With the digital economy in the UK worth £149 billion as of 2017 (equivalent to 7.7% of the whole UK economy), it's no surprise that services which simplify and strengthen the process of digital identification and verification have become big business.
We can now identify and verify ourselves through increasingly precise and convenient digital methods including fingerprint matching, location data analysis, mobile phone tracking, facial recognition, vocal patterns, behavioural traits and iris scanning. Similar digital methods can be used to authenticate an action or transaction, allowing customers to undertake all standard financial services through digital means.
Like the software-as-a-service trend, financial institutions are one of the biggest markets for identity-as-a-service or IDaaS, due to the specific Know Your Customer (KYC) and regulatory framework in which they operate. Partnerships between well-established banks and fintechs are often formed to incorporate a slick, user-centric and stable IDaaS for financial services, often for customer onboarding, account creation and ongoing verification purposes.
The benefits of such commercial partnerships are clear; banks benefit from fintech expertise in digital services to assist with the bank's accountability, and consumers benefit from a user-friendly experience.
A large array of factors has led to the popularisation of IDaaS in financial services. Among them is the closure of some high street bank branches, which has decreased the ability of some customers to attend a bricks-and-mortar branch in person to hand over the documents required to validate their identity. COVID-19 has added an additional layer to this, by acting as a catalyst to rapidly remove lingering dependence on physical documentation and in-person verification.
Technology itself has also fuelled demand for more convenient means of demonstrating a customer is who they claim to be. With consumer banking now largely a phone based, on-demand service similar to film streaming and food delivery, customers want an easy and secure means of identifying themselves through their mobile phone. This has led to a proliferation of apps, APIs and related tools to enable customers to upload documents, take selfies, register their location and movements, and scan fingerprints, faces or irises to create an account or complete a transaction, all while sitting at home holding only a mobile phone.
The regulatory environment has created both challenges and opportunities within IDaaS. The Financial Conduct Authority has a clear ambition to protect consumers from fraud, and to prevent money laundering and terrorist funding. The FCA therefore stipulates KYC requirements, which may be complied with effectively and efficiently through an IDaaS partnership, when used in conjunction with other protective measures.
The revised EU Payments Services Directive (PSD2) introduced the requirement for secure customer authentication (SCA), which requires a combination of knowledge, possession and inherent-to-the-customer-based tools to verify a consumer's identity before a transaction may be completed. However, compliance actions including those under KYC and PSD2 must be balanced with other requirements such as treatment of personal data under the GDPR, particularly where sensitive biometric data is part of the identification verification process. Fintechs operating in the IDaaS environment are showing that creative and innovative solutions are possible to assist financial institutions' compliance with this complex matrix.
Aside from the legal and regulatory position, two of the biggest challenges in the uptake of IDaaS solutions are consumer trust and user experience. While consumers want technology-based options to verify their own identities, they are also wary of the potential risks including identity theft, hacking and scams. In response to this, during the COVID-19 pandemic, some UK banks have undertaken significant advertising campaigns to reassure and educate consumers about the safety and risks involved with online banking. As IDaaS options like facial recognition are becoming increasingly common across a broad use case – for example, to unlock a mobile phone or to clear immigration at an airport – consumers will become more open to using such tools in the context of financial services, in the same way that fingerprints are no longer seen as being exclusively useful for identifying criminals.
Meeting expectations around user experience may be the more difficult obstacle to overcome in the IDaaS space. If a consumer is willing to engage with digital identity checks, the process needs to be simple and accessible. Consumer-focused design is key. Studies by some of the biggest IDaaS providers have shown that conversion rates during a consumer onboarding process which involves elements of digital verification will be negatively affected if a consumer is faced with an excessive number of steps or clicks. If the process is not easy to follow and fast, the consumer is likely to give up. As well as potentially failing to meet its regulatory requirements, the financial institution's reputation is put at risk. As digital native businesses, fintechs are well placed to work with existing financial institutions to ensure the user experience is smooth.
Recent events have highlighted how important IDaaS is for financial institutions. The finCEN scandal unfolding in the United States is likely to have a global impact. According to documents leaked to media outlets, some global banks are apparently allowing transactions without completing KYC checks or following up on risk assessments, which may have allowed illicit money to be laundered, including for drug and terrorism purposes. As a result of investigations off the back of these allegations, banks will face even greater scrutiny over the steps they have taken to ensure their customers are not bad actors.
The UK is already taking action to improve its own government-based digital identity and verification checks. A recent example includes the government's promise to bring in legislative change to ensure directors' details are verified at Companies House before the official records are updated. Additionally, a 2019 consultation on digital identity has indicated the establishment of a new Digital Identity Strategy Board to explore the possibilities of a streamlined government identity verification service.
The need to identify oneself is not new. However, 2020 has shown us that the old ways cannot survive and digital identification and verification services will be part of the new normal.
If you'd like to discuss identity-as-service in greater detail, please contact a member of our Technology, Media and Communications team.
Fintech policy developments and considerations you need to know about.
1 de 5 Publications
A round up of the key cryptoasset-related developments and regulatory concerns in the UK and the EU.
2 de 5 Publications
We unpack a variety of global initiatives to establish open banking.
3 de 5 Publications
Exploring the changing regulatory requirements, and considering tips for compliance and third-party negotiations.
4 de 5 Publications