CIAM for Onboarding & KYC

How Ubisecure optimises customer onboarding for seamless, secure and compliant Know Your Customer (KYC) workflows for both individual and organisation customers.

WHITE PAPER
KYC & Onboarding CIAM

Optimising Onboarding & KYC

Learn how to use CIAM to achieve the correct balance of user experience, security, compliance and operational efficiency for onboarding & KYC

Download the white paper

Security icon

User Experience

As onboarding is the first interaction with your service, a good user experience in this step is paramount. 45% of users will give up if the registration process is too manual, complex or time consuming. Improving onboarding workflows can have a big impact on your completion rates.

CX icon

Security & Fraud Prevention

The level of identity assurance needed will depend on your type of service and regulatory context, but trust in who customers are and the accuracy of identity data captured are high priority. However, an incorrect balance of security measures with user experience will put off your intended users.

Compliance icon

Compliance

You will also need to consider compliance to applicable regulations in any onboarding workflows. Take banks for example, which are often mandated to conduct a level of Know Your Customer (KYC) in the onboarding phase. As with security, a digital-first, user-friendly approach is imperative to success.

Operations icon

Operational Efficiency

Onboarding is an opportunity to improve operational efficiency and take manual workflows and automate them, saving costs and maintaining efficiency at scale. You need a digital onboarding solution that grows with your business, not one that holds back growth.

Onboarding Customers

CIAM Capture Proof Convert

Identity verification using 3rd party digital identities

Organisations need to verify the identities of users onboarding to their services – whether for enhanced security and/or KYC/AML requirements.

Ubisecure connects the Identity Providers (IdPs) and identity schemes to your services that you need to achieve seamless, secure, compliant and efficient identity verification. It supports dozens of external IdPs, e-IDs, and regional identity schemes, and powers the world’s most extensive identity brokering platforms.

Identity verification using document verification or physical biometrics

Ubisecure enables real-time identity verification using government-issued identity documents and physical biometrics such as facial scanning. The combined solution from Onfido and Ubisecure scans physical ID documents from over 4,500 document types from 195 countries and can use biometric technology to verify that the document truly belongs to the person being onboarded.

This is useful for service providers needing/wanting to carry out digital-first identity verification, but that operate in countries that do not yet offer standardised verified digital identities.

Identity Verification

Logos from federated identities

Attribute Collection & Aggregation

Effective onboarding requires the company to simplfy the identity management by consolidating the onboarding data set. Ubisecure supports the collection, aggregation and exchange of user attributes to offer Zero Trust networking while respecting user privacy. The core functioning includes:

  • Normalising data from different providers to simplify application integration
  • Masking user data according to minimum information disclosure principles
  • External service queries – resolving a common attribute through a commercial or in-house web service

Ubisecure is used to efficiently integrate data sources so the user‘s identity-related data can be retrieved and utilised on a per-session basis. The result is an individual identity profile, specific to each connected application or outbound federation link. Only those attributes needed for functioning, and authorised by the user, are shared.

Delegated Authority

Delegated Authority enables multi-tier delegated administration and delegation of authority, improving efficiency, reducing costs and enhancing security. Delegated Authority allows the principle of “verify, delegate, assert” to be implemented at large scale within both closed and open ecosystems.

  • B2C/G2C example – one admin user from a customer group plan (e.g. parent within family) carries out the onboarding process, then sends invitations to others in the group with role-based access.
  • B2B/G2B example – one admin user from your partner organisation takes responsibility for their colleagues’ access to your digital service, within your defined parameters. The partner admin delegates access/authority to users within their own organisation.

Both scenarios remove manual work from your own IT/Support team and eliminate the need for shared access credentials which present a security risk.

Delegated User Management

Onboarding Organisation Customers

Rapid LEI by UbisecureLEI Management

Legal Entity Identifiers – verified organisation identities

A Legal Entity Identifier (LEI) is a 20-character global identifier that identifies distinct legal entities that engage in transactions. It is defined by the ISO 17442 standard, endorsed by the G20 & FSB and is intended to be “the one identity behind every business”. The LEI provides access to verified organisation reference data and connects the numerous different organisation regional and private identifiers used in KYC/AML.

The use of LEIs in onboarding can be a significant cost saving tool, as well as having a measurable impact to people and staff productivity, streamlining processes, and improving transparency into available entity data. Service providers can view live, verifiable data about clients to ensure higher levels of trust for Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD).

RapidLEI is the organisation identity service from Ubisecure, a Local Operating Unit (LOU) of the Global Legal Entity Identifier System and accredited issuer of LEIs. RapidLEI is the number one issuer of new LEIs worldwide and offers both SaaS and API-based solutions for LEI issuance and management.

“Today, the global banking sector spends around U.S.$40 billion on client onboarding annually. That’s an estimated U.S.$54m per bank, U.S.$31m of which is ‘people’ cost. Productivity improvements gained through LEI usage could generate cross-sector cost reductions of between 5-10% annually.” Global LEI Foundation

Legal Entity Identifiers – Validation Agents

Organisations using the Validation Agent (VA) solution can obtain LEIs for clients when verifying a client’s identity during initial onboarding or during a client refresh. Both the validation of legal entity identity data and the subsequent registration (and renewal) of the LEI can be automated to occur in parallel with existing workflows without the usual duplicative processes.

“By simplifying and accelerating the LEI issuance process, the new Framework also paves the way for FIs to expand their usage of the LEI beyond capital markets to encompass all banking business lines, an opportunity anticipated to save the industry U.S.$2-4 billion annually in client onboarding costs alone.” Global LEI Foundation

GLEIF VA

UBO Declaration

Ultimate Beneficial Ownership (UBO)

The European 4th AML Directive (2017) and the US FinCEN CDD Final Rule (2018) both contain provisions for capturing beneficial ownership (UBO). Penalties for non-compliance are significant, so maintaining proper UBO information is critical.

KYC/AML procedures and processes must collect information about the beneficial owner including the identity of all individuals who have a significant ownership or control position. The beneficial ownership information includes:

  • The natural person opening the account: name and title
  • The legal entity customer: name and address
  • The beneficial owners: name, DoB, address and social security/passport of similar ID

Through a strategic partnership with UBO Service, Ubisecure makes capturing UBO easy. Find more information about RapidLEI’s UBO services.

Onboarding Employees associated with Organisations

Right to Represent

Right to Represent is a Ubisecure service which allows service providers or government departments to connect to and check a company’s verified identity and the rights of individuals to request on behalf of, or represent, the company.

Representation attributes can include legal, financial, administrative or other authoritative powers. Right to Represent digitises costly administrative governance to technically implemented governance. It makes way for automated workflows that reduce manual workflow costs by as much as 99% and reduce fraudulent organisational representation during the onboarding of new customers.

Digitising representation workflows also enables compliance to regulations by enhancing security and increasing transparency over who has rights to do what on behalf of the organisation. Because Right to Represent provides advanced KYC and ties an individual to an organisation, it can also dramatically reduce the time to execute successful corporate KYC/AML.

Sign in with an LEI

Resources

CASE STUDY

Finnish Government

Deploying a nationwide delegation platform for 400k+ organisations, citizens and 100+ Government services.

>> Read More

ANALYST EXECUTIVE SUMMARY

By KuppingerCole

An overview of the Customer Identity and Access Management (CIAM) industry & an impartial high level description and analysis of the Identity Platform.

>> Read More

WHITE PAPER

Build vs Buy: Customer IAM

What are the benefits of Customer IAM? And should your organisation build a solution using your existing internal resources, or buy a CIAM solution?

>> Read More

Ready to get started?