Know your customer (or KYC) requirements have become one of the most stringent regulatory compliance mandates for Indian financial institutions. To meet KYC requirements, financial service providers have to implement a Customer Identification Program and perform due diligence checks before doing business with a person or entity. KYC fulfills a risk mitigation function, and one of its key requirements is to check that a prospective customer is not named in any government list for wanted money launderers, known fraudsters or terrorists.
Despite its positive outcomes, KYC requirements have burdened organizations with a substantial administrative obligation. The KYC requirement verification rules place a big financial burden on banks, insurance companies and mutual funds due to the involved costs. Currently, every entity has to individually conduct this verification; this results in duplication of effort for both customers as well as financial institutions. In order to address these challenges, I propose the establishment of centralized national KYC bureaus to reduce this verification’s transactional costs.
Setting up KYC bureaus will allow a customer to be registered and screened only once, thus eliminating the need to go through the process multiple times. KYC bureaus will also be effective in preventing identity theft, fraud, money laundering, and terrorist financing.
Mode of operation
The Reserve Bank of India (RBI) has sanctioned four credit bureaus in India—CIBIL, Experian Credit Information, Equifax Credit Information Services, and High Mark Credit Information Services. The Government of India can direct RBI to authorize these bureaus to also operate as national KYC bureaus since they have already demonstrated their ability to secure credit information. They have already built (or are in the process of building) infrastructure for accessing credit scores, so they should be equally effective in providing services as national KYC bureaus. RBI can be the licensor and regulator for these bureaus.
Once a KYC bureau registers a customer, it can give the customer a unique Customer Identification Number (CIN). This can be supplemented with a KYC smart card which has his name, address and other details such as date of birth and biometric info. The detailed customer profile can be accessed by eligible participating entities for KYC requirements.
KYC bureaus will conduct the verification and retain customer’s personal data, including biometric information. The bureaus will ensure that the KYC requirements of all regulators are addressed at the time of collecting the customer data. Participating companies can pay the bureau(s) on a transaction-based model or fixed-cost model for verifying the KYC requirements of the customer; the tariffs can be decided by the regulator. Validation of the norms can be done once in five years after registration unless there are changes at the customer end (such as death, migration, marital status, income, or any criminal charges).
Role of IT
Multiple data sources are required, including internal and external information that is both structured and unstructured. Both automated and manual methods of collecting information are needed. Potentially complex risk-scoring algorithms must be highly customizable. KYC requirements change frequently due to both internal policy changes and external mandates. Filing suspicious activity reports is one of the most difficult compliance responsibilities which financial institutions have. A KYC bureau will be able to deal with this in a more effective manner and provide independent reports.
A technology solution to the above KYC requirement issues is a single centralized national system which stores all biometric and associated biographic data of customers. The system will capture biometric data from individuals to facilitate three key operational functions: creating a for-life unique bio-identification number; conducting fingerprint-based background checks, verifying an individual’s identity; and producing identity cards.
The centralized national KYC bureaus can operate a secure data center which will offer centralized storage for the customer information provided by various financial institutions and government agencies. In certain instances, data concerning financial institutions and the amount lent to customers will also be stored for KYC requirements. Information relating to suspicious individuals will be accumulated centrally, and shared for real-time identification.
Information in this system will be safeguarded in accordance with applicable laws and policies—including the Information Technology (Amendment) Act 2008. All records will be protected from unauthorized access through appropriate administrative, physical and technical safeguards.
The KYC bureaus will possess a comprehensive system including hardware, software and a team of experts to manage and assist in populating the database. A management transactional fee can be made applicable for every transaction, which is negotiable on an end user specific basis as authorized by the regulator.
About the author: L S Subramanian is a senior business and technology professional in the financial services industry. He may be contacted at [email protected]