. Blockchain networks and protocols are potential solutions for this type of secure identity storage, but their implementation would require collaboration among technology providers, regulators, and government databases.
Overall, user onboarding remains a critical process in the banking and fintech industry, ensuring compliance, building trust, and delivering a seamless experience for users.
Note: The information provided above is based on search results and does not include a list of sources/bibliography.
