Streamlining Video KYC: A Guide to Best Practices
Streamlining Video KYC: A Guide to Best Practices
Video Know Your Customer or Video KYC is an alternate method of conducting KYC, which forms an intrinsic part of the compliance obligations of a business regulated by UAE’s AML regulations. It leverages enabling technologies to facilitate customer identification and verification, allowing these to be conducted digitally and remotely through video calls. This infographic explores the best practices to streamline Video KYC for seamless, secure, customer-friendly, and effective Video KYC processes.
Formulating a Comprehensive Video KYC Strategy
A comprehensive Video KYC Strategy sets down objectives, standards, requirements, processes, policies, procedures, mechanisms, roles, responsibilities, etc., for seamless conducting of the Video KYC process while staying compliant with Anti-Money Laundering (AML) regulations. Here are the key components that must be included for a thorough Video KYC strategy:
Defining Video KYC Software Selection Parameters:
Businesses should evaluate their specific needs and define criteria for the selection of effective Video KYC software. This ensures the selection of a Video KYC software that ticks all compliance requirements of the business while ensuring a smooth customer experience. The parameters should be set while taking the following into consideration:
- Set Data Standardisation Parameters: The software should have default, yet customisable data standards such as consistency in semantics, syntax, language, form, type, etc. This improves data quality and enables accurate and efficient data analysis.
- User-Friendly Video KYC Platform: The software should provide an easily navigable interface, ensuring user satisfaction for both the employees of the business and the customer.
- Interoperability: The software should have features that help it easily integrate with existing AML compliance tools adopted by the business. Interoperability can be facilitated through APIs.
Identity Lifecycle Management Procedure:
The Video KYC Strategy should set the processes and procedures for Identity Lifecycle Management. Identity Lifecycle Management is the management of a customer’s identity and involves the following stages:
- Enrolment Process: Gathering information about the customer’s identity and verifying the same
- Issuance of Credentials: Issuing credentials bound to the customer, including username and password, authentication codes, etc.
- Use Enablement: Enabling the use of credentials as confirmations during transactions, utilising services, etc.
- Management and Maintenance: Maintaining the identity information to make sure it is up-to-date and secure
- Retirement Formalities: Removal of identity information when the customer leaves the services of a business and record-keeping requirements under AML regulations are no longer applicable
Employee Training and Awareness:
Businesses should ensure that adequate and role specific training is given at regular intervals to the relevant employees. This ensures that the employees understand their roles and responsibilities and are able to execute them effectively. This training should include the following:
- Role-Specific Training: Employees should be trained regarding their specific responsibilities in the Video KYC process.
- Training Tailored for Video KYC: Employees should be trained regarding the Video KYC Strategy of the business, including the procedures and processes to implement the same.
Ensuring Watertight Security:
Video KYC Strategy should include a dedicated section for data security to ensure that customer data is protected against vulnerabilities and unauthorised access throughout the Identity Lifecycle. The security policy must include the following components:
- Custom Access Control Policy: Businesses should implement Access Control Policies which should accurately reflect internal roles, responsibilities, and positions in the business, minimising unauthorised access.
- Authentication Mechanisms: Businesses should implement robust authentication mechanisms to ensure defence against attackers exploiting weaknesses in the security systems and assuming the identities of customers temporarily or permanently.
- Adequate Data Encryption & Protocols: Businesses should ensure that all data collected and stored is encrypted so that data integrity and privacy are maintained. An internationally recognised security standard is adopting public/private key based encryption methods.
- Vulnerability Assessment: Businesses should include the provision for Vulnerability Assessment. This involves testing a business’s Video KYC security systems and infrastructure to detect any gaps or weaknesses in the systems. It should be conducted by experts with experience and relevant skills and conducted at least annually.
Ensuring Data Privacy and Consent:
The Video KYC Strategy should detail the business’s policies and measures to ensure data privacy and consent. These should include the following components:
- Compliance Across Multiple Jurisdictions: When conducting Video KYC across different jurisdictions, businesses should ensure adherence to local data protection regulations, international standards and privacy laws of the countries they serve. The Video KYC Strategy should also address business’s procedures to meet requirements such as taking informed consent of customers before processing their data, data localisation, cross-border data transfers, etc.
- Multi-Factor Authentication (MFA) while Transmitting, Accessing, and Storing Personal Data: Multi-Factor Authentication ensures that data remains secure and protected from unauthorised access. It involves authentication through multiple layers of authentication factors, such as knowledge factors, possession factors, and biometric factors.
