Electronic Know Your Customer (eKYC) solutions are being adopted worldwide as regulations become increasingly stringent with the rapid advancements of digital fraud. From international regulatory bodies such as the Financial Action Task Force (FATF) to national entities like the Monetary Authority of Singapore (MAS), businesses must adhere to ever-changing national and international KYC standards, with many businesses struggling to achieve compliance.
Choosing the right partner that provides reliable and efficient eKYC solutions is critical for businesses to scale safely whilst remaining compliant. The integration of eKYC verification similarly helps organisations build and maintain trust with their customers.
The Need for Global eKYC Processes
The global eKYC market was valued at $518 million in 2022, forecasted to reach an impressive $2.46 billion by 2030, with a compound annual growth rate of 21.40%. The growing global demand for eKYC solutions has increased alongside money laundering and fraudulent practices, with eKYC methods being a needed next-step to fight fraud.
About 5% of a business’s annual revenues are lost to fraud each year.
The United Nations Office on Drugs and Crime (UNODC) estimates that between 2% and 5% of global GDP is laundered each year, which amounts to a shocking €715 billion to €1.87 trillion worldwide. With such a high number of money laundering practices occurring and the rise of sophisticated identity fraud, businesses must ensure they hold customer identity data to minimize their risk of fraud.
The ease at which identity theft or false identities can be created online puts businesses at risk of onboarding customers who are involved in illicit activities, posing a risk to the security and reputation of the organization.
The FTC has received 5.7 million total fraud and identity theft reports in 2024, 1.4 million of which were identity theft cases.
Businesses must protect themselves from leading scams such as identity fraud with a robust eKYC process. These should include a thorough Identity Check and a Document Check, verifying that customers are who they claim to be, and that their documentation is valid.
eKYC Solutions in Response to Increasing Regulatory Pressures
Regulatory bodies across the globe are pushing for tighter Identity Verification (IDV) and Anti-money Laundering (AML) practices. Quoted in a DW news report, the EU Commission Executive Vice President Valdis Dombrovskis stated:
The rules we have in place to prevent money laundering are amongst the toughest in the world, but they must also now be systematically applied.
United States
Section 326 of the USA Patriot Act mandates banks and other financial institutions implement a Customer Identification Program (CIP). This process must collect specific information from customers, including their name, date of birth, address, and identification number.
In the United States, the Financial Industry Regulatory Authority (FINRA) Rule 2090 states that financial institutions must implement comprehensive due diligence to identify and retain customer data and anyone acting on behalf of said customer. The rule states the following:
Every member shall use reasonable diligence, in regard to the opening and maintenance of every account, to know (and retain) the essential facts concerning every customer and concerning the authority of each person acting on behalf of such customer.
The Bank Secrecy Act, legislation which aims to put an end to money-laundering practices, established the Customer Due Diligence (CDD) enforcement as part of their efforts to enhance financial transparency.
The CDD has four main requirements for financial institutions regarding KYC practices, the first consisting of a thorough identity verification. Customer data including name, email address, phone number, occupation, and tax identification and more is collected at this point. This is then followed by business assessment, in which financial institutions consider the business interests of their consumer, followed by a customer risk assessment and continuous monitoring.
European Union
The Payments Services Directive (PSD2) secures online payments as it mandates that customers must undergo a Secure Customer Authentication (SCA) within the EU. This consists of a two-factor authentication process, which is now the norm and must be implemented in all high-value payments.
The General Data Protection Regulation (GDPR) mandates that organizations carry out identity checks and retain sensitive information regarding their customers, though they must be completely transparent in their use of data.
Other Prominent Regulatory Bodies Worldwide
Australian Transaction Reports and Analysis Centre (AUSTRAC): The AUSTRAC is an Australian government financial intelligence agency that is responsible for identifying illicit activities such as money laundering and terrorism financing. The organisation requires businesses to identify their customers and verify customer documentation, underlining the notable threat of fraud.
Reserve Bank of India (RBI): The RBI has revised their KYC regulations over the past couple of years, having standardised regulations on these processes that must be implemented by financial institutions in order to identify customers accurately. To mitigate risks, the RBI has emphasized adopting measures such as tagging high-risk customers to prevent fraud, money-laundering and identity theft.
Monetary Authority of Singapore (MAS): The MAS is the central bank and financial regulatory authority of Singapore. MAS requires that financial institutions implement eKYC solutions to prevent money laundering and financing of terrorism. MAS’s regulatory framework dictates that customer identities must be verified through multiple channels, including independent verification of mobile phone numbers, addresses, salary details and more. For high-risk customers, enhanced due-diligence processes that include ongoing monitoring are mandatory.
How Can Businesses Remain Compliant with eKYC Regulations?
Traditional KYC processes attempted to verify identity documents manually, which were highly-prone to human error. Automated systems provide enhanced data security and verify customer identities quickly and accurately, effortlessly meeting regulatory needs and allowing businesses to scale safely.
A strong eKYC process must include biometric verification with liveness detection to identify presentation attacks quickly, alongside a document verification process to verify the validity of documentation.
Biometric Verification
Biometric authentication is a key part of the eKYC process, in which biometric data samples are taken from images, videos, or even speech and analyzed to verify a customer’s identity. Liveness detection is able to identify subtle micro-expressions, analyze skin textures, and spot signs of a spoofed image or deepfake attack.
Document Verification
A Document Check can verify whether a presented document might be compromised, forged, copied from the internet, expired, or blacklisted. Using Optical Character Recognition (OCR) technology, document checks can extract all available data from IDs, passports, and other key documents. OCR ensures accuracy in data extraction and real-time document processing and is equipped to detect anomalies within documents, ensuring compliance with all regulatory standards.
eKYC with ComplyCube
ComplyCube is an award-winning eKYC solution provider, demonstrated by the multiple nominations from TrustRadius in their ‘Best Of’ awards category, inclusion in the RegTech100 list, achieving a Momentum leader status by G2 for multiple categories within their latest report, and more. The state-of-the-art compliance platform offers market-leading eKYC solutions, including document and identity checks, that empower and protect global businesses.
For more information, check out the broad range of global eKYC solutions. Alternatively, get in touch with a KYC/AML specialist to discuss what a tailored eKYC solution could look like for you.