Category: Security

Welcome to our Security category, a specialized space dedicated to delving into the critical aspects of data protection and security in the financial technology industry. We live in an era of digital finance where data breaches and cyber threats have become common occurrences, prompting to become a paramount priority for businesses and customers alike.

Our insightful articles deep-dive into the multifaceted world of fintech, shedding light on the most recent trends in data protection, the challenges inherent in securing digital transactions, and the emerging solutions to these challenges. Our objective is to offer a holistic view of the secure landscape, underlining the significance of solid security measures and the transformative role of technology in amplifying data protection.

At Signzy, our commitment to maintaining the highest echelons of security is unwavering. We design our innovative solutions with a strong foundation to ensure the safeguarding of sensitive data, providing our clients with a sense of assured security and peace of mind.

Whether you’re a fintech professional immersed in the industry, a business leader steering your company through the digital landscape, or just an individual keen on understanding the intricacies of data security, our this category offers a wealth of valuable insights.

We cordially invite you to join us as we embark on an exploration of the fintech domain, discussing the pressing importance of data protection in today’s digital age. This journey will illuminate the challenges, showcase the advancements, and highlight the preventative measures shaping the world of fintech security. Unravel the complexities of securing digital finance with us, and gain a deep understanding of why robust data protection is the bedrock of the digital finance industry.

The Common Factors Of Global Privacy Framework — A Brief Overview On GDPR, CCPA & DEPA

Posted on | by Signzian

“India needs a paradigm shift in personal data management” — stated in the NITI Aayog draft on DEPA architecture. With the introduction of the PDP Bill, the argument holds rightfully so. We already have the blueprint, so isn’t it time we get started on the building architecture itself? So the DEPA was just a matter of time.

The DEPA framework is robust and unique to Indian data privacy laws. Anyone who goes through the proposal will agree that it overlays some areas which are not unique. These areas can be found in the data privacy framework of other nations as well. Let us take examples of the two prominent ones — Europe’s GDPR and California’s CCPA.

CCPA — Popularity Of Privacy In California

There is no single authority for oversight on data privacy in the U.S.

Instead, the country maintains a sectoral approach. It is dependent on a collective of sector-specific laws and state laws.

 

There are almost 20 industry — or sector-specific federal laws. on the state level, more than 100 privacy laws exist (in fact, there are 25 privacy-related laws in California alone) .

The California Consumer Privacy Act (CCPA) provides citizens of California with 4 rights for power over personal data:

– right to notice

– right to access

– right to opt-in (or out) and

– right to equal services.

Any organization which gathers the personal data of California residents must adhere to CCPA.

Personal Data Classification in CCPA

The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In other words, the State recognizes a “broad list of characteristics and behaviors, personal and commercial, as well as inferences drawn from this information” that can be used to identify an individual. Examples of covered personal information include:

  • Personally identifiable information (PII) . This can be name, address, phone number, email address, social security number, driver’s license number, etc.
  • Biometric information, such as DNA or fingerprints.
  • Internet or similar electronic network-based activity information. This can be browsing history, search history, and information regarding a consumer’s Internet activity.
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory, data or similar format of data.
  • Professional or employment-related information.
  • Education information, defined as information not readily available for the public.
  • Inferences drawn from any of the above examples that can create a profile about a consumer. This reflects the consumer’s preferences, characteristics, psychological trends. It also displays predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

GDPR — The European Breakthrough In Privacy

GDPR is an EU regulation that has been designed to protect user’s personally identifiable information (PII). It also enables businesses to hold a higher standard in terms of how they collect, store, and use this data.

Similar to CCPA above, GDPR gives EU citizens control over their personal data. It also assists in changing the data privacy approach of global organizations.

Key Highlights

 

  • GDPR is applicable to all who process “personal data”. Most obviously, these are names, email addresses, and other types of PII
  • It creates significant new responsibilities. Processing personal data makes you responsible and accountable for its security and use.
  • It has a global reach. Despite being an EU law, it applies to all, regardless of their location.
  • It doesn’t just apply to traditional businesses. The principles are concerned with what you do with other people’s data, not who you are or why you do it;
  • There are hefty fines for non-compliance. These can go up to €20 million ($24m) or 4% of global revenue, whichever is higher.

What are the common denominators?

The CCPA is about increasing transparency for California residents. It allows them to discover and change how their data is collected and transacted. Meanwhile, the GDPR is a binding regulation. It monitors data privacy across the E.U., replacing dozens of national privacy laws with a single framework. However, GDPR does have implications for businesses in the US, despite originating in Europe.

Side by side, here’s how they compare:

Both regulations arose to protect people in a world of increasing global interconnectivity. This is in a world where international transfers of personal data are more frequent and elaborate. Regrettably, advances in technology have resulted in data misuse scandals & sophisticated cyber attacks.

CCPA and GDPR apply to individual organizations in different ways. While there are some nuances in scope that distinguish both sets of legislation, they share similar goals.

How do the laws define personal information?

Personal information (CCPA) vs. personal data (GDPR)

CCPA deals with the collection and sale of personal information. GDPR on the other hand addresses personal data processing.

The CCPA defines personal information as any information that identifies, describes, relates to, or can be linked with a consumer or household. This includes PII as previously discussed.

Under the GDPR, personal data refers to any information that directly or indirectly identifies someone. While this doesn’t include household identifiers, any identifying personal data that is not anonymized falls under the GDPR. The CCPA, however, exempts specific categories of medical and personal information from its scope.

