Understanding e-KYC and the requirement of Financial Institutions.

eKYC: The Policy

The BNM e-KYC policy document (“this Policy”) was issued on 30th June 2020. For those in the financial industry, you will need to spend a whole afternoon reviewing its content and understanding its requirements. This policy is not as straight forward as we hoped it would be but in essence, Financial Institutions (“FIs”) can now introduce e-KYC method to verify and identify customers for onboarding purposes. KYC itself means Know –Your Customer and was properly introduced via Anti-Money-Laundering. With this Policy, a new verification method is introduced to identify your customers i.e. via electronic KYC (e-KYC).

e-KYC solution allows FIs to onboard customers without face to face interaction. It is a key enabler that is most suitable especially during pandemic times like now where we are required to limit direct contacts with one another. The rolling out of this guideline may be a little late since it was issued end of June but it complements the urgency to have such solution in place amidst this pandemic. In regard to the e-KYC solutioning, BNM has specifically included in the Policy their expectations on the measures to be used for the identification and verification of a customer’s identity from para 7.3 to para 7.6.  Best to take note that the Policy also highlighted identification and verification of a customer can also be conducted solely by human representative (still referred to as e-KYC) vide the assistance of a handphone.

Policy Requirements

In implementing this approach, the policy requirement has outlined the need for a Board approval and both the implementation of a P&P. Behold! First few policy requirements may seem easy to comply. As you flip through, you will realize the complexities of the approach lies on what amounts to appropriate combination of authentication factors when establishing measures to verify the identity of a customer through e-KYC? The policy highlighted that FIs should have regard to three basic authentication factors, namely, something the customer possesses (e.g. identity card, registered mobile number), something the customer knows (e.g. PIN, personal information) and something the customer is (e.g. biometric characteristics). An e-KYC solution that depends on more than one factor is typically more difficult to compromise than a single factor system. Based on this statement, you must have all three in place.

Now you already know that these three authentic verification factor is required. The policy further adds on that in verifying a customer’s identity vide e-KYC, FIs MAY undertake the following measures:

(i) verifying the customer against a government issued ID by utilising biometric technology;

(ii) ensuring that the government issued ID used to support e-KYC customer verification is authentic by utilising appropriate fraud detection mechanisms; and/or

(iii)ensuring the customer is a live subject and not an impersonator (e.g. through use of photos, videos, facial masks) by utilising liveness detection.

The suggestion above is not limited, unless you can actually introduce new measures in the future that is acceptable to BNM which also further strengthens the verification method. As for now, you may want to remain with the three suggestions as well.

Apart from the above requirements, this Policy allows the utilization of artificial intelligence, machine learning or other forms of predictive algorithms to ensure accurate identification and verification for the e-KYC solutioning. This may result in automation of the decision-making process for customer identification and verification, thus reducing the need for human intervention. BNM allows this but you must have a process in place to minimize the overall False Acceptance Rate. In complying to this requirement, FIs may have to come up with a solution to address the issue for False Acceptance Rate. It basically means: Since you are relying on artificial intelligence, you need to show how your system is not rejecting a valid application and not approving an invalid application.

Bear in mind the requirements above pertains solely to your e-KYC solution. There are other requirements which operates concurrently with this Policy such as the policy on Introduction of New Products, RMiT and Outsourcing. Rest assured a BNM approval is required in introducing e-KYC solution. Some additional tips to share: The Appendixes are very helpful too. Read them all! 

To access or read the Policy, click here.

Need more information? Contact us at admin@nhcolaw.com

Article Disclaimer: The contents written above and/or in this website do not constitute a legal advice and should not be relied upon by any parties as such. Please reach out to us for further enquiries.

×