KYC Process Automation: Strategies for DNFBPs and VASPs in UAE

Importance of KYC for DNFBPs and VASPs in UAE

KYC stands for “Know Your Customer”, and it refers to measures taken by a business to identify its customers.

UAE AML laws require all regulated entities, including Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Asset Service Providers (VASPs), to abide by KYC requirements as a part of Customer Due Diligence (CDD) measures. Under KYC requirements, DNFBPs and VASPs must verify their customers’ identities.

With regards to customers who are natural persons, DNFBPS and VASPs must collect:

• Identity (ID) Card containing key identifying details such as name, nationality, date of birth, age, etc.
• Proof of residential address by means of utility bills or copies of the latest lease/rental agreement.

In the case of corporate customers, the documents for verification include:

• Certificate of incorporation
• National ID of all Ultimate Beneficial Owners (UBOs) and majority shareholders
• Office address proof or rental agreement
• Resolution of the Board of Directors
• Articles and Memorandum of Association

KYC helps DNFBPs and VASPs with:

• Identification and verification of customers based on their identification documents.
• Building a customer risk profile for each customer so that you can transact with them and build a relationship based on the associated risks.
• Protecting the business from being involved with individuals engaged in illegal activities.
• Enhancing brand image and customer trust factor by showcasing that the business is AML compliant and making efforts to achieve AML compliance.
• Laying the groundwork for further implementation of the risk-based approach and ensuring effective resource allocation.

The Obstacles of Traditional KYC Methods

It is important to first understand the traditional KYC methodology in order to identify the obstacles faced during the implementation of these methods.

The traditional KYC process involves manually entering the customer details by seeking physical copies of customer identification documents and verifying the information contained in these documents by sighting the original government-issued documents and verifying these documents for their authenticity through publicly available government-published databases.

This manual process poses several challenges, as highlighted below:

1.Time-Consuming Manual KYC Processes

The manual KYC process involves verifying customers’ identities using a resource-intensive process. This includes activities like scanning or photocopying the documents and matching each detail with the customer-provided information. The solution here is to invest in KYC software that automates repetitive manual tasks, provides customers with self-service options, and thereby speeds up the KYC process.

2.Challenges in Verifying Customer Identities Remotely

Another challenge of the traditional KYC process is the verification process. Businesses need to verify if the customer providing the identification documents is the same person whose details are mentioned in the identification document. The risk is high if the individual in question is not available for verification. Remote verification can lead to the following:

• Identity theft
• Spoofing attack
• Impersonation

The individual might present someone else’s documents to prove their identity. Alternatively, they may submit fake photos for verification, and if businesses do not manage the verification in person, they might accept these documents as identity proof, thereby onboarding fraudsters or criminals as customers.

The solution for this challenge is a KYC tool providing biometric authentication.

3.Risk of Human Error and Fraud

With the manual KYC process, the major difficulty that arises is the presence of human errors. Here are some examples of human errors:

• Overlook some factors of verification as they are time-taking
• Make errors while verifying the name, address, or other aspects
• Take too much time in collecting data or confirming their identities
• Forget to collect some details since the customer is not cooperating
• Accept invalid photos or documents as proof to show a completed process

All these scenarios relate to human errors. By committing these errors, DNFBPs and VASPs might end up onboarding criminals or sanctioned individuals or entities as their customers and conducting business relationships with them. Therefore, DNFBPs and VASPs must adopt adequate and appropriate KYC automation software as a solution for this challenge.

 

KYC Process Automation

The word automation means reducing dependence on human input by relying on technology to carry out tasks that are repeatable processes containing a specific set of steps in sequential order.

KYC automation works by relying on technology to carry out repetitive manual tasks involved in the KYC process, such as sending document collection requests, organising customer identification documents, and verifying their issue date, expiry date, and document number. DNFBPs and VASPs can overcome obstacles posed by traditional KYC methods with the implementation of KYC software.

KYC automation reduces human error and the time taken to complete the KYC process. DNFBPs and VASPs can verify customers’ identities efficiently and take necessary action. Thus, robust KYC software solutions can help reduce fraud and crimes worldwide.

The different ways KYC automation or KYC tools help DNFBPs and VASPs with increased efficiency are:

1.Leveraging Technological Solutions

KYC process automation uses the following technological advancements to make the KYC process seamless, accurate, and faster:

• Artificial Intelligence (AI) – Helps in risk analysis and identity confirmation.
• Machine Learning (ML) – Historical data analysis for accurate prediction.
• Robotic Process Automation (RPA) – Automation of data entry and document verification for faster execution.
• Biometric – Enables verification through physical characteristics like eyes, fingerprints, etc.
• Blockchain – Ensures data integrity, sharing, and recording.
• Natural Language Processing – Analyzes textual data from news articles and social media.

2.Customer Identification and Verification Tools

Ideally, DNFBPs and VASPs must rely on KYC tools, which must include biometric verification technology. This technology uses facial recognition, iris scans, or fingerprints to match with the database of potential customers. It will help DNFBPs and VASPs verify customers’ identities.

3.Document Authentication and Verification Systems

DNFBPs and VASPs can confirm if the documents submitted by customers, such as passports, national ID cards, or driving licenses, belong to them. KYC automation systems facilitate the automatic verification of these documents and spot fake documents, if any. Thus, such KYC tools help DNFBPs and VASPs to verify customers’ identities.

4.Secure Electronic Platforms

KYC software efficiently leverages blockchain technology. Through blockchain, DNFBPs and VASPs can create and maintain secure records of customers. It facilitates data integrity and data retention obligations of DNFBPs and VASPs as prescribed by the UAE AML Laws.