Contributions of CCPA & GDPR:

The two regulations overlap when it comes to some rights — so if you’re already compliant with GDPR, you’re well on your way to meeting CCPA requirements.

Here’s what the CCPA and GDPR have in common:

  • The right to know: Under the CCPA, businesses must disclose to consumers (upon request) the information that is collected, used, disclosed, and sold. Organizations under the GDPR must notify individuals at the time of collection and inform them of the purpose. They must also inform how long they’ll retain this data, and who it will be shared with.
  • The right to access: Individuals are entitled to access their personal data. They can request copies of their personal information verbally or in writing. Businesses have a month to respond to requests under the GDPR and — most of the time — can’t charge fees to deal with them.
  • The right to portability: Individuals protected by the CCPA and GDPR have the right to request their personal information. This can be inaccessible, machine-readable formats such as CSV, XML, and JSON.
  • The right to erasure: Consumers have the right to request the deletion of any personal information. This can be to an organization has collected or stored under a variety of circumstances.

 

DEPA — How Laws Like GDPR and CCPA laid the groundwork?

The PDP Bill introduces the construct of consent managers. They are data fiduciaries registered with the DPA. They provide interoperable platforms that aggregate consent from a data principal. This is similar in many ways to the GDPR Data Controllers. As mentioned above, personal data identification is also similarly reflected by the CCPA. The assigning of key stakeholders is also the same here.

Data principals may provide their consent to these consent managers. The consent is for the purpose of sharing their information with various data fiduciaries. They may even withdraw their consent through these consent managers. This is a unique construct. This concept has been introduced to support the Data Empowerment and Protection Architecture (DEPA) for financial and telecom data. This currently powers the Account Aggregators licensed by the RBI.

DEPA — Building From The Data Privacy Blueprint

 

NITI Aayog has presented a draft policy highlighting DEPA. DEPA stands for Data Empowerement and Protection Architecture. It allows individuals to “seamlessly and securely access their data. This can be shared with third-party institutions.

The report looks into assisting organizations with sharing the personal data of an individual with one another. This can be done through the concept of “consent managers”. They will manage people’s consent for data sharing.

The policy constitutes this new data governance model in light of ‘individual empowerment’. This is done by enabling the seamless exchange of personal data among institutions. The process is secure and minimizes privacy harms.

This draft policy follows the myriad of other data-related policies in India. These include the Non-Personal Data Governance Framework and the National Digital Health Mission. NITI Aayog has stated that the policy will be publicly launched and operationalized in 2020 itself.

Features:

  • DEPA will authorize individuals with control over their personal data. This will be done by implementing a regulatory, institutional, and technology design for secure data sharing.
  • DEPA is designed as an evolvable and agile framework for good data governance.
  • DEPA empowers people to seamlessly and securely access their data. It can be shared with third-party institutions.
  • The consent given under DEPA will be free, informed, specific, clear, and revocable.
  • Consent Managers: DEPA will involve the introduction of new stakeholders — User Consent Managers. They will ensure that individuals can provide consent for all data shared. These Consent Managers will also work to protect data rights.
  • Account Aggregators: Reserve Bank of India (RBI) had earlier issued a Master Directive for creating Consent Managers in the financial sector. They are to be known as Account Aggregators (AAs). A non-profit collective or grouping of these stakeholders form the DigiSahamati Foundation.
  • Open APIs: These enable the seamless and encrypted flow of data between data providers and data users through a consent manager.
  • Implementation: RBI, SEBI, IRDAI, PFRDA, and the Ministry of Finance are set to adopt and execute this model. This regulatory foundation will eventually evolve with the onset of new legislation (eg. with the forthcoming Data Protection Authority envisaged under Personal Data Protection Bill, 2019).

Background:

The regulatory direction on data privacy, protection, consent, and the new financial institutions required for DEPA’s application in the financial sector was provided through the following sequence of events:

  • Supreme Court Judgement on the Fundamental Right to Privacy in 2017.
  • Personal Data Protection Bill (PDP), 2019.
  • Justice Srikrishna Committee Report, 2018.
  • RBI Master Direction on NBFC-Account Aggregators, 2016 (for the financial sector).

Impact On Financial sector:

  • Individuals and Micro, Small and Medium Enterprises (MSMEs) can use their digital footprints with DEPA. They can also access not affordable loans. Other amenities include insurance, savings, and better financial management products.
  • The framework is expected to become functional for the financial sector starting fall 2020.
  • It will help in greater financial inclusion and economic growth.
  • Flow-based lending: DEPA can provide portability and control of data. This could allow an MSME owner to digitally share proof of the business’ regular tax (GST) payments or receivables invoices easily. On the other hand, a bank could design and offer working capital loans. This can be based on the demonstrated ability to repay. (This is known as flow-based lending). This is suitable for offering bank loans backed by assets or collateral.

Conclusion

This is the beginning of a new uniquely Indian journey on data empowerment and financial inclusion. An open and vibrant data democracy can be created. But this is only if we can enable a billion individuals to thrive in an increasingly digital economy.

The digital economy should comprise digital public goods. These should be designed to scale to meet the needs of a diverse population. Moreover, the technology standards constituting DEPA are open and publicly available. This also means that the technical and institutional architecture can also be applied to other countries. An institutional body could even be designed to help globalize this standard. This will help apply it to other nations facing similar challenges as appropriate.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Reach us at: www.signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Fighting Financial Crime With UBO — The Final FinCen CDD Rule

Posted on | by Signzian

In 2016, FinCEN introduced a new Customer Due Diligence (CDD) rule. It consisted of specific rules on Beneficial Owners. The rule required financial institutions to comply by May 11, 2018. The Final Rule indicates new FinCEN rules with the applicability date of May 11, 2018. But before we understand the importance of the FinCEN CDD rule, let’s have a look at what these terms mean and how they impact due diligence.

