Brett King

Posts Tagged ‘KYC’

My address is no good for identity verification

In Economics, Future of Banking, Strategy on December 21, 2011 at 23:50

There has been a 25% decline in the total mail volume for the USPS (United States Postal Service) from 2006-2011, resulting in a $5.1 Billion loss in 2011 alone. Since 2007 the USPS has been unable to cover its annual budget, 80 percent of which goes to salaries and benefits. In contrast, 43 percent of FedEx’s (FDX) budget and 61 percent of United Parcel Service’s (UPS) pay go to employee-related expenses. The USPS has 571,566 full-time workers, making it the US’s second-largest civilian employer after Wal-Mart. It has 31,871 post offices, more than the combined domestic retail outlets of Wal-Mart, Starbucks, and McDonald’s. It’s also more than double the number of branches of the combined retail distribution points of Wells Fargo, Chase and Citibank. The problem is that 80% of those USPS offices lose money annually.

USPS' Rapid Decline started in 2007 and has been shocking

Why the decline?

The decline in first-class mail in the US has accelerated in recent years. The USPS relies on first-class mail to fund most of its operations, but first-class mail volume is steadily declining—in 2005 it fell below junk mail for the first time. The USPS needs three pieces of junk mail to replace the profit of a vanished stamp-bearing letter.

Junk Mail, or as Advertisers call it “Direct Mail”, promotion is rapidly declining with projected declines in the range of 39-50% estimated for the period 2008-2013.

Email, Internet Bill Payment and Statements, SMS alerts, and other information delivery mechanisms are much more timely and cheaper than “Snail Mail” today. Environmental awareness and ‘do not mail’ lists have contributed to the decline also. The couponing business, which has supported the ‘junk mail’ industry for the past two decades in the US, has been decimated in recent times by the daily deals industry. Jeff Jarvis predicted this shift back in 2009.

It shouldn’t be a surprise that the USPS is in major trouble.

What does this have to do with banking and IDV?

At least 80% of non junk mail I receive these days is from financial institutions that I have a relationship with (an even then it is often bank ‘junk mail’). This is despite my best efforts to eliminate snail mail as a formal method of communication with those service providers I choose.

Most banks still ask me for my address, and require verification of that address through some utility bill. This is a requirement of most regulators too.

The problem is – no bank has ever, as far as I know, actually verified my address is real. In theory, a utility bill is one of the easiest documents to compromise via identity theft, and/or fake with photoshop and a laser printer.

Why do banks collect my address?

The initial reason had nothing to do with regulatory requirements. The main reason initially was to send me my replacement cheque book, or send my regular monthly statements. Today, with snail mail all but disappearing, why do I still need to verify my address with the bank? I actually don’t want the bank sending me snail mail, and my physical address has nothing to do with my ability to pay for credit or the likelihood of anti-money laundering.

From a compliance perspective, sending you physical mail is one of the riskiest activities a bank can undertake today, because not only is it not secure – it actually increases the likelihood of fraud. If there wasn’t a legacy snail mail process, it is unlikely in the extreme that compliance would approve a process as risky as snail mail today.

Do we need an address?

Today your address is just a common data element shared as part of your profile. It is insecure. It can be easily compromised. It bears no relevance to the likely risk or otherwise of your suitability as a customer. It is unverifiable.

It doesn’t make sense to have address verification associated with a customer from an identity perspective.

There must be a better way. Why not use the guarantor method? Why not get trusted associates to vouch for you, as they do with new social networks likeConnect. Why not ask a new applicant to get an existing customer of the bank to vouch that he is real, and trustworthy? Why not take a photograph of the applicant and match their picture to their drivers licence or passport photo using facial recognition, along with cross-checking a government database?

There are a dozens of activities I could undertake which are safer, more reliable and more verifiable than a physical address.

Identity doesn’t need an address. Identity is about verifying you are real, and an address doesn’t do that.

Keep it as a data point, by all means. But let’s stop kidding ourselves that an address is a requirement for KYC.

