In Part 1 of this series, we looked at the objectives or motives behind having an eIDAS enabled digital on-boarding process. In Part 2, we look at the actual process that is followed currently and a few examples of the nifty tools and tricks that some banks, financial institutions and even independent app developers are using to digitize the customer on-boarding process. The process can be further simplified using tools provided by eIDAS for electronic identification and authentication.
The process of on-boarding is broadly divided into four main categories, as follows:
This is the first phase of the on-boarding process where a person or legal entity applies to become a client. This involves the submission of documents which contain the various KYC attributes that are necessary for on-boarding along with the application.
In this second phase, the submitted documents containing the KYC attributes are verified. This involves checking the document for authenticity and making sure the document is from a trustworthy source. It also involves an identity check, which means that the identity of the applicant is compared with the document submitted. Finally, anti-fraud checks are conducted to ensure that the person is not on any watchlists or other anti-fraud databases.
An example of verification using an eIDAS enabled process might go something like this: The customer gets the link to a mobile application from the financial institution that (s)he has applied to. The process to submit the ID proof is simple – just take picture of your national ID card or passport along with a selfie of yourself via the app provided. The picture then makes it way through the verification cycle. It may be compared against various databases which checks the document number or customer name against criminal or watchlist databases and so on.
This process might also be performed with a laptop or a computer with a webcam. There are also some developers which are experimenting with a video format to provide an even higher level of security.
This is the process of recording the information and documenting it in relevant formats.
Continuing our example of a mobile based app, the collection process would involve the mobile app verifying the submitted ID proof and then storing the information in an encrypted format on its cloud-based storage. The customer can then send that information along with his profile to the financial institution. The saved information serves as a sort of verified digital ID containing all the relevant KYC information that is ready to be shared with any financial institution.
This is the on-going maintenance of the information. The KYC attributes might need to be refreshed in case of any changes. There is also a periodic re-verification required as per relevant laws.
For a mobile based application, this process might involve the user updating any changes into it and the application then submitting it to the financial institution. The advantage of this system is that the same verified and encrypted user information may be used to apply to more than financial institutions by forwarding it to them along with the digital application.
References and Further Reading
- eIDAS – Digitisation of the On-boarding Process Part 1 - Objectives (2018) by Gaurav Sharma
- REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council
- Selected articles on Authentication (2014-today), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more
- Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, and more
- Study on eID and digital onboarding: mapping and analysis of existing onboarding bank practices across the EU (2018), by PwC EU Services EEIG for the European Commission, Directorate-General for Communications Networks, Content & Technology
- The European Interoperability Framework - Implementation Strategy (2017), by the European Commission
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
- REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council
Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council
- Revised Directive 2015/2366 on Payment Services (commonly known as PSD2) (2015), by the European Parliament and the Council of the European Union
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council