What is FinCen?

The Financial Crimes Enforcement Network (FinCEN) is a government body of the United States. It maintains a network whose objective is to prevent and punish criminals and criminal networks. These are associated with money laundering and other financial crimes. FinCEN is overseen by the U.S. Department of the Treasury. It operates domestically and internationally, and has three major players —

law-enforcement agencies, the regulatory community, and the financial-services community.

  • FinCEN monitors suspicious people and activity by implicating mandatory disclosures for financial institutions.
  • The FinCEN is assigned its duties from Congress. Further, the director of the bureau is appointed by the U.S.Treasury Secretary.

What is Customer Due Diligence (CDD)?

Customer Due Diligence (CDD) is the process of determining your customers’ background. This is done in order to determine their identity and the level of risk they possess.

The application of CDD is necessary when companies with AML processes enter a business relationship. This can be with a customer/potential customer. It may be needed to assess their risk profile and verify their identity.

The above risks mainly highlight money laundering and terrorist financing. Companies may need to ‘know their customers’ for a variety of reasons:

  • to adhere to the requirements of subsequent legislation and regulation
  • to be reasonably certain that the customers are who they say they are.
  • to provide them with the products or services requested, which requires knowledge of who the customer is.
  • to guard against fraud, including impersonation and identity theft.
  • to help the organization to identify unusual events and to enable the unusual to be examined;
  • Unusual events must have a commercial or relevant rationale. Else it may involve money laundering, fraud, or handling criminal or terrorist property
  • to enable the organization to provide any required help to law enforcement.
  • information on customers being investigated subsequent to a suspicion report to the FIU.

Why The Fincen CDD Rule?

The idea behind this new rule to fortify CDD requirements. The rule establishes explicit requirements for CDD. Further, it imposes a new requirement for the FIs. This requires identifying and verifying Beneficial Owners of legal entity customers (businesses).

The CDD Rule applies to Banks, Brokers or dealers in securities, Mutual funds etc

Customer Due Diligence Best Practices

There are 4 crucial elements for due diligence as per FinCEN:

(1) Customer identification and verification,

(2) beneficial ownership identification and verification,

(3) understanding the nature and purpose of customer relationships. This can help to develop a customer risk profile,

(4) continuous monitoring for reporting malicious transactions. On a risk-basis, this can be used for maintaining and updating customer information.

 

The new rules are not retroactive. In other words, it’s not necessary to acquire beneficial ownership information on every existing client. FinCEN felt that this would be too cumbersome for the institutions.

However, it’s not just an account opening where this information is mandatory. During monitoring the account, the risk profile may change drastically. In that case, the customer information — including beneficial ownership — should be updated. For example, new transaction types or amounts may reflect the change. This can be in terms of account or new ownership. They then fall under the coverage of the new final rule.

6 Major Highlights of the Fincen CDD Rule

 

  1. Calibrating Beneficial Ownership Threshold

FinCEN has restated that the specified threshold (25%) is the base, not the apex. It is at the discretion of covered (FIs) to implement stricter thresholds. FinCEN further states that any incremental risk factors may be mitigated by other reasonable means. This includes enhanced monitoring, collection of additional non-mandatory information and recording information relating to expected account activity.

2. Highlighting Identification and Verification Procedures

Although the CDD Rule’s verification procedures are required to contain similar elements, they may not be identical. For example, a financial institution choosing to accept photocopies of identification documents. This would not meet the standard under the Customer Identification Program (CIP) rules. This derogation is expressly authorized within the CDD rule. Financial institutions should determine the documentation standards. This must pertain to the outcome of the required risk-based analysis. It will lead towards the identification and verification (ID&V) of beneficial owners.

3. Determining beneficial owners of new legal entity customer accounts

Where the individual identified as the beneficial owner must be:

(i) a pre-existing customer of the particular FI, and

(ii) is covered under the FI’s CIP,

A financial institution may recycle the information previously collected. This can be done provided the existing information is up-to-date & accurate. Further, the legal entity customer’s representative must certify or confirm the accuracy of this (verbally or in writing).

4. FinCEN Certification Template

As seen earlier, financial institutions are not mandated to use the template certification. They may use alternative formats such as the institutions’ own forms or similar means. These must comply with the substantive requirements. In the given instance, covered FIs should retain the form and refrain from filing it with FinCEN.

5. Document retention periods for ID&V records

Covered FIs must compulsorily retain all beneficial ownership information collected about a legal entity customer. Identifying information must be held for at least five years after the legal entity’s account is closed. Ex: the Certification Form or its equivalent.

6. Certification of a beneficial owner of multiple accounts

An institution may already have obtained a Certification Form (or its equivalent) for the beneficial owner(s). In such case, the FI may rely on that information to satisfy the beneficial ownership requirement for subsequent accounts. This is provided the customer certifies or confirms (verbally or in writing) that:

(i) such information is updated accurately at the time each subsequent account is opened, and

(ii) the FI is not aware of facts that would question the reliability of such information.

New Additions — FinCEN Issues New Guidance for Complying with the CDD Rule

On August 3, 2020, FinCEN introduced additional frequently-asked-questions (FAQs) r4egarding CDD requirements. These were for covered financial institutions detailed in FinCEN’s “CDD Rule”. The 2020 FAQs follow earlier FAQs from FinCEN in July 2016 and April 2018. They provide additional detail on implementing due diligence, building customer risk ratings, and updating customer data.