5.Optimising Customer Onboarding

KYC process automation allows customers to fill out the template forms available. DNFBPs and VASPs can collect all the details of customers through these online forms. The Optical Character Recognition (OCR) feature facilitates data extraction from identity documents. Thus, DNFBPs and VASPs do not need to invest their resources and time in verifying data with submitted documents.

6.Simplifying KYC Forms

Customers are discouraged by seeing elaborate and complicated KYC forms. KYC self-service tools simplify the KYC forms available to collect data on customers. Thus, customers feel motivated to fill them with accurate details to speed up the KYC process.

7.Utilising Pre-Filled KYC Forms with Third-Party Integrations

KYC software integrates well with other CRM/ERP tools, databases, and legacy systems. API integration helps populate data from existing systems thereby reducing time in customer onboarding.

8.Offering Multiple Channels for Onboarding (Online, Mobile App)

KYC tools provide DNFBPs and VASPs with flexibility in customer onboarding. Customers can access these tools via mobile apps or online websites. Multiple modes help with ease in onboarding new customers as they allow them to use any channel they are comfortable with to complete their KYC process.

Implementing a Risk-Based Approach in KYC Process Automation

The Risk-Based Approach (RBA) dictates that ML/FT risk mitigation measures to be applied must be in proportion with the ML/FT risk posed by a customer to the DNFBPs and VASPs.

The implementation of RBA in KYC process automation enables DNFBPs and VASPs to configure re-KYC or periodic KYC updation timelines and triggers on the basis of the degree of risk posed by each customer.

Implementing RBA in KYC process automation enables successful, comprehensive, and complete KYC execution. It allows DNFBPs and VASPs to execute re-KYC of customers based on their customer risk rating. The RBA in KYC process automation would also entail triggering re-KYC when any of the customer identification or KYC documentation is about to reach its expiry date.

Balancing Efficiency with Security in KYC Automation

KYC automation facilitates the prevention of Money Laundering and Terrorism Financing risks to DNFBPs and VASPs.

However, a critical concern in this procedure is the security of customer data. DNFBPs and VASPs have extensive information on each customer and need to ensure data security while deploying KYC process automation.

1.Complying with UAE Data Protection Regulations

DNFBPs and VASPs must adhere to the guiding principles of Federal Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and relevant Emirates-level and free zone-level laws. To ensure compliance with this regulation, DNFBPs and VASPs must:

• Create Data Protection and Data Privacy policies for their entity
• Map the flow of personal data in the organisation
• Implement technological solutions to protect customer data from misuse and breach
• Train employees on the importance and procedures for ensuring data protection

These measures help DNFBPs and VASPs maintain the security and efficiency of KYC automation.

2.Implementing Robust Cybersecurity Measures

DNFBPs and VASPs also need to protect data from cyber threats and detect the risks to all their KYC-related technology assets. Once DNFBPs and VASPs know the risks, they can devise strategies to mitigate them. DNFBPs and VASPs must create a cybersecurity policy defining the following:

• Accessibility and permissions for employees
• Multi-factor authentication to access data
• Data encryption for data in transit and storage
• Data backup and sto rage policies
• Deploy firewalls for protection from malware and unauthorised access
• Regular updates on antivirus software for network security
• Employee training on cybersecurity importance and principles

By applying these cybersecurity measures, DNFBPs and VASPs can ensure the security of customer data. Also, these measures do not harm the efficiency of KYC automation but enhance its efficacy.

3.The Role of Human Review in Complex Cases

DNFBPs and VASPs must allocate skilled human assets to review complex cases. Sometimes, such reviews take a lot of time, affecting the overall efficiency of the process. DNFBPs and VASPs should provide adequate training to the staff to keep them updated on legal and technological developments. This will help them resolve complex cases faster and ensure the security and privacy of customer data.

The Benefits of an Efficient KYC Process

KYC process automation enables the implementation of a risk-based approach. An efficient KYC process entails the following benefits:

1.Enhanced Customer Experience

Well-defined KYC procedures ensure hassle-free onboarding of new customers. Such a process ensures faster and more seamless customer onboarding, leading to customer satisfaction.

2.Improved Credibility

Compliance with the AML/CFT laws and regulations ensures that DNFBPs and VASPs do not face penalties, legal repercussions, or regulatory scrutiny, leading to improved credibility.

3.Improved ML/FT Risk Management

An efficient KYC process means collecting complete details about customers with accurate ID verification results, which helps in taking a risk-based approach in dealing with customers with varying customer risk ratings. It leads to a highly efficient business environment to counter and manage ML/FT risks.

Conclusion

KYC is an integral part of DNFBPs and VASPs’ AML compliance framework. It helps businesses better understand their customers and detect money laundering threats posed while conducting business with them. KYC process automation is beneficial not only in saving costs but also in increasing the accuracy and efficiency of KYC measures.

KYC automation facilitates faster execution, reduced errors, and completeness of the KYC procedure when compared with traditionally carried out manual KYC process. With these accurate results, DNFBPs and VASPs can identify which customers pose probable Money Laundering (ML), Financing of Terrorism (FT), and Proliferation Financing (PF) risk and take adequate ML/FT and PF risk mitigation measures. KYC automation requires a careful consideration of the following factors:

• Selection of a prominent KYC tools vendor
• Implementation of the solution in the business
• Integration of the KYC software with existing solutions
• Training of employees on KYC tools
• Harnessing the solution for maximum benefits.