Integrating Identity Verification into Risk Management

Financial institutions face constant pressure to comply with regulatory mandates designed to prevent identity fraud and money laundering while still delivering excellent customer service, watching bottom-line results, and meeting business objectives. In today’s complex business environment, this seems like an almost impossible task. However, those regulatory mandates also create many opportunities to increase efficiencies and save money. By integrating identity verification into the overall risk management strategy, financial institutions can expect to see substantial benefits to their bottom lines, customer service levels, and employee productivity.

What is identity verification?

Identity verification is defined as “the process of using claimed or observed attributes of an individual to infer who the individual is.”(1)

For today’s financial institution, identity verification is a critical aspect of establishing a new relationship. True identity verification means reviewing the truthfulness of what a prospective customer discloses by screening the data against multiple sources, then analyzing the facts to determine whether a new relationship should be started. “Know your customer” has long been promoted within institutions as a sign of personalized customer service; however, with the enactment of the USA PATRIOT Act regulations, identity verification is now the difference between success and failure in the ever-changing financial services market.

Why is identity verification important to financial institutions?

The increased role of the country’s financial institutions in securing the home front must not be undervalued. The purpose behind the USA PATRIOT Act is national security. No one will disagree that having a better understanding of the customer doing business at an institution provides increased security for the institution, its customers and the public in general.

The danger for banks is more than just monetary loss. Damage to a financial institution’s reputation created by noncompliance and the publicity surrounding terrorists opening accounts can lead to lost confidence in the institution and significant loss of customers, sales, and revenue. Recovering from negative publicity is a long, difficult, costly process.

Compliance cannot be ignored because penalties for noncompliance are severe. Regulatory penalties for the USA PATRIOT Act and OFAC regulations can range from $10,000 to $1 million per infraction.

How can a financial institution benefit from the USA PATRIOT Act?

Protecting Against Identity Fraud

Institutions need to prevent identity fraud while balancing the need to protect customer information with a customer’s requirement for quick, efficient service. Identity verification is clearly a first step in reducing the opportunities for fraud and taking action. Stopping the “bad guys” from opening a new account at an institution is the easiest and most cost-effective way to reduce a bank’s burden. That’s how “knowing your customer” can help–if identity verification becomes part of the defensive measures within the overall risk strategy, it can be a significant factor in preventing fraud.

Increasing Operational Efficiencies

The USA PATRIOT Act has driven financial institutions to review corporate policies and perform lengthy risk analyses. Identity verification technology helps integrate policies into normal routines by allowing frontline workers to gather needed information very quickly and efficiently instead of manually researching identity information by calling references and checking websites.

Improving Customer Service

The consummate benefit from integrating identity verification into an institution’s risk management strategy is a higher level of customer service.

From airline travel to school registration to doctor visits, society is accustomed to trading some privacy for the security of each individual and the country. However, customers do expect their financial institutions to protect their identity information and their fiscal assets. Identity verification programs allow new accounts to be opened quickly, creating a positive experience for the consumer while showcasing the methodology the institution has in place to protect its customers.

Identity Verification Options

Section 326 of the USA PATRIOT Act requires that financial institutions develop Customer Identification Programs (CIPs) that implement reasonable procedures to

  • Collect identifying information about customers opening accounts
  • Verify that the customers are who they say they are
  • Maintain records of the information used to verify their identities
  • Determine whether the customers appear on any list of suspected terrorists or terrorist organizations(2)

There are numerous options available to help banks implement identity verification programs to comply with the regulations, always aiming to make educated and proactive decisions about customers. The USA PATRIOT Act regulations allow a documentary or nondocumentary approach.

Documentary Solution

Traditionally, the use of manual or documentary solutions for identity verification has been prevalent in the financial services community. At many institutions, an employee will look at a driver’s license or passport to begin account-opening procedures. Institutions are relying on driver’s licenses and passports to be valid, but with the recent increase in forgery, it is difficult to have confidence that the documentation is legitimate.

Nondocumentary Solution

Since the enactment of the USA PATRIOT Act, technology has improved within the area of identity verification. Identity verification technology offers a simple approach to integrating a CIP into an institution’s risk management strategy. In addition, identity verification technology gives an institution a cost-effective tactic for keeping up-to-date with ever-changing regulations.

For true identity verification, it is critical to screen presented data against multiple independent sources to ensure consistency. Checking one source will not provide enough information, and there is no single database that includes everyone living in the United States. This means an institution must confirm that the name, Social Security number, address, and date of birth are valid and associated with each other using various data sources. If the information is unvarying throughout multiple sources, the institution can make an educated decision that it is truthful. By using identity verification technology, organizations can have the tools, not only to verify identity, but also to screen against government lists and document transactions. Institutions can completely comply with the regulations, while also realizing the benefits of protecting against fraud, increasing operational efficiency, and improving customer service levels.

Conclusion

For financial institutions, the USA PATRIOT Act has created many burdens and opportunities. By embracing change and integrating identity verification into their corporate risk policies, institutions can protect against fraud, increase efficiencies, and keep service levels high while remaining profitable.

References

  1. Committee on Authentication Technologies and Their Privacy Implications. National Research Council, Who Goes There?: Authentication Through the Lens of Privacy, Stephen T. Kent and Lynette I. Millett, eds., 2003, http://www.nap.edu/catalog/10656.html?onpi_newsdoc032503 (10 March 2004).
  2. Department of the Treasury. Office of Public Affairs, “Fact Sheet: Final Regulations Implementing Customer Identity Verification Requirements under Section 326 of the USA PATRIOT Act,” 30 April 2003, http://www.ustreas.gov/press/releases/docs/326factsheet.doc (10 March 2004).