2020 FAQs — Question 1

Question 1 is in response to the question of whether covered FIs are required to collect information. This is with respect to expected activity on all customers at account opening, or on an ongoing or periodic basis. FinCen highlights that the CDD Rule does not require acquiring of any particular customer information. The only information necessary is to develop a customer risk profile. Others include to conduct monitoring and verify beneficial ownership (for legal entity customers). Likewise, FinCEN states that there is no categorical to conduct media screening on all customers. However, an FI can determine on a risk basis whether such information is needed. This is in order to adequately understand a particular customer relationship. It also helps to identify potentially suspicious activity.

2020 FAQs — Question 2

In Question 2, FinCEN elaborates that the CDD Rule does not require financial institutions to use a specific method. This refers to the method to establish customer risk profiles. It can also automatically categorize as “high risk” products or customer types. These can be identified in government publications as posing specific potential risks. Covered financial institutions are required to comprehend the financial crime risks of their particular customers. They should utilize risk profiles that are “sufficiently detailed. These can be used to distinguish between significant variations in the risks of its customers.

2020 FAQs — Question 3

In Question 3, FinCEN talks about how the CDD Rule does not require financial institutions to update customer information on a continuous or periodic schedule. However, they may decide to do so on a risk basis. Rather, financial institutions must update customer information when they become aware. This can be the result of normal monitoring. It can also be a change in customer information that is relevant to the risk posed by the customer. In such cases, financial institutions also may need to reassess the customer’s overall risk profile. This guidance is consistent with FinCEN’s previous statements in the preamble to the final CDD Rule as well as in the 2018 FAQs.

Practical Considerations

The 2020 FAQs do not break any major new ground with respect to the CDD Rule. It is helpful for financial institutions seeking to set risk-based limits. It helps determine when specific types of information are needed to determine customer risk. FIs should review their CDD policies and procedures. This is with respect to developing and updating customer risk profiles against the new FAQs. Doing so will help identify any areas that may need to be updated or adjusted.

On the other hand, the guidance emphasizes FinCEN’s preference against customer risk profiling that uses broad categories to assign customer risk. It is in favor of a methodology that is more individually-tailored. It focuses on a solution suitable to the characteristics of particular customers and the products and services they use. This is somewhat in contrast with FinCEN’s statement in the preamble of the Rule. It states that risk profiles in certain cases can be based on “categories of customers” or “risk categories”. The 2020 FAQs appear to allow such an approach at least where a financial institution concludes that a customer’s risk profile is low.

No matter the case, these FAQs may provide a valuable reference point for financial institutions. They explain — for example, to regulators — the risk-based decisions that have gone into their AML programs. They also shed light on why not all accounts with certain characteristics are similarly treated.

The European example

The European Union (EU) appears to be far ahead in terms of implementing the rules. They display clarity in the beneficial ownership structure of legal entities. The problem with UBO identification was on the regulatory agenda. This was as early as 2005, with the introduction of the 3rd European Directive on AML. This critical case of European AML Regulation promoted the risk-based approach. It was as a key strategy for tackling money laundering and terrorist financing. It also required obliged entities to identify the individuals controlling legal entities. This would ensure that they cannot be used for hiding asset ownership.

Guidelines for enhanced transparency on legal entities’ ownership were brought about by the 4th (2015) and 5th (2018) money laundering directives to:

 

  • Constitute National UBO registers,
  • Ensure reliable UBO information,
  • Provide public access to UBO registers.

In the UK, there exists the People with Significant Control (PSC) register. It consists of information about the owners who own or control companies. Currently, however, only a few countries have collected beneficial ownership data. This is due to the numerous challenges inherent in such an initiative. The UK parliament also decided earlier this year to accept an amendment to the sanctions. There was mention of an anti-money laundering bill that requires the UK’s overseas territories (the British Virgin Islands, Cayman Islands etc.). It would mandate to publish public registers of company ownership by the end of 2020. This reflects the will to extend the beneficial ownership disclosure to tax heavens across the Atlantic. This is sure to improve the governance of tax avoidance and corruption. It might also influence the Americas to follow a similar path.

FinCEN has initiated the journey towards the implementation of sound UBO identification requirements. EU regulations might set the path for the United States to catch up. It will be interesting to observe whether the United States follows the same path and if so, at what pace.

Conclusion

Perhaps the biggest challenge now is to meet the CDD Rule’s compliance requirements efficiently. Identifying UBOs can be a tedious and time-consuming task. it often results in individuals physically constructing the ownership tree on paper. This is highly inefficient and open to regulatory questioning.

With the new regulations hopefully, UBO will be collected digitally in the years to come. There are already many significant developments in this direction. Multiple countries are now placing measures to adopt UBO collection as part of the standard AML process.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Reach us at: www.signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

The CKYC: India’s Integrated Identification System, Improved

Posted on | by Signzian

We are living in a world packed full of automated solutions to problems. When you want to go shopping, just visit an online marketplace like Amazon or eBay and you’re good to go. You have chosen something that you wish to purchase but you wondered, “how should I pay for this?” Perhaps, with Indian KYC, it might be something more lenient to investing like buying stocks or shares from a company.

Good thing that online payment solutions exist nowadays. This is the most frequently used and reliable means of settling important or urgent payments to various goods and services in the market. However, there is a catch — companies are implementing stringent regulations with regards to the people who purchase their selling point and the authenticity of their identity.

