Know How to Know Your Customers
December 17, 2018
The new technology is changing the world of user experience. The users don’t need to visit a branch to open a bank account, start investment or exchange cryptocurrency, etc. Think of it! A bank allows the user to open an account without seeing the person. Modern IT solutions will enable us to identify and verify the personality in a few steps that can be easily and quickly done by customers’ smartphone.
I’ve been involved in two groundbreaking FinTech projects as a lead product owner. In these projects, I’ve met the technical implementation of KYC (Know Your Customer/Consumer) for the first time. When I started to investigate this procedure, I was deeply amazed that KYC is used in public and private sector especially in financial institutions and government entities.
I would like to describe you a process of KYC implementation from the side of Product Owner and indicate one needs to know while defining product requirements for a digital product. The procedure itself depends on a sphere of implementation, that is why I would like to focus on B2C experience.
First of all, you need to determine two different technical terms, as it is a usual practice for service providers to divide them:
- KYC (Know Your Customer/Consumer) — is the process of a business verifying the identity of its clients and assessing potential risks of illegal intentions for the business relationship. Anyone identified as a politically exposed person, or PEP, is subject to enhanced due diligence procedures. A PEP is anyone who performs an entrusted public function or holds a public office, as well as anyone closely tied to that person.
- AML (Anti-Money Laundering) — fights against money laundering and terrorist financing. In many jurisdictions, government regulations require financial institutions, including banks, securities dealers and money services businesses, to establish such programs. In order to do this, they check transaction habits, identify suspicious transactions (or activity), and notify the authorities when suspicious transactions occur.
The first step of KYC/AML procedure is to analyze a personal info of a user — factual personal information, and the photo of the documents and to check that all of this belongs to the same person.
Possible ways to verify your user during the KYC procedure:
- Identity verification — recognize data from the identity document (using Artificial Intelligence, Computer Vision, Optical Character Recognition, Natural Language Processing) and check if it is authentic and belongs to the user.
- Live photo — the user needs to do the real-time selfie in a specific way following the requirements, prescribed for this process (i.e., holding a piece of paper with handwritten current date, or with ID document) in order to check that this person really exists. The user can’t upload this photo from the device (CameraRoll or Gallery). Only real-time photos are accepted. Moreover, there are other requirements for the quality of the picture: one certain person, good light and clarity.
- Liveness verification — requires the user to take a live video and to do some random actions — say some words, move his/her head from side to side, move eyes, etc. Quit place, bright light, only one person in the video are required conditions.
- Proof of residence — user needs to send actual bills (telephone/electricity/gas bill, etc) to verify that the place exists and the user resides there in fact. Some KYC providers have a special list of commercial addresses that can’t be used for the registration.
After you start understanding the basics of KYC/AML process you may start working with your Customer to define requirements for the KYC. Below I provided a list of the questions that can help you to determine how to develop UI/UX of your application. The Client/Customer and Company lawyer must provide the answer to this question. You need to be sure about regulatory requirements. So, the questions are:
- What does KYC mean to your Product? The answer to this question is guided by the regulatory system of the market of your Product or your Customer jurisdiction. Requirements can be constrained by the list of documents (e.i. Passport, National ID and Driving License only).
- Does the Product deal in b2c or also with business? It’s important to understand if the Product is going to start working with business. In this case, you need to be prepared to KYB (Know Your Business). It has another list of checks, and we need to keep in mind when we choose a provider for KYC that not everyone analysis and implements KYB procedure.
- What are critical points while checking the personality? Checking if the document is real is more than enough for some Products. Vice versa, when your Product deals with high profits and high risk, you need to thoroughly check that the person can be trusted. In such circumstances, AML and risk assessment are the top priority.
- What are the target countries for the business? This question is crucially important for UI and for provider choice. You’ll need to check legal requirements to the documents that are used for identification in these certain jurisdictions, what they look like. Beyond that point, you need to define the versions of the documents that you are going to support (some countries have paper documents and plastic cards for user identification). Then you can check if the UI of your app supports it (some documents have important information from both sides).
- Do you want to be able to set different systems of identity check for different jurisdiction? For the high-risk countries, you may need more rigorous requirements for the identity check.
- What are the non-functional requirements for the verification process? Check the position of the device at the moment of verification, simple UX flow, fewer actions from the user and etc.
- Are you going to deal only with mobile solutions or web apps either with the same stack of functionality? Again, the strategic question that is relevant for the UX and provider.
Once you receive the answers this questions you can work on UI/UX and create wireframes for the Product. I’m not talking about the final design because your KYC provider can change your UI (specific SDK or API requirements). There is a list of international KYC providers that have different solutions and possibilities. Overall, the next list of the questions you need to ask KYC providers:
- What documents can the Provider process? The answer to this question must correlate with your regulatory requirements and strategic plans.
- How does a Provider check the user’s identity? There are two basic options: check that the document is authentic (check holograms, checksums on the documents) and check input attributes by the user in the government databases (credit bureaus, government sources, etc.). Both ways are acceptable for the products.
- What countries does Provider support? Here you need to check if the Provider has its resources or uses other sub-providers.
- Does the Provider perform KYC and AML process by own resources or have partners? It is usual case to have two companies working as partners for these kinds of user’s verification. They usually have co-integrations and help clients to enjoy the best user experience.
- Does the Provider have SDK for mobiles (native IOS/Android, hybrid — React Native, Cordova, Xamarin)? SDK can improve UX of your application and help the user to pass verification from the first try. As an example — SDK can have integrated OCR to parse the data from the document, check the photo quality. These additional features are validating users photo before the user sends it for the main check. Generally speaking, if your provider has SDK — ask more about all the functionality it has.
- What can be customized in the SDK? Tricky question. SDK UI can spoil your magnificent design. Find out what can be changed — the color/size of the buttons, background, texts, or some customization of texts user need to pronounce on Liveness check. One more good question if provider advertisement can be removed (or you’ll have “Powered by …” label in your app).
- Does a provider have API for mobile and web applications? In our case, we had UX and business requirements that are not compatible with SDK solution. We did two verification via SDK and one via API to save the UX.
- Can API and SDK be used together for the mobile application? Another tricky question for the KYC provider. Because usual answer can be — no. So, you need to use one or another.
- What are the supported devices for SDK? Сheck if the SDK is going to work well in all devices supported by your App.
- Does the provider have a stage/test environment? It’s not a funny situation when you need to pay for all test checks during the active development phase.
- Does the provider have full SDK and API documentation? Also, is the API from Test environment the same as on Production? Because the answer is — No. It will blow your developers minds off when they switch to production mode, and KYC stops working.
- What is the possible decision after the check in general? There can be just a binary answer — pass/fail. You’ll never know why the user fails KYC check. Moreover, the user-friendly option is when you have a clear answer what is not match with the verification requirements (the photo is not clear, the video is without sound, ID is invalid and so on)
After a few calls to the KYC/AML providers, you see that the answers are different from company to company because their products are not designed to fit your requirements.
And now a little bit about Dashdevs’ experience:
The development process of digital bank started with benchmarking analysis and creation of high fidelity wireframes. It was critical to obtaining a total vision of the product in the early stages. The main business requirement for KYC part was to simplify KYC flow by making the user perform fewer actions but to keep all the checks for the applications. The design was perfect for this. But the reality was different. KYC provider did not have API for mobile apps and SDK was not customizable. We needed to create workarounds on our side to save the product.
Hope this article will help you understand the KYC process better from a product owner point of view.
Originally posted on [Medium]()