Ensuring Governance
To implement the Video KYC Strategy, it is important to establish clear roles and governance structures across the operational hierarchy of the business. The role of the following stakeholders should be defined:
Role of Client-Facing Personnel:
Frontline staff are uniquely positioned as they are the first point of contact with the customer. They possess valuable insights into customer preferences and help initiate the Video KYC process by generating cases for the KYC analysts. Their role includes the following:
- Clear Communication: Client facing personnel must establish clear communication with the client. This includes understanding the needs of the client, informing them of the Video KYC process, providing instructions, answering questions, etc. This enhances the customer’s trust in the service.
- Customer Handling: Client-facing personnel must inculcate soft skills such as patience, professionalism, etc. to effectively handhold the client.
- Obtaining Customer Feedback: After the Video KYC process is completed, client-facing personnel should ask for feedback from the customer and incorporate such feedback to improve customer satisfaction.
Role of KYC Analyst:
A KYC Analyst is responsible for the KYC processes of a business, including conducting Video KYC. The KYC Analyst ensures that the Video KYC process aligns with the business’s customer onboarding parameters and its AML compliance obligations. In terms of Video KYC, the role of the KYC Analyst includes the following:
- Identifying and Escalating Behavioural Red Flags and ML/TF & PF Typologies: KYC analysts assess information obtained through the Video KYC process and identify suspicious behaviours or inconsistencies in customer information that may signal potential Money Laundering (ML), Terrorism Financing (TF), and Proliferation Financing (PF) risks. KYC Analysts then escalate the case to the AML Compliance Officer for further investigation and regulatory reporting.
- Familiarity with Video KYC Tool: The KYC Analysts are well versed in operating the Video KYC tool efficiently to validate the authenticity of customer identity.
- Preparation for Video KYC Interview: Prior to the Video KYC interview, KYC analysts prepare by reviewing the background information about the customer with the help of the frontline staff, as well as the Video KYC Policy of the business.
- Proficiency in Biometric Identification: Biometrics is the identification of customers using biological or behavioural traits. KYC Analysts are trained to leverage the Video KYC tool to understand the biometric attributes of the customer, especially those related to behavioural aspects. This helps the KYC Analysts effectively authenticate customer identities and detect suspicious behaviour.
Role of AML Compliance Officer:
The AML Compliance Officer is in charge of overseeing the entire AML program of the business, including video KYC. The AML Compliance Officer has the following responsibilities in the Video KYC process:
- Handling Escalations: The AML Compliance Officer investigates and ensures regulatory reporting of all cases of suspicious activities or transactions escalated to them by the KYC Analyst.
- Decision Making for Enhanced Due Diligence (EDD): When a customer is categorised as high-risk during the Video KYC process, the AML Compliance Officer ensures that EDD is conducted for such customers and regulatory reporting is done whenever required.
Role of Senior Management:
The Senior Management plays a pivotal role in establishing an AML compliance culture in the business by setting the right tone from the top. This involves the following roles:
- Monitoring Implementation of Video KYC: Senior Management takes note of the Vulnerability Report and the inputs of the AML Compliance Officer to monitor the implementation of the Video KYC Policy and ensure that any weaknesses brought to their attention are quickly addressed.
- Supporting with Developing Adequate Infrastructure: Senior management ensures that the business develops and invests in the right technology, infrastructure, and skilled workforce for the smooth functioning of the Video KYC process.
Ensuring Regulatory Compliance for Remote Onboarding
Adhering to applicable regulations not only helps protect businesses from legal penalties but also ensures that customer information is handled responsibly. The applicable laws include the following:
General Laws
- Data Privacy and Protection Laws
- Guidelines for Adopting Enabling Technology
- Customer Protection Regulations
Prevailing in UAE as well as other countries from where the customers of regulated entities belong.
UAE's AML Regime:
Broadly comprises of the following legislations:
- Federal Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations (as amended by Federal Decree Law No. (26) of 2021).
- Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations (as amended by Cabinet Resolution No. (24) of 2022).
- The Cabinet Decision No. (109) of 2023 On Regulating the Beneficial Owner Procedures – Refer: The Complete Guide to the Ultimate Beneficial Owner Verification.
- Cabinet Resolution No. (74) of 2020 regarding the Terrorism Lists Regulation and Implementation of UN Security Council Resolutions on the Suppression and Combatting of Terrorism, Terrorist Financing, Countering the Proliferation of Weapons of Mass Destruction and its Financing, and Relevant Resolutions – Refer: Targeted Financial Sanctions (TFS): Legal Requirements in UAE.
Best Practices for Video KYC: Final Thoughts
Video KYC enables KYC processes to be conducted digitally, helping businesses serve clients remotely while ensuring compliance with their AML compliance obligations. Adopting the best practices discussed in this infographic helps ensure that the Video KYC process of the business runs effectively and handles customer data securely.