One of the first solutions to this problem is the KYC (short for Know Your Customer) systems in several companies, stores, investment solutions, and more. This system is dedicated to identifying, accounting, and securing the customer’s information, including but not limited to the name of the customer, gender orientation, date of birth, employment, civil status, place of birth, and many more. The KYC system is implemented in several parts of the world, especially to developing and developed countries such as the United States, Canada, United Kingdom, Spain, and selected countries in Asia.

Particularly, India has taken a lot of crucial considerations in the field of customer and client identification, including their significant efforts in implementing the Indian KYC system nationwide. Because of the reported scams, complaints, and shady transactions and online accounts used in several platforms, they have decided to take the system to the next level. Here, I introduce to you, the Central KYC system in India.

The motivation behind Indian KYC

The main motivation behind the induction of CKYC in India is the non-compliance of the old KYC of banks all over the country. The Reserve Bank of India (RBI) imposed hefty penalties to several banks such as ICICI Bank Limited, Allahabad Bank, Andhra Bank, Indian Overseas Bank, and Bank of Maharashtra ranging from Rs 1 to 58.9 crore (notation for 10 million). In nearly a year, these banks faced what it looks like their worst penalties in the entire course of their operations.

These banks are known for being well-managed in terms of financial and statement compliance to the RBI. Because of these shocking events, the RBI knew that they have to implement a greater, more stringent system to minimize these unforeseen events. They created the Indian KYC or CKYC system, which is short for Central Know Your Customer. This new system is first imposed by the directives of the Ministry of Finance who created the Central Registry of Securitization Asset Reconstruction and Security Interest of India (CERSAI), the performing body of the CKYC Records Registry. This registry is dedicated to receiving, storing, securing, and retrieving KYC records digitally for clients. This is the government initiative to centralize the overall KYC processes and records in the country.

CKYC as an all-in-one customer records’ haven

For starters, the Central Know Your Customer (CKYC) system is the Government of India’s main KYC (Know Your Customer) program. The goal of this program is to integrate a system in place that enables investors to complete their KYC only once before engaging with specific financial sector entities. The system’s goal is to reduce the cost of generating and checking KYC documents once the consumer first communicates with a financial institution.

The Central Registry of Securitization Asset Reconstruction and Security Interest, or CERSAI, is created for the sole purpose of securing the stability of the new CKYC system in the country. It is authorized by the Government of India to act as the all-in-one security interest registry with the compliance to the PLMA (Prevention of Money Laundering Act) of 2005. They shall be responsible for the overall security of KYC records in a digital form for clients. The accessibility of their form for complying CKYC requirements will be available via several websites on the Internet such as in portal.amfilindia.com. CKYCR shall serve as a consolidated repository of KYC records of financial sector investors with consistent KYC specifications and the inter-usability of KYC records across the industry.

Knowing the differences between KYC, eKYC, and CKYC

In terms of functionality, KYC, eKYC, and CKYC are just the same. They just differ in their approach and how they implement security and accessibility of KYC records for the clients. Their main differences are as follows.

The Indian KYC system is the typical and commonly-done procedure in the Mutual Fund industry whereby an investor’s identity is checked based on the written information he or she submits in a form of a document, accompanied by an In-Person Verification or IPV procedure. When the authentication is completed, the appropriate investor data must be encoded into the KRA Registration Agency (KRA) program and then finally added to their database.

The Indian KYC is done with the use of the investor’s Aadhaar number. There are two verification options of the investor’s identity upon the succession of the eKYC application. The first method is via an OTP (One-time Password) which has a limitation of Rs 50,000 per annum of mutual funds and automatically mandates it online. The second method is via biometrics which has no investment cap unless the investor violates the Government of India’s PLMA of 2005. When done, the investor’s details are imported into KRA databases.

The CKYC is the Government of India’s program seeking to create an integrated system that enables investors to do their KYC only once. CKYC enforcement will allow an investor to go through the whole process without having to complete several KYC formalities. CKYC is geared towards the encouragement of investors in engaging more in the market.

Each investor shall receive a 14-digit KYC Identification Number upon compliance with the following requirements:

Completed CKYC application form/KRA application form plus supplementary CKYC form

· A self-attested proof of your identity (one of the following: PAN, passport, voter’s ID, driving license, Aadhar card, etc.)

· A self-attested proof of your residence (applicable to your proof of identity as long as it states your address)

· A photograph of yourself

Successful applicants shall receive an SMS message or e-mail, including their KIN. However, if you already have a KIN before, you are already a CKYC compliant and you don’t have to go through the whole process of completing the requirements.

Wrapping up: Indian KYC is a promising initiative

The CKYC is a promising initiative of the Government of India to lessen the hassle of going through every step of securing an investor’s identity. Also, it improves the overall security, stability, accessibility, and processing of applicants and existing investors alike. Additionally, the system has helped reduce and even eliminate the recurring number of penalties in large-scale financial establishments in the country, testifying the significant efforts of financial and customer care of the Government.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Rahul Raj

Sales professional with 12+ years of experience in technology sales, and business consulting.

 

Financial Institutions Should Heed Digital Merchant On-boarding

Posted on | by Signzian

Acquirers are always struggling with the cumbersome merchant onboarding process. The need is of an enhanced digital merchant onboarding experience. A platform that is agile. A platform that supports a 100% automated onboarding.

One that incorporates checks for fraud and Anti Money Laundering (AML), digital Know-Your-Customer (KYC), and risk decisioning. Digitizing the process is the solution for faster onboarding and better compliance.

