API for identity and compliance: an acronym financial services actually love
FINOVATEFALL SPECIAL: INDUSTRY INSIGHTS FROM TRULIOO
Being a financial services company is hard these days. From the outside, large incumbents with established customer bases and well-funded fintechs posturing to break through with new innovative services are eating market share. Internally, the struggle to meet evolving customer demands and offer solutions to a global audience, all while keeping privacy and security top of mind, is pushing teams to the brink.
Developing a bank-grade financial application has never been easy – this industry has always been far too complex for that type of wishful thinking – but today’s complexities have made it especially tricky. A persistent thorn in the side of financial services is compliance, that intimidating word we know is critical but often dizzies our brains. And it’s no wonder why; a quick scan of financial compliance regulations reveals an alphabet soup of acronyms like AML, KYC, CCPA, PSD2, 5AMLD and GDPR, many of which are specific to one country or region. For businesses without borders, navigating these nuanced – often turbulent – compliance waters requires a sturdy ship.
Compliance isn’t a core competency of developers; it never was and nor should it be. But with massive compliance fines levied against the financial industry seemingly daily, compliance investment must be made early in the application development process to avoid catastrophic consequences down the road. For regulated businesses, such as financial services providers, not only are know your customer (KYC) procedures a critical function to assess and monitor customer risk, they are a legal requirement to comply with anti-money laundering (AML) laws. AML/KYC compliance is not a “nice to have”, or a necessary evil, it’s a fundamental requirement.
So, the question is, how? How can developers ensure their applications comply with as many industry regulations, in as many countries as possible? And most importantly, how can they do this without having to learn an entirely new skill set?
Enter APIs, something developers are keenly familiar with. Recent advancements in fintech and regulation technology (regtech) have resulted in a suite of incredibly useful APIs that act as a connective tissue between the development and compliance teams, enabling the former to bake in compliance early with very little effort.
This emerging “compliance-as-a-service” environment looks like this: developers add a snippet of code into the development cycle, usually into the sign-up or registration flow, which serves to verify the identity of customers conducting transactions on the app. During the customer onboarding process, the code taps into hundreds of reliable data sources across the globe (things like watchlists, electoral rolls, credit data, mobile network operator data) that together help verify that a customer is who she says she is before a transaction is conducted. The best part: this can all be done without burdening the customer with extra forms or info they need to complete.
Failure to accurately verify customer and business identities online has been a particularly sharp thorn in this industry; with millions of transactions happening daily, the lure for some to take advantage is strong, and has resulted in significant losses to fraud and money laundering, which, compounded with the resulting compliance fines can quickly cripple businesses.
By implementing a robust identity verification API into the technology stack, financial services providers significantly reduce the risk of bad actors slipping through, thus greatly reducing the risk of fraud, and associated regulatory fines.
This article is also featured in the FinovateFall 2019 Supplement. Click here to read the full supplement online – it is free and no registration required. Just click and read!
Or pick up a complimentary print copy at the FinovateFall conference (23-26 September 2019, New York Marriott Marquis, New York).