Advertisements

What is in a Twitter name? That which we call a customer…

In Customer Experience, Retail Banking, Social Networking, Strategy on August 13, 2010 at 02:10

Apologies to Shakespeare for the modified Romeo and Juliet reference, but the question is valid – what is in the ‘name’ of a customer these days? I’m on Twitter, I’m on Facebook, I have various other profiles online on sites like LinkedIn, etc but none of this information appears relevant to most of the service organizations I interacted with daily. But if this identifies who I am – why is that no one asks me for my Twitter name in customer interactions these days?

Why is it that today that there are many banks who won’t let me open an account unless I have a home telephone number (a landline) – which quite frankly I haven’t used for a number of years now (in fact I don’t even know my home phone number) – and yet in respect to mechanisms which I use a whole lot more frequently than a home telephone number for communication, namely FB and Twitter, they completely ignore me? I have to say these days I’d probably be a whole lot more likely to talk about my bank on Twitter, than I would wait for their call on my home telephone number, which I don’t use.

Customer profiles are out of touch

Understanding customer behavior and how we are ‘tribally’ connected to our peers in the social networking landscape is a pretty fundamental requirement for service organizations these days if they want to influence brand perception. At a minimum, a bank should be ready to respond to me via Twitter, Facebook, Mobile or similar mediums, but in respect to traditional customer profile information like my home telephone number, my home address (which is increasingly irrelevant to my bank relationship), my employer’s telephone number, and such – this type of data is practically useless from a behavioral or service enablement perspective these days.

Your customer profile today is about two things for a bank, namely KYC and Segmentation. KYC is a industry compliance term which refers to “Know Your Customer” – it is seen as the basic information or data set that a bank needs to know to assess your risk profile as far as likelihood of issues around AML (Anti-Money Laundering), etc as is required generally as part of a process by regulators for new customers. On the segmentation front, the classic method of segmentation these days is still based around demographics such as age, salary, where I live, how many kids I have, etc and informs classic marketing campaign development.

Increasingly both of these outcomes are out of touch with the reality of the digitally enabled customer. I am here to tell you that despite all the KYC information my bank has captured about me, that in respect to my risk on a financial basis this data is almost certainly irrelevant. Far more important for them would be information on where I am travelling to, which partner ATM machines I use when I travel, how I conduct cross-border transactions, who is having access to my basic information that could threaten the safety of my identity, and how I manage my finances on a daily basis. The fact is, I’ve never been asked about any of this stuff, which is far more informative to my transactional risk profile than what my monthly salary and deposit patterns are.

Bank's often talk about customer knowledge as a differentiator...

The role our digital footprint plays

The key information for a bank moving forward is not demographic data, it’s not about where I live or what my home phone number is, it is about what I do…

In that respect, the data trail I leave for banks is extremely informative. The interactions I have with the bank are likewise hugely instructive from a future service and risk perspective. For example, my bank has data on which retailers I like to shop at, which airlines I travel, the cars I drive, the laptop I own, the mobile devices I utilize, the properties I own, the property I live in, and a bunch of other extremely useful information in respect to offers they could present me with. However, this data is just never used.

I get credit card usage offers from retailers I never frequent – why doesn’t the cards team send me offers for retailers where I’ve shopped before? I get offered personal loans and increased credit card limits when I don’t need them – when I might be interested these offers are nowhere to be seen. I get offered opportunities for new credit cards for airline loyalty programs that I’m not affiliated with – why can’t they work out which airlines I use and proactively offer to transfer my credit card points to my airline program?

Recently the team at Abu Dhabi Commercial Bank in the United Arab Emirates were looking at ways they could improve the suitability of offers for card usage for customers. There were suggestions around using location-based messaging technology through telecommunication providers to target you when you were at various shopping malls around the Emirates, but the Telco network operators proved to be light on this capability. So ADCB looked at behaviors – how did customers behave when they went shopping?

Behavioral analysis suggested that a customer who went to a mall was almost always certain to do one of two things. Initially go to an ATM machine upon arrival and pull out cash, or alternatively use their credit card to make a purchase. So ADCB worked out they didn’t need the mobile operators to work out WHERE customers where, they only needed to look at live transaction data for location triggers. So now ADCB can provide you with a time sensitive, location sensitive offer based on your behavior and can simply send it to you via SMS. Far more constructive than flooding me with broadcast messages that are more miss than hit.