3 Key Problems with the Traditional Merchant Onboarding Process

  • The traditional merchant onboarding process is frustrating and siloed. This means that each linear step is isolated in its functioning. An inordinate delay of about a week could come up to complete the application process. There is no status monitoring process which could track applications end-to-end. In the short term this could choke operational excellence. In the long run threaten business growth.
  • Existing data entry systems used for traditional onboarding are manually-driven and painfully slow. The process is susceptible to human error and can result in squandering of days of time. It could cause rampant inaccuracies in the entered data. The situation is extremely precarious because data inconsistency could prove to be detrimental to user privacy and the reputation of the business. Trust cannot be built in a system prone to error.
  • Merchant onboarding journeys are tedious, long and inconvenient. They stretch across numerous drawn out touchpoints and channels. This leads to excessive service delays lasting up to days or weeks, and poor customer experience. In case of an error the to and fro communication causes further delays.

These key problems thwart any chance of a seamless process. They peak their heads in the following 3 friction points, which slow down and complicate the merchant onboarding journey. This section explains what they are and how the digital onboarding process can solve these issues:

Friction point 1: Manual Form Filling

Data from physical paper applications has to be manually put into the computer database. This requires considerable effort from many physical operators. Significantly reduces errors by eliminating as much manual data handling as possible. This is a common source of error and denied applications. An AI based OCR (optical character recognition) performs extraction at the front-end. It is optimal to reduce time and error. With this, it is now possible to fetch customer information by extracting it from their IDs. The field filling process is also automated. This reduces the mistakes which were made by individuals filling the application. The cumbersome need for manual form filling is eradicated.

Friction point 2: Time-consuming Document Verification

Significant diligence checks and third-party verification is needed to ensure merchants aren’t involved in fraud. The solution must validate the authenticity of documents as part of the onboarding process. When this is done manually it takes huge amounts of time. It is also prone to human error. If additional details are required like court history, there emerges another layer of research. With digitization it is just a matter of ticking the box for another method of verification. Details are then pulled automatically from the Ministry of Corporate Affairs (MCA) database and tallied.

Friction point 3: Risk Assessment/ Underwriting

Information collected in the application paired with a rules-based engine is what decides if an account is approved or declined. The rules-based verification engine determines whether or not a merchant is a pass/fail. According to the required verification needs, data can be retrieved on the merchant very fast. An interactive scorecard or report needs to be made. Organizations generally have access to required data. The question is how do they automate the process and stitch it all together. Risk assessment done manually is arbitrary. But, an automated process has set parameters.

Major Advantages of this Solution

Smoothening over these 3 friction areas results in a host of benefits. They can be boiled down to the following three advantages:

Taking down Time

With automated onboarding abandonment is largely avoided due to the simple process. It cuts through red tape and desk delays. Even in the case of insufficient information, the merchant can be contacted and details clarified without leaving the house. Apart from that, merchant onboarding solutions like Signzy empower a business to create easy real-time processes without sacrificing the risk strategy. A customizable fully automated onboarding process that meets all compliance and KYC regulations can be created with Signzy tools. Whether it’s a straight through process or more complex processes to verify high-risk merchants decisions can be made in real-time. For a merchant, the need to spend hours in filling applications is eradicated. For banks, the verification of documents is expedited with some automation.

Curbing Cost

Digitization with an onboarding solution successfully streamlines the merchant onboarding process to the point where the merchant doesn’t have to even speak to anyone to set up. With manual data entry not required and the time taken to process the applications at the backops drastically reduced, the operational expenses of onboarding come down.

Lighter Labour

A major pain point for the industry is manual work like data entry. The work is often done multiple times. Manual work slows down the process. It can also introduce points of failure in the system. It adds a significant cost to the process. This should not be translated as eliminating people from the process. But, people should concentrate human effort on identifying fraud. Data entry is easily automated. Automation also enables smoother integration between the steps. If data is digital from the start, then the entire process has the potential for automation, especially in the case of smaller merchants. New risk assessment automation, as well as integration and optimization tools, are on the market, so dramatic improvements are already possible.

This story was originally published here

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

Digital KYC on Securities & Trading or DEMAT Accounts

Posted on | by Signzian

The Know Your Client or Know Your Customer (KYC) is a standard process in the investment industry. It ensures investment advisors know detailed information about their clients. This includes risk tolerance, investment knowledge, and financial position. The KYC process conducted during investor onboarding protects the interests of both clients and investment advisors. Clients are protected as their investment advisor knows the best choices for investments. Similarly, investment advisors know what they can and cannot include in the portfolio.

KYC compliance basically revolves around certain necessities and policies. This includes risk management, customer acceptance policies, and transaction monitoring. However, the need for digitizing the KYC collection process is crucial in these times.

KYC in Securities Industry — Rules & Regulations

The Know Your Client (KYC) rule is an ethical requirement of the securities industry. This includes those who interact with customers during investor onboarding and maintaining accounts. There are two rules which were implemented in July 2012 that are applicable in this regard.

1. Financial Industry Regulatory Authority (FINRA) Rule 2090 (Know Your Customer)

2. FINRA Rule 2111 (Suitability)

These rules are designed to protect both the broker-dealer and the customer. The rules provide a mutually beneficial agreement to both parties.

FINRA 2090

The Know Your Customer Rule 2090 cites that every broker-dealer must provide logical effort during investor onboarding and maintaining customer accounts. It is a requirement to maintain records on the demographics of each customer. It is also required to identify each individual who has the capacity to act on the customer’s behalf.

The KYC rule is crucial for the start of a customer-broker journey. It establishes the essential facts of each customer. This has to be done before any recommendations are made. These are required to service the customer’s account effectively. It also provides awareness of any special handling instructions for the account. The broker-dealer needs to be familiar with each person who has the authority to act on behalf of the client. It is necessary to follow all the laws, regulations, and rules of the securities industry.

