Alessandro Tanno, managing associate of Linklaters, explains all the news and things to know about the digital onboarding process. It is important not to take anything for granted, but examine the many different aspects in depth. Here are some:
Digital Onboarding Process: what is the current regulatory framework?
Digital Onboarding is the process by which financial institutions (and, more generally, all recipients of anti-money laundering obligations) identify their customers “at a distance”, using information technology tools and innovative technologies.
Of particular relevance to the Digital Onboarding process are the obligations of customer due diligence provided by AML provisions, which mainly consist in the acquisition of ‘identification data’ of the clients (such as name, place and date of birth, residence or domicile, tax code) and their verification.
To this regard, it should be noted that the Italian legislation is more restrictive than EU law from which it derives, considering the physical presence of the customer as a rule, unless some specific exceptions are met, or the intermediary has adopted additional measures. It is sufficient to consider how in cases of remote operations the Bankit rules require to carry out a highly formalized procedure of audio/video (as similar to the procedure required for SPID) or suggest complicated double-checking actions on data acquired, like delivery of countersigned documentation or – even – on-site meetings. Double-check actions are based on innovative technological solutions are on principle admitted, but only in those cases where they are assisted by robust security measures and provided that the AML function assesses and describes the risk profiles that characterize each of these tools and the related security measures.
What are the critical issues and possible improvements?
The main challenge for Fintechs subject to AVC obligations is finding an effective balance between “compliance” with the legal standards and the user experience in the onboarding process which ensures users almost immediate access to financial products and services.
Also under pressure from market operators, Italian legislator has recently adopted a number of initiatives aimed at facilitating the use of digital onboarding.
By way of example, the the so-called “Simplification Decree” has eliminated the obligation to ask for the ID data of the clients in case of remote identification of the client, in order to speed up the onboarding procedure.
In addition, it has been enlarged the extent of the exceptions applicable to the obligation of physical identification of the client by providing that clients interested to obtain payments card or payments instruments based on digital devices can make a wire transfer, subject to an electronical identification compliant with the principles of the strong customer authentication.
Finally, the exception to the physical presence has been enlarged also to clients holding a digital identity with at least a significant security level (and no longer the maximum security level as it was required in the past), issued under SPID or a European electronic identification scheme.
This is undoubtedly an important opening by our legislator in the wake of an approach at a European level that sees the interoperability of digital identity solutions as one of the priorities of the digital finance strategy for the EU. In accordance with the communication on the Digital Finance Strategy of the European Commission this will allow for a quick and easy remote client onboarding across the EU, thus ensuring smooth cross-border operations.
What are the new technological tools to support them?
Technologies play a key role in e-KYC processes. is Biometric technology (think of Apple’s Face ID, or the fingerprint-based technologies used by Android) is extremely important as well as optical character recognition (OCR) which allows data extraction from photographs or document scans. OCR technology, which is old in itself, is now being used thanks also to the introduction of machine learning algorithms, in identity verification and customer journey automation, although it often happens that the quality of the photos, also due to the type of device used by the customer during the process, can affect the result.
There are also many other technologies that, depending on the solution, are used for KYC purposes, often in support of, or in combination with, the previous ones. Amongst these is, of course, the use of cryptography, in particular that with asymmetric keys. More recently, the use of blockchain or, more generally, of distributed ledgers has become widespread, both of the permissioned type (with the creation of proprietary distributed ledgers) and of the permissionless type, which allow the decentralised storage of data relating to the identification of a subject.
However, it should be noted that the use of a particular technology does not in itself imply the fulfilment of the obligations imposed by the law on AML. In fact, it is always necessary to carry out an in-depth analysis of the compliance of the solutions adopted with the requirements of the applicable regulatory framework. This is not always a straightforward task requiring a reconciliation between technological aspects and legal and regulatory requirements. In these cases, therefore, the use of legal experts, in addition to being strongly recommended, becomes essential to reduce complexity and minimise risks.
Continue to stay with us, subscribe to our newsletter