In Part 1 of this series, we looked at the objectives or motives behind having an eIDAS-enabled digital onboarding process. In Part 2, we look at the actual process that is followed currently and a few examples of the nifty tools and tricks that some banks, financial institutions, and even independent app developers are using to digitize the customer onboarding process. The process can be further simplified using tools provided by eIDAS for electronic identification and authentication.
The process of on-boarding is broadly divided into four main categories, as follows:
Application
This is the initial phase of the onboarding process, where a person or legal entity applies to become a customer. This involves the submission of documents that contain the various KYC attributes that are necessary for onboarding along with the application.
Verification
The submitted documents containing the KYC attributes are verified in this second phase. This involves verifying the document's authenticity and ensuring that it comes from a reliable source. It also includes an identity check, which means that the identity of the applicant is compared with the document submitted. Lastly, anti-fraud checks are performed to confirm that the person is not on any watchlists or other anti-fraud databases.
An example of verification using an eIDAS-enabled process might go like this: The customer gets the link to a mobile application from the financial institution that (s)he has applied to. The procedure for submitting the ID proof is simple – just take a picture of your national ID card or passport along with a selfie of yourself via the app provided. The image then makes its way through the verification cycle. It may be compared against various databases that check the document number or customer name against criminal or watchlist databases, etc.
This process might also be performed with a laptop or a computer with a webcam. Some developers are also experimenting with a video format to provide an even higher level of security.
Collection
This is the process of recording and documenting the information in relevant formats.
Continuing our example of a mobile-based app, the collection process would involve the mobile app verifying the submitted ID proof and then storing the information in an encrypted format on its cloud-based storage. The customer can then send that information along with his profile to the financial institution. The saved information serves as a sort of verified digital ID containing all the relevant KYC information that is ready to be shared with any financial institution.
Management
This is the on-going maintenance of the information. The KYC attributes may need to be updated in case of any changes. In accordance with applicable laws, periodic re-verification is also necessary.
For a mobile-based application, this process might involve the user updating any changes to it and the application and then submit it to the financial institution. This system has the advantage that the same verified and encrypted user information can be used to apply to multiple financial institutions by sending it along with the digital application.
References and Further Reading
- eIDAS – Digitisation of the On-boarding Process Part 1 - Objectives (2018) by Gaurav Sharma
- REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council
- Selected articles on Authentication (2014-today), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more
- Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, and more
- Study on eID and digital onboarding: mapping and analysis of existing onboarding bank practices across the EU (2018), by PwC EU Services EEIG for the European Commission, Directorate-General for Communications Networks, Content & Technology
- The European Interoperability Framework - Implementation Strategy (2017), by the European Commission
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
- REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council
-
Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council
- Revised Directive 2015/2366 on Payment Services (commonly known as PSD2) (2015), by the European Parliament and the Council of the European Union
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
-
DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council
Image: Onboarding, courtesy of Jane Quiglay, Flickr (CC BY 2.0)
More Stories