FINRA 2111

As found in the FINRA Rules of Fair Practices, Rule 2111 goes in tandem with the KYC rule. It covers the topic of making recommendations. Suitability Rule 2111 mandates that a broker-dealer must have sensible grounds on which to make a recommendation. This must be customer-based and depend on the client’s financial situation and needs. This ensures that the broker-dealer has checked the facts and profile of the customer. This must also include the customer’s other securities. This should be done before making any purchase, sale, or exchange of securities.

KYC For Trading/DEMAT Accounts

  • Know Your Customer (KYC) is a primary requirement for opening your trading-cum-DEMAT account with a broker. What does KYC mean and why does SEBI mandate KYC for opening a DEMAT account? The perception is that the customer has relevant documentation for online ID verification. It also checks whether the flow of funds have a distinct record through banking channels. Today, it is not possible to activate a DEMAT account without KYC. As per SEBI (Securities and Exchange Board Of India) guidelines, KYC is a must.
  • When you open the DEMAT account, the DP / broker will ask you to fill up a KYC form along with your client agreement form. KYC requires basic paperwork and submission of essential documents. It also requires originals for complete verification.
  • KYC norms were put out by the RBI in 2002 and have been adopted by SEBI for all investment-related activities. This includes opening a trading account, DEMAT account, mutual fund investments, etc. The idea was to cut down on corrupt practices. Money laundering, acting as fronts for entities, trading in cash without audit trails, fraud, and financing of anti-national activities are some examples.
  • With KYC, your data is secure in a central database and the KYC process is applicable only once. After that, it is just picked up from the central database by linking your PAN card.

KYC helps banks and other financial institutions conduct online ID verification and track their customer transaction trails. This helps link all your capital market activity with your bank account. It also assists in tax returns and plugs any gaps in reporting. SEBI has enforced KYC compliance for sectors like mutual fund accounts, DEMAT accounts and trading accounts.

Key steps in the KYC documentation process for DEMAT account

  • The first step is the filling of the KYC form if you are a new investor and opening your DEMAT account for the first time. The application forms require demographic information. This can be name, residential address, office address, joint account holder details, account nomination, etc.
  • The next step of the investor onboarding process is to present your identity proof. PAN card is mandatory in this regard. You may also be asked to submit an additional government authorized proof. This can be a passport, driving license, voter ID, Aadhaar, etc.
  • The third step involves submitting proof of residential address. The document should include the current address in the exact format. You can provide utility bills with link documents. Other documents like bank statements, company letters, etc can also be linked.
  • Finally, you must submit a copy of your cancelled cheque. The account holder name must be clearly embossed on the cheque leaf. This is to verify your IFSC code and account details.

This entire process of investor onboarding can be time-consuming as well as heavily dependent on manpower. It also involves a significant amount of paperwork. With the digitization of the KYC process, the complete process has been simplified. Onboarding new DEMAT account holders can now take a matter of minutes.

Know Hows of KRA and K-IPV In KYC Collection

SEBI had initiated the usage of uniform KYC by all SEBI registered intermediaries (RIs). This was done to bring uniformity in the KYC requirements for the securities markets. In this regard, SEBI had issued the SEBI KYC Registration Agency (KRA), Regulations, 2011.

KRA is the authority for the centralization of all KYC records and details in the securities market. The client who wishes to open an account with a broker shall submit the KYC details. They can be submitted through the KYC Registration form with supporting documents. The Intermediary is responsible for conducting the initial KYC. The RI should also upload the details to the KRA system. The KYC details are accessible to all SEBI RIs for the same client. So once the client has undergone KYC with an RI, it is not necessary to repeat the same process again with other RIs.

It is compulsory for each client to be registered with any one of the various KRA registered intermediaries. This should be done before availing the benefits of any intermediary. Such benefits include Stock Broker, Mutual Fund Companies, Depository Participant, Portfolio Management Services (PMS) etc.

In-Person Verification (IPV) is part of the process of doing KRA-KYC registration of clients. KRA compliant clients are not required to undergo this process.

Importance Of IPV

The Prevention of Money Laundering Act, 2002 (PMLA), came into effect from 1 July 2005. The Act enforces that no one could use investment tools to hide their illegal wealth. Soon after, SEBI mandated that all intermediaries should adopt the KYC policy. It was also necessary to plan and install certain policies. The policies should follow vis-a-vis the guidelines on anti-money laundering measures.

Since 1 January 2011, KYC compliance has been made mandatory for all investors. This is irrespective of the amount invested and includes the following transactions:

a. New / Additional Purchases

b. Switching Transactions

c. First-time Registrations for SIP/ STP/ Flex STP/ FlexIndex/ DTP

d. Any SIP/STP/trigger-related products which were introduced after the enactment of the act

e-KYC (Know Your Customer) is a value-added feature that is offered by many financial institutions. E-kyc is useful for making the application process convenient. Investors can access it and upload the necessary documents. It can be done from the comfort of their home or office. As previously discussed, this is applicable to only SEBI-approved KRAs. For ex: CVL and CAMS can complete the e-KYC process. This means that digital KYC verification can be used for IPV as well.

New Norms For Digital KYC — Latest SEBI Guidelines

In a recent move on April 24, 2020, the SEBI has issued the latest guidelines pertaining to the digitisation of the KYC process. Some of the highlights are mentioned below:

1. Know Your Customer (KYC) and Customer Due Diligence (CDD) policies as part of KYC are the foundations of an effective Anti-Money Laundering process. The KYC process requires every SEBI registered intermediary (also known as ‘RI’) to collect and verify the Proof of Identity (PoI) and Proof of Address (PoA) from the investor.