Conclusion

Today banks don’t know me. The data they choose to use in respect to my profile is largely irrelevant. The data they have on me and could have utilize in respect to my behavior is much more relevant to how I’ll interact with the bank in the future.

So if you are a bank – do you know my Twitter name, have you friended me on Facebook? Do you know my mobile number and what type of phone I use? Are you matching offers for services and products to me based on what I’ve done or am likely to do? If I talk about you on Twitter, would you know that I’m a customer and could you engage me on this issue next time I call the call centre? If not – you really don’t know me at all.

Banks: KYC is Killing Your Customers (Huff Post)

In Retail Banking, Strategy, Technology Innovation on February 23, 2010 at 05:53

See the original blog entry on Huffington Post…

In my discussions with bankers about innovation, I often hear them tell me that perhaps in other industries innovation could be achieved, but due to heavy regulation and the compliance requirements of the banking sector that such is more difficult for financial institutions. This is part of the story, but I’m sure that it is fixable.

I met with a Private Banker from one of the dominant bank brands in Asia this week. In Central Hong Kong this bank has it’s own tower, of which three floors are dedicated to the Private Banking unit, but that’s only half true. Almost half of that office space is taken up by a team that is designed to reduce risk to the bank by ensuring that customers are accurately informed of the risks their investments will carry, and to ensure that the bank does not commit itself or their client to undue risks. The name of this team within the Private Bank – the Business Prevention unit – I jest ye not.

Has it come to this that regulation and risk aversion is such an important part of the bank that we now actively try to prevent business occurring? It would appear so.

This explains a great deal about the current state of our banking sector. If customers are a risky proposition, then how does the bank make money? Well they invest it in stuff where they know they have an element of control, or in the case of sub-prime they try to actively engineer it so that they make profit regardless of the underlying asset risk. Some banks have even been known to borrow money from the government and margin trade on it in recent times…

The point of this is that banks have become so myopic in respect to customer risk that as customer we’ve almost become an anathema. In fact, the compliance workload we as customers have to deal with these days is so offensive, that it is almost not worth engaging a bank for an investment deal or asking for a loan. To illustrate, in the mid 80’s I recall being a student and walking in to open an account with no identification, I filled out two cards with a specimen signature, my address and particulars, and that was it. Now that same bank requires a 100-point identification scorecard to be realized, and the basic current account application form is some 18 pages long. This is progress apparently.

Compliance procedures are Killing customer experience Figure 1 – Internal Compliance Procedures are bad for business

Now, I appreciate we have Anti-Money Laundering, we have identity theft, we have IRS and tax departments eager to know what we’re doing with our money, and we have regulators that are making it their job to ensure we don’t invest in a financial product that we don’t fully understand. Sometimes, just sometimes, however, we just want a decent banking experience. We just want it to work, and the more paperwork you throw at us, the more hoops you make us jump through – the worse our banking experience is.

The thing with this is, that although there are regulations and legal constraints, most of the work we have to do is due to internal bank policy and process. For example, let’s say an existing customer comes to the bank to ask for a loan – this is a customer we’ve known for 5 years, his salary gets paid every month on time, and he’s a low credit risk based on what we already know. Why then is it that this same customer has to fill out an application form with the same details he’s provided us with since day one?

There is absolutely no regulatory or legal requirement for the process to be handled in this way. Right now this is all about making it easier for the bank to mitigate risk for their brand. A customer-focused bank would either allow the customer to sign on with their Internet Banking credentials to agree to the loan, perhaps sign on a tablet or digital form or if absolutely necessary generate a paper application form based on existing customer records where all he had to do was sign. All of these solutions would produce exactly the same result from a regulator’s or compliance perspective as a hefty paper KYC process.

So why as banks don’t we do this way? Firstly, no one senior enough in the bank has sponsored such a move. Secondly, because the internal IT department would probably take 15,000 man days, and $184.63 m to enable this. And lastly, because at the end of the day as bank executives we get rewarded for mitigating bank risk, not for making customer experience better.

Regulators and bankers need to separate ‘customer’ risk from operational risk, and in this way innovation can still occur.