The ability for citizens to use their digital identity in both public and private sector is paramount for a successful scheme. A digital identity must become a necessary and valued commodity for the individual. There are two sectors who can achieve this. Government and Financial Services.
Globally, Singapore and Estonia are two good examples of
where governments have led on the creation of the scheme. Norway and Sweden good examples of where the
banks have been the catalyst. Whether a
government or bank led scheme, the identity provider being in the private sector
has benefits. Private sector identity providers
drive a customer focussed scheme with a sound commercial basis.
When thinking about what makes a good identity provider,
banks tick many of the boxes. Systems
underpinning our financial network may sometimes be viewed as legacy millstones. Yet what they do well is to define the
standard of trust.
Banks may not necessarily be liked. Though customers, consumers, government and
other actors in the sector do trust them.
We know they can securely and accurately process hundreds of thousands
of transactions per second.
Other sectors battle publicly with data and security
breaches. Financial institutions quietly
go about their business. Behind the scenes decades of protective monitoring,
threat detection and active defence is being used to keep our money
secure. We all understand the term “bank
grade security”. Fraud continues to grow
in scale and volume. Though we know this
due to the ability of banks to track it.
More often than not, fraudsters target the weak spot of the customer.
The days of the bank manager being on first name terms with
each customer are a sepia-tinged memory. Yet the process of proving a customer’s
identity is stronger than ever. Banks
have migrated customers from physical branches to online and mobile
interactions. Their investment in remote
identity verification has matched this shift to digital.
To combat ever-growing threats, banks are increasingly
regulated. They need to prevent identity
theft, terrorist financing and money-laundering. Know Your Customer (KYC) obligations put
identity at the core of what financial institutions do day-in, day-out. Banks are full of clever people. They are challenged with staying one step
ahead of the bad guys.
This means that banks make ideal candidates to be an
identity provider. They have a unique
combination of security, protection, trust, and performance. Add in their customer digital experience,
data management, and KYC. They’re also
part of the national infrastructure. Surely
it stands to reason that the future of identity provision will come from banks.
The challenge comes when identity and entitlement are more
distinctly understood. KYC and the
required Customer Due Diligence (CDD) effectively breaks into three component
parts:
- Who the customer is (identity)
- Can you do business with the customer (entitlement)
- Should you do business with the customer (entitlement)
For banks, a trustworthy identity is a means of establishing entitlement. Banks operate to the same set of national regulations. Though their risk appetite and commercial imperatives drive their approach to identity. This is much more nuanced than under a standards-based identity scheme.
Some start-up or challenger banks see their onboarding
process as being a competitive advantage.
When you’re building a business converting every potential customer into
an actual customer results in different priorities. A layered approach to Anti-Money Laundering (AML)
and Counter-Terrorist Financing (CTF) controls can be taken. This enables a weaker upfront identity checks. Checks are strengthened on demand as risk
markers are triggered.
There is also the product suitability dimension. For a pre-payment card, the risk and controls
for on-boarding a customer differ greatly from an unsecured loan. And an unsecured loan for £500 similarly differs
from one for £20,000. A mortgage could
be for £2m, though the risk is less because there are land, bricks and mortar
to offset against.
Then there are those customers whose bank accounts were
opened with nothing more than a handshake from their friendly local bank
manager. The standard of KYC across the
bank’s customer base varies depending on the process at the time that they
became a customer. It varies with the
products they’ve taken since. And with the
level of interaction they’ve had as banking has transformed.
Throw in a commercial opportunity and KYC becomes even more
fragmented. For example, in the UK
market there is one High Street brand that foreign nationals go to ahead of the
others. Do they have the best product? Probably not.
What they do have is the easiest on-boarding process for new to country
customers. Five or six years ago,
another High Street giant dominated service for this demographic. Their risk appetite changed and the
commercial advantage was sacrificed in exchange for tighter controls.
When the result of identity verification impacts on your
commercial performance this changes your approach. Obviously skirting on the right
side of the regulatory line.
There are also the 1.5 million people in the UK who are
unbanked. How do we ensure that as well
as being financially excluded, these people don’t also become identity
excluded?
With so many variables at play, the idea of a “portable KYC”
is challenging to the point of being improbable. There will be impacts on being able to
leverage portability that can be used across sectors. It will increase scrutiny, tighten
regulations and impose new standards on banks.
Imagine the exercise required for a bank with millions of customers to
bring all those accounts up to the same standard of identity verification.
Should banks be identity providers? Absolutely.
If they wish to. And if they
understand what impact it will have on their business. In a mature commercial environment for
identity, some banks will play a valuable role as provider. Others will input requirements, expertise and
use case demand. And that environment
will be right for everyone.
Read my other posts
Check out my other posts https://no1ba.blogspot.com
About me
Bryn Robinson-Morgan is an independent Business Consultant with interests in Identity Assurance, Agile Organisational Design and Customer Centric Architecture. Bryn has over 20 years experience working with some of the United Kingdom's leading brands and largest organisations.
Follow Bryn on Twitter: @No1_BA
Connect with Bryn on Linked In: Bryn Robinson-Morgan
Check out my other posts https://no1ba.blogspot.com
Connect with Bryn on Linked In: Bryn Robinson-Morgan
