Optimising Onboarding & KYC
Learn how to use CIAM to achieve the correct balance of user experience, security, compliance and operational efficiency for onboarding & KYC
As onboarding is the first interaction with your service, a good user experience in this step is paramount. 45% of users will give up if the registration process is too manual, complex or time consuming. Improving onboarding workflows can have a big impact on your completion rates.
Security & Fraud Prevention
The level of identity assurance needed will depend on your type of service and regulatory context, but trust in who customers are and the accuracy of identity data captured are high priority. However, an incorrect balance of security measures with user experience will put off your intended users.
You will also need to consider compliance to applicable regulations in any onboarding workflows. Take banks for example, which are often mandated to conduct a level of Know Your Customer (KYC) in the onboarding phase. As with security, a digital-first, user-friendly approach is imperative to success.
Onboarding is an opportunity to improve operational efficiency and take manual workflows and automate them, saving costs and maintaining efficiency at scale. You need a digital onboarding solution that grows with your business, not one that holds back growth.
Using CIAM for KYC & Onboarding Customers
Identity verification using reusable identities
Organisations need to verify the identities of users onboarding to their services – whether for enhanced security and/or KYC/AML requirements.
CIAM connects the Identity Providers (IdPs) and identity schemes to your services that you need to achieve seamless, secure, compliant and efficient identity verification. It supports dozens of reusable identities from IdPs, e-IDs, and regional identity schemes, and powers the world’s most extensive identity brokering platforms.
Identity verification using document verification or physical biometrics
CIAM enables real-time identity verification using government-issued identity documents and physical biometrics such as facial scanning. The combined solution from Onfido and Ubisecure scans physical ID documents from over 4,500 document types from 195 countries and can use biometric technology to verify that the document truly belongs to the person being onboarded.
This is useful for service providers needing/wanting to carry out digital-first identity verification, but that operate in countries that do not yet offer standardised verified digital identities.
Attribute Collection & Aggregation
Effective onboarding requires the company to simplify the identity management by consolidating the onboarding data set. Ubisecure supports the collection, aggregation and exchange of user attributes to offer Zero Trust networking while respecting user privacy. The core functioning includes:
- Normalising data from different providers to simplify application integration
- Masking user data according to minimum information disclosure principles
- External service queries – resolving a common attribute through a commercial or in-house web service
Ubisecure CIAM is used to efficiently integrate data sources so the user‘s identity-related data can be retrieved and utilised on a per-session basis. The result is an individual identity profile, specific to each connected application or outbound federation link. Only those attributes needed for functioning, and authorised by the user, are shared.
Delegated Authority enables multi-tier delegated administration and delegation of authority, improving efficiency, reducing costs and enhancing security. Delegated Authority allows the principle of “verify, delegate, assert” to be implemented at large scale within both closed and open ecosystems.
- B2C/G2C example – one admin user from a customer group plan (e.g. parent within family) carries out the onboarding process, then sends invitations to others in the group with role-based access.
- B2B/G2B example – one admin user from your partner organisation takes responsibility for their colleagues’ access to your digital service, within your defined parameters. The partner admin delegates access/authority to users within their own organisation.
Both scenarios remove manual work from your own IT/Support team and eliminate the need for shared access credentials which present a security risk.
LEI – Onboarding Organisation Customers
Legal Entity Identifiers (LEI) – verified organisation identities
A Legal Entity Identifier (LEI) is a 20-character global identifier that identifies distinct legal entities that engage in transactions. It is defined by the ISO 17442 standard, endorsed by the G20 & FSB and is intended to be “the one identity behind every business”. The LEI provides access to verified organisation reference data and connects the numerous different organisation regional and private identifiers used in KYC/AML.
The use of LEIs in onboarding can be a significant cost saving tool, as well as having a measurable impact to people and staff productivity, streamlining processes, and improving transparency into available entity data. Service providers can view live, verifiable data about clients to ensure higher levels of trust for Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD).
RapidLEI is the organisation identity service from Ubisecure, a Local Operating Unit (LOU) of the Global Legal Entity Identifier System and accredited issuer of LEIs. RapidLEI is the number one issuer of new LEIs worldwide and offers both SaaS and API-based solutions for LEI issuance and management.
“Today, the global banking sector spends around U.S.$40 billion on client onboarding annually. That’s an estimated U.S.$54m per bank, U.S.$31m of which is ‘people’ cost. Productivity improvements gained through LEI usage could generate cross-sector cost reductions of between 5-10% annually.” Global LEI Foundation
Organisations using (or considering) the new GLEIF Validation Agent (VA) solution can enroll for Ubisecure’s LEI Everywhere program. LEI Everywhere offers a clear and simplified path to obtaining and maintaining LEIs:
- Technical implementation of the GLEIF Validation Agent role through the RapidLEI API and SaaS dashboard
- Enhanced verification for both initial LEI registration and subsequent renewals, assisting KYC (Know Your Customer), AML (Anti-Money Laundering), Customer Due Diligence (CDD), Enhanced Due Diligence (EDD) onboarding and client refresh cycles
- Reduced annual fees – initial registrations at $11.99 and renewals at $5.99 (price include annual GLEIF fee)
LEI Everywhere lets organisations obtain LEIs for clients when verifying a client’s identity during initial onboarding or during a client refresh. Both the validation of legal entity identity data and the subsequent registration (and renewal) of the LEI can be automated to occur in parallel with existing workflows without the usual duplicative processes.
Find out more about LEI Everywhere
“By simplifying and accelerating the LEI issuance process, the new Framework also paves the way for FIs to expand their usage of the LEI beyond capital markets to encompass all banking business lines, an opportunity anticipated to save the industry U.S.$2-4 billion annually in client onboarding costs alone.” Global LEI Foundation
Ultimate Beneficial Ownership (UBO)
The European 4th AML Directive (2017) and the US FinCEN CDD Final Rule (2018) both contain provisions for capturing beneficial ownership (UBO). Penalties for non-compliance are significant, so maintaining proper UBO information is critical.
KYC/AML procedures and processes must collect information about the beneficial owner including the identity of all individuals who have a significant ownership or control position. The beneficial ownership information includes:
- The natural person opening the account: name and title
- The legal entity customer: name and address
- The beneficial owners: name, DoB, address and social security/passport of similar ID
Through a strategic partnership with UBO Service, Ubisecure makes capturing UBO easy. Find more information about RapidLEI’s UBO services.
Onboarding Employees associated with Organisations
Right to Represent
Right to Represent is a Ubisecure service which allows service providers or government departments to connect to and check a company’s verified identity and the rights of individuals to request on behalf of, or represent, the company.
Representation attributes can include legal, financial, administrative or other authoritative powers. Right to Represent digitises costly administrative governance to technically implemented governance. It makes way for automated workflows that reduce manual workflow costs by as much as 99% and reduce fraudulent organisational representation during the onboarding of new customers.
Digitising representation workflows also enables compliance to regulations by enhancing security and increasing transparency over who has rights to do what on behalf of the organisation. Because Right to Represent provides advanced KYC and ties an individual to an organisation, it can also dramatically reduce the time to execute successful corporate KYC/AML.
Deploying a nationwide delegation & representation platform for 400k+ organisations, citizens and 100+ Government services.
>> Read More
ANALYST EXECUTIVE SUMMARY
An overview of the Customer Identity and Access Management (CIAM) industry & an impartial high level description and analysis of the Identity Platform.
>> Read More
Using IAM & LEIs to Improve Onboarding & KYC
How to optimise customer onboarding for seamless, secure and compliant Know Your Customer (KYC) workflows.