2. The provisions as laid down under the Prevention of Money-Laundering Act, 2002, Prevention of Money-Laundering (Maintenance of Records) Rules, 2005, SEBI Master Circular on Anti Money Laundering (AML) dated October 15, 2019 and relevant KYC / AML circulars issued from time to time shall continue to remain applicable. Further, the SEBI registered intermediary shall continue to ensure to obtain the express consent of the investor before undertaking online KYC.

3. SEBI, from time to time has issued various circulars to simplify the process of KYC by investors / RIs. Constant technology evolution has led to multiple innovative platforms being created. These allow investors to complete the KYC process online. SEBI held discussions with various market participants and based on their feedback, technology like Aadhar-based e-Sign service which can facilitate online KYC will now be used. This is done with a view to allow ease of doing business in the securities market.

4. New regulations allow Investor’s KYC to be completed through an online / App-based KYC. There is also provision for in-person verification through video, online submission of Officially Valid Document (OVD) / other documents under eSign. It allows the introduction of VideoKYC, which was also allowed by RBI for the banking sector earlier this year. (Click here to read more about RBI Guidelines for VideoKYC)

5. SEBI registered intermediary may implement their own Application (App) for undertaking online KYC of investors. The App shall facilitate taking photographs, scanning, acceptance of OVD through Digilocker, video capturing in a live environment, usage of the App only by authorized persons of the RI.

6. The guidelines also allow RIs to undertake the VIPV(Video In-Person Verification) of an individual investor through their App. This is done to ease investor onboarding.

How Digital KYC Can Help Financial Institutions In The Securities Market

The latest SEBI guidelines have allowed ease of convenience to digitize the KYC process. This will be beneficial for financial institutions in the securities market. Previously banks, telecom, and other financial services providers used to deal with photocopies. The customer’s original ID proof was physically examined for conducting KYC verification. The conventional process of opening a DEMAT account can often become quite complex. It is also time-consuming and requires significant manpower.

The advantages to financial institutions in using eKYC are as follows:

  • Paperless verification
  • Cost-effective
  • Prevents fraud
  • Real-time identity verification
  • Transparent
  • Consent based to protect user privacy

E-KYC and VideoKYC — The New Age Digital KYC

At Signzy, we offer a unique e-KYC solution known as RealKYC. The solution offers KYC collection as well as background verification and checks.

Advantages of RealKYC

  • Secure System: A customer’s trading/DEMAT account information is secure. This is because the entire process is online. Identity theft, fraud, loan scams, money laundering, the flow of black money, etc. are all minimized with RealKYC.
  • Efficient Communication: The data can be effectively relayed in a precise and timely fashion. There is no need for constant back and forth. Most details are published automatically unlike manual KYC.
  • ‘Free of Cost’ Process: RealKYC verification doesn’t charge any extra amount to the customer. A company or institution may need to pay automation costs of installing verification systems for the long-run.
  • Faster processing: The RealKYC service is completely automated online. This implies that KYC information can be transferred in real-time and does not require any manual intervention. The paper-based KYC process can be delayed for days and go up to weeks to get verified. Using the eKYC process reduces this to just a few minutes to verify and issue.

At Signzy, we have also introduced a new form of KYC verification called VideoKYC. This is a faster and more efficient form of KYC collection and verification. It conducts liveliness checks against the user. It also verifies the identification document against forgeries.

Advantages of using VideoKYC during investor onboarding

Signzy’s unique VideoKYC solution is compliant with RBI and SEBI guidelines. It has been the winner of several awards and accolades earlier this year. Here are some highlights of the product advantages:

  • Higher Application Accuracy
  • Plug and Play solution, swift Go-To-Market
  • Comprehensive Training Program
  • Competitive Advantage through customer delight
  • 100% compliant with the latest RBI Mandate
  • Exponentially increase Scale of Operations
  • Reduced back office overheads (upto 70%)
  • Reduction in customer Drop-offs (upto 50%)
  • Platform Agnostic, support multiple communication channels

Conclusion

Over the last two decades, the securities market in India has witnessed structural reforms. This abolishes the century-old practices of trading and settlement. This has been possible due to the advent of technology that has created a nationwide network. It has enabled the market participants to interface from any corner in the country. With the new regulations and compliance norms, Digital KYC will soon become the standard for KYC collection in the market.

About Signzy

Signzy is a market-leading platform redefining the speed, accuracy, and experience of how financial institutions are onboarding customers and businesses – using the digital medium. The company’s award-winning no-code GO platform delivers seamless, end-to-end, and multi-channel onboarding journeys while offering customizable workflows. In addition, it gives these players access to an aggregated marketplace of 240+ bespoke APIs that can be easily added to any workflow with simple widgets.

Signzy is enabling ten million+ end customer and business onboarding every month at a success rate of 99% while reducing the speed to market from 6 months to 3-4 weeks. It works with over 240+ FIs globally, including the 4 largest banks in India, a Top 3 acquiring Bank in the US, and has a robust global partnership with Mastercard and Microsoft. The company’s product team is based out of Bengaluru and has a strong presence in Mumbai, New York, and Dubai.

Visit www.signzy.com for more information about us.

You can reach out to our team at reachout@signzy.com

Written By:

Signzy

Written by an insightful Signzian intent on learning and sharing knowledge.

 

1 2 3 4